Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible virus/malware attack


  • Please log in to reply
24 replies to this topic

#1 Indus

Indus

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:29 AM

Posted 18 February 2013 - 06:59 PM

Hi AV experts,

 

I have a ASUS EE PC 1000HE and it is behaving odd lately and I strongly suspect malware infection.

I am listing out the symptoms I have noticed so far.

1. I had no sound (system sounds or music) which I fixed by reinstalling audio drivers from ASUS's support site.

2.Internet explorer cannot open most sites throwing an exception "Operation Aborted". Even when it does it opens it with script errors. I am running IE6. I don't usually use IE which is why I didn't update it except now as most of the active X controls I had to run to detect my laptop model to download the correct driver (as mentioned in #1) will run on IE only. While reading the ABOUT section of my IE I noticed the following description which has got me confused.

Who is Mainsoft? I thought IE is a Microsoft product.

 

Based on NCSA Mosaic. NCSA Mosaic™; was developed at the National Center for Supercomputing Applications at the University of Illinois at Urbana-Champaign.
Distributed under a licensing agreement with Spyglass, Inc.
Contains security software licensed from RSA Data Security Inc.
Portions of this software are based in part on the work of the Independent JPEG Group.
Multimedia software components, including Indeo®; video, Indeo® audio, and Web Design Effects are provided by Intel Corp.
Unix version contains software licensed from Mainsoft Corporation. Copyright © 1998-1999 Mainsoft Corporation. All rights reserved. Mainsoft is a trademark of Mainsoft Corporation.

 

3. WIndows security alert shows PC Cleaner Pro is installed as the resident antivirus. But I can neither find it nor uninstal it. I read somewhere it is a shady program and was wondering if that is behind my system's malfunction.

3. The cursor (not the mouse pointer) is changed in some programs for e.g Notepad.

It is a much wider cursor now.

3. Ran Malwarebytes it found one infection C:\Program Files\YTDSETUP\trafficspace.exe.

 

Please help as its sevrely impacting my studies. I have an exam in a few weeks.

 

Thanks so much!

Indu
 

 

 



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:29 AM

Posted 18 February 2013 - 07:13 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters




  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now




  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue




  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.



  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.



  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results

 



#3 Indus

Indus
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:29 AM

Posted 20 February 2013 - 01:47 AM

Thanks for your prompt response.

Please find the logs below.

 

TDS Killer log [found 0 threats]

 

15:17:20.0671 1556  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:17:22.0718 1556  ============================================================
15:17:22.0718 1556  Current date / time: 2013/02/19 15:17:22.0718
15:17:22.0718 1556  SystemInfo:
15:17:22.0718 1556  
15:17:22.0718 1556  OS Version: 5.1.2600 ServicePack: 2.0
15:17:22.0718 1556  Product type: Workstation
15:17:22.0718 1556  ComputerName: HOME-1170793105
15:17:22.0718 1556  UserName: INDRANI
15:17:22.0718 1556  Windows directory: C:\windows
15:17:22.0718 1556  System windows directory: C:\windows
15:17:22.0718 1556  Processor architecture: Intel x86
15:17:22.0718 1556  Number of processors: 2
15:17:22.0718 1556  Page size: 0x1000
15:17:22.0718 1556  Boot type: Normal boot
15:17:22.0718 1556  ============================================================
15:17:26.0562 1556  BG loaded
15:17:28.0203 1556  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x69A9, SectorsPerTrack: 0x36, TracksPerCylinder: 0xD6, Type 'K0', Flags 0x00000054
15:17:28.0312 1556  ============================================================
15:17:28.0312 1556  \Device\Harddisk0\DR0:
15:17:31.0343 1556  MBR partitions:
15:17:31.0343 1556  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x36, BlocksNum 0x9C40392
15:17:31.0406 1556  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C403FE, BlocksNum 0x8DD5FA2
15:17:31.0406 1556  ============================================================
15:17:31.0515 1556  C: <-> \Device\Harddisk0\DR0\Partition1
15:17:31.0953 1556  D: <-> \Device\Harddisk0\DR0\Partition2
15:17:31.0968 1556  ============================================================
15:17:31.0968 1556  Initialize success
15:17:31.0968 1556  ============================================================
15:17:53.0796 3204  ============================================================
15:17:53.0796 3204  Scan started
15:17:53.0796 3204  Mode: Manual; TDLFS;
15:17:53.0796 3204  ============================================================
15:17:54.0421 3204  ================ Scan system memory ========================
15:17:54.0421 3204  System memory - ok
15:17:54.0421 3204  ================ Scan services =============================
15:17:54.0500 3204  Abiosdsk - ok
15:17:54.0515 3204  abp480n5 - ok
15:17:54.0609 3204  [ A10C7534F7223F4A73A948967D00E69B ] ACPI            C:\windows\system32\DRIVERS\ACPI.sys
15:17:54.0609 3204  ACPI - ok
15:17:54.0812 3204  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\windows\system32\DRIVERS\ACPIEC.sys
15:17:54.0859 3204  ACPIEC - ok
15:17:54.0875 3204  adpu160m - ok
15:17:54.0937 3204  [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec             C:\windows\system32\drivers\aec.sys
15:17:54.0937 3204  aec - ok
15:17:55.0046 3204  [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD             C:\windows\System32\drivers\afd.sys
15:17:55.0062 3204  AFD - ok
15:17:55.0062 3204  Aha154x - ok
15:17:55.0093 3204  aic78u2 - ok
15:17:55.0125 3204  aic78xx - ok
15:17:55.0156 3204  [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter         C:\windows\system32\alrsvc.dll
15:17:55.0156 3204  Alerter - ok
15:17:55.0203 3204  [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG             C:\windows\System32\alg.exe
15:17:55.0203 3204  ALG - ok
15:17:55.0218 3204  AliIde - ok
15:17:55.0328 3204  [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt         C:\windows\system32\drivers\Ambfilt.sys
15:17:55.0375 3204  Ambfilt - ok
15:17:55.0406 3204  amsint - ok
15:17:55.0453 3204  [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt         C:\windows\System32\appmgmts.dll
15:17:55.0453 3204  AppMgmt - ok
15:17:55.0468 3204  asc - ok
15:17:55.0500 3204  asc3350p - ok
15:17:55.0531 3204  asc3550 - ok
15:17:55.0546 3204  AsusACPI - ok
15:17:55.0593 3204  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
15:17:55.0593 3204  AsyncMac - ok
15:17:55.0640 3204  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           C:\windows\system32\DRIVERS\atapi.sys
15:17:55.0640 3204  atapi - ok
15:17:55.0656 3204  Atdisk - ok
15:17:55.0703 3204  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         C:\windows\system32\DRIVERS\atmarpc.sys
15:17:55.0703 3204  Atmarpc - ok
15:17:55.0750 3204  [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv        C:\windows\System32\audiosrv.dll
15:17:55.0750 3204  AudioSrv - ok
15:17:55.0812 3204  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\windows\system32\DRIVERS\audstub.sys
15:17:55.0812 3204  audstub - ok
15:17:55.0875 3204  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\windows\system32\drivers\Beep.sys
15:17:55.0875 3204  Beep - ok
15:17:55.0937 3204  [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS            C:\WINDOWS\system32\qmgr.dll
15:17:55.0968 3204  BITS - ok
15:17:56.0015 3204  [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser         C:\windows\System32\browser.dll
15:17:56.0015 3204  Browser - ok
15:17:56.0078 3204  [ 4B43DFE1C1FBB305A1DC5504EF9BB34E ] btaudio         C:\windows\system32\drivers\btaudio.sys
15:17:56.0093 3204  btaudio - ok
15:17:56.0125 3204  [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver        C:\windows\system32\DRIVERS\btport.sys
15:17:56.0125 3204  BTDriver - ok
15:17:56.0187 3204  [ 70455BAFFC078B6152D1E52376296467 ] BTKRNL          C:\windows\system32\DRIVERS\btkrnl.sys
15:17:56.0203 3204  BTKRNL - ok
15:17:56.0328 3204  [ E43F7709F36444681978F9DC067A976B ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
15:17:56.0328 3204  btwdins - ok
15:17:56.0375 3204  [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS        C:\windows\system32\DRIVERS\btwdndis.sys
15:17:56.0390 3204  BTWDNDIS - ok
15:17:56.0437 3204  [ 949ECA9C56F657C06D3166D51F3226C7 ] btwhid          C:\windows\system32\DRIVERS\btwhid.sys
15:17:56.0437 3204  btwhid - ok
15:17:56.0515 3204  [ 5922BAE0CD84924B9CD7E6BB515EE070 ] btwmodem        C:\windows\system32\DRIVERS\btwmodem.sys
15:17:56.0515 3204  btwmodem - ok
15:17:56.0562 3204  [ 2CFC2BD8785F82A42FCAD83DE1FA5A36 ] BTWUSB          C:\windows\system32\Drivers\btwusb.sys
15:17:56.0562 3204  BTWUSB - ok
15:17:56.0609 3204  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\windows\system32\drivers\cbidf2k.sys
15:17:56.0625 3204  cbidf2k - ok
15:17:56.0671 3204  [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE        C:\windows\system32\DRIVERS\CCDECODE.sys
15:17:56.0687 3204  CCDECODE - ok
15:17:56.0703 3204  cd20xrnt - ok
15:17:56.0765 3204  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\windows\system32\drivers\Cdaudio.sys
15:17:56.0765 3204  Cdaudio - ok
15:17:56.0828 3204  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\windows\system32\drivers\Cdfs.sys
15:17:56.0843 3204  Cdfs - ok
15:17:56.0890 3204  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom           C:\windows\system32\DRIVERS\cdrom.sys
15:17:56.0890 3204  Cdrom - ok
15:17:56.0921 3204  Changer - ok
15:17:56.0984 3204  [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc           C:\windows\system32\cisvc.exe
15:17:56.0984 3204  CiSvc - ok
15:17:57.0015 3204  [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv         C:\windows\system32\clipsrv.exe
15:17:57.0015 3204  ClipSrv - ok
15:17:57.0078 3204  [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
15:17:57.0078 3204  CmBatt - ok
15:17:57.0109 3204  CmdIde - ok
15:17:57.0156 3204  [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
15:17:57.0156 3204  Compbatt - ok
15:17:57.0187 3204  COMSysApp - ok
15:17:57.0265 3204  Cpqarray - ok
15:17:57.0375 3204  [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc        C:\windows\System32\cryptsvc.dll
15:17:57.0375 3204  CryptSvc - ok
15:17:57.0390 3204  dac2w2k - ok
15:17:57.0421 3204  dac960nt - ok
15:17:57.0484 3204  [ 5C83A4408604F737717AB96371201680 ] DcomLaunch      C:\windows\system32\rpcss.dll
15:17:57.0484 3204  DcomLaunch - ok
15:17:57.0515 3204  [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp            C:\windows\System32\dhcpcsvc.dll
15:17:57.0515 3204  Dhcp - ok
15:17:57.0578 3204  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\windows\system32\DRIVERS\disk.sys
15:17:57.0578 3204  Disk - ok
15:17:57.0593 3204  dmadmin - ok
15:17:57.0671 3204  [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot          C:\windows\system32\drivers\dmboot.sys
15:17:57.0703 3204  dmboot - ok
15:17:57.0734 3204  [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio            C:\windows\system32\drivers\dmio.sys
15:17:57.0734 3204  dmio - ok
15:17:57.0796 3204  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\windows\system32\drivers\dmload.sys
15:17:57.0796 3204  dmload - ok
15:17:57.0843 3204  [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver        C:\windows\System32\dmserver.dll
15:17:57.0843 3204  dmserver - ok
15:17:57.0890 3204  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\windows\system32\drivers\DMusic.sys
15:17:57.0906 3204  DMusic - ok
15:17:57.0953 3204  [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache        C:\windows\System32\dnsrslvr.dll
15:17:57.0953 3204  Dnscache - ok
15:17:57.0968 3204  dpti2o - ok
15:17:58.0000 3204  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
15:17:58.0000 3204  drmkaud - ok
15:17:58.0031 3204  [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc           C:\windows\System32\ersvc.dll
15:17:58.0031 3204  ERSvc - ok
15:17:58.0062 3204  [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog        C:\windows\system32\services.exe
15:17:58.0062 3204  Eventlog - ok
15:17:58.0093 3204  [ ACD36A2DD7D1E9D8A060AA651DC07E63 ] EventSystem     C:\WINDOWS\system32\es.dll
15:17:58.0093 3204  EventSystem - ok
15:17:58.0140 3204  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         C:\windows\system32\drivers\Fastfat.sys
15:17:58.0140 3204  Fastfat - ok
15:17:58.0171 3204  [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\windows\System32\shsvcs.dll
15:17:58.0187 3204  FastUserSwitchingCompatibility - ok
15:17:58.0203 3204  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             C:\windows\system32\drivers\Fdc.sys
15:17:58.0203 3204  Fdc - ok
15:17:58.0250 3204  [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips            C:\windows\system32\drivers\Fips.sys
15:17:58.0250 3204  Fips - ok
15:17:58.0281 3204  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\windows\system32\drivers\Flpydisk.sys
15:17:58.0281 3204  Flpydisk - ok
15:17:58.0343 3204  [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr          C:\windows\system32\DRIVERS\fltMgr.sys
15:17:58.0343 3204  FltMgr - ok
15:17:58.0359 3204  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
15:17:58.0359 3204  Fs_Rec - ok
15:17:58.0390 3204  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\windows\system32\DRIVERS\ftdisk.sys
15:17:58.0390 3204  Ftdisk - ok
15:17:58.0437 3204  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             C:\windows\system32\DRIVERS\msgpc.sys
15:17:58.0437 3204  Gpc - ok
15:17:58.0546 3204  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
15:17:58.0546 3204  gupdate - ok
15:17:58.0562 3204  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:17:58.0562 3204  gupdatem - ok
15:17:58.0625 3204  [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
15:17:58.0625 3204  HDAudBus - ok
15:17:58.0718 3204  [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc         C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:17:58.0718 3204  helpsvc - ok
15:17:58.0750 3204  [ 9376E6893E52B368ABC6255BF54F0B28 ] HidServ         C:\windows\System32\hidserv.dll
15:17:58.0750 3204  HidServ - ok
15:17:58.0796 3204  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
15:17:58.0796 3204  HidUsb - ok
15:17:58.0812 3204  hpn - ok
15:17:58.0875 3204  [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP            C:\windows\system32\Drivers\HTTP.sys
15:17:58.0875 3204  HTTP - ok
15:17:58.0906 3204  [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter      C:\windows\System32\w3ssl.dll
15:17:58.0921 3204  HTTPFilter - ok
15:17:58.0937 3204  hwdatacard - ok
15:17:59.0000 3204  i2omgmt - ok
15:17:59.0015 3204  i2omp - ok
15:17:59.0109 3204  [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
15:17:59.0109 3204  i8042prt - ok
15:17:59.0140 3204  ialm - ok
15:17:59.0218 3204  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           C:\windows\system32\DRIVERS\imapi.sys
15:17:59.0218 3204  Imapi - ok
15:17:59.0281 3204  [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService    C:\WINDOWS\system32\imapi.exe
15:17:59.0281 3204  ImapiService - ok
15:17:59.0328 3204  ini910u - ok
15:17:59.0593 3204  [ 816A4F17DFFDEEB01896FE05991838E0 ] IntcAzAudAddService C:\windows\system32\drivers\RtkHDAud.sys
15:17:59.0687 3204  IntcAzAudAddService - ok
15:17:59.0718 3204  IntelIde - ok
15:17:59.0796 3204  [ 279FB78702454DFF2BB445F238C048D2 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
15:17:59.0796 3204  intelppm - ok
15:17:59.0828 3204  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw           C:\windows\system32\DRIVERS\Ip6Fw.sys
15:17:59.0828 3204  Ip6Fw - ok
15:17:59.0859 3204  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
15:17:59.0875 3204  IpFilterDriver - ok
15:17:59.0890 3204  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\windows\system32\DRIVERS\ipinip.sys
15:17:59.0890 3204  IpInIp - ok
15:17:59.0937 3204  [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat           C:\windows\system32\DRIVERS\ipnat.sys
15:17:59.0937 3204  IpNat - ok
15:17:59.0968 3204  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           C:\windows\system32\DRIVERS\ipsec.sys
15:17:59.0968 3204  IPSec - ok
15:18:00.0000 3204  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\windows\system32\DRIVERS\irenum.sys
15:18:00.0000 3204  IRENUM - ok
15:18:00.0062 3204  [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp          C:\windows\system32\DRIVERS\isapnp.sys
15:18:00.0078 3204  isapnp - ok
15:18:00.0125 3204  [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
15:18:00.0125 3204  Kbdclass - ok
15:18:00.0156 3204  [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer          C:\windows\system32\drivers\kmixer.sys
15:18:00.0156 3204  kmixer - ok
15:18:00.0203 3204  [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD          C:\windows\system32\drivers\KSecDD.sys
15:18:00.0203 3204  KSecDD - ok
15:18:00.0296 3204  [ E47FFCA0909871AC1BFF0D446FF63CA9 ] KSS             C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
15:18:00.0296 3204  KSS - ok
15:18:00.0328 3204  [ 85B6D85C044E3DF77E92B5A7B265008F ] Ktp             C:\windows\system32\DRIVERS\ETD.sys
15:18:00.0328 3204  Ktp - ok
15:18:00.0375 3204  [ FA46F5D09EDF93E0C71FE6500FE3F4AE ] L1e             C:\windows\system32\DRIVERS\l1e51x86.sys
15:18:00.0375 3204  L1e - ok
15:18:00.0406 3204  [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver    C:\windows\System32\srvsvc.dll
15:18:00.0406 3204  lanmanserver - ok
15:18:00.0468 3204  [ 2C0A7B2AE9C26F2C163627679B42783C ] lanmanworkstation C:\windows\System32\wkssvc.dll
15:18:00.0468 3204  lanmanworkstation - ok
15:18:00.0484 3204  lbrtfdc - ok
15:18:00.0578 3204  [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts         C:\windows\System32\lmhsvc.dll
15:18:00.0578 3204  LmHosts - ok
15:18:00.0671 3204  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
15:18:00.0671 3204  MDM - ok
15:18:00.0703 3204  [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger       C:\windows\System32\msgsvc.dll
15:18:00.0718 3204  Messenger - ok
15:18:00.0765 3204  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\windows\system32\drivers\mnmdd.sys
15:18:00.0765 3204  mnmdd - ok
15:18:00.0812 3204  [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
15:18:00.0812 3204  mnmsrvc - ok
15:18:00.0859 3204  [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem           C:\windows\system32\drivers\Modem.sys
15:18:00.0859 3204  Modem - ok
15:18:00.0937 3204  [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt         C:\windows\system32\drivers\Monfilt.sys
15:18:00.0984 3204  Monfilt - ok
15:18:01.0046 3204  [ 34E1F0031153E491910E12551400192C ] Mouclass        C:\windows\system32\DRIVERS\mouclass.sys
15:18:01.0046 3204  Mouclass - ok
15:18:01.0093 3204  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
15:18:01.0093 3204  mouhid - ok
15:18:01.0140 3204  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\windows\system32\drivers\MountMgr.sys
15:18:01.0140 3204  MountMgr - ok
15:18:01.0171 3204  mraid35x - ok
15:18:01.0218 3204  [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV          C:\windows\system32\DRIVERS\mrxdav.sys
15:18:01.0234 3204  MRxDAV - ok
15:18:01.0312 3204  [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb          C:\windows\system32\DRIVERS\mrxsmb.sys
15:18:01.0328 3204  MRxSmb - ok
15:18:01.0375 3204  [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
15:18:01.0375 3204  MSDTC - ok
15:18:01.0421 3204  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\windows\system32\drivers\Msfs.sys
15:18:01.0421 3204  Msfs - ok
15:18:01.0437 3204  MSIServer - ok
15:18:01.0484 3204  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
15:18:01.0484 3204  MSKSSRV - ok
15:18:01.0500 3204  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
15:18:01.0500 3204  MSPCLOCK - ok
15:18:01.0531 3204  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
15:18:01.0531 3204  MSPQM - ok
15:18:01.0578 3204  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
15:18:01.0578 3204  mssmbios - ok
15:18:01.0640 3204  [ BF13612142995096AB084F2DB7F40F77 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
15:18:01.0640 3204  MSTEE - ok
15:18:01.0671 3204  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             C:\windows\system32\drivers\Mup.sys
15:18:01.0671 3204  Mup - ok
15:18:01.0703 3204  [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC        C:\windows\system32\DRIVERS\NABTSFEC.sys
15:18:01.0703 3204  NABTSFEC - ok
15:18:01.0750 3204  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\windows\system32\drivers\NDIS.sys
15:18:01.0765 3204  NDIS - ok
15:18:01.0796 3204  [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP          C:\windows\system32\DRIVERS\NdisIP.sys
15:18:01.0796 3204  NdisIP - ok
15:18:01.0843 3204  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
15:18:01.0843 3204  NdisTapi - ok
15:18:01.0859 3204  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
15:18:01.0859 3204  Ndisuio - ok
15:18:01.0890 3204  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
15:18:01.0890 3204  NdisWan - ok
15:18:01.0921 3204  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
15:18:01.0921 3204  NDProxy - ok
15:18:01.0953 3204  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
15:18:01.0953 3204  NetBIOS - ok
15:18:01.0984 3204  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
15:18:01.0984 3204  NetBT - ok
15:18:02.0046 3204  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE          C:\windows\system32\netdde.exe
15:18:02.0046 3204  NetDDE - ok
15:18:02.0078 3204  [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm      C:\windows\system32\netdde.exe
15:18:02.0078 3204  NetDDEdsdm - ok
15:18:02.0109 3204  [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon        C:\windows\system32\lsass.exe
15:18:02.0109 3204  Netlogon - ok
15:18:02.0171 3204  [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman          C:\windows\System32\netman.dll
15:18:02.0187 3204  Netman - ok
15:18:02.0218 3204  [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla             C:\windows\System32\mswsock.dll
15:18:02.0218 3204  Nla - ok
15:18:02.0250 3204  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\windows\system32\drivers\Npfs.sys
15:18:02.0250 3204  Npfs - ok
15:18:02.0296 3204  [ B78BE402C3F63DD55521F73876951CDD ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
15:18:02.0328 3204  Ntfs - ok
15:18:02.0375 3204  [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp         C:\windows\system32\lsass.exe
15:18:02.0375 3204  NtLmSsp - ok
15:18:02.0406 3204  [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc         C:\windows\system32\ntmssvc.dll
15:18:02.0421 3204  NtmsSvc - ok
15:18:02.0468 3204  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\windows\system32\drivers\Null.sys
15:18:02.0468 3204  Null - ok
15:18:02.0531 3204  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\windows\system32\DRIVERS\nwlnkflt.sys
15:18:02.0531 3204  NwlnkFlt - ok
15:18:02.0546 3204  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\windows\system32\DRIVERS\nwlnkfwd.sys
15:18:02.0562 3204  NwlnkFwd - ok
15:18:02.0609 3204  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:18:02.0609 3204  ose - ok
15:18:02.0656 3204  [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport         C:\windows\system32\drivers\Parport.sys
15:18:02.0656 3204  Parport - ok
15:18:02.0687 3204  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         C:\windows\system32\drivers\PartMgr.sys
15:18:02.0687 3204  PartMgr - ok
15:18:02.0734 3204  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\windows\system32\drivers\ParVdm.sys
15:18:02.0734 3204  ParVdm - ok
15:18:02.0796 3204  [ 8086D9979234B603AD5BC2F5D890B234 ] PCI             C:\windows\system32\DRIVERS\pci.sys
15:18:02.0812 3204  PCI - ok
15:18:02.0843 3204  PCIDump - ok
15:18:02.0875 3204  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\windows\system32\DRIVERS\pciide.sys
15:18:02.0890 3204  PCIIde - ok
15:18:02.0953 3204  [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia          C:\windows\system32\drivers\Pcmcia.sys
15:18:02.0953 3204  Pcmcia - ok
15:18:02.0984 3204  PDCOMP - ok
15:18:03.0015 3204  PDFRAME - ok
15:18:03.0062 3204  PDRELI - ok
15:18:03.0093 3204  PDRFRAME - ok
15:18:03.0140 3204  perc2 - ok
15:18:03.0171 3204  perc2hib - ok
15:18:03.0296 3204  [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay        C:\windows\system32\services.exe
15:18:03.0296 3204  PlugPlay - ok
15:18:03.0312 3204  [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent     C:\windows\system32\lsass.exe
15:18:03.0312 3204  PolicyAgent - ok
15:18:03.0343 3204  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
15:18:03.0343 3204  PptpMiniport - ok
15:18:03.0359 3204  [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\windows\system32\lsass.exe
15:18:03.0359 3204  ProtectedStorage - ok
15:18:03.0390 3204  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\windows\system32\DRIVERS\psched.sys
15:18:03.0390 3204  PSched - ok
15:18:03.0421 3204  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\windows\system32\DRIVERS\ptilink.sys
15:18:03.0421 3204  Ptilink - ok
15:18:03.0468 3204  [ 183EF96BCC2EC3D5294CB2C2C0ECBCD1 ] PxHelp20        C:\windows\system32\Drivers\PxHelp20.sys
15:18:03.0468 3204  PxHelp20 - ok
15:18:03.0484 3204  ql1080 - ok
15:18:03.0515 3204  Ql10wnt - ok
15:18:03.0531 3204  ql12160 - ok
15:18:03.0562 3204  ql1240 - ok
15:18:03.0593 3204  ql1280 - ok
15:18:03.0625 3204  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
15:18:03.0625 3204  RasAcd - ok
15:18:03.0656 3204  [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto         C:\windows\System32\rasauto.dll
15:18:03.0671 3204  RasAuto - ok
15:18:03.0703 3204  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
15:18:03.0703 3204  Rasl2tp - ok
15:18:03.0750 3204  [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan          C:\windows\System32\rasmans.dll
15:18:03.0765 3204  RasMan - ok
15:18:03.0781 3204  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
15:18:03.0781 3204  RasPppoe - ok
15:18:03.0812 3204  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\windows\system32\DRIVERS\raspti.sys
15:18:03.0812 3204  Raspti - ok
15:18:03.0843 3204  [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss           C:\windows\system32\DRIVERS\rdbss.sys
15:18:03.0843 3204  Rdbss - ok
15:18:03.0859 3204  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
15:18:03.0859 3204  RDPCDD - ok
15:18:03.0921 3204  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr           C:\windows\system32\DRIVERS\rdpdr.sys
15:18:03.0921 3204  rdpdr - ok
15:18:03.0968 3204  [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
15:18:03.0968 3204  RDPWD - ok
15:18:04.0000 3204  [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
15:18:04.0015 3204  RDSessMgr - ok
15:18:04.0062 3204  [ B31B4588E4086D8D84ADBF9845C2402B ] redbook         C:\windows\system32\DRIVERS\redbook.sys
15:18:04.0062 3204  redbook - ok
15:18:04.0109 3204  [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess    C:\windows\System32\mprdim.dll
15:18:04.0109 3204  RemoteAccess - ok
15:18:04.0140 3204  [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry  C:\windows\system32\regsvc.dll
15:18:04.0140 3204  RemoteRegistry - ok
15:18:04.0187 3204  [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator      C:\windows\system32\locator.exe
15:18:04.0187 3204  RpcLocator - ok
15:18:04.0234 3204  [ 5C83A4408604F737717AB96371201680 ] RpcSs           C:\windows\system32\rpcss.dll
15:18:04.0234 3204  RpcSs - ok
15:18:04.0296 3204  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\windows\system32\rsvp.exe
15:18:04.0312 3204  RSVP - ok
15:18:04.0375 3204  [ 8A11953E6D852A80AEF12FF33D848D35 ] RT80x86         C:\windows\system32\DRIVERS\RT2860.sys
15:18:04.0390 3204  RT80x86 - ok
15:18:04.0406 3204  [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs           C:\windows\system32\lsass.exe
15:18:04.0421 3204  SamSs - ok
15:18:04.0468 3204  [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr        C:\windows\System32\SCardSvr.exe
15:18:04.0468 3204  SCardSvr - ok
15:18:04.0531 3204  [ 92360854316611F6CC471612213C3D92 ] Schedule        C:\windows\system32\schedsvc.dll
15:18:04.0546 3204  Schedule - ok
15:18:04.0578 3204  [ D26E26EA516450AF9D072635C60387F4 ] Secdrv          C:\windows\system32\DRIVERS\secdrv.sys
15:18:04.0578 3204  Secdrv - ok
15:18:04.0609 3204  [ B1E0CE09895376871746F36DC5773B4F ] seclogon        C:\windows\System32\seclogon.dll
15:18:04.0625 3204  seclogon - ok
15:18:04.0640 3204  [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS            C:\windows\system32\sens.dll
15:18:04.0640 3204  SENS - ok
15:18:04.0687 3204  [ CD9404D115A00D249F70A371B46D5A26 ] Serial          C:\windows\system32\drivers\Serial.sys
15:18:04.0687 3204  Serial - ok
15:18:04.0718 3204  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         C:\windows\system32\drivers\Sfloppy.sys
15:18:04.0718 3204  Sfloppy - ok
15:18:04.0750 3204  [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess    C:\windows\System32\ipnathlp.dll
15:18:04.0765 3204  SharedAccess - ok
15:18:04.0781 3204  [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:18:04.0796 3204  ShellHWDetection - ok
15:18:04.0812 3204  Simbad - ok
15:18:04.0875 3204  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
15:18:04.0890 3204  SkypeUpdate - ok
15:18:04.0921 3204  [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP            C:\windows\system32\DRIVERS\SLIP.sys
15:18:04.0921 3204  SLIP - ok
15:18:04.0937 3204  Sparrow - ok
15:18:04.0984 3204  [ 8E186B8F23295D1E42C573B82B80D548 ] splitter        C:\windows\system32\drivers\splitter.sys
15:18:04.0984 3204  splitter - ok
15:18:05.0015 3204  [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler         C:\windows\system32\spoolsv.exe
15:18:05.0015 3204  Spooler - ok
15:18:05.0078 3204  [ E41B6D037D6CD08461470AF04500DC24 ] sr              C:\windows\system32\DRIVERS\sr.sys
15:18:05.0078 3204  sr - ok
15:18:05.0109 3204  [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice       C:\WINDOWS\system32\srsvc.dll
15:18:05.0109 3204  srservice - ok
15:18:05.0156 3204  [ 20B7E396720353E4117D64D9DCB926CA ] Srv             C:\windows\system32\DRIVERS\srv.sys
15:18:05.0156 3204  Srv - ok
15:18:05.0203 3204  [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
15:18:05.0218 3204  SSDPSRV - ok
15:18:05.0250 3204  [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc          C:\windows\system32\wiaservc.dll
15:18:05.0250 3204  stisvc - ok
15:18:05.0296 3204  [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip        C:\windows\system32\DRIVERS\StreamIP.sys
15:18:05.0296 3204  streamip - ok
15:18:05.0328 3204  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
15:18:05.0328 3204  swenum - ok
15:18:05.0359 3204  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\windows\system32\drivers\swmidi.sys
15:18:05.0359 3204  swmidi - ok
15:18:05.0375 3204  SwPrv - ok
15:18:05.0406 3204  symc810 - ok
15:18:05.0421 3204  symc8xx - ok
15:18:05.0453 3204  sym_hi - ok
15:18:05.0484 3204  sym_u3 - ok
15:18:05.0515 3204  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\windows\system32\drivers\sysaudio.sys
15:18:05.0531 3204  sysaudio - ok
15:18:05.0562 3204  [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog       C:\windows\system32\smlogsvc.exe
15:18:05.0578 3204  SysmonLog - ok
15:18:05.0593 3204  [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv         C:\windows\System32\tapisrv.dll
15:18:05.0609 3204  TapiSrv - ok
15:18:05.0656 3204  [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip           C:\windows\system32\DRIVERS\tcpip.sys
15:18:05.0656 3204  Tcpip - ok
15:18:05.0687 3204  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\windows\system32\drivers\TDPIPE.sys
15:18:05.0687 3204  TDPIPE - ok
15:18:05.0718 3204  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           C:\windows\system32\drivers\TDTCP.sys
15:18:05.0718 3204  TDTCP - ok
15:18:05.0750 3204  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
15:18:05.0750 3204  TermDD - ok
15:18:05.0812 3204  [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService     C:\windows\System32\termsrv.dll
15:18:05.0812 3204  TermService - ok
15:18:05.0843 3204  [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes          C:\windows\System32\shsvcs.dll
15:18:05.0843 3204  Themes - ok
15:18:05.0906 3204  [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
15:18:05.0906 3204  TlntSvr - ok
15:18:05.0921 3204  TosIde - ok
15:18:05.0968 3204  [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks          C:\windows\system32\trkwks.dll
15:18:05.0968 3204  TrkWks - ok
15:18:06.0015 3204  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\windows\system32\drivers\Udfs.sys
15:18:06.0015 3204  Udfs - ok
15:18:06.0031 3204  ultra - ok
15:18:06.0093 3204  [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update          C:\windows\system32\DRIVERS\update.sys
15:18:06.0093 3204  Update - ok
15:18:06.0140 3204  [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost        C:\windows\System32\upnphost.dll
15:18:06.0140 3204  upnphost - ok
15:18:06.0171 3204  [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS             C:\windows\System32\ups.exe
15:18:06.0171 3204  UPS - ok
15:18:06.0218 3204  [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
15:18:06.0218 3204  usbaudio - ok
15:18:06.0250 3204  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
15:18:06.0250 3204  usbccgp - ok
15:18:06.0296 3204  [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
15:18:06.0296 3204  usbehci - ok
15:18:06.0312 3204  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
15:18:06.0312 3204  usbhub - ok
15:18:06.0359 3204  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
15:18:06.0359 3204  usbscan - ok
15:18:06.0390 3204  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] usbstor         C:\windows\system32\DRIVERS\USBSTOR.SYS
15:18:06.0390 3204  usbstor - ok
15:18:06.0406 3204  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci         C:\windows\system32\DRIVERS\usbuhci.sys
15:18:06.0406 3204  usbuhci - ok
15:18:06.0453 3204  [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
15:18:06.0453 3204  usbvideo - ok
15:18:06.0500 3204  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         C:\windows\System32\drivers\vga.sys
15:18:06.0500 3204  VgaSave - ok
15:18:06.0515 3204  ViaIde - ok
15:18:06.0562 3204  [ EE4660083DEBA849FF6C485D944B379B ] VolSnap         C:\windows\system32\drivers\VolSnap.sys
15:18:06.0562 3204  VolSnap - ok
15:18:06.0609 3204  [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS             C:\windows\System32\vssvc.exe
15:18:06.0625 3204  VSS - ok
15:18:06.0671 3204  [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time         C:\WINDOWS\system32\w32time.dll
15:18:06.0671 3204  W32Time - ok
15:18:06.0718 3204  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\windows\system32\DRIVERS\wanarp.sys
15:18:06.0718 3204  Wanarp - ok
15:18:06.0734 3204  WDICA - ok
15:18:06.0781 3204  [ 2797F33EBF50466020C430EE4F037933 ] wdmaud          C:\windows\system32\drivers\wdmaud.sys
15:18:06.0781 3204  wdmaud - ok
15:18:06.0828 3204  [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient       C:\windows\System32\webclnt.dll
15:18:06.0828 3204  WebClient - ok
15:18:06.0921 3204  [ F399242A80C4066FD155EFA4CF96658E ] winmgmt         C:\windows\system32\wbem\WMIsvc.dll
15:18:06.0921 3204  winmgmt - ok
15:18:07.0000 3204  [ C086483E3DBA8C1C0A687EC8D5B3D4C1 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
15:18:07.0000 3204  WmdmPmSN - ok
15:18:07.0078 3204  [ 1AFF244CA134956C54474F4E2433E4CE ] Wmi             C:\windows\System32\advapi32.dll
15:18:07.0093 3204  Wmi - ok
15:18:07.0156 3204  [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:18:07.0156 3204  WmiApSrv - ok
15:18:07.0187 3204  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\windows\System32\drivers\ws2ifsl.sys
15:18:07.0187 3204  WS2IFSL - ok
15:18:07.0234 3204  [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc          C:\windows\system32\wscsvc.dll
15:18:07.0250 3204  wscsvc - ok
15:18:07.0281 3204  [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC        C:\windows\system32\DRIVERS\WSTCODEC.SYS
15:18:07.0281 3204  WSTCODEC - ok
15:18:07.0343 3204  [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC          C:\windows\System32\wzcsvc.dll
15:18:07.0343 3204  WZCSVC - ok
15:18:07.0390 3204  [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov         C:\windows\System32\xmlprov.dll
15:18:07.0390 3204  xmlprov - ok
15:18:07.0468 3204  ================ Scan global ===============================
15:18:07.0515 3204  [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\windows\system32\basesrv.dll
15:18:07.0531 3204  [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\windows\system32\winsrv.dll
15:18:07.0562 3204  [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\windows\system32\winsrv.dll
15:18:07.0609 3204  [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\windows\system32\services.exe
15:18:07.0609 3204  [Global] - ok
15:18:07.0609 3204  ================ Scan MBR ==================================
15:18:07.0656 3204  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
15:18:08.0140 3204  \Device\Harddisk0\DR0 - ok
15:18:08.0140 3204  ================ Scan VBR ==================================
15:18:08.0156 3204  [ 6572BE26A25EE799F860595F3B064FC3 ] \Device\Harddisk0\DR0\Partition1
15:18:08.0156 3204  \Device\Harddisk0\DR0\Partition1 - ok
15:18:08.0187 3204  [ B06BE1360DAB6F84A869725E716288A6 ] \Device\Harddisk0\DR0\Partition2
15:18:08.0203 3204  \Device\Harddisk0\DR0\Partition2 - ok
15:18:08.0203 3204  ================ Scan active images ========================
15:18:08.0234 3204  [ 279FB78702454DFF2BB445F238C048D2 ] C:\WINDOWS\system32\drivers\intelppm.sys
15:18:08.0234 3204  C:\WINDOWS\system32\drivers\intelppm.sys - ok
15:18:08.0265 3204  [ 3FCC124B6E08EE0E9351F717DD136939 ] C:\WINDOWS\system32\drivers\Hdaudbus.sys
15:18:08.0265 3204  C:\WINDOWS\system32\drivers\Hdaudbus.sys - ok
15:18:08.0312 3204  [ FA46F5D09EDF93E0C71FE6500FE3F4AE ] C:\WINDOWS\system32\drivers\l1e51x86.sys
15:18:08.0312 3204  C:\WINDOWS\system32\drivers\l1e51x86.sys - ok
15:18:08.0328 3204  [ 8A11953E6D852A80AEF12FF33D848D35 ] C:\WINDOWS\system32\drivers\rt2860.sys
15:18:08.0328 3204  C:\WINDOWS\system32\drivers\rt2860.sys - ok
15:18:08.0359 3204  [ 2034CA78F9C6E787B4B76D81AC888351 ] C:\WINDOWS\system32\drivers\usbport.sys
15:18:08.0359 3204  C:\WINDOWS\system32\drivers\usbport.sys - ok
15:18:08.0390 3204  [ F8FD1400092E23C8F2F31406EF06167B ] C:\WINDOWS\system32\drivers\usbuhci.sys
15:18:08.0406 3204  C:\WINDOWS\system32\drivers\usbuhci.sys - ok
15:18:08.0437 3204  [ 5502B58EEF7486EE6F93F3F164DCB808 ] C:\WINDOWS\system32\drivers\i8042prt.sys
15:18:08.0437 3204  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
15:18:08.0484 3204  [ 15E993BA2F6946B2BFBBFCD30398621E ] C:\WINDOWS\system32\drivers\usbehci.sys
15:18:08.0484 3204  C:\WINDOWS\system32\drivers\usbehci.sys - ok
15:18:08.0515 3204  [ EBDEE8A2EE5393890A1ACEE971C4C246 ] C:\WINDOWS\system32\drivers\kbdclass.sys
15:18:08.0515 3204  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
15:18:08.0546 3204  [ 4266BE808F85826AEDF3C64C1E240203 ] C:\WINDOWS\system32\drivers\CmBatt.sys
15:18:08.0546 3204  C:\WINDOWS\system32\drivers\CmBatt.sys - ok
15:18:08.0578 3204  [ 34E1F0031153E491910E12551400192C ] C:\WINDOWS\system32\drivers\mouclass.sys
15:18:08.0578 3204  C:\WINDOWS\system32\drivers\mouclass.sys - ok
15:18:08.0609 3204  [ 70455BAFFC078B6152D1E52376296467 ] C:\WINDOWS\system32\drivers\btkrnl.sys
15:18:08.0609 3204  C:\WINDOWS\system32\drivers\btkrnl.sys - ok
15:18:08.0656 3204  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
15:18:08.0656 3204  C:\WINDOWS\system32\drivers\audstub.sys - ok
15:18:08.0687 3204  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] C:\WINDOWS\system32\drivers\rasl2tp.sys
15:18:08.0687 3204  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
15:18:08.0718 3204  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] C:\WINDOWS\system32\drivers\ndistapi.sys
15:18:08.0718 3204  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
15:18:08.0765 3204  [ 0B90E255A9490166AB368CD55A529893 ] C:\WINDOWS\system32\drivers\ndiswan.sys
15:18:08.0765 3204  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
15:18:08.0796 3204  [ 7306EEED8895454CBED4669BE9F79FAA ] C:\WINDOWS\system32\drivers\raspppoe.sys
15:18:08.0796 3204  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
15:18:08.0843 3204  [ 1C5CC65AAC0783C344F16353E60B72AC ] C:\WINDOWS\system32\drivers\raspptp.sys
15:18:08.0843 3204  C:\WINDOWS\system32\drivers\raspptp.sys - ok
15:18:08.0859 3204  [ 6891B74AB9A016064E82A419388D0601 ] C:\WINDOWS\system32\drivers\tdi.sys
15:18:08.0859 3204  C:\WINDOWS\system32\drivers\tdi.sys - ok
15:18:08.0890 3204  [ C0F1D4A21DE5A415DF8170616703DEBF ] C:\WINDOWS\system32\drivers\msgpc.sys
15:18:08.0890 3204  C:\WINDOWS\system32\drivers\msgpc.sys - ok
15:18:08.0937 3204  [ 48671F327553DCF1D27F6197F622A668 ] C:\WINDOWS\system32\drivers\psched.sys
15:18:08.0937 3204  C:\WINDOWS\system32\drivers\psched.sys - ok
15:18:08.0968 3204  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
15:18:08.0968 3204  C:\WINDOWS\system32\drivers\ptilink.sys - ok
15:18:09.0015 3204  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
15:18:09.0015 3204  C:\WINDOWS\system32\drivers\raspti.sys - ok
15:18:09.0046 3204  [ B9540E258F952650DE8DEC68719A5C97 ] C:\WINDOWS\system32\drivers\ks.sys
15:18:09.0046 3204  C:\WINDOWS\system32\drivers\ks.sys - ok
15:18:09.0078 3204  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] C:\WINDOWS\system32\drivers\rdpdr.sys
15:18:09.0078 3204  C:\WINDOWS\system32\drivers\rdpdr.sys - ok
15:18:09.0093 3204  [ A540A99C281D933F3D69D55E48727F47 ] C:\WINDOWS\system32\drivers\termdd.sys
15:18:09.0093 3204  C:\WINDOWS\system32\drivers\termdd.sys - ok
15:18:09.0109 3204  [ 03C1BAE4766E2450219D20B993D6E046 ] C:\WINDOWS\system32\drivers\swenum.sys
15:18:09.0109 3204  C:\WINDOWS\system32\drivers\swenum.sys - ok
15:18:09.0140 3204  [ 469541F8BFD2B32659D5D463A6714BCE ] C:\WINDOWS\system32\drivers\mssmbios.sys
15:18:09.0140 3204  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
15:18:09.0171 3204  [ AFF2E5045961BBC0A602BB6F95EB1345 ] C:\WINDOWS\system32\drivers\update.sys
15:18:09.0171 3204  C:\WINDOWS\system32\drivers\update.sys - ok
15:18:09.0187 3204  [ 2F9F111D31AA3FBBE5781D829A4524E6 ] C:\WINDOWS\system32\drivers\btport.sys
15:18:09.0187 3204  C:\WINDOWS\system32\drivers\btport.sys - ok
15:18:09.0218 3204  [ 59FC3FB44D2669BC144FD87826BB571F ] C:\WINDOWS\system32\drivers\ndproxy.sys
15:18:09.0218 3204  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
15:18:09.0234 3204  [ FF86422268DE771D571E123EB7092C6A ] C:\WINDOWS\system32\drivers\drmk.sys
15:18:09.0234 3204  C:\WINDOWS\system32\drivers\drmk.sys - ok
15:18:09.0265 3204  [ BC6B2BC69C1E009443E8B1FE2DB96101 ] C:\WINDOWS\system32\drivers\portcls.sys
15:18:09.0265 3204  C:\WINDOWS\system32\drivers\portcls.sys - ok
15:18:09.0281 3204  [ 816A4F17DFFDEEB01896FE05991838E0 ] C:\WINDOWS\system32\drivers\RtkHDAud.sys
15:18:09.0281 3204  C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
15:18:09.0296 3204  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
15:18:09.0312 3204  C:\WINDOWS\system32\drivers\usbd.sys - ok
15:18:09.0328 3204  [ C72F40947F92CEA56A8FB532EDF025F1 ] C:\WINDOWS\system32\drivers\usbhub.sys
15:18:09.0328 3204  C:\WINDOWS\system32\drivers\usbhub.sys - ok
15:18:09.0343 3204  [ CED2E8396A8838E59D8FD529C680E02C ] C:\WINDOWS\system32\drivers\fdc.sys
15:18:09.0343 3204  C:\WINDOWS\system32\drivers\fdc.sys - ok
15:18:09.0359 3204  [ 0DD1DE43115B93F4D85E889D7A86F548 ] C:\WINDOWS\system32\drivers\flpydisk.sys
15:18:09.0359 3204  C:\WINDOWS\system32\drivers\flpydisk.sys - ok
15:18:09.0390 3204  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] C:\WINDOWS\system32\drivers\sfloppy.sys
15:18:09.0390 3204  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
15:18:09.0406 3204  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
15:18:09.0406 3204  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
15:18:09.0437 3204  [ AF9C19B3100FE010496B1A27181FBF72 ] C:\WINDOWS\system32\drivers\cdrom.sys
15:18:09.0437 3204  C:\WINDOWS\system32\drivers\cdrom.sys - ok
15:18:09.0468 3204  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
15:18:09.0468 3204  C:\WINDOWS\system32\drivers\beep.sys - ok
15:18:09.0484 3204  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
15:18:09.0484 3204  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
15:18:09.0515 3204  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
15:18:09.0515 3204  C:\WINDOWS\system32\drivers\null.sys - ok
15:18:09.0531 3204  [ D5A9D123F5ED7C9965A481BD20CF66D8 ] C:\WINDOWS\system32\drivers\videoprt.sys
15:18:09.0531 3204  C:\WINDOWS\system32\drivers\videoprt.sys - ok
15:18:09.0562 3204  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] C:\WINDOWS\system32\drivers\vga.sys
15:18:09.0562 3204  C:\WINDOWS\system32\drivers\vga.sys - ok
15:18:09.0578 3204  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
15:18:09.0578 3204  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
15:18:09.0593 3204  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
15:18:09.0593 3204  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
15:18:09.0625 3204  [ 561B3A4333CA2DBDBA28B5B956822519 ] C:\WINDOWS\system32\drivers\msfs.sys
15:18:09.0625 3204  C:\WINDOWS\system32\drivers\msfs.sys - ok
15:18:09.0640 3204  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] C:\WINDOWS\system32\drivers\npfs.sys
15:18:09.0640 3204  C:\WINDOWS\system32\drivers\npfs.sys - ok
15:18:09.0671 3204  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
15:18:09.0671 3204  C:\WINDOWS\system32\drivers\rasacd.sys - ok
15:18:09.0687 3204  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] C:\WINDOWS\system32\drivers\ipsec.sys
15:18:09.0687 3204  C:\WINDOWS\system32\drivers\ipsec.sys - ok
15:18:09.0718 3204  [ 9F4B36614A0FC234525BA224957DE55C ] C:\WINDOWS\system32\drivers\tcpip.sys
15:18:09.0718 3204  C:\WINDOWS\system32\drivers\tcpip.sys - ok
15:18:09.0750 3204  [ B5A8E215AC29D24D60B4D1250EF05ACE ] C:\WINDOWS\system32\drivers\ipnat.sys
15:18:09.0750 3204  C:\WINDOWS\system32\drivers\ipnat.sys - ok
15:18:09.0765 3204  [ 0C80E410CD2F47134407EE7DD19CC86B ] C:\WINDOWS\system32\drivers\netbt.sys
15:18:09.0765 3204  C:\WINDOWS\system32\drivers\netbt.sys - ok
15:18:09.0796 3204  [ 5AC495F4CB807B2B98AD2AD591E6D92E ] C:\WINDOWS\system32\drivers\afd.sys
15:18:09.0796 3204  C:\WINDOWS\system32\drivers\afd.sys - ok
15:18:09.0812 3204  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] C:\WINDOWS\system32\drivers\netbios.sys
15:18:09.0812 3204  C:\WINDOWS\system32\drivers\netbios.sys - ok
15:18:09.0828 3204  [ 29D66245ADBA878FFF574CD66ABD2884 ] C:\WINDOWS\system32\drivers\rdbss.sys
15:18:09.0828 3204  C:\WINDOWS\system32\drivers\rdbss.sys - ok
15:18:09.0843 3204  [ B31B4588E4086D8D84ADBF9845C2402B ] C:\WINDOWS\system32\drivers\redbook.sys
15:18:09.0843 3204  C:\WINDOWS\system32\drivers\redbook.sys - ok
15:18:09.0875 3204  [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
15:18:09.0875 3204  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
15:18:09.0890 3204  [ E153AB8A11DE5452BCF5AC7652DBF3ED ] C:\WINDOWS\system32\drivers\fips.sys
15:18:09.0890 3204  C:\WINDOWS\system32\drivers\fips.sys - ok
15:18:09.0921 3204  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] C:\WINDOWS\system32\drivers\imapi.sys
15:18:09.0921 3204  C:\WINDOWS\system32\drivers\imapi.sys - ok
15:18:09.0953 3204  [ BB5CBFFC096497506167BCE1D9690EF2 ] C:\WINDOWS\system32\ntdll.dll
15:18:09.0953 3204  C:\WINDOWS\system32\ntdll.dll - ok
15:18:09.0968 3204  [ BD7FB0957C716F1A60333AEE04DE2178 ] C:\WINDOWS\system32\smss.exe
15:18:09.0968 3204  C:\WINDOWS\system32\smss.exe - ok
15:18:10.0000 3204  [ B3415B9D6026F65E43089ABED096C38C ] C:\WINDOWS\system32\autochk.exe
15:18:10.0000 3204  C:\WINDOWS\system32\autochk.exe - ok
15:18:10.0015 3204  [ 30A609E00BD1D4FFC49D6B5A432BE7F2 ] C:\WINDOWS\system32\sfcfiles.dll
15:18:10.0015 3204  C:\WINDOWS\system32\sfcfiles.dll - ok
15:18:10.0046 3204  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] C:\WINDOWS\system32\drivers\usbscan.sys
15:18:10.0046 3204  C:\WINDOWS\system32\drivers\usbscan.sys - ok
15:18:10.0062 3204  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] C:\WINDOWS\system32\drivers\usbccgp.sys
15:18:10.0062 3204  C:\WINDOWS\system32\drivers\usbccgp.sys - ok
15:18:10.0093 3204  [ 8968FF3973A883C49E8B564200F565B9 ] C:\WINDOWS\system32\drivers\usbvideo.sys
15:18:10.0093 3204  C:\WINDOWS\system32\drivers\usbvideo.sys - ok
15:18:10.0109 3204  [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
15:18:10.0109 3204  C:\WINDOWS\system32\drivers\wmilib.sys - ok
15:18:10.0125 3204  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] C:\WINDOWS\system32\drivers\atapi.sys
15:18:10.0125 3204  C:\WINDOWS\system32\drivers\atapi.sys - ok
15:18:10.0156 3204  [ C9BF2F12C4E6C12F8A85FBA4B6BC6208 ] C:\WINDOWS\system32\watchdog.sys
15:18:10.0156 3204  C:\WINDOWS\system32\watchdog.sys - ok
15:18:10.0171 3204  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
15:18:10.0171 3204  C:\WINDOWS\system32\drivers\dxapi.sys - ok
15:18:10.0203 3204  [ B74C69A810949E7A54DC688CAE662206 ] C:\WINDOWS\system32\win32k.sys
15:18:10.0203 3204  C:\WINDOWS\system32\win32k.sys - ok
15:18:10.0218 3204  [ D06EAA8B23BC1F671B11D18CFEA65115 ] C:\WINDOWS\system32\csrsrv.dll
15:18:10.0218 3204  C:\WINDOWS\system32\csrsrv.dll - ok
15:18:10.0250 3204  [ F12B178B1678D778CFD3FF1FC38C71FB ] C:\WINDOWS\system32\csrss.exe
15:18:10.0250 3204  C:\WINDOWS\system32\csrss.exe - ok
15:18:10.0265 3204  [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
15:18:10.0265 3204  C:\WINDOWS\system32\basesrv.dll - ok
15:18:10.0296 3204  [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
15:18:10.0296 3204  C:\WINDOWS\system32\winsrv.dll - ok
15:18:10.0312 3204  [ C72661F8552ACE7C5C85E16A3CF505C4 ] C:\WINDOWS\system32\user32.dll
15:18:10.0312 3204  C:\WINDOWS\system32\user32.dll - ok
15:18:10.0343 3204  [ 888190E31455FAD793312F8D087146EB ] C:\WINDOWS\system32\kernel32.dll
15:18:10.0343 3204  C:\WINDOWS\system32\kernel32.dll - ok
15:18:10.0359 3204  [ F5AEE133BF44521852819C2202D82453 ] C:\WINDOWS\system32\gdi32.dll
15:18:10.0359 3204  C:\WINDOWS\system32\gdi32.dll - ok
15:18:10.0375 3204  [ D3DAC8432110AAD0B02A58B4459AB835 ] C:\WINDOWS\system32\drivers\dxg.sys
15:18:10.0375 3204  C:\WINDOWS\system32\drivers\dxg.sys - ok
15:18:10.0406 3204  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
15:18:10.0406 3204  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
15:18:10.0421 3204  [ D3C80B28E4F74E0BDD888A8798B29268 ] C:\WINDOWS\system32\framebuf.dll
15:18:10.0421 3204  C:\WINDOWS\system32\framebuf.dll - ok
15:18:10.0453 3204  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
15:18:10.0453 3204  C:\WINDOWS\system32\vga.dll - ok
15:18:10.0468 3204  [ 1FB5E4AD68B9091148D2A28CF6831D77 ] C:\WINDOWS\system32\vga256.dll
15:18:10.0468 3204  C:\WINDOWS\system32\vga256.dll - ok
15:18:10.0500 3204  [ D5A9D4E5DFD788A5F427DEC60A278FBD ] C:\WINDOWS\system32\vga64k.dll
15:18:10.0500 3204  C:\WINDOWS\system32\vga64k.dll - ok
15:18:10.0515 3204  [ 01C3346C241652F43AED8E2149881BFE ] C:\WINDOWS\system32\winlogon.exe
15:18:10.0515 3204  C:\WINDOWS\system32\winlogon.exe - ok
15:18:10.0546 3204  [ 1AFF244CA134956C54474F4E2433E4CE ] C:\WINDOWS\system32\advapi32.dll
15:18:10.0546 3204  C:\WINDOWS\system32\advapi32.dll - ok
15:18:10.0562 3204  [ 857AE842E5779194595C1AA6428690A2 ] C:\WINDOWS\system32\rpcrt4.dll
15:18:10.0562 3204  C:\WINDOWS\system32\rpcrt4.dll - ok
15:18:10.0593 3204  [ A3930A43856BD52772BA475648D6DB5B ] C:\WINDOWS\system32\authz.dll
15:18:10.0593 3204  C:\WINDOWS\system32\authz.dll - ok
15:18:10.0609 3204  [ B0FEFA816D61EC66AA765DDF534EAB5E ] C:\WINDOWS\system32\msvcrt.dll
15:18:10.0609 3204  C:\WINDOWS\system32\msvcrt.dll - ok
15:18:10.0625 3204  [ EFC958396A7A7EF7E6D4A52B97512E18 ] C:\WINDOWS\system32\crypt32.dll
15:18:10.0625 3204  C:\WINDOWS\system32\crypt32.dll - ok
15:18:10.0656 3204  [ 3CD1CE106CA2A9B4CC626D7DF03FBD6F ] C:\WINDOWS\system32\msasn1.dll
15:18:10.0656 3204  C:\WINDOWS\system32\msasn1.dll - ok
15:18:10.0687 3204  [ 458AB591E8CF240CC105A23671F2C3D6 ] C:\WINDOWS\system32\nddeapi.dll
15:18:10.0687 3204  C:\WINDOWS\system32\nddeapi.dll - ok
15:18:10.0703 3204  [ CD3879812B56F0F7AEB38A3CBC79C81E ] C:\WINDOWS\system32\netapi32.dll
15:18:10.0703 3204  C:\WINDOWS\system32\netapi32.dll - ok
15:18:10.0734 3204  [ FE4F71711CF5C17ADE5E506348132D24 ] C:\WINDOWS\system32\profmap.dll
15:18:10.0734 3204  C:\WINDOWS\system32\profmap.dll - ok
15:18:10.0750 3204  [ 2B9B56A89A8A42E917511972A6DB36E3 ] C:\WINDOWS\system32\userenv.dll
15:18:10.0750 3204  C:\WINDOWS\system32\userenv.dll - ok
15:18:10.0781 3204  [ 96E48C7EB9089D1DBF6F85CA11B264DF ] C:\WINDOWS\system32\psapi.dll
15:18:10.0781 3204  C:\WINDOWS\system32\psapi.dll - ok
15:18:10.0796 3204  [ 899ED710FDC37EB7D0115C2932C2B1EB ] C:\WINDOWS\system32\regapi.dll
15:18:10.0796 3204  C:\WINDOWS\system32\regapi.dll - ok
15:18:10.0828 3204  [ 81459CB8E975003AD28B8ABB8DFA8329 ] C:\WINDOWS\system32\secur32.dll
15:18:10.0828 3204  C:\WINDOWS\system32\secur32.dll - ok
15:18:10.0843 3204  [ 7808313CBC634EE08346D5DDFEF1CC5F ] C:\WINDOWS\system32\setupapi.dll
15:18:10.0843 3204  C:\WINDOWS\system32\setupapi.dll - ok
15:18:10.0859 3204  [ D38408967BE738D0C1B47005BCE8CEEB ] C:\WINDOWS\system32\version.dll
15:18:10.0859 3204  C:\WINDOWS\system32\version.dll - ok
15:18:10.0890 3204  [ 7BC4BA4C33ADF3EF5CD370D99BC60B04 ] C:\WINDOWS\system32\winsta.dll
15:18:10.0890 3204  C:\WINDOWS\system32\winsta.dll - ok
15:18:10.0906 3204  [ B015A20C60D2A751777A9C8207A7BA82 ] C:\WINDOWS\system32\wintrust.dll
15:18:10.0906 3204  C:\WINDOWS\system32\wintrust.dll - ok
15:18:10.0937 3204  [ 5AFCE94E8286B2F57A04DA37F01BF21A ] C:\WINDOWS\system32\imagehlp.dll
15:18:10.0937 3204  C:\WINDOWS\system32\imagehlp.dll - ok
15:18:10.0953 3204  [ 9BEACB911CA61E5881102188AB7FB431 ] C:\WINDOWS\system32\ws2help.dll
15:18:10.0953 3204  C:\WINDOWS\system32\ws2help.dll - ok
15:18:10.0984 3204  [ 2ED0B7F12A60F90092081C50FA0EC2B2 ] C:\WINDOWS\system32\ws2_32.dll
15:18:10.0984 3204  C:\WINDOWS\system32\ws2_32.dll - ok
15:18:11.0000 3204  [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
15:18:11.0000 3204  C:\WINDOWS\system32\kbdus.dll - ok
15:18:11.0031 3204  [ A29AF639AA180CC68C59242A10E1D3B1 ] C:\WINDOWS\system32\msgina.dll
15:18:11.0031 3204  C:\WINDOWS\system32\msgina.dll - ok
15:18:11.0046 3204  [ D5988A5048E4DC7175BCA9F29FC144AE ] C:\WINDOWS\system32\shell32.dll
15:18:11.0046 3204  C:\WINDOWS\system32\shell32.dll - ok
15:18:11.0078 3204  [ 5C201E9741BB40AF60A7C66D2B3AFCC4 ] C:\WINDOWS\system32\shlwapi.dll
15:18:11.0078 3204  C:\WINDOWS\system32\shlwapi.dll - ok
15:18:11.0093 3204  [ A77DFB85FAEE49D66C74DA6024EBC69B ] C:\WINDOWS\system32\comctl32.dll
15:18:11.0093 3204  C:\WINDOWS\system32\comctl32.dll - ok
15:18:11.0109 3204  [ F79D7D98CD764499ECCBAAF3F800D349 ] C:\WINDOWS\system32\odbc32.dll
15:18:11.0109 3204  C:\WINDOWS\system32\odbc32.dll - ok
15:18:11.0140 3204  [ 1EDB1BB89D021955E6F7265911175B8D ] C:\WINDOWS\system32\comdlg32.dll
15:18:11.0140 3204  C:\WINDOWS\system32\comdlg32.dll - ok
15:18:11.0156 3204  [ BCDF5F4BAE714231ECC916A1EF724627 ] C:\WINDOWS\system32\sxs.dll
15:18:11.0156 3204  C:\WINDOWS\system32\sxs.dll - ok
15:18:11.0187 3204  [ 5AF68A5E44734A082442668E9C787743 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
15:18:11.0187 3204  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll - ok
15:18:11.0203 3204  [ C237FB08F52F27823C4E4E6705ECD196 ] C:\WINDOWS\system32\odbcint.dll
15:18:11.0203 3204  C:\WINDOWS\system32\odbcint.dll - ok
15:18:11.0234 3204  [ E8A12A12EA9088B4327D49EDCA3ADD3E ] C:\WINDOWS\system32\sfc.dll
15:18:11.0234 3204  C:\WINDOWS\system32\sfc.dll - ok
15:18:11.0250 3204  [ 9858CC4D73A4CCF2F852FAE07C11A0B5 ] C:\WINDOWS\system32\sfc_os.dll
15:18:11.0250 3204  C:\WINDOWS\system32\sfc_os.dll - ok
15:18:11.0281 3204  [ E7518DC542D3EBDCB80EDD98462C7821 ] C:\WINDOWS\system32\shsvcs.dll
15:18:11.0281 3204  C:\WINDOWS\system32\shsvcs.dll - ok
15:18:11.0296 3204  [ 4FE9D9FA62D020E35E0AC6D1AEEB96F0 ] C:\WINDOWS\system32\ole32.dll
15:18:11.0296 3204  C:\WINDOWS\system32\ole32.dll - ok
15:18:11.0328 3204  [ ECA24AB73FCFFA754D4070CDB03529E3 ] C:\WINDOWS\system32\apphelp.dll
15:18:11.0328 3204  C:\WINDOWS\system32\apphelp.dll - ok
15:18:11.0343 3204  [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
15:18:11.0343 3204  C:\WINDOWS\system32\services.exe - ok
15:18:11.0375 3204  [ 84885F9B82F4D55C6146EBF6065D75D2 ] C:\WINDOWS\system32\lsass.exe
15:18:11.0375 3204  C:\WINDOWS\system32\lsass.exe - ok
15:18:11.0390 3204  [ 3BC20B8CF096F7D19B0236E934866098 ] C:\WINDOWS\system32\lsasrv.dll
15:18:11.0390 3204  C:\WINDOWS\system32\lsasrv.dll - ok
15:18:11.0406 3204  [ 9A42C1F3154545A4D32E5043038B01FA ] C:\WINDOWS\system32\scesrv.dll
15:18:11.0406 3204  C:\WINDOWS\system32\scesrv.dll - ok
15:18:11.0437 3204  [ DA201A0A309B96381FD674D0FAB5DA86 ] C:\WINDOWS\system32\ncobjapi.dll
15:18:11.0437 3204  C:\WINDOWS\system32\ncobjapi.dll - ok
15:18:11.0453 3204  [ B43A92C15AE97C6E609C88129CFEE53B ] C:\WINDOWS\system32\umpnpmgr.dll
15:18:11.0453 3204  C:\WINDOWS\system32\umpnpmgr.dll - ok
15:18:11.0484 3204  [ 1F57EB5B92B2AC7F9D71A77D184D8C13 ] C:\WINDOWS\system32\msvcp60.dll
15:18:11.0484 3204  C:\WINDOWS\system32\msvcp60.dll - ok
15:18:11.0500 3204  [ E15154E7FDA8A580A8F74C7CC16B1FFE ] C:\WINDOWS\system32\samsrv.dll
15:18:11.0500 3204  C:\WINDOWS\system32\samsrv.dll - ok
15:18:11.0531 3204  [ 43DA983415EA533F9E667FDB415F4655 ] C:\WINDOWS\system32\shimeng.dll
15:18:11.0531 3204  C:\WINDOWS\system32\shimeng.dll - ok
15:18:11.0546 3204  [ FB537F29A827D78F756154CF397A113F ] C:\WINDOWS\AppPatch\AcGenral.dll
15:18:11.0546 3204  C:\WINDOWS\AppPatch\AcGenral.dll - ok
15:18:11.0578 3204  [ EF5B64A9CD71ED27E837165C08DA4CC1 ] C:\WINDOWS\system32\cryptdll.dll
15:18:11.0578 3204  C:\WINDOWS\system32\cryptdll.dll - ok
15:18:11.0609 3204  [ C76735BFB7214907B4590DD35AE64A79 ] C:\WINDOWS\system32\dnsapi.dll
15:18:11.0609 3204  C:\WINDOWS\system32\dnsapi.dll - ok
15:18:11.0625 3204  [ EBE12F403FDE45E7312E7BF764BFB6C6 ] C:\WINDOWS\system32\samlib.dll
15:18:11.0625 3204  C:\WINDOWS\system32\samlib.dll - ok
15:18:11.0640 3204  [ 2CFE80AA3428C09E6DE67FAC50DA65CF ] C:\WINDOWS\system32\mpr.dll
15:18:11.0640 3204  C:\WINDOWS\system32\mpr.dll - ok
15:18:11.0656 3204  [ 6201BACF384292A5FE94CE73364AE53A ] C:\WINDOWS\system32\ntdsapi.dll
15:18:11.0656 3204  C:\WINDOWS\system32\ntdsapi.dll - ok
15:18:11.0687 3204  [ 10F36FA092D7A309A0647FCDC764AE6C ] C:\WINDOWS\system32\wldap32.dll
15:18:11.0687 3204  C:\WINDOWS\system32\wldap32.dll - ok
15:18:11.0703 3204  [ 90FDAA22F38D9E911F91FA3B8A1F7E5D ] C:\WINDOWS\system32\winmm.dll
15:18:11.0718 3204  C:\WINDOWS\system32\winmm.dll - ok
15:18:11.0734 3204  [ B3742DEE858B243E77C73D2B8F7C8223 ] C:\WINDOWS\system32\oleaut32.dll
15:18:11.0734 3204  C:\WINDOWS\system32\oleaut32.dll - ok
15:18:11.0750 3204  [ 975D12353B1D525C0F3444C447FB3B9A ] C:\WINDOWS\system32\msacm32.dll
15:18:11.0750 3204  C:\WINDOWS\system32\msacm32.dll - ok
15:18:11.0781 3204  [ 984EF0B9788ABF89974CFED4BFBAACBC ] C:\WINDOWS\system32\drivers\wanarp.sys
15:18:11.0781 3204  C:\WINDOWS\system32\drivers\wanarp.sys - ok
15:18:11.0812 3204  [ 2CDE496666A975A2CE8F969F3042C8DB ] C:\WINDOWS\system32\uxtheme.dll
15:18:11.0812 3204  C:\WINDOWS\system32\uxtheme.dll - ok
15:18:11.0828 3204  [ 29632E787DCFC0085A555C681EB82693 ] C:\WINDOWS\system32\schannel.dll
15:18:11.0828 3204  C:\WINDOWS\system32\schannel.dll - ok
15:18:11.0859 3204  [ 6BEC17053284E847CF1FBB8C9A181E1E ] C:\WINDOWS\system32\msprivs.dll
15:18:11.0859 3204  C:\WINDOWS\system32\msprivs.dll - ok
15:18:11.0875 3204  [ 940813D4CA9193D6C1A0BA10E0ED9B4E ] C:\WINDOWS\system32\kerberos.dll
15:18:11.0875 3204  C:\WINDOWS\system32\kerberos.dll - ok
15:18:11.0890 3204  [ 77C41F9146450C89534704A75836CE56 ] C:\WINDOWS\system32\msv1_0.dll
15:18:11.0890 3204  C:\WINDOWS\system32\msv1_0.dll - ok
15:18:11.0921 3204  [ 42A1912DBDF8BCC087A1CAE008DB060C ] C:\WINDOWS\system32\iphlpapi.dll
15:18:11.0921 3204  C:\WINDOWS\system32\iphlpapi.dll - ok
15:18:11.0937 3204  [ 96353FCECBA774BB8DA74A1C6507015A ] C:\WINDOWS\system32\netlogon.dll
15:18:11.0937 3204  C:\WINDOWS\system32\netlogon.dll - ok
15:18:11.0968 3204  [ 2B281958F5D0CF99ED626E3EF39D5C8D ] C:\WINDOWS\system32\w32time.dll
15:18:11.0968 3204  C:\WINDOWS\system32\w32time.dll - ok
15:18:11.0984 3204  [ A8B82C5D30B7AB937E164AB349478FBA ] C:\WINDOWS\system32\wdigest.dll
15:18:11.0984 3204  C:\WINDOWS\system32\wdigest.dll - ok
15:18:12.0015 3204  [ 26ACBD865F8CFF730F1791C4D0854352 ] C:\WINDOWS\system32\rsaenh.dll
15:18:12.0015 3204  C:\WINDOWS\system32\rsaenh.dll - ok
15:18:12.0031 3204  [ 7BCB23FA39CE266AF4347A6BEAB60F8C ] C:\WINDOWS\system32\winscard.dll
15:18:12.0031 3204  C:\WINDOWS\system32\winscard.dll - ok
15:18:12.0062 3204  [ 67F2D109AB373FECEB819F420DB11F03 ] C:\WINDOWS\system32\wtsapi32.dll
15:18:12.0062 3204  C:\WINDOWS\system32\wtsapi32.dll - ok
15:18:12.0078 3204  [ 0F78E27F563F2AAF74B91A49E2ABF19A ] C:\WINDOWS\system32\scecli.dll
15:18:12.0078 3204  C:\WINDOWS\system32\scecli.dll - ok
15:18:12.0109 3204  [ 8F078AE4ED187AAABC0A305146DE6716 ] C:\WINDOWS\system32\svchost.exe
15:18:12.0109 3204  C:\WINDOWS\system32\svchost.exe - ok
15:18:12.0125 3204  [ DAA91B358E685FC6CCA9ACA72BE6FE85 ] C:\WINDOWS\system32\ntmarta.dll
15:18:12.0125 3204  C:\WINDOWS\system32\ntmarta.dll - ok
15:18:12.0140 3204  [ 5C83A4408604F737717AB96371201680 ] C:\WINDOWS\system32\rpcss.dll
15:18:12.0140 3204  C:\WINDOWS\system32\rpcss.dll - ok
15:18:12.0171 3204  [ 1320AEA7057A26A671D9548CC7BEBDA5 ] C:\WINDOWS\system32\xpsp2res.dll
15:18:12.0171 3204  C:\WINDOWS\system32\xpsp2res.dll - ok
15:18:12.0187 3204  [ 82B24CB70E5944E6E34662205A2A5B78 ] C:\WINDOWS\system32\eventlog.dll
15:18:12.0187 3204  C:\WINDOWS\system32\eventlog.dll - ok
15:18:12.0218 3204  [ 4E74AF063C3271FBEA20DD940CFD1184 ] C:\WINDOWS\system32\mswsock.dll
15:18:12.0218 3204  C:\WINDOWS\system32\mswsock.dll - ok
15:18:12.0250 3204  [ 765B30C776A1780B46B479FE614F707C ] C:\WINDOWS\system32\hnetcfg.dll
15:18:12.0250 3204  C:\WINDOWS\system32\hnetcfg.dll - ok
15:18:12.0265 3204  [ A7F95A53EE055115DF03588997A47D4D ] C:\WINDOWS\system32\wshtcpip.dll
15:18:12.0265 3204  C:\WINDOWS\system32\wshtcpip.dll - ok
15:18:12.0296 3204  [ 2C8FDB176F22629EA5342DB474FAC391 ] C:\WINDOWS\system32\winrnr.dll
15:18:12.0296 3204  C:\WINDOWS\system32\winrnr.dll - ok
15:18:12.0328 3204  [ 4CAEC028C1E21C75E17877D4522D3DB4 ] C:\WINDOWS\system32\rasadhlp.dll
15:18:12.0328 3204  C:\WINDOWS\system32\rasadhlp.dll - ok
15:18:12.0343 3204  [ CB6CA3E5261D65F6F809EED23BF167AA ] C:\WINDOWS\system32\dhcpcsvc.dll
15:18:12.0343 3204  C:\WINDOWS\system32\dhcpcsvc.dll - ok
15:18:12.0375 3204  [ 34D6CD56409DA9A7ED573E1C90A308BF ] C:\WINDOWS\system32\drivers\ndisuio.sys
15:18:12.0375 3204  C:\WINDOWS\system32\drivers\ndisuio.sys - ok
15:18:12.0390 3204  [ 7379DE06FD196E396A00AA97B990C00D ] C:\WINDOWS\system32\dnsrslvr.dll
15:18:12.0390 3204  C:\WINDOWS\system32\dnsrslvr.dll - ok
15:18:12.0421 3204  [ B3EFF6D938C572E90A07B3D87A3C7657 ] C:\WINDOWS\system32\lmhsvc.dll
15:18:12.0421 3204  C:\WINDOWS\system32\lmhsvc.dll - ok
15:18:12.0437 3204  [ 5A91E6FEAB9F901302FA7FF768C0120F ] C:\WINDOWS\system32\wzcsvc.dll
15:18:12.0437 3204  C:\WINDOWS\system32\wzcsvc.dll - ok
15:18:12.0468 3204  [ A57B8ACD54AFBE482042C285C2767EBF ] C:\WINDOWS\system32\esent.dll
15:18:12.0468 3204  C:\WINDOWS\system32\esent.dll - ok
15:18:12.0484 3204  [ 2030FA027E7C3E0A145649C03171457B ] C:\WINDOWS\system32\rtutils.dll
15:18:12.0484 3204  C:\WINDOWS\system32\rtutils.dll - ok
15:18:12.0515 3204  [ E682696D7F982494A8CFC80C5B59D422 ] C:\WINDOWS\system32\wmi.dll
15:18:12.0515 3204  C:\WINDOWS\system32\wmi.dll - ok
15:18:12.0546 3204  [ 2D40EDB9BF811590DAD7406DEC67B926 ] C:\WINDOWS\system32\atl.dll
15:18:12.0546 3204  C:\WINDOWS\system32\atl.dll - ok
15:18:12.0578 3204  [ E26F50A92EE564F21C30501AA6173676 ] C:\WINDOWS\system32\clbcatq.dll
15:18:12.0578 3204  C:\WINDOWS\system32\clbcatq.dll - ok
15:18:12.0593 3204  [ 6728270CB7DBB776ED086F5AC4C82310 ] C:\WINDOWS\system32\comres.dll
15:18:12.0593 3204  C:\WINDOWS\system32\comres.dll - ok
15:18:12.0625 3204  [ 4AC302BF714DC163E685D0A187A36D0F ] C:\WINDOWS\system32\cryptui.dll
15:18:12.0625 3204  C:\WINDOWS\system32\cryptui.dll - ok
15:18:12.0640 3204  [ ADEAC063A3757E8FBC242BB4414D632B ] C:\WINDOWS\system32\rastls.dll
15:18:12.0640 3204  C:\WINDOWS\system32\rastls.dll - ok
15:18:12.0671 3204  [ C0823FC5469663BA63E7DB88F9919D70 ] C:\WINDOWS\system32\wininet.dll
15:18:12.0671 3204  C:\WINDOWS\system32\wininet.dll - ok
15:18:12.0687 3204  [ 9F78F329B1858E845087B923B4DBA0F3 ] C:\WINDOWS\system32\mprapi.dll
15:18:12.0687 3204  C:\WINDOWS\system32\mprapi.dll - ok
15:18:12.0718 3204  [ 875D770F477E0AE0088BE1810D537B23 ] C:\WINDOWS\system32\activeds.dll
15:18:12.0718 3204  C:\WINDOWS\system32\activeds.dll - ok
15:18:12.0750 3204  [ 12A581CA44E53B09D24C5B94F252C78D ] C:\WINDOWS\system32\adsldpc.dll
15:18:12.0750 3204  C:\WINDOWS\system32\adsldpc.dll - ok
15:18:12.0765 3204  [ CD1F7ED9842138BEADF9ECBF37818BEF ] C:\WINDOWS\system32\rasapi32.dll
15:18:12.0765 3204  C:\WINDOWS\system32\rasapi32.dll - ok
15:18:12.0796 3204  [ 30E244A707E6CE0A4B099CD6384EC6CA ] C:\WINDOWS\system32\rasman.dll
15:18:12.0796 3204  C:\WINDOWS\system32\rasman.dll - ok
15:18:12.0828 3204  [ 6307A1B82F6CA87D7E0CDF49E6E7BC00 ] C:\WINDOWS\system32\tapi32.dll
15:18:12.0828 3204  C:\WINDOWS\system32\tapi32.dll - ok
15:18:12.0843 3204  [ A0BC687A49542C40EB60B7308F454E8A ] C:\WINDOWS\system32\riched20.dll
15:18:12.0843 3204  C:\WINDOWS\system32\riched20.dll - ok
15:18:12.0875 3204  [ 0346DA24DE3C85909717D5997510A31F ] C:\WINDOWS\system32\mlang.dll
15:18:12.0875 3204  C:\WINDOWS\system32\mlang.dll - ok
15:18:12.0906 3204  [ 1B0F0FC350C77B62A4B927810E53B2BF ] C:\WINDOWS\system32\raschap.dll
15:18:12.0906 3204  C:\WINDOWS\system32\raschap.dll - ok
15:18:12.0921 3204  [ 7DB59FFF2AF32C27EB2276424FA5EDDB ] C:\WINDOWS\system32\logonui.exe
15:18:12.0921 3204  C:\WINDOWS\system32\logonui.exe - ok
15:18:12.0937 3204  [ 59E9857ABC6C62AF55EB29FA68354805 ] C:\WINDOWS\system32\xmlprovi.dll
15:18:12.0937 3204  C:\WINDOWS\system32\xmlprovi.dll - ok
15:18:12.0968 3204  [ 587729679B4FE04CE06A5C61D6C56DCD ] C:\WINDOWS\system32\cscdll.dll
15:18:12.0968 3204  C:\WINDOWS\system32\cscdll.dll - ok
15:18:12.0984 3204  [ 9A9BBC71D0EBCD400A33ABCD5F0AB39C ] C:\WINDOWS\system32\wzcsapi.dll
15:18:12.0984 3204  C:\WINDOWS\system32\wzcsapi.dll - ok
15:18:13.0015 3204  [ 777EB29D0135D81AD9828A2B05443496 ] C:\WINDOWS\system32\winspool.drv
15:18:13.0015 3204  C:\WINDOWS\system32\winspool.drv - ok
15:18:13.0046 3204  [ A599E5E366C1408E48AA5D37882D4E3E ] C:\WINDOWS\system32\wlnotify.dll
15:18:13.0046 3204  C:\WINDOWS\system32\wlnotify.dll - ok
15:18:13.0078 3204  [ ED7E847905DD2797565B4B695E92F42B ] C:\WINDOWS\system32\duser.dll
15:18:13.0078 3204  C:\WINDOWS\system32\duser.dll - ok
15:18:13.0093 3204  [ B5331F2B6F37C66C29C847F3B94FF900 ] C:\WINDOWS\system32\msimg32.dll
15:18:13.0093 3204  C:\WINDOWS\system32\msimg32.dll - ok
15:18:13.0125 3204  [ 5F2DBE3CB563741C8084657BF956CE64 ] C:\WINDOWS\system32\oleacc.dll
15:18:13.0125 3204  C:\WINDOWS\system32\oleacc.dll - ok
15:18:13.0156 3204  [ 92360854316611F6CC471612213C3D92 ] C:\WINDOWS\system32\schedsvc.dll
15:18:13.0156 3204  C:\WINDOWS\system32\schedsvc.dll - ok
15:18:13.0156 3204  [ 249817F51C84D283E96E6B2580D21FFD ] C:\WINDOWS\system32\msidle.dll
15:18:13.0156 3204  C:\WINDOWS\system32\msidle.dll - ok
15:18:13.0187 3204  [ 7435B108B935E42EA92CA94F59C8E717 ] C:\WINDOWS\system32\spoolsv.exe
15:18:13.0187 3204  C:\WINDOWS\system32\spoolsv.exe - ok
15:18:13.0218 3204  [ 1D3A8A40F8045100A3E35C5F9BC6C5DE ] C:\WINDOWS\system32\shgina.dll
15:18:13.0218 3204  C:\WINDOWS\system32\shgina.dll - ok
15:18:13.0234 3204  [ DB66DB626E4882EBEF55F136F12C1829 ] C:\WINDOWS\system32\audiosrv.dll
15:18:13.0234 3204  C:\WINDOWS\system32\audiosrv.dll - ok
15:18:13.0265 3204  [ 2C0A7B2AE9C26F2C163627679B42783C ] C:\WINDOWS\system32\wkssvc.dll
15:18:13.0265 3204  C:\WINDOWS\system32\wkssvc.dll - ok
15:18:13.0296 3204  [ 46EDCC8F2DB2F322C24F48785CB46366 ] C:\WINDOWS\system32\drivers\mrxdav.sys
15:18:13.0296 3204  C:\WINDOWS\system32\drivers\mrxdav.sys - ok
15:18:13.0312 3204  [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] C:\WINDOWS\system32\webclnt.dll
15:18:13.0312 3204  C:\WINDOWS\system32\webclnt.dll - ok
15:18:13.0343 3204  [ 19D0EAB2740080925F812FF36A2D6378 ] C:\WINDOWS\system32\urlmon.dll
15:18:13.0343 3204  C:\WINDOWS\system32\urlmon.dll - ok
15:18:13.0375 3204  [ 29744EB4CE659DFE3B4122DEB45BC478 ] C:\WINDOWS\system32\drivers\parport.sys
15:18:13.0375 3204  C:\WINDOWS\system32\drivers\parport.sys - ok
15:18:13.0390 3204  [ 53AF9F2B2CE4B6EFF41C70417359D010 ] C:\WINDOWS\system32\wsock32.dll
15:18:13.0390 3204  C:\WINDOWS\system32\wsock32.dll - ok
15:18:13.0406 3204  [ CD9404D115A00D249F70A371B46D5A26 ] C:\WINDOWS\system32\drivers\serial.sys
15:18:13.0406 3204  C:\WINDOWS\system32\drivers\serial.sys - ok
15:18:13.0437 3204  [ 2C69EC7E5A311334D10DD95F338FCCEA ] C:\WINDOWS\system32\qmgr.dll
15:18:13.0437 3204  C:\WINDOWS\system32\qmgr.dll - ok
15:18:13.0453 3204  [ 7C8F371C924DAA376217E553378275BA ] C:\WINDOWS\system32\shfolder.dll
15:18:13.0453 3204  C:\WINDOWS\system32\shfolder.dll - ok
15:18:13.0484 3204  [ EA82A55F22654FBEDCBD82D2D4305B45 ] C:\WINDOWS\system32\winhttp.dll
15:18:13.0484 3204  C:\WINDOWS\system32\winhttp.dll - ok
15:18:13.0515 3204  [ 1639D9964C9E1B2ECCA95C8217D3E70D ] C:\WINDOWS\system32\dmserver.dll
15:18:13.0515 3204  C:\WINDOWS\system32\dmserver.dll - ok
15:18:13.0531 3204  [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] C:\WINDOWS\system32\ersvc.dll
15:18:13.0531 3204  C:\WINDOWS\system32\ersvc.dll - ok
15:18:13.0562 3204  [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files\Google\Update\GoogleUpdate.exe
15:18:13.0562 3204  C:\Program Files\Google\Update\GoogleUpdate.exe - ok
15:18:13.0578 3204  [ 10654F9DDCEA9C46CFB77554231BE73B ] C:\WINDOWS\system32\cryptsvc.dll
15:18:13.0578 3204  C:\WINDOWS\system32\cryptsvc.dll - ok
15:18:13.0609 3204  [ AD44C5BC21213F394F6AFCB55CC39293 ] C:\WINDOWS\system32\certcli.dll
15:18:13.0609 3204  C:\WINDOWS\system32\certcli.dll - ok
15:18:13.0640 3204  [ ACD36A2DD7D1E9D8A060AA651DC07E63 ] C:\WINDOWS\system32\es.dll
15:18:13.0640 3204  C:\WINDOWS\system32\es.dll - ok
15:18:13.0671 3204  [ 2E5672EEA419A4DC9DACD714632E1DC3 ] C:\Program Files\Google\Update\1.3.21.135\goopdate.dll
15:18:13.0671 3204  C:\Program Files\Google\Update\1.3.21.135\goopdate.dll - ok
15:18:13.0671 3204  [ B3F880C585885993ED17B8731D80E6BE ] C:\WINDOWS\system32\msi.dll
15:18:13.0671 3204  C:\WINDOWS\system32\msi.dll - ok
15:18:13.0703 3204  [ 6479A184873F7CA797FF0375D711E9A6 ] C:\WINDOWS\system32\dbghelp.dll
15:18:13.0703 3204  C:\WINDOWS\system32\dbghelp.dll - ok
15:18:13.0718 3204  [ 8827911A8C37E40C027CBFC88E69D967 ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
15:18:13.0718 3204  C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
15:18:13.0750 3204  [ 18AFEE0EDE045B6255408D634372DC29 ] C:\WINDOWS\system32\hid.dll
15:18:13.0750 3204  C:\WINDOWS\system32\hid.dll - ok
15:18:13.0781 3204  [ 9376E6893E52B368ABC6255BF54F0B28 ] C:\WINDOWS\system32\hidserv.dll
15:18:13.0781 3204  C:\WINDOWS\system32\hidserv.dll - ok
15:18:13.0796 3204  [ E47FFCA0909871AC1BFF0D446FF63CA9 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
15:18:13.0796 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe - ok
15:18:13.0828 3204  [ BECDDA0990DEBD72A30096533521AD73 ] C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
15:18:13.0828 3204  C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe - ok
15:18:13.0843 3204  [ DAD1CEF1B77539B4EF734A1041CF95ED ] C:\WINDOWS\system32\mstask.dll
15:18:13.0843 3204  C:\WINDOWS\system32\mstask.dll - ok
15:18:13.0875 3204  [ 52F6F5D0174AF8020B22890520394CE0 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll
15:18:13.0875 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ushata.dll - ok
15:18:13.0906 3204  [ 8C8E916E24FE1C0DD07554B34064F564 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\avpinit.dll
15:18:13.0906 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\avpinit.dll - ok
15:18:13.0921 3204  [ B90F3789852CB8725833220CCCD1C9D1 ] C:\WINDOWS\system32\fltlib.dll
15:18:13.0921 3204  C:\WINDOWS\system32\fltlib.dll - ok
15:18:13.0937 3204  [ 8ECAE7BA330CC1A8F807FFBF9A40A950 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\avpmain.dll
15:18:13.0937 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\avpmain.dll - ok
15:18:13.0968 3204  [ 50D998B4B5549E95F8B9C790DB2F78C7 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\prremote.dll
15:18:13.0968 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\prremote.dll - ok
15:18:14.0000 3204  [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
15:18:14.0000 3204  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
15:18:14.0015 3204  [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
15:18:14.0015 3204  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
15:18:14.0046 3204  [ 3998A3FDB93A584EEB57D292439D3E1D ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\dumpwriter.dll
15:18:14.0046 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\dumpwriter.dll - ok
15:18:14.0062 3204  [ 11F714F85530A2BD134074DC30E99FCA ] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
15:18:14.0062 3204  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE - ok
15:18:14.0093 3204  [ EC2E03CF0AAE54FCBE436CC89BE52A3A ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\prloader.dll
15:18:14.0093 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\prloader.dll - ok
15:18:14.0125 3204  [ 93D32468D34E000CB3407947D1D6E22A ] C:\WINDOWS\system32\srvsvc.dll
15:18:14.0125 3204  C:\WINDOWS\system32\srvsvc.dll - ok
15:18:14.0156 3204  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
15:18:14.0156 3204  C:\WINDOWS\system32\netmsg.dll - ok
15:18:14.0171 3204  [ C5966E2813B92A5E37E95F33E8410E14 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\nfio.ppl
15:18:14.0171 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\nfio.ppl - ok
15:18:14.0187 3204  [ 20B7E396720353E4117D64D9DCB926CA ] C:\WINDOWS\system32\drivers\srv.sys
15:18:14.0187 3204  C:\WINDOWS\system32\drivers\srv.sys - ok
15:18:14.0218 3204  [ DED37DA67073115D370CB2634E53B793 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\fsdrvplg.ppl
15:18:14.0218 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\fsdrvplg.ppl - ok
15:18:14.0234 3204  [ DAB9E6C7105D2EF49876FE92C524F565 ] C:\WINDOWS\system32\netman.dll
15:18:14.0234 3204  C:\WINDOWS\system32\netman.dll - ok
15:18:14.0265 3204  [ FC4E79B2E5B7F19F688EDD9E5D3DC595 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\fssync.dll
15:18:14.0265 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\fssync.dll - ok
15:18:14.0281 3204  [ D1E299962B5956005113EC4AB1E0D9B7 ] C:\WINDOWS\system32\ipsecsvc.dll
15:18:14.0281 3204  C:\WINDOWS\system32\ipsecsvc.dll - ok
15:18:14.0312 3204  [ BF52A4D4EB4CFB3109667E429B93E21A ] C:\WINDOWS\system32\netshell.dll
15:18:14.0312 3204  C:\WINDOWS\system32\netshell.dll - ok
15:18:14.0343 3204  [ A76128BE63EEA6A3AF521A0576D3EBF7 ] C:\WINDOWS\system32\oakley.dll
15:18:14.0343 3204  C:\WINDOWS\system32\oakley.dll - ok
15:18:14.0359 3204  [ E277949FB0F4E90509A6A208AB88559D ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\winreg.ppl
15:18:14.0359 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\winreg.ppl - ok
15:18:14.0390 3204  [ 3151427DB7D87107D1C5BE58FAC53960 ] C:\WINDOWS\system32\regsvc.dll
15:18:14.0390 3204  C:\WINDOWS\system32\regsvc.dll - ok
15:18:14.0406 3204  [ 2B2F31E3F2CE3723C1B0F3700C8BE28B ] C:\WINDOWS\system32\winipsec.dll
15:18:14.0406 3204  C:\WINDOWS\system32\winipsec.dll - ok
15:18:14.0437 3204  [ CA093AE88517317F97BD1A4ABE8623BA ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\service.dll
15:18:14.0437 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\service.dll - ok
15:18:14.0453 3204  [ 4D3CCDF22D2B4BAE229BA73B81D13E26 ] C:\WINDOWS\system32\psbase.dll
15:18:14.0453 3204  C:\WINDOWS\system32\psbase.dll - ok
15:18:14.0468 3204  [ 306B30A036DB25FCB76B507FEDE07D58 ] C:\WINDOWS\system32\pstorsvc.dll
15:18:14.0468 3204  C:\WINDOWS\system32\pstorsvc.dll - ok
15:18:14.0500 3204  [ 932ED79E577C0D42AB9888287ED5C8D7 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\eka_meta.dll
15:18:14.0500 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\eka_meta.dll - ok
15:18:14.0515 3204  [ CACD2C63A79268D131EA37E85524CC44 ] C:\WINDOWS\system32\dssenh.dll
15:18:14.0515 3204  C:\WINDOWS\system32\dssenh.dll - ok
15:18:14.0546 3204  [ 1ECB753D7CEEC8F5A94C9781CA64EC44 ] C:\WINDOWS\system32\credui.dll
15:18:14.0546 3204  C:\WINDOWS\system32\credui.dll - ok
15:18:14.0562 3204  [ B1E0CE09895376871746F36DC5773B4F ] C:\WINDOWS\system32\seclogon.dll
15:18:14.0562 3204  C:\WINDOWS\system32\seclogon.dll - ok
15:18:14.0593 3204  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] C:\Program Files\Skype\Updater\Updater.exe
15:18:14.0593 3204  C:\Program Files\Skype\Updater\Updater.exe - ok
15:18:14.0625 3204  [ DFD9870CF39C791D86C4C209DA9FA919 ] C:\WINDOWS\system32\sens.dll
15:18:14.0625 3204  C:\WINDOWS\system32\sens.dll - ok
15:18:14.0640 3204  [ 8623FCC3AFFE0A9D8C6165543D138C58 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\esmgr.dll
15:18:14.0640 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\esmgr.dll - ok
15:18:14.0671 3204  [ 021063A1F708BCCD0AF228DF924A40DE ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\pxstub.ppl
15:18:14.0671 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\pxstub.ppl - ok
15:18:14.0687 3204  [ BA5E7B5CEF44E4F60F195C789F666CD7 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\params.ppl
15:18:14.0687 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\params.ppl - ok
15:18:14.0703 3204  [ EAC557409471B44D3341DF9768B621BA ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\thpimpl.ppl
15:18:14.0703 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\thpimpl.ppl - ok
15:18:14.0718 3204  [ 87B85BC1E1F6E0228876204A20A9C24C ] C:\WINDOWS\system32\spoolss.dll
15:18:14.0718 3204  C:\WINDOWS\system32\spoolss.dll - ok
15:18:14.0750 3204  [ EFB9F55F43B2524E48FE792BEF0D384E ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\propmap.ppl
15:18:14.0750 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\propmap.ppl - ok
15:18:14.0781 3204  [ 92BDF74F12D6CBEC43C94D4B7F804838 ] C:\WINDOWS\system32\srsvc.dll
15:18:14.0781 3204  C:\WINDOWS\system32\srsvc.dll - ok
15:18:14.0796 3204  [ 1B5F6923ABB450692E9FE0672C897AED ] C:\WINDOWS\system32\powrprof.dll
15:18:14.0796 3204  C:\WINDOWS\system32\powrprof.dll - ok
15:18:14.0828 3204  [ B14946D70C2A2317243274A6E3736D3E ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\filemap.ppl
15:18:14.0828 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\filemap.ppl - ok
15:18:14.0843 3204  [ 3215F584BF98ACAC49DE9A86A1A98710 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\tm.ppl
15:18:14.0843 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\tm.ppl - ok
15:18:14.0875 3204  [ 632DA8D8158DEB133FF086FF7171B2F6 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\dtreg.ppl
15:18:14.0875 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\dtreg.ppl - ok
15:18:14.0890 3204  [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] C:\WINDOWS\system32\tapisrv.dll
15:18:14.0890 3204  C:\WINDOWS\system32\tapisrv.dll - ok
15:18:14.0921 3204  [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] C:\WINDOWS\system32\wiaservc.dll
15:18:14.0921 3204  C:\WINDOWS\system32\wiaservc.dll - ok
15:18:14.0937 3204  [ 0FCB11B39AF688035E1CDE754684EE5C ] C:\WINDOWS\system32\cfgmgr32.dll
15:18:14.0937 3204  C:\WINDOWS\system32\cfgmgr32.dll - ok
15:18:14.0953 3204  [ E8A45791EF55E93137EFCC0EEAE2B938 ] C:\WINDOWS\system32\mscms.dll
15:18:14.0953 3204  C:\WINDOWS\system32\mscms.dll - ok
15:18:14.0984 3204  [ 6D9AC544B30F96C57F8206566C1FB6A1 ] C:\WINDOWS\system32\trkwks.dll
15:18:14.0984 3204  C:\WINDOWS\system32\trkwks.dll - ok
15:18:15.0000 3204  [ 79DABB124D00ADF19852AE879C201890 ] C:\WINDOWS\system32\vssapi.dll
15:18:15.0000 3204  C:\WINDOWS\system32\vssapi.dll - ok
15:18:15.0031 3204  [ F399242A80C4066FD155EFA4CF96658E ] C:\WINDOWS\system32\wbem\wmisvc.dll
15:18:15.0031 3204  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
15:18:15.0046 3204  [ 2BF24493488E91285E0AB7ECADC6B822 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\bl.ppl
15:18:15.0046 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\bl.ppl - ok
15:18:15.0078 3204  [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] C:\WINDOWS\system32\browser.dll
15:18:15.0078 3204  C:\WINDOWS\system32\browser.dll - ok
15:18:15.0093 3204  [ 41A3C11E3517C962C9B44893BCEC3B34 ] C:\WINDOWS\system32\rasmans.dll
15:18:15.0093 3204  C:\WINDOWS\system32\rasmans.dll - ok
15:18:15.0125 3204  [ E3AE8DC04643850D2DFD431443558B28 ] C:\WINDOWS\system32\netcfgx.dll
15:18:15.0125 3204  C:\WINDOWS\system32\netcfgx.dll - ok
15:18:15.0140 3204  [ 98C1FF6676E02D43DA208802286A6EE7 ] C:\WINDOWS\system32\clusapi.dll
15:18:15.0140 3204  C:\WINDOWS\system32\clusapi.dll - ok
15:18:15.0171 3204  [ 36CC8C01B5E50163037BEF56CB96DEFF ] C:\WINDOWS\system32\ipnathlp.dll
15:18:15.0171 3204  C:\WINDOWS\system32\ipnathlp.dll - ok
15:18:15.0203 3204  [ 81D6FFDDD22663CA32F8BEF9F107889D ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\vercheck.ppl
15:18:15.0203 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\vercheck.ppl - ok
15:18:15.0203 3204  [ A4D813B49057FCA29B16C1343424F79D ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\regmap.ppl
15:18:15.0203 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\regmap.ppl - ok
15:18:15.0234 3204  [ 4D59DAA66C60858CDF4F67A900F42D4A ] C:\WINDOWS\system32\wscsvc.dll
15:18:15.0234 3204  C:\WINDOWS\system32\wscsvc.dll - ok
15:18:15.0250 3204  [ 603EEEED14B3398532D2189119CE9B6B ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\avpinst.dll
15:18:15.0250 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\avpinst.dll - ok
15:18:15.0281 3204  [ 4E39C36213E95FB971A61A247BDE2F61 ] C:\WINDOWS\system32\wbem\wbemcomn.dll
15:18:15.0281 3204  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
15:18:15.0296 3204  [ 851547797C2A7F8A04841644C471A567 ] C:\WINDOWS\system32\wbem\wbemprox.dll
15:18:15.0296 3204  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
15:18:15.0328 3204  [ 36360B625D7290BBA2CD03AD4975E1BC ] C:\WINDOWS\system32\wbem\wbemcore.dll
15:18:15.0328 3204  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
15:18:15.0343 3204  [ 77BE435238DC00551C80E09B4EC2D5C4 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\am_facade.dll
15:18:15.0343 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\am_facade.dll - ok
15:18:15.0375 3204  [ DE578E4E6844954823FC7688625F00C8 ] C:\WINDOWS\system32\wbem\esscli.dll
15:18:15.0375 3204  C:\WINDOWS\system32\wbem\esscli.dll - ok
15:18:15.0390 3204  [ 8A8AB03962C9AEFC5D0471F629743338 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\metainfo.dll
15:18:15.0390 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\metainfo.dll - ok
15:18:15.0421 3204  [ C28500101BC66FDABD830F8DE51A59A0 ] C:\WINDOWS\system32\wbem\fastprox.dll
15:18:15.0421 3204  C:\WINDOWS\system32\wbem\fastprox.dll - ok
15:18:15.0437 3204  [ 7A136F1B080B1CC7A8E219054CCEB1B2 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\storage.dll
15:18:15.0437 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\storage.dll - ok
15:18:15.0468 3204  [ 652603D2A664D9BFC1D5EB0A9FAEA016 ] C:\WINDOWS\system32\comsvcs.dll
15:18:15.0468 3204  C:\WINDOWS\system32\comsvcs.dll - ok
15:18:15.0484 3204  [ 98C0492DA7971A62FAE73F884B637C35 ] C:\WINDOWS\system32\ptpusd.dll
15:18:15.0484 3204  C:\WINDOWS\system32\ptpusd.dll - ok
15:18:15.0500 3204  [ 39DD0C97932CDFDCF006569E1A942728 ] C:\WINDOWS\system32\wiavusd.dll
15:18:15.0500 3204  C:\WINDOWS\system32\wiavusd.dll - ok
15:18:15.0531 3204  [ 5CBD40C1A866FEDF82951DF3868948F4 ] C:\WINDOWS\system32\mtxclu.dll
15:18:15.0531 3204  C:\WINDOWS\system32\mtxclu.dll - ok
15:18:15.0546 3204  [ 201E12371ECD2BA04AB78B2AD5575C9E ] C:\WINDOWS\system32\colbact.dll
15:18:15.0546 3204  C:\WINDOWS\system32\colbact.dll - ok
15:18:15.0578 3204  [ 1D536BEBC30DD8D0D3B6FF3B0CD2D32B ] C:\WINDOWS\system32\rastapi.dll
15:18:15.0578 3204  C:\WINDOWS\system32\rastapi.dll - ok
15:18:15.0609 3204  [ 2738C8A33FF07DD3C99C7C8F0A85DA72 ] C:\WINDOWS\system32\resutils.dll
15:18:15.0609 3204  C:\WINDOWS\system32\resutils.dll - ok
15:18:15.0625 3204  [ 78BDC89C5D9E206209BEC5A5A73F91F7 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll
15:18:15.0625 3204  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\GdiPlus.dll - ok
15:18:15.0656 3204  [ 7D676AC8CC19341117C77C261647BA07 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
15:18:15.0656 3204  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
15:18:15.0671 3204  [ 1DFD6E8DA0FE2D14A5FA12CFCFB162C1 ] C:\WINDOWS\system32\unimdm.tsp
15:18:15.0671 3204  C:\WINDOWS\system32\unimdm.tsp - ok
15:18:15.0703 3204  [ BF84B8A80A002A0E6D7D6E3952569269 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ndetect.ppl
15:18:15.0703 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ndetect.ppl - ok
15:18:15.0718 3204  [ 5C36B5D824FB86BA812DA74A4C23424D ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\crpthlpr.ppl
15:18:15.0718 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\crpthlpr.ppl - ok
15:18:15.0734 3204  [ 3AB4213BF48F9062E087B909832AA8E6 ] C:\WINDOWS\system32\uniplat.dll
15:18:15.0734 3204  C:\WINDOWS\system32\uniplat.dll - ok
15:18:15.0765 3204  [ 0A1161DB4FCCF7821736C70D70A0F5A3 ] C:\WINDOWS\system32\wbem\wmiutils.dll
15:18:15.0765 3204  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
15:18:15.0781 3204  [ 9A66728EFE501D855D0FFE3DE023CE32 ] C:\WINDOWS\system32\wbem\repdrvfs.dll
15:18:15.0781 3204  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
15:18:15.0812 3204  [ 5217BA40DFEFFB00895EC279715EF9CB ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\report.ppl
15:18:15.0812 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\report.ppl - ok
15:18:15.0828 3204  [ 1F080CCC567D222A2DCB7CC285C6A7AD ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
15:18:15.0828 3204  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
15:18:15.0859 3204  [ A2F5B0B6010408B592FBE6BBD81A0D0A ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\schedule.ppl
15:18:15.0859 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\schedule.ppl - ok
15:18:15.0890 3204  [ 47B4B2467838828B2DDA43E2FD31606D ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\timer.ppl
15:18:15.0890 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\timer.ppl - ok
15:18:15.0906 3204  [ 13510490BEA0997DB625DAA0178CBFCA ] C:\WINDOWS\system32\actxprxy.dll
15:18:15.0906 3204  C:\WINDOWS\system32\actxprxy.dll - ok
15:18:15.0937 3204  [ 6708E1DDF12CAB2D5B5A2B66B76E0038 ] C:\WINDOWS\system32\wbem\wbemess.dll
15:18:15.0937 3204  C:\WINDOWS\system32\wbem\wbemess.dll - ok
15:18:15.0953 3204  [ 1A2B18F59FA3D73AF731A046DB0F781A ] C:\WINDOWS\system32\wuapi.dll
15:18:15.0953 3204  C:\WINDOWS\system32\wuapi.dll - ok
15:18:15.0984 3204  [ 6AE613FFF9F9DFEE552652662BFABE41 ] C:\WINDOWS\system32\wbem\ncprov.dll
15:18:15.0984 3204  C:\WINDOWS\system32\wbem\ncprov.dll - ok
15:18:16.0000 3204  [ 1B72D757763C358130531DC837B586C6 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\reportdb.ppl
15:18:16.0000 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\reportdb.ppl - ok
15:18:16.0015 3204  [ 7735385C0FA821961F9A1EBA94F2AC98 ] C:\WINDOWS\system32\kmddsp.tsp
15:18:16.0015 3204  C:\WINDOWS\system32\kmddsp.tsp - ok
15:18:16.0046 3204  [ 37D7005A87F6405DEA87F50098CE03F7 ] C:\WINDOWS\system32\ndptsp.tsp
15:18:16.0046 3204  C:\WINDOWS\system32\ndptsp.tsp - ok
15:18:16.0062 3204  [ 49361F295DF887AC32CD660CA94ACAA5 ] C:\WINDOWS\system32\h323.tsp
15:18:16.0062 3204  C:\WINDOWS\system32\h323.tsp - ok
15:18:16.0093 3204  [ A4C40AF21BF9F90E08A3C1DD0DC79E0B ] C:\WINDOWS\system32\ipconf.tsp
15:18:16.0093 3204  C:\WINDOWS\system32\ipconf.tsp - ok
15:18:16.0109 3204  [ 069E73627E4BD53EADDA5D53F1379542 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\stat.ppl
15:18:16.0109 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\stat.ppl - ok
15:18:16.0140 3204  [ 83168270F2E73A20E981B0F38A34958F ] C:\WINDOWS\system32\hidphone.tsp
15:18:16.0140 3204  C:\WINDOWS\system32\hidphone.tsp - ok
15:18:16.0156 3204  [ B5BEB279C54709F9E1DD9A7CADCF863A ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\threatsmanager.dll
15:18:16.0156 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\threatsmanager.dll - ok
15:18:16.0187 3204  [ 04ECEC0447F79419AD25227205B8277D ] C:\WINDOWS\system32\rasppp.dll
15:18:16.0187 3204  C:\WINDOWS\system32\rasppp.dll - ok
15:18:16.0203 3204  [ C5EF2A4F6CB968B3119B43F43C64A1A6 ] C:\WINDOWS\system32\ntlsapi.dll
15:18:16.0203 3204  C:\WINDOWS\system32\ntlsapi.dll - ok
15:18:16.0234 3204  [ 33740E38BE21BA07F7FBE3A4B61CB0D7 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qb.ppl
15:18:16.0234 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qb.ppl - ok
15:18:16.0234 3204  [ F79F4C73D4FFC0D199C1D27E29DB5B48 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ksnhelper.dll
15:18:16.0234 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ksnhelper.dll - ok
15:18:16.0265 3204  [ E43F7709F36444681978F9DC067A976B ] C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
15:18:16.0265 3204  C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe - ok
15:18:16.0281 3204  [ E7EE9E6E6CBC7929A5A3DB9F5CF095C0 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\packed_io.dll
15:18:16.0281 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\packed_io.dll - ok
15:18:16.0312 3204  [ 070AD442FA11A1FC4F695F7F93231825 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ksn_client.dll
15:18:16.0312 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ksn_client.dll - ok
15:18:16.0328 3204  [ 6A8661B0B63BDB4A5555AE2D906B96EA ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ksn_facade.dll
15:18:16.0328 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ksn_facade.dll - ok
15:18:16.0359 3204  [ A3209E8D70456D01DD2BB0C624C2AB12 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\transport_provider.dll
15:18:16.0359 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\transport_provider.dll - ok
15:18:16.0375 3204  [ 374F45E5A2C2632134AF67C2BC5C72C4 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\cryptostaticprovider.dll
15:18:16.0375 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\cryptostaticprovider.dll - ok
15:18:16.0406 3204  [ 376FBDA340404E04115B8F5210CD81DA ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\memmon.dll
15:18:16.0406 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\memmon.dll - ok
15:18:16.0437 3204  [ CCE1839C52D74A113FF5BAC6E1FC0495 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\avs.ppl
15:18:16.0437 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\avs.ppl - ok
15:18:16.0453 3204  [ AF8B7EE63077AF38B0AE3A91C372043B ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\procmon.ppl
15:18:16.0453 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\procmon.ppl - ok
15:18:16.0484 3204  [ D18D28CEF9FEA09359C7DE7BE3669F66 ] C:\WINDOWS\system32\wbem\wbemcons.dll
15:18:16.0484 3204  C:\WINDOWS\system32\wbem\wbemcons.dll - ok
15:18:16.0484 3204  [ F0758B13102C4120AE40E55242899EB5 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\dmap.ppl
15:18:16.0484 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\dmap.ppl - ok
15:18:16.0515 3204  [ FDFF7984838441BE3D458C8B4F106C23 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ichecker.dll
15:18:16.0515 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\ichecker.dll - ok
15:18:16.0546 3204  [ F2163DEE022F71C2523F42C980A5769E ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\excludemanager.dll
15:18:16.0546 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\excludemanager.dll - ok
15:18:16.0562 3204  [ 070EAD77219F8A97E6EA02FDF7397607 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\klifpp.dll
15:18:16.0562 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\klifpp.dll - ok
15:18:16.0593 3204  [ F1958FBF86D5C004CF19A5951A9514B7 ] C:\WINDOWS\system32\alg.exe
15:18:16.0593 3204  C:\WINDOWS\system32\alg.exe - ok
15:18:16.0609 3204  [ 1A46113F3B43DBD04D5A33B60B73074D ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\hashmd5.ppl
15:18:16.0609 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\hashmd5.ppl - ok
15:18:16.0640 3204  [ C7E81BEE01AF0A4599865C8685990873 ] C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\avengine.dll.c7e81bee01af0a4599865c8685990873
15:18:16.0640 3204  C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\avengine.dll.c7e81bee01af0a4599865c8685990873 - ok
15:18:16.0656 3204  [ 5E27E54F3B4175E0E6DFEE726B87A311 ] C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\kavbase.kdl.5e27e54f3b4175e0e6dfee726b87a311
15:18:16.0656 3204  C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\kavbase.kdl.5e27e54f3b4175e0e6dfee726b87a311 - ok
15:18:16.0687 3204  [ 2DE8B3750F5E699CB8E6C10DD3970437 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\acassembler.dll
15:18:16.0687 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\acassembler.dll - ok
15:18:16.0703 3204  [ 915F6694F918DC272BDEA73A2DAE812F ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\format_recognizer.dll
15:18:16.0703 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\format_recognizer.dll - ok
15:18:16.0734 3204  [ 1B87346303021C84ECC99A3F7CD1AB73 ] C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\klavemu.kdl.1b87346303021c84ecc99a3f7cd1ab73
15:18:16.0734 3204  C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\klavemu.kdl.1b87346303021c84ecc99a3f7cd1ab73 - ok
15:18:16.0750 3204  [ 08F0190AE201EC331B4CA3B0FA2D2CCE ] C:\WINDOWS\system32\cabinet.dll
15:18:16.0750 3204  C:\WINDOWS\system32\cabinet.dll - ok
15:18:16.0765 3204  [ A6720B2881C5B66257DD9B6DD954887D ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\processmonitor.dll
15:18:16.0765 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\processmonitor.dll - ok
15:18:16.0796 3204  [ A918B448BE75F1E6825549DDB6692D7A ] C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\kjim.kdl.a918b448be75f1e6825549ddb6692d7a
15:18:16.0796 3204  C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\kjim.kdl.a918b448be75f1e6825549ddb6692d7a - ok
15:18:16.0812 3204  [ 41595E24E93401B9FB4D36276FBCB35E ] C:\WINDOWS\system32\syssetup.dll
15:18:16.0812 3204  C:\WINDOWS\system32\syssetup.dll - ok
15:18:16.0843 3204  [ 87CA7CE6469577F059297B9D6556D66D ] C:\WINDOWS\system32\imm32.dll
15:18:16.0843 3204  C:\WINDOWS\system32\imm32.dll - ok
15:18:16.0859 3204  [ 317DF7C0EFF0939E6289F5C72F65BA51 ] C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\vlns.kdl.317df7c0eff0939e6289f5c72f65ba51
15:18:16.0859 3204  C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\vlns.kdl.317df7c0eff0939e6289f5c72f65ba51 - ok
15:18:16.0890 3204  [ FB1FEC251BAAA2AB4237FB3CFF510751 ] C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\qscan.kdl.fb1fec251baaa2ab4237fb3cff510751
15:18:16.0890 3204  C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\qscan.kdl.fb1fec251baaa2ab4237fb3cff510751 - ok
15:18:16.0921 3204  [ 7FC520E215B0B2B41FA2E224FE8F6030 ] C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\pbs.kdl.7fc520e215b0b2b41fa2e224fe8f6030
15:18:16.0921 3204  C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\pbs.kdl.7fc520e215b0b2b41fa2e224fe8f6030 - ok
15:18:16.0937 3204  [ CC7A567E299A103B794D5D77B51810AF ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\proxydet.ppl
15:18:16.0937 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\proxydet.ppl - ok
15:18:16.0968 3204  [ 0B219909E597679290E7C00230D3D2F0 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\updater.dll
15:18:16.0968 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\updater.dll - ok
15:18:16.0984 3204  [ 1D83A60ECA0C8142F8A280E9AE6667B5 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\diffs.dll
15:18:16.0984 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\diffs.dll - ok
15:18:17.0000 3204  [ 69D2B6F54B8D3AAE15E8112FAAC7979F ] C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\dns_client.dll.69d2b6f54b8d3aae15e8112faac7979f
15:18:17.0000 3204  C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\dns_client.dll.69d2b6f54b8d3aae15e8112faac7979f - ok
15:18:17.0031 3204  [ 51230212AE7F8159A90F06A7EA30DD8A ] C:\WINDOWS\system32\cscui.dll
15:18:17.0031 3204  C:\WINDOWS\system32\cscui.dll - ok
15:18:17.0062 3204  [ B60C877D16D9C880B952FDA04ADF16E6 ] C:\WINDOWS\system32\termsrv.dll
15:18:17.0062 3204  C:\WINDOWS\system32\termsrv.dll - ok
15:18:17.0093 3204  [ 37E7DB460A5315E4609B212C6C014527 ] C:\WINDOWS\system32\icaapi.dll
15:18:17.0093 3204  C:\WINDOWS\system32\icaapi.dll - ok
15:18:17.0109 3204  [ F7FC12EDD4F0C19490D37AF9570C50F8 ] C:\WINDOWS\system32\dpcdll.dll
15:18:17.0109 3204  C:\WINDOWS\system32\dpcdll.dll - ok
15:18:17.0156 3204  [ F5EE7CACD1784241F138A5E55B715897 ] C:\WINDOWS\system32\mstlsapi.dll
15:18:17.0156 3204  C:\WINDOWS\system32\mstlsapi.dll - ok
15:18:17.0171 3204  [ D6A8DC8C374EEA24744F2D4E87CA0E7E ] C:\WINDOWS\system32\wdmaud.drv
15:18:17.0171 3204  C:\WINDOWS\system32\wdmaud.drv - ok
15:18:17.0203 3204  [ 650AD082D46BAC0E64C9C0E0928492FD ] C:\WINDOWS\system32\drivers\sysaudio.sys
15:18:17.0203 3204  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
15:18:17.0234 3204  [ 2797F33EBF50466020C430EE4F037933 ] C:\WINDOWS\system32\drivers\wdmaud.sys
15:18:17.0234 3204  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
15:18:17.0250 3204  [ 8E186B8F23295D1E42C573B82B80D548 ] C:\WINDOWS\system32\drivers\splitter.sys
15:18:17.0250 3204  C:\WINDOWS\system32\drivers\splitter.sys - ok
15:18:17.0265 3204  [ 841F385C6CFAF66B58FBD898722BB4F0 ] C:\WINDOWS\system32\drivers\aec.sys
15:18:17.0265 3204  C:\WINDOWS\system32\drivers\aec.sys - ok
15:18:17.0281 3204  [ A6F881284AC1150E37D9AE47FF601267 ] C:\WINDOWS\system32\drivers\DMusic.sys
15:18:17.0281 3204  C:\WINDOWS\system32\drivers\DMusic.sys - ok
15:18:17.0312 3204  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] C:\WINDOWS\system32\drivers\swmidi.sys
15:18:17.0312 3204  C:\WINDOWS\system32\drivers\swmidi.sys - ok
15:18:17.0343 3204  [ 39B1FFB03C2296323832ACBAE50D2AFF ] C:\WINDOWS\system32\userinit.exe
15:18:17.0343 3204  C:\WINDOWS\system32\userinit.exe - ok
15:18:17.0359 3204  [ D93CAD07C5683DB066B0B2D2D3790EAD ] C:\WINDOWS\system32\drivers\kmixer.sys
15:18:17.0359 3204  C:\WINDOWS\system32\drivers\kmixer.sys - ok
15:18:17.0390 3204  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] C:\WINDOWS\system32\drivers\drmkaud.sys
15:18:17.0390 3204  C:\WINDOWS\system32\drivers\drmkaud.sys - ok
15:18:17.0406 3204  [ A0732187050030AE399B241436565E64 ] C:\WINDOWS\explorer.exe
15:18:17.0406 3204  C:\WINDOWS\explorer.exe - ok
15:18:17.0421 3204  [ AD93D4A84960163CD14E94B1EC3F6D33 ] C:\WINDOWS\system32\browseui.dll
15:18:17.0421 3204  C:\WINDOWS\system32\browseui.dll - ok
15:18:17.0437 3204  [ DA285490BBD8A1D0CE6623577D5BA1FF ] C:\WINDOWS\system32\rundll32.exe
15:18:17.0437 3204  C:\WINDOWS\system32\rundll32.exe - ok
15:18:17.0468 3204  [ 79CC4AAD58112A87175B65D8B2B4FFB7 ] C:\WINDOWS\system32\shdocvw.dll
15:18:17.0468 3204  C:\WINDOWS\system32\shdocvw.dll - ok
15:18:17.0484 3204  [ D39D208F543C7F539D03077742E88260 ] C:\WINDOWS\system32\newdev.dll
15:18:17.0484 3204  C:\WINDOWS\system32\newdev.dll - ok
15:18:17.0500 3204  [ E931B4DD87DFACE46468FD506FDCD262 ] C:\WINDOWS\system32\desk.cpl
15:18:17.0500 3204  C:\WINDOWS\system32\desk.cpl - ok
15:18:17.0531 3204  [ E6796D51CED309E46D29C0B787735615 ] C:\WINDOWS\system32\themeui.dll
15:18:17.0531 3204  C:\WINDOWS\system32\themeui.dll - ok
15:18:17.0546 3204  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
15:18:17.0546 3204  C:\WINDOWS\system32\msacm32.drv - ok
15:18:17.0578 3204  [ EEB024F2C81F0D55936FB825D21A91D6 ] C:\WINDOWS\system32\cmd.exe
15:18:17.0578 3204  C:\WINDOWS\system32\cmd.exe - ok
15:18:17.0593 3204  [ 3B4702155BB2AE9DC00C06A68834BDFA ] C:\WINDOWS\system32\midimap.dll
15:18:17.0593 3204  C:\WINDOWS\system32\midimap.dll - ok
15:18:17.0609 3204  [ 49911DD39E023BB6C45E4E436CFBD297 ] C:\WINDOWS\system32\wscntfy.exe
15:18:17.0609 3204  C:\WINDOWS\system32\wscntfy.exe - ok
15:18:17.0640 3204  [ CAD4AA32E7ECA00C23CC39C0EB833F9D ] C:\WINDOWS\system32\cryptnet.dll
15:18:17.0640 3204  C:\WINDOWS\system32\cryptnet.dll - ok
15:18:17.0656 3204  [ 6E205319848B8AF2A0DA52B8D63DB91E ] C:\WINDOWS\system32\sensapi.dll
15:18:17.0656 3204  C:\WINDOWS\system32\sensapi.dll - ok
15:18:17.0687 3204  [ E4DC1B9579C849E18472B9A852607173 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\avzkrnl.dll
15:18:17.0687 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\avzkrnl.dll - ok
15:18:17.0703 3204  [ 7B53984BB934E599A4E3668B2F678D48 ] C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\kavsys.kdl.7b53984bb934e599a4e3668b2f678d48
15:18:17.0703 3204  C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\kavsys.kdl.7b53984bb934e599a4e3668b2f678d48 - ok
15:18:17.0734 3204  [ 92DFF4EE3F31D4A8028788006D921D26 ] C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\uds.dll.92dff4ee3f31d4a8028788006d921d26
15:18:17.0734 3204  C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot\Bases\Cache\uds.dll.92dff4ee3f31d4a8028788006d921d26 - ok
15:18:17.0765 3204  [ 71D3D970127D939A4BB062B5040B6EBA ] C:\WINDOWS\system32\localspl.dll
15:18:17.0765 3204  C:\WINDOWS\system32\localspl.dll - ok
15:18:17.0765 3204  [ 381915766C2A5E47A7DB95423CE09A16 ] C:\WINDOWS\system32\AdobePDF.dll
15:18:17.0765 3204  C:\WINDOWS\system32\AdobePDF.dll - ok
15:18:17.0796 3204  [ F41A8F6E80DB4853CFC8613F72B53E12 ] C:\Program Files\Adobe\Acrobat 6.0\Distillr\adistres.dll
15:18:17.0796 3204  C:\Program Files\Adobe\Acrobat 6.0\Distillr\adistres.dll - ok
15:18:17.0812 3204  [ 7105749E78925FDFFD078DD54A8C2B70 ] C:\WINDOWS\system32\cnbjmon.dll
15:18:17.0812 3204  C:\WINDOWS\system32\cnbjmon.dll - ok
15:18:17.0843 3204  [ F3473950A3A9B2FBA52CEEC3EB343939 ] C:\WINDOWS\system32\bthcrp.dll
15:18:17.0843 3204  C:\WINDOWS\system32\bthcrp.dll - ok
15:18:17.0875 3204  [ A29127B81EA49F69A558A44FB7867027 ] C:\WINDOWS\system32\WidcommSdk.dll
15:18:17.0875 3204  C:\WINDOWS\system32\WidcommSdk.dll - ok
15:18:17.0890 3204  [ 12A44A55EFA7C060152F7E4E16AD63FB ] C:\WINDOWS\system32\wbtapi.dll
15:18:17.0890 3204  C:\WINDOWS\system32\wbtapi.dll - ok
15:18:17.0921 3204  [ 4602907535FD682195DFFF9117365826 ] C:\WINDOWS\system32\mfc42.dll
15:18:17.0921 3204  C:\WINDOWS\system32\mfc42.dll - ok
15:18:17.0937 3204  [ CF0376023360AADD55C89BA50564AFDC ] C:\WINDOWS\system32\mdimon.dll
15:18:17.0937 3204  C:\WINDOWS\system32\mdimon.dll - ok
15:18:17.0968 3204  [ C44BC10BA73575C91FF50CDAF4D8E370 ] C:\WINDOWS\system32\pjlmon.dll
15:18:17.0968 3204  C:\WINDOWS\system32\pjlmon.dll - ok
15:18:17.0984 3204  [ A3F853629F7F2537157EA6EA9857EA56 ] C:\WINDOWS\system32\tcpmon.dll
15:18:17.0984 3204  C:\WINDOWS\system32\tcpmon.dll - ok
15:18:18.0015 3204  [ 242D07D7FC72AD897944BFF932D57C3C ] C:\WINDOWS\system32\usbmon.dll
15:18:18.0015 3204  C:\WINDOWS\system32\usbmon.dll - ok
15:18:18.0031 3204  [ 58E13A2292839321D3CDC918D5A4F5AE ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
15:18:18.0031 3204  C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
15:18:18.0046 3204  [ 84A5644AE4731202A4A02E6342D29BA6 ] C:\WINDOWS\system32\netrap.dll
15:18:18.0046 3204  C:\WINDOWS\system32\netrap.dll - ok
15:18:18.0078 3204  [ A1C10F87248529173F39F4B4734DF14B ] C:\WINDOWS\system32\win32spl.dll
15:18:18.0078 3204  C:\WINDOWS\system32\win32spl.dll - ok
15:18:18.0093 3204  [ F14A6BD840E4D7CD4C0535CB3CEF2887 ] C:\WINDOWS\system32\inetpp.dll
15:18:18.0093 3204  C:\WINDOWS\system32\inetpp.dll - ok
15:18:18.0125 3204  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\INDRANI\LOCALS~1\Temp\DE57AD02-01FC-4125-AD87-3C2FE8E2B2BF.exe
15:18:18.0125 3204  C:\DOCUME~1\INDRANI\LOCALS~1\Temp\DE57AD02-01FC-4125-AD87-3C2FE8E2B2BF.exe - ok
15:18:18.0140 3204  [ 376E0843B2356CA91CEC8D9837A56FF7 ] C:\WINDOWS\system32\mshtml.dll
15:18:18.0140 3204  C:\WINDOWS\system32\mshtml.dll - ok
15:18:18.0171 3204  [ DFAFB7D7D4E774B15B363F9A0E317D5B ] C:\WINDOWS\system32\msls31.dll
15:18:18.0171 3204  C:\WINDOWS\system32\msls31.dll - ok
15:18:18.0187 3204  [ 3E4C03CEFAD8DE135263236B61A49C90 ] C:\WINDOWS\system32\NeroCheck.exe
15:18:18.0187 3204  C:\WINDOWS\system32\NeroCheck.exe - ok
15:18:18.0218 3204  [ 8FB740D758B14B1BC950CC347C21E461 ] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
15:18:18.0218 3204  C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe - ok
15:18:18.0234 3204  [ 11AA6662A1BE30375AFD1A8407811E7E ] C:\Program Files\Winamp\winampa.exe
15:18:18.0234 3204  C:\Program Files\Winamp\winampa.exe - ok
15:18:18.0265 3204  [ BCD9CBF0621F9A6767276A2E0BF1DD15 ] C:\Program Files\Google\Google Talk\googletalk.exe
15:18:18.0265 3204  C:\Program Files\Google\Google Talk\googletalk.exe - ok
15:18:18.0281 3204  [ 339089D6C3FC3BC5CED8D9049C4D2101 ] C:\WINDOWS\system32\upnp.dll
15:18:18.0281 3204  C:\WINDOWS\system32\upnp.dll - ok
15:18:18.0296 3204  [ 4EB0C6C3EF4D8885CF2B5D0062F31E44 ] C:\Program Files\DivX\DivX Update\DivXUpdate.exe
15:18:18.0296 3204  C:\Program Files\DivX\DivX Update\DivXUpdate.exe - ok
15:18:18.0328 3204  [ 5B8DFA748FA4845BC04445A30126F2E9 ] C:\WINDOWS\system32\ssdpapi.dll
15:18:18.0328 3204  C:\WINDOWS\system32\ssdpapi.dll - ok
15:18:18.0343 3204  [ BA5D5FD3CCA6F64A429E2E0E1A1A0917 ] C:\WINDOWS\system32\rasdlg.dll
15:18:18.0343 3204  C:\WINDOWS\system32\rasdlg.dll - ok
15:18:18.0375 3204  [ A92336ECCBDE6A36280062276903BE62 ] C:\WINDOWS\RTHDCPL.EXE
15:18:18.0375 3204  C:\WINDOWS\RTHDCPL.EXE - ok
15:18:18.0390 3204  [ EA31039E691C6F8F5469649526EEA5FB ] C:\WINDOWS\ALCMTR.EXE
15:18:18.0390 3204  C:\WINDOWS\ALCMTR.EXE - ok
15:18:18.0421 3204  [ 535203DEA5820F3B5F3FAACE0D51252C ] C:\Program Files\CyberLink\PowerDVD\CLRCEngine2.dll
15:18:18.0421 3204  C:\Program Files\CyberLink\PowerDVD\CLRCEngine2.dll - ok
15:18:18.0437 3204  [ B53343FE60A33EE765C2476D50D27B26 ] C:\Program Files\Messenger\msmsgs.exe
15:18:18.0437 3204  C:\Program Files\Messenger\msmsgs.exe - ok
15:18:18.0468 3204  [ 24232996A38C0B0CF151C2140AE29FC8 ] C:\WINDOWS\system32\ctfmon.exe
15:18:18.0468 3204  C:\WINDOWS\system32\ctfmon.exe - ok
15:18:18.0484 3204  [ 385E9AEC6E100DBEBEE5BD1F27A55E1D ] C:\WINDOWS\system32\ntshrui.dll
15:18:18.0484 3204  C:\WINDOWS\system32\ntshrui.dll - ok
15:18:18.0515 3204  [ F02A533F517EB38333CB12A9E8963773 ] C:\Documents and Settings\INDRANI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
15:18:18.0515 3204  C:\Documents and Settings\INDRANI\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - ok
15:18:18.0531 3204  [ 2B6D3630EB32B562E6763370CE35D730 ] C:\WINDOWS\system32\MSCTF.dll
15:18:18.0531 3204  C:\WINDOWS\system32\MSCTF.dll - ok
15:18:18.0546 3204  [ 55E148C01296696588EAFA425782C3E8 ] C:\WINDOWS\system32\dsound.dll
15:18:18.0546 3204  C:\WINDOWS\system32\dsound.dll - ok
15:18:18.0578 3204  [ C19B522A9AE0BBC3293397F3055E80A1 ] C:\WINDOWS\system32\drivers\http.sys
15:18:18.0578 3204  C:\WINDOWS\system32\drivers\http.sys - ok
15:18:18.0593 3204  [ C2BBD044C741EA4292016C36F718D2E4 ] C:\WINDOWS\system32\linkinfo.dll
15:18:18.0593 3204  C:\WINDOWS\system32\linkinfo.dll - ok
15:18:18.0625 3204  [ DD0863A331CC8BAFEC6271506A29AFA3 ] C:\Program Files\Clipdiary\clipdiary.exe
15:18:18.0625 3204  C:\Program Files\Clipdiary\clipdiary.exe - ok
15:18:18.0640 3204  [ 165AE7A443F2139DD2C078AD87699F91 ] C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL
15:18:18.0640 3204  C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL - ok
15:18:18.0671 3204  [ 9EEA0CA999A33C9D2EABE82E4C624CC3 ] C:\WINDOWS\system32\msutb.dll
15:18:18.0671 3204  C:\WINDOWS\system32\msutb.dll - ok
15:18:18.0687 3204  [ C892B9BA34845EFC957986A4A484B331 ] C:\WINDOWS\system32\shdoclc.dll
15:18:18.0687 3204  C:\WINDOWS\system32\shdoclc.dll - ok
15:18:18.0718 3204  [ 2E5672EEA419A4DC9DACD714632E1DC3 ] C:\Documents and Settings\INDRANI\Local Settings\Application Data\Google\Update\1.3.21.135\goopdate.dll
15:18:18.0718 3204  C:\Documents and Settings\INDRANI\Local Settings\Application Data\Google\Update\1.3.21.135\goopdate.dll - ok
15:18:18.0734 3204  [ 4B8D61792F7175BED48859CC18CE4E38 ] C:\WINDOWS\system32\ssdpsrv.dll
15:18:18.0734 3204  C:\WINDOWS\system32\ssdpsrv.dll - ok
15:18:18.0765 3204  [ 4038EE8AC13C15A067536D292A93D697 ] C:\WINDOWS\ime\SPTIP.dll
15:18:18.0765 3204  C:\WINDOWS\ime\SPTIP.dll - ok
15:18:18.0781 3204  [ 497F27E279C0F921E2130BB89C1CB5CA ] C:\Program Files\Skype\Phone\Skype.exe
15:18:18.0781 3204  C:\Program Files\Skype\Phone\Skype.exe - ok
15:18:18.0796 3204  [ D3AD4F21DD60B4B9BFEB415564A6C308 ] C:\WINDOWS\system32\MSIMTF.dll
15:18:18.0796 3204  C:\WINDOWS\system32\MSIMTF.dll - ok
15:18:18.0828 3204  [ EB4CDF2ECA64FBACAFBAD2B04B1B2862 ] C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
15:18:18.0828 3204  C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll - ok
15:18:18.0843 3204  [ AA6741C359E11F101056A609D022E92A ] C:\WINDOWS\system32\mslbui.dll
15:18:18.0843 3204  C:\WINDOWS\system32\mslbui.dll - ok
15:18:18.0875 3204  [ 3D20014EACE4E24FDEF460EE812E9762 ] C:\WINDOWS\ime\SPGRMR.dll
15:18:18.0875 3204  C:\WINDOWS\ime\SPGRMR.dll - ok
15:18:18.0890 3204  [ B637C198FA977E3FB44BE8B6563FA57D ] C:\Program Files\Clipdiary\sqlite3.dll
15:18:18.0890 3204  C:\Program Files\Clipdiary\sqlite3.dll - ok
15:18:18.0921 3204  [ 6501DB5182D5A8C0F1F1707286161D66 ] C:\WINDOWS\system32\webcheck.dll
15:18:18.0921 3204  C:\WINDOWS\system32\webcheck.dll - ok
15:18:18.0937 3204  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\67657549.sys
15:18:18.0937 3204  C:\WINDOWS\system32\drivers\67657549.sys - ok
15:18:18.0968 3204  [ 297101A925ECFFDCDF7F6341FFBB6C1A ] C:\WINDOWS\system32\stobject.dll
15:18:18.0968 3204  C:\WINDOWS\system32\stobject.dll - ok
15:18:19.0000 3204  [ EDD916D97C229ED9F3EA037DE9352635 ] C:\WINDOWS\system32\xpob2res.dll
15:18:19.0000 3204  C:\WINDOWS\system32\xpob2res.dll - ok
15:18:19.0015 3204  [ BAEF0FA3FDADD775961B60E7B467B447 ] C:\WINDOWS\system32\hhctrl.ocx
15:18:19.0015 3204  C:\WINDOWS\system32\hhctrl.ocx - ok
15:18:19.0031 3204  [ 4E6EEEA8EB9302D604603D4758C05E75 ] C:\WINDOWS\system32\batmeter.dll
15:18:19.0031 3204  C:\WINDOWS\system32\batmeter.dll - ok
15:18:19.0046 3204  [ A7E8525FA8788CA52F728414A65BA349 ] C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
15:18:19.0046 3204  C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL - ok
15:18:19.0078 3204  [ 5E7D78E61129FF8B4E129C000B52F5FB ] C:\WINDOWS\system32\asfsipc.dll
15:18:19.0078 3204  C:\WINDOWS\system32\asfsipc.dll - ok
15:18:19.0109 3204  [ 936FD807C273B90D724DB1AD9B0479D2 ] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\PDM.DLL
15:18:19.0109 3204  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\PDM.DLL - ok
15:18:19.0125 3204  [ 79F0F9049DE992B34ED43A488F20FEBA ] C:\WINDOWS\system32\msisip.dll
15:18:19.0125 3204  C:\WINDOWS\system32\msisip.dll - ok
15:18:19.0156 3204  [ A42C79BF8C1921CE37DAF0C2AD708CCD ] C:\WINDOWS\system32\wshext.dll
15:18:19.0156 3204  C:\WINDOWS\system32\wshext.dll - ok
15:18:19.0171 3204  [ F0B0D86C7E5CE1781BB92F300169A257 ] C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL
15:18:19.0171 3204  C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL - ok
15:18:19.0203 3204  [ 4C841BD27D0F66CAA2422EB921EDD474 ] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MSDBG2.DLL
15:18:19.0203 3204  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MSDBG2.DLL - ok
15:18:19.0218 3204  [ 7C6D2ACD8A48A7BA8C70BA68F6740732 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\avpgui.ppl
15:18:19.0218 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\avpgui.ppl - ok
15:18:19.0250 3204  [ 78BFE3201ADA2FE02D1E35D2488E5F55 ] C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
15:18:19.0250 3204  C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe - ok
15:18:19.0265 3204  [ 1D4E38336C554C955558D8B72892ACBF ] C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
15:18:19.0265 3204  C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - ok
15:18:19.0281 3204  [ 83317A2B2708824B2978DAC3137D2627 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll
15:18:19.0281 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll - ok
15:18:19.0296 3204  [ 5EAA7072258D0AADA33A6A0CA54989B2 ] C:\WINDOWS\system32\btosif.dll
15:18:19.0296 3204  C:\WINDOWS\system32\btosif.dll - ok
15:18:19.0328 3204  [ 8C68AF15942D9D83A4A7D588D116C172 ] C:\WINDOWS\system32\btwhidcs.dll
15:18:19.0328 3204  C:\WINDOWS\system32\btwhidcs.dll - ok
15:18:19.0343 3204  [ A69438F64EB68BD6DC348B04D4BABDAF ] C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll
15:18:19.0343 3204  C:\Program Files\WIDCOMM\Bluetooth Software\BtBalloon.dll - ok
15:18:19.0375 3204  [ F52B224A28D4F011035C016BC34AFA6E ] C:\WINDOWS\system32\btrez.dll
15:18:19.0375 3204  C:\WINDOWS\system32\btrez.dll - ok
15:18:19.0390 3204  [ BECDDA0990DEBD72A30096533521AD73 ] C:\Documents and Settings\INDRANI\Local Settings\Application Data\Google\Update\1.3.21.135\GoogleCrashHandler.exe
15:18:19.0390 3204  C:\Documents and Settings\INDRANI\Local Settings\Application Data\Google\Update\1.3.21.135\GoogleCrashHandler.exe - ok
15:18:19.0421 3204  [ A89346DF06DC06DEE6FD4CA370F03D81 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll
15:18:19.0421 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll - ok
15:18:19.0437 3204  [ 5DF73EEFC4B2D690D79CA6AFC3EEE2C3 ] C:\WINDOWS\system32\btwicons.dll
15:18:19.0437 3204  C:\WINDOWS\system32\btwicons.dll - ok
15:18:19.0468 3204  [ 00D85F7F121CF6400C726A47BC14EADC ] C:\WINDOWS\system32\jscript.dll
15:18:19.0468 3204  C:\WINDOWS\system32\jscript.dll - ok
15:18:19.0500 3204  [ D862DE4653704207E803E5598DAB2D66 ] C:\Program Files\WIDCOMM\Bluetooth Software\BtwRSupport.dll
15:18:19.0500 3204  C:\Program Files\WIDCOMM\Bluetooth Software\BtwRSupport.dll - ok
15:18:19.0515 3204  [ FF7B47825A642D536752832DD97074BF ] C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
15:18:19.0515 3204  C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll - ok
15:18:19.0531 3204  [ E4E77801D7264F691D8198BB67643E0D ] C:\WINDOWS\system32\BtMmHook.dll
15:18:19.0531 3204  C:\WINDOWS\system32\BtMmHook.dll - ok
15:18:19.0546 3204  [ F7AE4639FE8A7A76BFEDBA14F205C2F9 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll
15:18:19.0546 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll - ok
15:18:19.0578 3204  [ 7221E564AF08E3C0858404B1933BEABE ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll
15:18:19.0578 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll - ok
15:18:19.0593 3204  [ 93EDCC4872ADB099EFEA9FB245F32365 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll
15:18:19.0609 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll - ok
15:18:19.0609 3204  [ 9F2295A6DFC28CBA4D1085D698785F56 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll
15:18:19.0609 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll - ok
15:18:19.0640 3204  [ 605C180BD21B4E988CAB263FB89C8D45 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\basegui.ppl
15:18:19.0640 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\basegui.ppl - ok
15:18:19.0656 3204  [ 080D2F45C75C596D4EF2C9C82397AA61 ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\localization_manager.dll
15:18:19.0656 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\localization_manager.dll - ok
15:18:19.0687 3204  [ CBCD254547689BFF80C9F547B20911E9 ] C:\WINDOWS\system32\ksuser.dll
15:18:19.0687 3204  C:\WINDOWS\system32\ksuser.dll - ok
15:18:19.0718 3204  [ D7C08234E429159E419D500D5C53EE0D ] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\w8toaster.dll
15:18:19.0718 3204  C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\w8toaster.dll - ok
15:18:19.0734 3204  [ 06848C5A1674FE6C9B7E9CA9B5B4E6E5 ] C:\WINDOWS\system32\dbgeng.dll
15:18:19.0734 3204  C:\WINDOWS\system32\dbgeng.dll - ok
15:18:19.0750 3204  [ D67BDBBDA86CC9AEEBBAF3217C1717D8 ] C:\WINDOWS\system32\d3d9.dll
15:18:19.0750 3204  C:\WINDOWS\system32\d3d9.dll - ok
15:18:19.0781 3204  [ 8D9210E9858D525646251DFA1FE37EBE ] C:\WINDOWS\system32\d3d8thk.dll
15:18:19.0781 3204  C:\WINDOWS\system32\d3d8thk.dll - ok
15:18:19.0796 3204  [ B48D3193DD1474DCBCC32BF4779AC698 ] C:\WINDOWS\system32\olepro32.dll
15:18:19.0796 3204  C:\WINDOWS\system32\olepro32.dll - ok
15:18:19.0812 3204  [ E81BBE78A8EF85ACD490B3E64EF63A7C ] C:\WINDOWS\system32\mapi32.dll
15:18:19.0812 3204  C:\WINDOWS\system32\mapi32.dll - ok
15:18:19.0843 3204  [ 6C043A37D47D92CD9C0AFEFFB89F96AF ] C:\WINDOWS\system32\msxml3.dll
15:18:19.0843 3204  C:\WINDOWS\system32\msxml3.dll - ok
15:18:19.0875 3204  [ 2921A7FFF61C08BE9D358C0B67D53E66 ] C:\WINDOWS\system32\imgutil.dll
15:18:19.0875 3204  C:\WINDOWS\system32\imgutil.dll - ok
15:18:19.0890 3204  [ 6D752A3AAAEE4CD75FCD661B88267B57 ] C:\WINDOWS\system32\pngfilt.dll
15:18:19.0890 3204  C:\WINDOWS\system32\pngfilt.dll - ok
15:18:19.0906 3204  [ 55312A43170383A16314F12789FF9520 ] C:\WINDOWS\system32\mshtmled.dll
15:18:19.0906 3204  C:\WINDOWS\system32\mshtmled.dll - ok
15:18:19.0937 3204  [ FC77C63C47AE2D0D8B05DA6EC1785C0F ] C:\WINDOWS\system32\perfos.dll
15:18:19.0937 3204  C:\WINDOWS\system32\perfos.dll - ok
15:18:19.0937 3204  ============================================================
15:18:19.0937 3204  Scan finished
15:18:19.0937 3204  ============================================================
15:18:19.0984 3196  Detected object count: 0
15:18:19.0984 3196  Actual detected object count: 0

****************************************************************************************

MBR log

 

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-19 20:42:08
-----------------------------
20:42:08.078    OS Version: Windows 5.1.2600 Service Pack 2
20:42:08.078    Number of processors: 2 586 0x1C02
20:42:08.078    ComputerName: HOME-1170793105  UserName: INDRANI
20:42:08.937    Initialize success
20:49:51.968    AVAST engine defs: 13021902
20:50:38.640    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
20:50:38.671    Disk 0 Vendor: Hitachi_HTS543216L9SA00 FB2OC40C Size: 152627MB BusType: 3
20:50:38.718    Disk 0 MBR read successfully
20:50:38.734    Disk 0 MBR scan
20:50:38.828    Disk 0 Windows XP default MBR code
20:50:38.859    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        80000 MB offset 54
20:50:38.890    Disk 0 Partition - 00     0F Extended LBA             72619 MB offset 163840968
20:50:38.921    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        72619 MB offset 163841022
20:50:38.953    Disk 0 scanning sectors +312566688
20:50:39.171    Disk 0 scanning C:\windows\system32\drivers
20:50:51.156    Service scanning
20:51:12.078    Modules scanning
20:51:38.187    Disk 0 trace - called modules:
20:51:38.265    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
20:51:38.296    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86578ab8]
20:51:38.343    3 CLASSPNP.SYS[f75c905b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x8656fb00]
20:51:39.046    AVAST engine scan C:\windows
20:51:45.640    AVAST engine scan C:\windows\system32
20:54:01.328    AVAST engine scan C:\windows\system32\drivers
20:54:16.921    AVAST engine scan C:\Documents and Settings\INDRANI
20:55:06.656    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\INDRANI\Desktop\MBR.dat"
20:55:06.734    The log file has been saved successfully to "C:\Documents and Settings\INDRANI\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-19 20:42:08
-----------------------------
20:42:08.078    OS Version: Windows 5.1.2600 Service Pack 2
20:42:08.078    Number of processors: 2 586 0x1C02
20:42:08.078    ComputerName: HOME-1170793105  UserName: INDRANI
20:42:08.937    Initialize success
20:49:51.968    AVAST engine defs: 13021902
20:50:38.640    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
20:50:38.671    Disk 0 Vendor: Hitachi_HTS543216L9SA00 FB2OC40C Size: 152627MB BusType: 3
20:50:38.718    Disk 0 MBR read successfully
20:50:38.734    Disk 0 MBR scan
20:50:38.828    Disk 0 Windows XP default MBR code
20:50:38.859    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        80000 MB offset 54
20:50:38.890    Disk 0 Partition - 00     0F Extended LBA             72619 MB offset 163840968
20:50:38.921    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        72619 MB offset 163841022
20:50:38.953    Disk 0 scanning sectors +312566688
20:50:39.171    Disk 0 scanning C:\windows\system32\drivers
20:50:51.156    Service scanning
20:51:12.078    Modules scanning
20:51:38.187    Disk 0 trace - called modules:
20:51:38.265    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
20:51:38.296    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86578ab8]
20:51:38.343    3 CLASSPNP.SYS[f75c905b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x8656fb00]
20:51:39.046    AVAST engine scan C:\windows
20:51:45.640    AVAST engine scan C:\windows\system32
20:54:01.328    AVAST engine scan C:\windows\system32\drivers
20:54:16.921    AVAST engine scan C:\Documents and Settings\INDRANI
20:55:06.656    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\INDRANI\Desktop\MBR.dat"
20:55:06.734    The log file has been saved successfully to "C:\Documents and Settings\INDRANI\Desktop\aswMBR.txt"
21:04:12.750    AVAST engine scan C:\Documents and Settings\All Users
21:05:27.500    Scan finished successfully
21:06:17.187    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\INDRANI\Desktop\MBR.dat"
21:06:17.218    The log file has been saved successfully to "C:\Documents and Settings\INDRANI\Desktop\aswMBR.txt"


**************************************************************************************************************

 

ESET log [found 10 threats]

 

C:\Documents and Settings\INDRANI\Local Settings\Temp\MyClaroTB.exe    Win32/Toolbar.Babylon application    cleaned by deleting - quarantined
C:\Documents and Settings\INDRANI\Local Settings\Temp\OIC5C.tmp    a variant of Win32/OpenInstall application    cleaned by deleting - quarantined
C:\Documents and Settings\INDRANI\Local Settings\Temp\6DDE2AA0-BAB0-7891-8CFD-CFFF36D17238\Latest\MyBabylonTB.exe    Win32/Toolbar.Funmoods application    cleaned by deleting - quarantined
C:\Documents and Settings\INDRANI\Local Settings\Temp\E4881892-BAB0-7891-9D9D-CC1BFF8C47E1\MyBabylonTB.exe    a variant of Win32/Toolbar.Babylon application    cleaned by deleting - quarantined
C:\Documents and Settings\INDRANI\My Documents\Downloads\7zip_installer_d162802.exe    probably a variant of Win32/InstallIQ application    cleaned by deleting - quarantined
C:\Documents and Settings\INDRANI\My Documents\Downloads\cbsidlm-tr1_9-Realtek_AC97_Driver_Windows_98Me2000XP2003-SEO2-10238712.exe    multiple threats    cleaned by deleting - quarantined
C:\Documents and Settings\INDRANI\My Documents\Downloads\ultimatemediaplayer_2.exe    a variant of Win32/InstallIQ application    cleaned by deleting - quarantined
C:\Documents and Settings\INDRANI\My Documents\Downloads\WinZipDriverUpdater.exe    a variant of Win32/OpenInstall application    cleaned by deleting - quarantined
C:\Documents and Settings\INDRANI\My Documents\RANIT_ BCKUP\CALYPSO\New Folder\AsteriskPasswordDecryptor\Setup.exe    a variant of Win32/PSWTool.IEPasswordsRevealer.A application    cleaned by deleting - quarantined
C:\RECYCLER\S-1-5-21-839522115-688789844-1801674531-1003\Dc465.exe    multiple threats    cleaned by deleting - quarantined
 

 

 

 



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:29 AM

Posted 20 February 2013 - 02:22 AM

 Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.  If you already have it installed launch the program and update the database.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.  You can also right click on the link and select Save Link As

Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.

Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


===================================================


Farbar's MiniToolBox

--------------------

  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure the following options are checked:

    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply


===================================================


Farbar's Service Scanner

--------------------

Please download Farbar Service Scanner, save it to your desktop, and run it.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


===================================================


AdwCleaner by Xplode - Search for Adware

-------------------

  • Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on DELETE
  • A logfile will automatically open after the scan has finished
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[R1].txt as well


===================================================


Junkware Removal Tooll by thisisu

-------------------

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply


===================================================


Rkill

-------------------

Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:


  • In order for Rkill to run properly you must disable your anti-malware software.  Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
    • Note:  You may have to run Rkill a few times before it is successful.  You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear.  Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again.  If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.


===================================================


Autoruns

--------------------

  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Select File, Save, Desktop (in the left hand pane), then Save filename as Autoruns.txt and change Save as type to  Text(*.txt).
  • Double click on the text file,copy and paste the contents in your reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Malwarebytes log
  • MiniToolBox log
  • Farbar's Service Scanner log
  • AdwCleaner log
  • Junkware Removal Tool log
  • Rkill log
  • Autoruns log

 



#5 Indus

Indus
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:29 AM

Posted 22 February 2013 - 07:46 PM

Hi,

 

 

Thank You for your help. The logs are below. However, I still have a bigger cursor on some programs like notepad and IE.

Windows security center still shows PC Cleaner pro as the resident antivirus. How can I get rid of it ?

 

 

 

1. Malwarebytes log

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.21.11

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
INDRANI :: HOME-1170793105 [administrator]

2/21/2013 9:18:15 PM
mbam-log-2013-02-21 (21-18-15).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 248894
Time elapsed: 34 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

2. MiniToolBox by Farbar  Version:10-01-2013
Ran by INDRANI (administrator) on 21-02-2013 at 22:58:19
Running from "C:\Documents and Settings\INDRANI\My Documents\Downloads"
Microsoft Windows XP Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost

========================= IP Configuration: ================================

802.11n Wireless LAN Card = Wireless Network Connection (Connected)
Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration        Host Name . . . . . . . . . . . . : home-1170793105        Primary Dns Suffix  . . . . . . . :         Node Type . . . . . . . . . . . . : Broadcast        IP Routing Enabled. . . . . . . . : No        WINS Proxy Enabled. . . . . . . . : No        DNS Suffix Search List. . . . . . : gateway.2wire.netEthernet adapter Local Area Connection 2:        Media State . . . . . . . . . . . : Media disconnected        Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller        Physical Address. . . . . . . . . : 00-26-18-30-62-61Ethernet adapter Wireless Network Connection:        Connection-specific DNS Suffix  . : gateway.2wire.net        Description . . . . . . . . . . . : 802.11n Wireless LAN Card        Physical Address. . . . . . . . . : 00-25-D3-14-BB-53        Dhcp Enabled. . . . . . . . . . . : Yes        Autoconfiguration Enabled . . . . : Yes        IP Address. . . . . . . . . . . . : 192.168.1.87        Subnet Mask . . . . . . . . . . . : 255.255.255.0        Default Gateway . . . . . . . . . : 192.168.1.254        DHCP Server . . . . . . . . . . . : 192.168.1.254        DNS Servers . . . . . . . . . . . : 192.168.1.254        Lease Obtained. . . . . . . . . . : Thursday, February 21, 2013 8:07:37 PM        Lease Expires . . . . . . . . . . : Friday, February 22, 2013 8:07:37 PMServer:  home
Address:  192.168.1.254

Name:    google.com
Addresses:  74.125.224.38, 74.125.224.39, 74.125.224.40, 74.125.224.41
      74.125.224.46, 74.125.224.32, 74.125.224.33, 74.125.224.34, 74.125.224.35
      74.125.224.36, 74.125.224.37

Pinging google.com [74.125.224.131] with 32 bytes of data:Reply from 74.125.224.131: bytes=32 time=21ms TTL=54Reply from 74.125.224.131: bytes=32 time=61ms TTL=54Ping statistics for 74.125.224.131:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 21ms, Maximum = 61ms, Average = 41msServer:  home
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  98.139.183.24, 206.190.36.45, 98.138.253.109

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:Reply from 206.190.36.45: bytes=32 time=170ms TTL=50Reply from 206.190.36.45: bytes=32 time=194ms TTL=50Ping statistics for 206.190.36.45:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 170ms, Maximum = 194ms, Average = 182msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 26 18 30 62 61 ...... Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller - Packet Scheduler Miniport
0x3 ...00 25 d3 14 bb 53 ...... 802.11n Wireless LAN Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.87      25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.1.0    255.255.255.0     192.168.1.87    192.168.1.87      25
     192.168.1.87  255.255.255.255        127.0.0.1       127.0.0.1      25
    192.168.1.255  255.255.255.255     192.168.1.87    192.168.1.87      25
        224.0.0.0        240.0.0.0     192.168.1.87    192.168.1.87      25
  255.255.255.255  255.255.255.255     192.168.1.87    192.168.1.87      1
  255.255.255.255  255.255.255.255     192.168.1.87               2      1
Default Gateway:     192.168.1.254
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/19/2013 07:56:47 PM) (Source: Application Error) (User: )
Description: Faulting application acrobat.exe, version 6.0.0.878, faulting module acrobat.exe, version 6.0.0.878, fault address 0x0021864f.
Processing media-specific event for [acrobat.exe!ws!]

Error: (02/19/2013 07:56:34 PM) (Source: Application Error) (User: )
Description: Faulting application acrobat.exe, version 6.0.0.878, faulting module acrobat.exe, version 6.0.0.878, fault address 0x0021864f.
Processing media-specific event for [acrobat.exe!ws!]

Error: (01/12/2013 02:34:24 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2180, fault address 0x0007f463.
Processing media-specific event for [iexplore.exe!ws!]

Error: (01/12/2013 02:33:10 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2180, fault address 0x000663ce.
Processing media-specific event for [iexplore.exe!ws!]

Error: (01/11/2013 05:24:58 PM) (Source: Microsoft Office 11) (User: )
Description: Faulting application winword.exe, version 11.0.5604.0, stamp 3f314a2f, faulting module mso.dll, version 11.0.5606.0, stamp 3f334cce, debug? 0, fault address 0x0005d532.

Error: (02/01/2013 08:46:43 PM) (Source: Application Hang) (User: )
Description: Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/14/2013 07:01:26 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (01/06/2013 04:04:34 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (01/06/2013 04:04:33 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (01/06/2013 04:04:33 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.


System errors:
=============
Error: (01/18/2013 09:41:51 AM) (Source: W32Time) (User: )
Description: The time service has detected that the system time needs to be
changed by +2678385 seconds. The time service will not change the system
time by more than +54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.87:123->65.55.21.14:123) is working properly.

Error: (01/16/2013 11:45:08 PM) (Source: W32Time) (User: )
Description: The time service has detected that the system time needs to be
changed by +2678386 seconds. The time service will not change the system
time by more than +54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.87:123->65.55.21.24:123) is working properly.

Error: (01/11/2013 00:53:58 AM) (Source: W32Time) (User: )
Description: The time service has detected that the system time needs to be
changed by +2678395 seconds. The time service will not change the system
time by more than +54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.87:123->65.55.21.13:123) is working properly.

Error: (01/11/2013 00:52:02 AM) (Source: Service Control Manager) (User: )
Description: The Server service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/11/2013 00:52:02 AM) (Source: Service Control Manager) (User: )
Description: The HID Input Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/11/2013 00:52:02 AM) (Source: Service Control Manager) (User: )
Description: The Help and Support service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (01/11/2013 00:52:02 AM) (Source: Service Control Manager) (User: )
Description: The Fast User Switching Compatibility service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/11/2013 00:52:02 AM) (Source: Service Control Manager) (User: )
Description: The COM+ Event System service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/11/2013 00:52:02 AM) (Source: Service Control Manager) (User: )
Description: The Error Reporting Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/11/2013 00:52:02 AM) (Source: Service Control Manager) (User: )
Description: The Logical Disk Manager service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (02/19/2013 07:56:47 PM) (Source: Application Error)(User: )
Description: acrobat.exe6.0.0.878acrobat.exe6.0.0.8780021864f

Error: (02/19/2013 07:56:34 PM) (Source: Application Error)(User: )
Description: acrobat.exe6.0.0.878acrobat.exe6.0.0.8780021864f

Error: (01/12/2013 02:34:24 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180mshtml.dll6.0.2900.21800007f463

Error: (01/12/2013 02:33:10 PM) (Source: Application Error)(User: )
Description: iexplore.exe6.0.2900.2180mshtml.dll6.0.2900.2180000663ce

Error: (01/11/2013 05:24:58 PM) (Source: Microsoft Office 11)(User: )
Description: winword.exe11.0.5604.03f314a2fmso.dll11.0.5606.03f334cce00005d532

Error: (02/01/2013 08:46:43 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE6.0.2900.2180hungapp0.0.0.000000000

Error: (01/14/2013 07:01:26 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (01/06/2013 04:04:34 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (01/06/2013 04:04:33 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (01/06/2013 04:04:33 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.


=========================== Installed Programs ============================

Adobe Acrobat 6.0 Professional (Version: 006.000.000)
Adobe Flash Player 10 ActiveX (Version: 10.1.82.76)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (Version: 1.0.0.30)
Auto Screenshot Maker 3.0
Azurewave Wireless LAN (Version: 1.0.7.0)
BS.TTF Font (Version: 1.0.0)
Clipdiary 3.42 (Version: 3.42)
Coupon Printer for Windows (Version: 5.0.0.1)
DivX Setup (Version: 2.6.0.34)
ESET Online Scanner v3
Focus Photoeditor 6.3.9.8 SE
Google Earth Plug-in (Version: 6.1.0.5001)
Google Talk (remove only)
Google Talk Plugin (Version: 3.13.2.11592)
Google Update Helper (Version: 1.3.21.135)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HyperCam 3 (Version: 3.2.1107.20)
Kaspersky Security Scan (Version: 12.0.1.117)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Mozilla Firefox 19.0 (x86 en-US) (Version: 19.0)
Nero OEM
PowerDVD
Realtek High Definition Audio Driver (Version: 5.10.0.5791)
Retouch Pilot Free 3.4.1 (Version: 3.4.1)
Skype™ 6.1 (Version: 6.1.129)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VideoLAN VLC media player 0.8.4 (Version: 0.8.4)
WebFldrs XP (Version: 9.50.7523)
WIDCOMM Bluetooth Software (Version: 5.5.0.4400)
Winamp (remove only)
WinRAR archiver
WinZip (Version:  9.0  (6028))

========================= Devices: ================================

Name: Video Controller (VGA Compatible)
Description: Video Controller (VGA Compatible)
Class Guid: {00000000-0000-0000-0000-000000000000}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Video Controller
Description: Video Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service: AsusACPI
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 1015.17 MB
Available physical RAM: 596.14 MB
Total Pagefile: 2442.42 MB
Available Pagefile: 2080.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.49 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:78.13 GB) (Free:41.95 GB) NTFS
2 Drive d: () (Fixed) (Total:70.92 GB) (Free:70.45 GB) NTFS

========================= Users: ========================================

User accounts for \\HOME-1170793105

Administrator            Guest                    HelpAssistant            
INDRANI                  SUPPORT_388945a0         


**** End of log ****
 

3. Farbar Service Scanner Version: 20-02-2013
Ran by INDRANI (administrator) on 21-02-2013 at 23:04:23
Running from "C:\Documents and Settings\INDRANI\My Documents\Downloads"
Microsoft Windows XP Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: ATTENTION!=====> Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\windows\system32\dhcpcsvc.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\netbt.sys
[2004-08-03 17:07] - [2004-08-03 17:07] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\windows\system32\Drivers\tcpip.sys
[2004-08-03 17:07] - [2004-08-03 17:07] - 0359040 ____A (Microsoft Corporation) 9F4B36614A0FC234525BA224957DE55C

C:\windows\system32\Drivers\ipsec.sys
[2004-08-03 17:07] - [2004-08-03 17:07] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\windows\system32\dnsrslvr.dll
[2004-08-03 17:07] - [2004-08-03 17:07] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\windows\system32\ipnathlp.dll
[2004-08-03 17:07] - [2004-08-03 17:07] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\windows\system32\netman.dll
[2004-08-03 17:07] - [2004-08-03 17:07] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\windows\system32\wbem\WMIsvc.dll
[2010-08-26 10:01] - [2004-08-03 17:07] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\windows\system32\srsvc.dll
[2010-08-26 10:03] - [2004-08-03 17:07] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\windows\system32\Drivers\sr.sys
[2010-08-26 10:03] - [2004-08-03 17:07] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\windows\system32\wscsvc.dll
[2004-08-03 17:07] - [2004-08-03 17:07] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\windows\system32\wbem\WMIsvc.dll
[2010-08-26 10:01] - [2004-08-03 17:07] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\windows\system32\wuauserv.dll
[2010-08-26 10:04] - [2004-08-03 17:07] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\windows\system32\qmgr.dll
[2010-08-26 10:04] - [2004-08-03 17:07] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\windows\system32\es.dll
[2004-08-03 17:07] - [2004-08-03 17:07] - 0243200 ____A (Microsoft Corporation) ACD36A2DD7D1E9D8A060AA651DC07E63

C:\windows\system32\cryptsvc.dll
[2004-08-03 17:07] - [2004-08-03 17:07] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\windows\system32\svchost.exe
[2004-08-03 17:07] - [2004-08-03 17:07] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\windows\system32\rpcss.dll
[2004-08-03 17:07] - [2004-08-03 17:07] - 0395776 ____A (Microsoft Corporation) 5C83A4408604F737717AB96371201680

C:\windows\system32\services.exe
[2004-08-03 17:07] - [2004-08-03 17:07] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4


Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000700000006000000
IpSec Tag value is correct.

**** End of log ****

 

 

4. ADW log

 

 

# AdwCleaner v2.112 - Logfile created 02/21/2013 at 23:19:28
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : INDRANI - HOME-1170793105
# Boot Mode : Normal
# Running from : C:\Documents and Settings\INDRANI\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\INDRANI\Application Data\Mozilla\Firefox\Profiles\7ypcoq0h.default\bprotector_prefs.js
File Deleted : C:\Documents and Settings\INDRANI\Application Data\Mozilla\Firefox\Profiles\7ypcoq0h.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\INDRANI\Application Data\Mozilla\Firefox\Profiles\7ypcoq0h.default\searchplugins\babylon1.xml
File Deleted : C:\Documents and Settings\INDRANI\Application Data\Mozilla\Firefox\Profiles\7ypcoq0h.default\searchplugins\BrowserProtect.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : C:\Documents and Settings\INDRANI\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\INDRANI\Application Data\Claro
Folder Deleted : C:\Documents and Settings\INDRANI\Application Data\Mozilla\Firefox\Profiles\7ypcoq0h.default\Conduit
Folder Deleted : C:\Documents and Settings\INDRANI\Application Data\Mozilla\Firefox\Profiles\7ypcoq0h.default\ConduitEngine
Folder Deleted : C:\Documents and Settings\INDRANI\Application Data\Mozilla\Firefox\Profiles\7ypcoq0h.default\CT2786678
Folder Deleted : C:\Documents and Settings\INDRANI\Application Data\Mozilla\Firefox\Profiles\7ypcoq0h.default\CT3234396
Folder Deleted : C:\Documents and Settings\INDRANI\Application Data\Mozilla\Firefox\Profiles\7ypcoq0h.default\extensions\{5ce95e90-4afa-4388-a5ce-a67d4eae12f1}
Folder Deleted : C:\Documents and Settings\INDRANI\Application Data\Mozilla\Firefox\Profiles\7ypcoq0h.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Deleted : C:\Documents and Settings\INDRANI\Application Data\Mozilla\Firefox\Profiles\7ypcoq0h.default\extensions\engine@conduit.com
Folder Deleted : C:\Documents and Settings\INDRANI\Application Data\Mozilla\Firefox\Profiles\7ypcoq0h.default\Smartbar
Folder Deleted : C:\Documents and Settings\INDRANI\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\INDRANI\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\INDRANI\Local Settings\Application Data\ConduitEngine
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\5ce8ad9bd3cef13
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\ClaroDirectory
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\5ce8ad9bd3cef13
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.2180

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page Restore] = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2786678 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Documents and Settings\INDRANI\Application Data\Mozilla\Firefox\Profiles\7ypcoq0h.default\prefs.js

C:\Documents and Settings\INDRANI\Application Data\Mozilla\Firefox\Profiles\7ypcoq0h.default\user.js ... Deleted !

Deleted : user_pref("CT3234396.1000082.isDisplayHidden", "true");
Deleted : user_pref("CT3234396.1000082.muteState", "off");
Deleted : user_pref("CT3234396.1000082.shrinkState", "shrinked");
Deleted : user_pref("CT3234396.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3234396.1000234.TWC_TMP_city", "SAN FRANCISCO");
Deleted : user_pref("CT3234396.1000234.TWC_TMP_country", "US");
Deleted : user_pref("CT3234396.1000234.TWC_country", "UNITED STATES");
Deleted : user_pref("CT3234396.1000234.TWC_locId", "USCA0987");
Deleted : user_pref("CT3234396.1000234.TWC_location", "San Francisco, CA");
Deleted : user_pref("CT3234396.1000234.TWC_region", "US");
Deleted : user_pref("CT3234396.1000234.TWC_temp_dis", "f");
Deleted : user_pref("CT3234396.1000234.TWC_wind_dis", "mph");
Deleted : user_pref("CT3234396.1000234.weatherData", "{\"icon\":\"31.png\",\"temperature\":\"48°F\",\"temperat[...]
Deleted : user_pref("CT3234396.129498282976856742.isToggled_item0_12", "true");
Deleted : user_pref("CT3234396.CBOpenMAMSettings.enc", "MA==");
Deleted : user_pref("CT3234396.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3234396.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3234396.FirstTime", "true");
Deleted : user_pref("CT3234396.FirstTimeFF3", "true");
Deleted : user_pref("CT3234396.LoginRevertSettingsEnabled", true);
Deleted : user_pref("CT3234396.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT323[...]
Deleted : user_pref("CT3234396.UserID", "UN01166918219720924");
Deleted : user_pref("CT3234396.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3234396.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT3234396.cb_experience_000.enc", "Mg==");
Deleted : user_pref("CT3234396.cb_firstuse0100.enc", "MQ==");
Deleted : user_pref("CT3234396.cb_user_id_000.enc", "Q0I5MTg0NTY4NzU1NDJfMTM1Njk3NTkwMjM4M19GaXJlZm94");
Deleted : user_pref("CT3234396.cbcountry_001.enc", "VVM=");
Deleted : user_pref("CT3234396.cbfirsttime.enc", "U2F0IERlYyAyOSAyMDEyIDE5OjQ0OjEzIEdNVC0wODAwIChQYWNpZmljIFN0[...]
Deleted : user_pref("CT3234396.embeddedsData", "[{\"appId\":\"129859411633108507\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3234396.enableAlerts", "always");
Deleted : user_pref("CT3234396.event_data.enc", "JTVCJTVE");
Deleted : user_pref("CT3234396.fired_events.enc", "AA==");
Deleted : user_pref("CT3234396.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3234396.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3234396.fixUrls", true);
Deleted : user_pref("CT3234396.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES.enc",[...]
Deleted : user_pref("CT3234396.installType", "Unknown");
Deleted : user_pref("CT3234396.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3234396.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3234396.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3234396.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3234396.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3234396.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3234396.key_date.enc", "Mjk=");
Deleted : user_pref("CT3234396.keyword", true);
Deleted : user_pref("CT3234396.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3234396.migrateAppsAndComponents", true);
Deleted : user_pref("CT3234396.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3234396.price-gong.isManagedApp", "true");
Deleted : user_pref("CT3234396.revertSettingsEnabled", "false");
Deleted : user_pref("CT3234396.search.searchAppId", "129859411633108507");
Deleted : user_pref("CT3234396.search.searchCount", "1");
Deleted : user_pref("CT3234396.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3234396.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3234396.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3234396.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3234396.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3234396.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3234396.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3234396.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3234396.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1356839154529");
Deleted : user_pref("CT3234396.serviceLayer_services_appsMetadata_lastUpdate", "1357098356131");
Deleted : user_pref("CT3234396.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1356839154299");
Deleted : user_pref("CT3234396.serviceLayer_services_login_10.13.511.2_lastUpdate", "1357098296153");
Deleted : user_pref("CT3234396.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13570[...]
Deleted : user_pref("CT3234396.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "13570[...]
Deleted : user_pref("CT3234396.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1356839154102");
Deleted : user_pref("CT3234396.serviceLayer_services_searchAPI_lastUpdate", "1357098361008");
Deleted : user_pref("CT3234396.serviceLayer_services_serviceMap_lastUpdate", "1357098234107");
Deleted : user_pref("CT3234396.serviceLayer_services_toolbarContextMenu_lastUpdate", "1356839153809");
Deleted : user_pref("CT3234396.serviceLayer_services_toolbarSettings_lastUpdate", "1357098374265");
Deleted : user_pref("CT3234396.serviceLayer_services_translation_lastUpdate", "1357098235065");
Deleted : user_pref("CT3234396.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate",[...]
Deleted : user_pref("CT3234396.serviceLayer_services_userApps_lastUpdate", "1356839036579");
Deleted : user_pref("CT3234396.settingsINI", true);
Deleted : user_pref("CT3234396.smartbar.CTID", "CT3234396");
Deleted : user_pref("CT3234396.smartbar.Uninstall", "0");
Deleted : user_pref("CT3234396.smartbar.homepage", true);
Deleted : user_pref("CT3234396.smartbar.toolbarName", "PDFssoftware ");
Deleted : user_pref("CT3234396.toolbarBornServerTime", "30-12-2012");
Deleted : user_pref("CT3234396.toolbarCurrentServerTime", "2-1-2013");
Deleted : user_pref("CT3234396.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEz[...]
Deleted : user_pref("CT3234396_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2786678");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Dec 02 2011 11:27:28 GMT-0800 (Pacif[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Dec 02 2011 11:27:28 GMT-0800 (Pacific S[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "490265b8-4c22-4914-a5df-aaf166ed679a");
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3234396&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3234396");
Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.claro-search.com/?affID=117465&tt=5112_1&babsrc=[...]
Deleted : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3234396&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3234396&SearchSource=13[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.originalHomepage", "hxxp://www.claro-search.com/?affID=117465&tt=5112_1&babsrc=H[...]
Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Deleted : user_pref("smartbar.originalSearchEngine", "Search the web (Babylon)");

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\INDRANI\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [17095 octets] - [21/02/2013 23:19:28]

########## EOF - C:\AdwCleaner[S1].txt - [17156 octets] ##########
 

5. JRT log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Microsoft Windows XP x86
Ran by INDRANI on Thu 02/21/2013 at 23:29:56.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}



~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\windows\system32\roboot.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pc1data"
Successfully deleted: [Folder] "C:\Documents and Settings\INDRANI\Application Data\pc cleaners"
Successfully deleted: [Folder] "C:\Documents and Settings\INDRANI\Application Data\pcpro"
Successfully deleted: [Folder] "C:\Documents and Settings\INDRANI\Application Data\systweak"
Successfully deleted: [Folder] "C:\Program Files\coupons"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\INDRANI\Application Data\mozilla\firefox\profiles\7ypcoq0h.default\invalidprefs.js
Successfully deleted: [File] C:\Documents and Settings\INDRANI\Application Data\mozilla\firefox\profiles\7ypcoq0h.default\searchplugins\bing-zugo.xml
Successfully deleted the following from C:\Documents and Settings\INDRANI\Application Data\mozilla\firefox\profiles\7ypcoq0h.default\prefs.js

user_pref("CT3234396.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"twinkle\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fmail.google.com%2Fmail%2F%3Fshva%3D1%23inbox\",\"EB_MAIN_FR





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/21/2013 at 23:39:15.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

6. Rkill log

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/22/2013 04:13:44 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (PID: 196) [FI]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
  * HKCU\SOFTWARE\Classes\.exe has been deleted!
  * HKCU\SOFTWARE\Classes\exefile has been deleted!


Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * wuauserv [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 02/22/2013 04:14:58 PM
Execution time: 0 hours(s), 1 minute(s), and 14 seconds(s)
 

7. Autoruns log

 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "Alcmtr"    "Realtek Azalia Audio - Event Monitor"    "Realtek Semiconductor Corp."    "c:\windows\alcmtr.exe"
+ "DivXUpdate"    "DivX Update"    ""    "c:\program files\divx\divx update\divxupdate.exe"
+ "googletalk"    "Google Talk"    "Google"    "c:\program files\google\google talk\googletalk.exe"
+ "NeroFilterCheck"    "NeroCheck"    "Ahead Software Gmbh"    "c:\windows\system32\nerocheck.exe"
+ "RemoteControl"    "PowerDVD RC Service"    "Cyberlink Corp."    "c:\program files\cyberlink\powerdvd\pdvdserv.exe"
+ "RTHDCPL"    "Realtek HD Audio Control Panel"    "Realtek Semiconductor Corp."    "c:\windows\rthdcpl.exe"
+ "WinampAgent"    ""    ""    "c:\program files\winamp\winampa.exe"
"C:\Documents and Settings\All Users\Start Menu\Programs\Startup"    ""    ""    ""
+ "Acrobat Assistant.lnk"    "AcroTray"    "Adobe Systems Inc."    "c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe"
+ "Bluetooth.lnk"    "Bluetooth Tray Application"    "Broadcom Corporation."    "c:\program files\widcomm\bluetooth software\bttray.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""
+ "Address Book 6"    "Outlook Express Setup Library"    "Microsoft Corporation"    "c:\program files\outlook express\setup50.exe"
+ "Microsoft Outlook Express 6"    "Outlook Express Setup Library"    "Microsoft Corporation"    "c:\program files\outlook express\setup50.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""
+ "Clipdiary"    ""    ""    "c:\program files\clipdiary\clipdiary.exe"
+ "Google Update"    "Google Installer"    "Google Inc."    "c:\documents and settings\indrani\local settings\application data\google\update\googleupdate.exe"
+ "KSS"    "Kaspersky Security Scan"    "Kaspersky Lab ZAO"    "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe"
+ "MSMSGS"    "Windows Messenger"    "Microsoft Corporation"    "c:\program files\messenger\msmsgs.exe"
+ "Skype"    "Skype "    "Skype Technologies S.A."    "c:\program files\skype\phone\skype.exe"
"HKLM\SOFTWARE\Microsoft\Windows CE Services\AutoStartOnConnect"    ""    ""    ""
+ "BTW Setup Wizard"    "BtWizard Module"    "Broadcom Corporation."    "c:\windows\system32\btwizard.dll"
"HKLM\SOFTWARE\Classes\Protocols\Filter"    ""    ""    ""
+ "text/xml"    "Microsoft Office XML MIME Filter"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\office11\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler"    ""    ""    ""
+ "ms-itss"    "Microsoft® InfoTech Storage System Library"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "mso-offdap"    "Microsoft Office XP Web Components"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
+ "mso-offdap11"    "Microsoft Office Web Components 2003"    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\web components\11\owc11.dll"
+ "skype4com"    "Skype for COM API"    "Skype Technologies"    "c:\program files\common files\skype\skype4com.dll"
"HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components"    ""    ""    ""
+ "0"    ""    ""    "File not found: About:Home"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "Adobe.Acrobat.ContextMenu"    "Adobe Acrobat Elements"    "Adobe Systems Inc."    "c:\program files\adobe\acrobat 6.0\acrobat elements\contextmenu.dll"
+ "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, Inc."    "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, Inc."    "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers"    ""    ""    ""
+ "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, Inc."    "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers"    ""    ""    ""
+ "Monitor"    "BTNCopy Module"    "Broadcom Corporation."    "c:\windows\system32\btncopy.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "igfxcui"    ""    ""    "File not found: C:\WINDOWS\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes Corporation"    "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, Inc."    "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers"    ""    ""    ""
+ "WinRAR"    ""    ""    "c:\program files\winrar\rarext.dll"
+ "WinZip"    "WinZip Shell Extension DLL"    "WinZip Computing, Inc."    "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""
+ "AcroIEHlprObj Class"    "Adobe Acrobat IE Helper Version 6.0 for ActivieX"    "Adobe Systems Incorporated"    "c:\program files\adobe\acrobat 6.0\acrobat\activex\acroiehelper.dll"
+ "AcroIEToolbarHelper Class"    ""    ""    "c:\program files\adobe\acrobat 6.0\acrobat\acroiefavclient.dll"
+ "DivX Plus Web Player HTML5 <video>"    "DivX Plus Web Player HTML5 <video> version 2.1.2.145"    "DivX, LLC"    "c:\program files\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar"    ""    ""    ""
+ "Adobe PDF"    ""    ""    "c:\program files\adobe\acrobat 6.0\acrobat\acroiefavclient.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions"    ""    ""    ""
+ "Send to &Bluetooth Device..."    ""    ""    "c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
+ "Windows Messenger"    "Windows Messenger"    "Microsoft Corporation"    "c:\program files\messenger\msmsgs.exe"
"Task Scheduler"    ""    ""    ""
+ "GoogleUpdateTaskMachineCore.job"    "Google Installer"    "Google Inc."    "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskMachineUA.job"    "Google Installer"    "Google Inc."    "c:\program files\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-839522115-688789844-1801674531-1003Core.job"    "Google Installer"    "Google Inc."    "c:\documents and settings\indrani\local settings\application data\google\update\googleupdate.exe"
+ "GoogleUpdateTaskUserS-1-5-21-839522115-688789844-1801674531-1003UA.job"    "Google Installer"    "Google Inc."    "c:\documents and settings\indrani\local settings\application data\google\update\googleupdate.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "btwdins"    "Handles installation and removal of Bluetooth devices."    "Broadcom Corporation."    "c:\program files\widcomm\bluetooth software\bin\btwdins.exe"
+ "gupdate"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "c:\program files\google\update\googleupdate.exe"
+ "gupdatem"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "c:\program files\google\update\googleupdate.exe"
+ "KSS"    "Scans computer for viruses and vulnerabilities."    "Kaspersky Lab ZAO"    "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe"
+ "MDM"    "Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly."    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\vs7debug\mdm.exe"
+ "ose"    "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "SkypeUpdate"    "Enables the detection, download and installation of updates for Skype."    "Skype Technologies"    "c:\program files\skype\updater\updater.exe"
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""
+ "Ambfilt"    "Creative WDM 3D Audio Driver"    "Creative"    "c:\windows\system32\drivers\ambfilt.sys"
+ "AsusACPI"    ""    ""    "File not found: system32\DRIVERS\ASUSACPI.sys"
+ "btaudio"    "Bluetooth Audio Device"    "Broadcom Corporation."    "c:\windows\system32\drivers\btaudio.sys"
+ "BTDriver"    "Bluetooth BTPORT Driver for Windows 2000"    "Broadcom Corporation."    "c:\windows\system32\drivers\btport.sys"
+ "BTKRNL"    "Bluetooth Bus Enumerator"    "Broadcom Corporation."    "c:\windows\system32\drivers\btkrnl.sys"
+ "BTWDNDIS"    "Bluetooth LAN Access Server Driver"    "Broadcom Corporation."    "c:\windows\system32\drivers\btwdndis.sys"
+ "btwhid"    "Bluetooth Virtual HID Minidriver"    "Broadcom Corporation."    "c:\windows\system32\drivers\btwhid.sys"
+ "btwmodem"    "Bluetooth BTPORT Driver for Windows 2000"    "Broadcom Corporation."    "c:\windows\system32\drivers\btwmodem.sys"
+ "BTWUSB"    "Driver for Bluetooth USB Devices"    "Broadcom Corporation."    "c:\windows\system32\drivers\btwusb.sys"
+ "Changer"    ""    ""    "File not found: C:\windows\System32\Drivers\Changer.sys"
+ "HDAudBus"    "High Definition Audio Bus Driver v1.0a"    "Windows ® Server 2003 DDK provider"    "c:\windows\system32\drivers\hdaudbus.sys"
+ "hwdatacard"    ""    ""    "File not found: system32\DRIVERS\ewusbmdm.sys"
+ "i2omgmt"    ""    ""    "File not found: C:\windows\System32\Drivers\i2omgmt.sys"
+ "ialm"    ""    ""    "File not found: system32\DRIVERS\igxpmp32.sys"
+ "IntcAzAudAddService"    "Realtek® High Definition Audio Function Driver"    "Realtek Semiconductor Corp."    "c:\windows\system32\drivers\rtkhdaud.sys"
+ "Ktp"    "ETD Ware TSR Enhancements"    "ELANTECH Devices Corp."    "c:\windows\system32\drivers\etd.sys"
+ "L1e"    "Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller ndis miniport driver"    "Atheros Communications, Inc."    "c:\windows\system32\drivers\l1e51x86.sys"
+ "lbrtfdc"    ""    ""    "File not found: C:\windows\System32\Drivers\lbrtfdc.sys"
+ "Monfilt"    "Creative WDM Audio Driver (32-bit)"    "Creative Technology Ltd."    "c:\windows\system32\drivers\monfilt.sys"
+ "PCIDump"    ""    ""    "File not found: C:\windows\System32\Drivers\PCIDump.sys"
+ "PDCOMP"    ""    ""    "File not found: C:\windows\System32\Drivers\PDCOMP.sys"
+ "PDFRAME"    ""    ""    "File not found: C:\windows\System32\Drivers\PDFRAME.sys"
+ "PDRELI"    ""    ""    "File not found: C:\windows\System32\Drivers\PDRELI.sys"
+ "PDRFRAME"    ""    ""    "File not found: C:\windows\System32\Drivers\PDRFRAME.sys"
+ "Ptilink"    "Direct Parallel Link Driver"    "Parallel Technologies, Inc."    "c:\windows\system32\drivers\ptilink.sys"
+ "PxHelp20"    "Px Engine Device Driver for Windows 2000/XP"    "Sonic Solutions"    "c:\windows\system32\drivers\pxhelp20.sys"
+ "RT80x86"    "Ralink 802.11 Wireless Adapter Driver"    "Ralink Technology, Corp."    "c:\windows\system32\drivers\rt2860.sys"
+ "Secdrv"    "SafeDisc driver"    ""    "c:\windows\system32\drivers\secdrv.sys"
+ "WDICA"    ""    ""    "File not found: C:\windows\System32\Drivers\WDICA.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"    ""    ""    ""
+ "msacm.iac2"    "Indeo® audio software"    "Intel Corporation"    "c:\windows\system32\iac25_32.ax"
+ "msacm.l3acm"    "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet"    "Audio codec for MS ACM"    "Sipro Lab Telecom Inc."    "c:\windows\system32\sl_anet.acm"
+ "msacm.trspch"    "DSP Group TrueSpeech™ Audio Codec for MSACM V3.50"    "DSP GROUP, INC."    "c:\windows\system32\tssoft32.acm"
+ "vidc.cvid"    "Cinepak® Codec"    "Radius Inc."    "c:\windows\system32\iccvid.dll"
+ "vidc.iv31"    ""    ""    "c:\windows\system32\ir32_32.dll"
+ "vidc.iv32"    ""    ""    "c:\windows\system32\ir32_32.dll"
+ "vidc.iv41"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "c:\windows\system32\ir41_32.ax"
+ "vidc.iv50"    "Intel Indeo® video 5.10"    "Intel Corporation"    "c:\windows\system32\ir50_32.dll"
"HKLM\Software\Classes\Filter"    ""    ""    ""
+ "Indeo® video 4.4 Compression Filter"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Compression Filter"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "c:\windows\system32\ir41_32.ax"
+ "Indeo® video 4.4 Decompression Filter"    "Intel Indeo® Video 4.5"    "Intel Corporation"    "c:\windows\system32\ir41_32.ax"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"    ""    ""    ""
+ "9x8Resize"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "ACELP.net Audio Decoder"    "ACELP.net Audio Decoder"    "Sipro Lab Telecom Inc."    "c:\windows\system32\acelpdec.ax"
+ "Allocator Fix"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "CyberLink Audio Decoder"    "CyberLink Audio Decoder Filter"    "CyberLink Corp."    "c:\program files\cyberlink\powerdvd\audiofilter\claud.ax"
+ "CyberLink Audio Effect (PDVD6)"    "CyberLink Audio Effect Filter"    "CyberLink Corporation"    "c:\program files\cyberlink\powerdvd\audiofilter\claudfx.ax"
+ "CyberLink Audio Spectrum Analyzer (PDVD6)"    "CLAudSpa.ax"    "CyberLink Corp."    "c:\program files\cyberlink\powerdvd\audiofilter\claudspa.ax"
+ "CyberLink AudioCD Filter (PDVD6)"    "CyberLink AudioCD Filter"    "CyberLink Corp."    "c:\program files\cyberlink\powerdvd\audiofilter\claudiocd.ax"
+ "CyberLink Demux (PDVD6)"    "MPEG-2 Dempltiplexer"    "CyberLink Corp."    "c:\program files\cyberlink\powerdvd\navfilter\cldemuxer.ax"
+ "CyberLink DVD Navigator (PDVD6)"    "CyberLink DVD Navigation Filter"    "CyberLink Corp."    "c:\program files\cyberlink\powerdvd\navfilter\clnavx.ax"
+ "CyberLink Line21 Decoder (PDVD6)"    "CyberLink Line21 Decoder Filter"    "CyberLink Corp."    "c:\program files\cyberlink\powerdvd\videofilter\clline21.ax"
+ "Cyberlink SubTitle Importor (PDVD6)"    "CLSubTitle.ax"    "CyberLink Corp."    "c:\program files\cyberlink\powerdvd\videofilter\clsubtitle.ax"
+ "CyberLink TimeStretch Filter (PDVD6)"    "CLAuTS.ax"    "CyberLink Corp."    "c:\program files\cyberlink\powerdvd\audiofilter\clauts.ax"
+ "CyberLink Video/SP Decoder"    "CyberLink Video/SP Filter"    "CyberLink Corp."    "c:\program files\cyberlink\powerdvd\videofilter\clvsd.ax"
+ "DivX Decoder Filter"    "DivX® Decoder Filter"    "DivXNetworks, Inc."    "c:\program files\cyberlink\powerdvd\videofilter\dxdec.ax"
+ "Frame Eater"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "Indeo® audio software"    "Indeo® audio software"    "Intel Corporation"    "c:\windows\system32\iac25_32.ax"
+ "Indeo® video 5.10 Compression Filter"    "Intel Indeo® video 5.10"    "Intel Corporation"    "c:\windows\system32\ir50_32.dll"
+ "Indeo® video 5.10 Decompression Filter"    "Intel Indeo® video 5.10"    "Intel Corporation"    "c:\windows\system32\ir50_32.dll"
+ "Key Frame Manager"    "Key Frame Manager DS Filter"    "Solveig Multimedia"    "c:\program files\common files\solveig multimedia\smm_kfrmanager.ax"
+ "MPEG Layer-3 Decoder"    "MPEG Layer-3 Audio Decoder"    "Fraunhofer Institut Integrierte Schaltungen IIS"    "c:\windows\system32\l3codecx.ax"
+ "Nero Audio CD Filter"    "Nero Audio CD Source Filter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\neaudcd.ax"
+ "Nero Audio CD Navigator"    "Nero Audio CD Source Filter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\neaudcd.ax"
+ "Nero Audio Processor"    "Nero Audio Processor"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\neaudioconv.ax"
+ "Nero Audio Source"    "Nero Library"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer"    "Nero Library"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Audio Stream Renderer"    "Nero Library"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Nero Digital Audio Decoder"    "Nero Audio Decoder"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\neaudio.ax"
+ "Nero Digital AVC Audio Encoder"    "AAC LC/HE Audio Encoder"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nendaud.ax"
+ "Nero Digital AVC File Writer"    "NeroDigital File Format Muxer"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Muxer"    "NeroDigital File Format Muxer"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Null Renderer"    "NeroDigital File Format Muxer"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital AVC Subpicture Enc"    "NeroDigital File Format Muxer"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nendmux.ax"
+ "Nero Digital Parser"    "NeroDigital / mp4 / avi / mov parser"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero DV Splitter"    "DV Splitter Filter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nedvsplitter.ax"
+ "Nero DVD Decoder"    "MPEG-1/2/4 & AVC video decoder w/ DxVA"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero DVD Navigator"    "DVD Navigator Filter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nedvd.ax"
+ "Nero ES Video Reader"    "NeroDigital / mp4 / avi / mov parser"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\ndparser.ax"
+ "Nero File Source"    "Nero SVCD source filter"    "Nero AG "    "c:\program files\common files\ahead\dsfilter\nefilesrc.ax"
+ "Nero File Source (Async.)"    "NeFileSourceAsync"    "Ahead Software AG"    "c:\program files\common files\ahead\dsfilter\nefilesourceasync.ax"
+ "Nero File Source / Splitter"    "Push Mode VOB Source Filter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nefsource.ax"
+ "Nero Format Converter"    "Frame rate / Color space converter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\neroformatconv.ax"
+ "Nero Frame Capture"    "Direct Show frame grabber filter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\necapture.ax"
+ "Nero Mpeg2 Encoder"    "MPEG 1/2 Video Encoder"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nevcr.ax"
+ "Nero Photo Source"    "NePhotoSource"    "Ahead Software AG"    "c:\program files\common files\ahead\dsfilter\nephotosource.ax"
+ "Nero PS Muxer"    "PS Muxer Filter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nepsmuxer.ax"
+ "Nero QuickTime™ Audio Decoder"    "QuickTime™ Decoder Wrapper"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero QuickTime™ Video Decoder"    "QuickTime™ Decoder Wrapper"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\neqtdec.ax"
+ "Nero Resize"    "Nero Resizing Filter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\neresize.ax"
+ "Nero Scene Change Detector"    "Scene Change Detector"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Scene Change Detector"    "Scene Change Detector"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nescenedetector.ax"
+ "Nero Splitter"    "Splitter Filter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nesplitter.ax"
+ "Nero Vcd Navigator"    "Nero Vcd Navigator Filter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nevcd.ax"
+ "Nero Video Analyzer"    "Nero Video Analyzer"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nevideoanalyzer.ax"
+ "Nero Video Decoder"    "MPEG-1/2/4 & AVC video decoder w/ DxVA"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nevideo.ax"
+ "Nero Video Processor"    "Resize / Deinterlace / Color Correction / Film Effect / Frame Capture Filter"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nerovideoproc.ax"
+ "Nero Video Source"    "Nero Library"    "Nero AG"    "c:\program files\common files\ahead\dsfilter\nerender.ax"
+ "Record Queue"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "SMM Media Jointer"    "Media Joiner Filter"    "Solveig Multimedia"    "c:\program files\common files\solveig multimedia\smm_mediajointer.ax"
+ "SolveigMM ASF Multiplexer"    "SMM_ASFMuxer.ax"    "Solveig Multimedia"    "c:\program files\common files\solveig multimedia\smm_asfmuxer.ax"
+ "SolveigMM Audio Mixer"    "Audio Mixing DirectShow filter"    "Solveig Multimedia"    "c:\program files\common files\solveig multimedia\smm_audiomixer.ax"
+ "SolveigMM File Writer"    "SolveigMM File Writer"    "Solveig Multimedia"    "c:\program files\common files\solveig multimedia\smm_filewriter.ax"
+ "SolveigMM PushSource Desktop Filter"    "SMM_ScrCapture.ax"    "Solveig Multimedia"    "c:\program files\common files\solveig multimedia\smm_scrcapture.ax"
+ "SolveigMM Stat"    "SMM_Stat.ax"    "Solveig Multimedia"    "c:\program files\common files\solveig multimedia\smm_stat.ax"
+ "SolveigMM Time Shifter"    "SMM_TimeShifter.ax"    "Solveig Multimedia"    "c:\program files\common files\solveig multimedia\smm_timeshifter.ax"
+ "SolveigMM Trimmer Filter"    "Trimmer DS Filter"    "Solveig Multimedia"    "c:\program files\common files\solveig multimedia\smm_trimmer.ax"
+ "Stetch"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WIA Stream Snapshot Filter"    "WIA Stream Snapshot Filter"    "MyCompanyName"    "c:\windows\system32\wiasf.ax"
+ "WM VIH2 Fix"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DirectX Transform Wrapper"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Screen capture Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume"    "Movie Maker Filters"    "Microsoft Corporation"    "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify"    ""    ""    ""
+ "igfxcui"    ""    ""    "File not found: igfxdev.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors"    ""    ""    ""
+ "Adobe PDF Port"    "Acrobat ® PDF Port"    "Adobe Systems Incorporated."    "c:\windows\system32\adobepdf.dll"
+ "Bluetooth Printer Port"    "bthcrp DLL"    "Broadcom Corporation."    "c:\windows\system32\bthcrp.dll"
 

 

 

 

 

 

 

 


 



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:29 AM

Posted 22 February 2013 - 09:51 PM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log

 

Current issues?



#7 Indus

Indus
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:29 AM

Posted 23 February 2013 - 01:41 AM

Thanks tons for your help. Please find the logs below.

 

 

1. Svc repair log

 

Log Opened: 2013-02-22 @ 22:04:30
22:04:30 - -----------------
22:04:30 - | Begin Logging |
22:04:30 - -----------------
22:04:30 - Fix started on a WIN_XP X86 computer
22:04:30 - Prep in progress.  Please Wait.
22:04:35 - Prep complete
22:04:35 - Repairing Services Now.  Please wait...

The operation completed successfully
INFO:
The restore action ignores the object name parameter (paths are read
from the backup file). However, other actions that require the object
name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.

The operation completed successfully
INFO:
The restore action ignores the object name parameter (paths are read
from the backup file). However, other actions that require the object
name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Setup>
INFORMATION:
Restoring SD of:
<machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List>
INFORMATION:
Restoring SD of:
<machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION:
Restoring SD of:
<machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION:
Restoring SD of:
<machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List>
INFORMATION:
Restoring SD of:
<machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION:
Restoring SD of:
<machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.

The operation completed successfully
INFO:
The restore action ignores the object name parameter (paths are read
from the backup file). However, other actions that require the object
name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.

The operation completed successfully
INFO:
The restore action ignores the object name parameter (paths are read
from the backup file). However, other actions that require the object
name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
22:04:38 - Services Repair Complete.
22:04:49 - Reboot Initiated
 

 

2. Farbar Service Scanner Version: 20-02-2013
Ran by INDRANI (administrator) on 22-02-2013 at 22:16:05
Running from "C:\Documents and Settings\INDRANI\Desktop"
Microsoft Windows XP Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\windows\system32\dhcpcsvc.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\netbt.sys
[2004-08-03 17:07] - [2004-08-03 17:07] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B

C:\windows\system32\Drivers\tcpip.sys
[2004-08-03 17:07] - [2004-08-03 17:07] - 0359040 ____A (Microsoft Corporation) 9F4B36614A0FC234525BA224957DE55C

C:\windows\system32\Drivers\ipsec.sys
[2004-08-03 17:07] - [2004-08-03 17:07] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1

C:\windows\system32\dnsrslvr.dll
[2004-08-03 17:07] - [2004-08-03 17:07] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D

C:\windows\system32\ipnathlp.dll
[2004-08-03 17:07] - [2004-08-03 17:07] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF

C:\windows\system32\netman.dll
[2004-08-03 17:07] - [2004-08-03 17:07] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565

C:\windows\system32\wbem\WMIsvc.dll
[2010-08-26 10:01] - [2004-08-03 17:07] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\windows\system32\srsvc.dll
[2010-08-26 10:03] - [2004-08-03 17:07] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838

C:\windows\system32\Drivers\sr.sys
[2010-08-26 10:03] - [2004-08-03 17:07] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24

C:\windows\system32\wscsvc.dll
[2004-08-03 17:07] - [2004-08-03 17:07] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A

C:\windows\system32\wbem\WMIsvc.dll
[2010-08-26 10:01] - [2004-08-03 17:07] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E

C:\windows\system32\wuauserv.dll
[2010-08-26 10:04] - [2004-08-03 17:07] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8

C:\windows\system32\qmgr.dll
[2010-08-26 10:04] - [2004-08-03 17:07] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA

C:\windows\system32\es.dll
[2004-08-03 17:07] - [2004-08-03 17:07] - 0243200 ____A (Microsoft Corporation) ACD36A2DD7D1E9D8A060AA651DC07E63

C:\windows\system32\cryptsvc.dll
[2004-08-03 17:07] - [2004-08-03 17:07] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B

C:\windows\system32\svchost.exe
[2004-08-03 17:07] - [2004-08-03 17:07] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716

C:\windows\system32\rpcss.dll
[2004-08-03 17:07] - [2004-08-03 17:07] - 0395776 ____A (Microsoft Corporation) 5C83A4408604F737717AB96371201680

C:\windows\system32\services.exe
[2004-08-03 17:07] - [2004-08-03 17:07] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4


Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000700000006000000
IpSec Tag value is correct.

**** End of log ****

 

 

#### However, I see this PC cleaner pro- the anti-virus thing, I do not trust. How can I get rid of this ? The other concern is regarding the big cursor. That problem still exists.

 

 

 

Best

 



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:29 AM

Posted 23 February 2013 - 06:43 AM

I see this PC cleaner pro- the anti-virus thing

 

Where?

 

Can you get a screenshot of the big cursor issue?



#9 Indus

Indus
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:29 AM

Posted 25 February 2013 - 02:11 PM

Hi,

 

My Windows Security center tells me PC Cleaner pro is turned off. That means I have that anti-virus , without my knowledge ! How can I get rid of it ?

 

I tried sending u a screenshot of the PC Cleaner pro and big cursor but it won't let me attach such files.

 

Also, my autorun feature is turned off because I just entered an external memory stick and it didn't open. My restart button is disabled too.

 

Please advice

 

Best



#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:29 AM

Posted 25 February 2013 - 02:17 PM

Press Windows+R key and type

 

cmd and click ok and these commands

 

cd c:\windows\system32\wbem

net stop winmgmt /y

del repository

net start winmgmt

 

Restart the PC and let me know how system behaves

 

Press Windows+R key and type

 

services.msc and click ok

 

What is the status of shell hardware detection service?



#11 Indus

Indus
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:29 AM

Posted 28 February 2013 - 11:48 PM

Hi,

 

Sorry for the late update. Pasted below are the steps and result on the dos command prompt. However, the "del repository' command did not show any result. Please find the results below :

 

C:\WINDOWS\system32\wbem>net stop winmgmt
The following services are dependent on the Windows Management Instrumentati
ervice.
Stopping the Windows Management Instrumentation service will also stop these
vices.

   Security Center
   Windows Firewall/Internet Connection Sharing (ICS)

Do you want to continue this operation? (Y/N) [N]: y
The Security Center service is stopping.
The Security Center service was stopped successfully.


The Windows Firewall/Internet Connection Sharing (ICS) service was stopped s
ssfully.

The Windows Management Instrumentation service is stopping.
The Windows Management Instrumentation service was stopped successfully.


C:\WINDOWS\system32\wbem>del repository
C:\WINDOWS\system32\wbem\repository\*, Are you sure (Y/N)? y

C:\WINDOWS\system32\wbem>net start winmgmt
The Windows Management Instrumentation service is starting.
The Windows Management Instrumentation service was started successfully.


C:\WINDOWS\system32\wbem>

 

 

### # The cursor still shows big and the stand by button is greyed out. Please advice me.

 

 

Thanks lot in advance !


 



#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:29 AM

Posted 01 March 2013 - 12:06 AM

I need the screenshot of the cursor problem.I'm not able to understand the issue.

 

Regarding standby problem

 

Go to control panel-power options

 

Do you have a standby or hibernate tab?

 

Do you ever remember seeing  standby enabled?



#13 Indus

Indus
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:29 AM

Posted 03 March 2013 - 10:42 PM

Hi,

 

I am not able to send you any attachments for the screenshots. How can I do that ?

 

I can't remember if "hibernate" was ever available as an option while turning off the machine but "stand by" was definitely available before and I have used it as well in the past. The control panel- power option doesn't show hibernate or standby tab. What can I do about it ?

 

What is your opinion about the logs I send you earlier? I am just curious :)

 

Thanks lot.



#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:29 AM

Posted 03 March 2013 - 10:59 PM

We removed lot of adwares from your PC.

 

Lets try to fix hibernate issue first.

 

Press Windows+R key and type

 

devmgmt.msc and click ok

 

Do you find any unknown device or any drivers that has yellow symbol ?

 

What is your PC model(Need the exact name)



#15 Indus

Indus
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:29 AM

Posted 07 March 2013 - 02:29 AM

Hi,

 

 

Yes, I see an exclamatory mark in yellow against (1) Video Controller (2) Video Controller [VGA Compatible]  (3) Unknown device- under the sound device category . I have noticed off late, every time I reboot my computer right after the desktop screen comes up, a prompt telling me "found a new hardware" pops up. Has this got to do something with the "standby" issue ??

 

My PC model is Asus Eee PC 1000HE .

 

 

Thank You so much  :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users