Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer Running Agonisingly Slow ! - Please Help ! [Closed]


  • This topic is locked This topic is locked

#1
spicejar

spicejar

    Member

  • Member
  • PipPip
  • 20 posts
Iam having a rather torrid time with my Laptop working agonisingly slow off late...

I have a HP pavilion series laptop with specs 1.5 Ghz intel core2 duo processor and a 3GB ram and a 500 Gb HDD ..with Windows Vista Home Premium 32 bit and running a 4 Mbps broadband connection for internet ...

In the past few weeks .. the laptop has started to work agonisingly slow after start up ... startup takes arnd 3-5 mins ... and windows explorer hangs for a minute or so whenever i try access any folder in HDD ..any application takes more time to launch .. even the simple notepad ..

Iam also facing issues browsing net as it takes time to load pages and often i get warnings that " some of the scripts coudn't be run due to internet connectivity issues , try using basic mail function .." and often i need to kill pages and start over agin..if i use more than 2 tabs to browse , it hangs indefinitely...

Initially i thought the browsing issue to be related to Adobe flash player 12 as flash based sites crashed often..so uninstalled it and installed ver.10 ..but now though it opens iam getting a slow load time ..

I use ESET smart security 5 as my AV and it din't pick any virus on my HDD ..also installed Malwarebytes AntiMalware to check for any malware issues ...but results were negative ...Even without internet the system is very slow ...Notepad takes ages to load leave alone MS Office .. and could view any movies as my VLC player strams slow and often crashes..not even able to hear any song as winamp too hangs ...

I often hear a scractching like sound whenever the sytem uses more applications or hangs...

I called in a tech guy and he said there may be any virus issues ..so i completely formatted my entire system and relauched everything again..but the issue persists ... Tried cleaning registry using Piriform CCCleaner .... it had no issues .. whenever i clean registry , the system runs fire for around 20-30 mins then slows down again...

I dunno what's happening , somebody please help ... to find where the problem actually would be .. as i suppose 3GB ram is more than sufficient enough to run Vista ...it was working superfine before ..dunno why it slumped back..

Somebody pls.hlp..
  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, spicejar! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Step 1.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 2.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    C:\windows\*. /RP /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 3.

Please post:

aswMBR log
OTL.txt
Extras.txt


Give me an update on your computer's issues.
  • 0

#3
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
User returned.
  • 0

#5
spicejar

spicejar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi CompCav !!

Thanks for reopening ...

here are the log files that you had asked !!

Have attached the following logs :
aswMBR.txt
OTL.txt
Extras.txt ...

Attaching these files itself took me 5 mins ( [bleep] slow for a 100 kb upload :( ..with firefox alernating from "Not responding " and to Normal..)

Thanks for helping me out !!

Attached Files


  • 0

#6
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
I am going to post your logs, they are easier to read if posted.

Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-19 16:52:45
-----------------------------
16:52:45.782 OS Version: Windows 6.0.6002 Service Pack 2
16:52:45.789 Number of processors: 2 586 0xF0D
16:52:45.878 ComputerName: APOLLO UserName:
16:52:53.856 Initialize success
16:53:31.918 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
16:53:31.995 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
16:53:32.170 Disk 0 MBR read successfully
16:53:32.272 Disk 0 MBR scan
16:53:32.386 Disk 0 unknown MBR code
16:53:32.547 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 116488 MB offset 63
16:53:32.737 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 111386 MB offset 238569472
16:53:32.896 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10597 MB offset 466688250
16:53:33.050 Disk 0 scanning sectors +488392065
16:53:33.360 Disk 0 scanning C:\Windows\system32\drivers
16:55:53.566 Service scanning
16:56:47.004 Modules scanning
16:57:11.174 Disk 0 trace - called modules:
16:57:11.614 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
16:57:11.871 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86075118]
16:57:12.002 3 CLASSPNP.SYS[8a7a88b3] -> nt!IofCallDriver -> [0x84b76820]
16:57:12.171 5 acpi.sys[8068a6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x855aa028]
16:57:12.327 Scan finished successfully
16:57:37.510 Disk 0 MBR has been saved successfully to "C:\Users\Raghavendra\Documents\MBR.dat"
16:57:37.863 The log file has been saved successfully to "C:\Users\Raghavendra\Documents\aswMBR.txt"





OTL logfile created on: 5/19/2012 7:46:33 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Raghavendra\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.84% Memory free
6.18 Gb Paging File | 5.08 Gb Available in Paging File | 82.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113.76 Gb Total Space | 64.43 Gb Free Space | 56.64% Space Free | Partition Type: NTFS
Drive D: | 108.78 Gb Total Space | 64.83 Gb Free Space | 59.60% Space Free | Partition Type: NTFS
Drive E: | 10.35 Gb Total Space | 3.85 Gb Free Space | 37.23% Space Free | Partition Type: NTFS

Computer Name: APOLLO | User Name: Raghavendra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/19 12:11:40 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Raghavendra\Desktop\iexplore.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/13 20:07:00 | 004,740,544 | ---- | M] (OpenSight Software, LLC) -- C:\Program Files\FlashFXP 4\FlashFXP.exe
PRC - [2011/12/29 19:56:16 | 003,462,552 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2011/08/09 21:39:16 | 003,076,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2010/06/17 03:12:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2010/05/25 19:58:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/10/26 14:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2009/04/11 11:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 13:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/01/19 13:08:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2007/04/24 06:41:44 | 000,106,593 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2007/04/24 06:41:42 | 000,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/08 19:11:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/06/17 03:12:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/05 19:24:48 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/01/19 13:08:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/24 06:41:44 | 000,106,593 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/24 06:41:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys -- (IDSvix86)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/05/19 12:10:40 | 000,046,848 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Users\Raghavendra\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/21 01:35:38 | 000,091,424 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2011/08/09 13:57:10 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2011/08/04 09:20:38 | 000,147,480 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\epfw.sys -- (epfw)
DRV - [2011/08/04 09:20:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2011/08/04 09:20:38 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/02/25 01:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009/12/30 12:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/10/26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/01/25 00:46:40 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/03/01 18:19:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/02/24 20:12:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 22:33:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 22:10:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 13:00:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {9FD89D22-C60B-4BC2-A131-284E0D766A35}
IE - HKLM\..\SearchScopes\{896DB260-1B30-4FF3-B10E-B4961151320C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{9FD89D22-C60B-4BC2-A131-284E0D766A35}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{A281B9DD-CB64-448D-A1EA-10A689AD2918}: "URL" = http://search.live.c...#38;FORM=HVDUS7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {9FD89D22-C60B-4BC2-A131-284E0D766A35}
IE - HKCU\..\SearchScopes\{896DB260-1B30-4FF3-B10E-B4961151320C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{9FD89D22-C60B-4BC2-A131-284E0D766A35}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{A281B9DD-CB64-448D-A1EA-10A689AD2918}: "URL" = http://search.live.c...#38;FORM=HVDUS7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.in/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Raghavendra\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Raghavendra\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/05 19:24:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/03/23 15:09:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Raghavendra\AppData\Roaming\IDM\idmmzcc5 [2012/03/13 20:30:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Raghavendra\AppData\Roaming\IDM\idmmzcc5 [2012/03/13 20:30:23 | 000,000,000 | ---D | M]

[2012/03/12 16:15:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raghavendra\AppData\Roaming\Mozilla\Extensions
[2012/05/18 07:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raghavendra\AppData\Roaming\Mozilla\Firefox\Profiles\z7io7ajy.default\extensions
[2012/03/27 08:44:17 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Raghavendra\AppData\Roaming\Mozilla\Firefox\Profiles\z7io7ajy.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2012/05/18 07:03:37 | 000,000,000 | ---D | M] (IDM CC) -- C:\Users\Raghavendra\AppData\Roaming\Mozilla\Firefox\Profiles\z7io7ajy.default\extensions\[email protected]
[2012/05/05 19:24:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/05 19:24:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 16:12:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 16:12:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Raghavendra\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Raghavendra\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Raghavendra\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Raghavendra\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Raghavendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Raghavendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Raghavendra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/13 20:30:55 | 000,001,213 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 tonec.com
O1 - Hosts: 127.0.0.1 *.tonec.com
O1 - Hosts: 127.0.0.1 x.tonec.com
O1 - Hosts: 127.0.0.1 www.tonec.com
O1 - Hosts: 127.0.0.1 registeridm.com
O1 - Hosts: 127.0.0.1 www.registeridm.com
O1 - Hosts: 127.0.0.1 secure.registeridm.com
O1 - Hosts: 127.0.0.1 internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 www.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 secure.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror2.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror3.internetdownloadmanager.com
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907}: NameServer = 208.67.222.222,208.67.220.220
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Raghavendra\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Raghavendra\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/23 17:35:45 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 20:48:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{b93276eb-77b4-11e1-b000-001b24c394c2}\Shell - "" = AutoRun
O33 - MountPoints2\{b93276eb-77b4-11e1-b000-001b24c394c2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/19 16:59:54 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Raghavendra\Desktop\iexplore.exe
[2012/05/16 21:42:42 | 000,000,000 | ---D | C] -- C:\Users\Raghavendra\Desktop\Horoscopes
[2012/05/05 19:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/05 19:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/04/28 11:31:32 | 000,000,000 | ---D | C] -- C:\Users\Raghavendra\Desktop\Desktop
[2012/04/25 11:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azhagi+
[2012/04/25 11:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\Azhagi+
[2012/04/24 14:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/24 14:51:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/24 14:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/24 11:26:31 | 000,000,000 | ---D | C] -- C:\Users\Raghavendra\AppData\Roaming\Malwarebytes
[2012/04/24 11:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

========== Files - Modified Within 30 Days ==========

[2012/05/19 20:03:06 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-435282272-506716919-4068098482-1000UA.job
[2012/05/19 18:21:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/19 18:21:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/19 18:03:19 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-435282272-506716919-4068098482-1000Core.job
[2012/05/19 16:57:37 | 000,000,512 | ---- | M] () -- C:\Users\Raghavendra\Documents\MBR.dat
[2012/05/19 16:21:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/19 16:21:28 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/19 12:11:40 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Raghavendra\Desktop\iexplore.exe
[2012/05/18 22:44:35 | 000,030,720 | ---- | M] () -- C:\Users\Raghavendra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/18 07:17:57 | 000,002,034 | ---- | M] () -- C:\Users\Raghavendra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/18 07:17:48 | 000,002,072 | ---- | M] () -- C:\Users\Raghavendra\Desktop\Google Chrome.lnk
[2012/05/10 23:23:24 | 000,436,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/10 22:23:44 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/10 22:23:44 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/01 17:56:37 | 000,060,228 | ---- | M] () -- C:\Users\Raghavendra\Desktop\Horoscope_Satish.pdf
[2012/04/25 11:48:44 | 000,000,836 | ---- | M] () -- C:\Users\Raghavendra\Application Data\Microsoft\Internet Explorer\Quick Launch\Azhagi+.lnk
[2012/04/25 11:48:43 | 000,000,812 | ---- | M] () -- C:\Users\Raghavendra\Desktop\Azhagi+.lnk

========== Files Created - No Company Name ==========

[2012/05/19 16:57:37 | 000,000,512 | ---- | C] () -- C:\Users\Raghavendra\Documents\MBR.dat
[2012/05/18 22:25:27 | 3211,190,272 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/01 17:56:56 | 000,060,228 | ---- | C] () -- C:\Users\Raghavendra\Desktop\Horoscope_Satish.pdf
[2012/04/25 11:48:44 | 000,000,836 | ---- | C] () -- C:\Users\Raghavendra\Application Data\Microsoft\Internet Explorer\Quick Launch\Azhagi+.lnk
[2012/04/25 11:48:43 | 000,000,812 | ---- | C] () -- C:\Users\Raghavendra\Desktop\Azhagi+.lnk
[2012/04/10 14:51:03 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2012/04/10 09:46:20 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2012/03/17 07:33:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/03/17 07:33:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/03/15 13:18:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/03/13 20:53:52 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2012/03/13 20:28:50 | 000,230,912 | ---- | C] () -- C:\Windows\System32\Zipit.dll
[2012/03/13 20:28:50 | 000,099,840 | ---- | C] ( ) -- C:\Windows\System32\Zipdll.dll
[2012/03/13 20:28:50 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\Unzdll.dll
[2012/03/13 20:28:49 | 000,314,880 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2012/03/12 16:24:48 | 000,030,720 | ---- | C] () -- C:\Users\Raghavendra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/09 14:20:38 | 004,794,880 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012/01/09 19:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/09/15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin

========== LOP Check ==========

[2012/05/12 09:26:40 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\AIMP3
[2012/03/28 18:00:49 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\Auslogics
[2012/03/13 19:58:40 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\Boilsoft
[2012/05/19 12:11:58 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\DMCache
[2012/03/23 09:25:13 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\ESET
[2012/05/12 10:54:07 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\FileZilla
[2012/03/15 09:41:29 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\IDM
[2012/04/06 14:30:55 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\OpenDNS Updater
[2012/03/15 14:51:09 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\PearlMountain
[2012/04/24 14:37:17 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\uTorrent
[2012/03/12 16:08:14 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\VistaCodecs
[2012/04/05 20:56:47 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\WebMoney
[2012/04/09 10:55:13 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\Xilisoft Corporation
[2012/05/19 09:21:35 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2012/03/12 21:16:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2012/03/12 21:15:52 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2012/03/12 21:15:47 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2012/03/13 14:26:06 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2012/03/13 14:26:06 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 11:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\explorer.exe
[2009/04/11 11:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2012/03/12 21:15:56 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 15:15:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 13:03:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2006/11/02 15:15:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 13:03:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\System32\svchost.exe
[2008/01/19 13:03:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 13:03:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe
[2008/01/19 13:03:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 15:15:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 11:58:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009/04/11 11:58:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 15:15:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 13:03:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2009/04/11 10:15:37 | 000,185,856 | ---- | M] (Microsoft Corporation)
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{75BBC226-5F45-40F4-816B-4B5EA0F5C812}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{AAECF98D-936B-4CB8-9F10-9B1C41375907}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/01/19 11:25:45 | 000,035,840 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 00 01 02 01 06 01 04 01 05 01 07 01 01 01 03 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/11/02 15:16:14 | 000,011,264 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/05 19:24:43 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/05 19:24:43 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/05 19:24:43 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/05/05 19:24:46 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/05/05 19:24:46 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/05 19:24:46 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Raghavendra\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/09 08:34:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Raghavendra\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/09 08:34:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Raghavendra\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/09 08:34:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Raghavendra\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/05/09 08:34:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/03/18 12:24:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/03/18 12:24:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/03/18 12:24:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/03/18 12:24:10 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/03/18 12:24:10 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/05/05 19:24:43 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/05/05 19:24:43 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/05/05 19:24:43 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/05/05 19:24:46 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/05/05 19:24:46 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/05/05 19:24:46 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Raghavendra\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/09 08:34:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Raghavendra\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/09 08:34:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Raghavendra\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/09 08:34:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Raghavendra\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/05/09 08:34:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/03/18 12:24:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/03/18 12:24:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/03/18 12:24:09 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/03/18 12:24:10 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/03/18 12:24:10 | 000,748,336 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.0.6002
Copyright © 1999-2007 Microsoft Corporation.
On computer: APOLLO
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 F DVD-ROM 0 B No Media
Volume 1 C NTFS Partition 114 GB Healthy System
Volume 2 D MULTIMEDIA NTFS Partition 109 GB Healthy
Volume 3 E HP_RECOVERY NTFS Partition 10 GB Healthy

========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:4BF2F6B5
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:A064CECC
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:41ADDB8A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >



OTL Extras logfile created on: 5/19/2012 7:46:33 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Raghavendra\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.84% Memory free
6.18 Gb Paging File | 5.08 Gb Available in Paging File | 82.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113.76 Gb Total Space | 64.43 Gb Free Space | 56.64% Space Free | Partition Type: NTFS
Drive D: | 108.78 Gb Total Space | 64.83 Gb Free Space | 59.60% Space Free | Partition Type: NTFS
Drive E: | 10.35 Gb Total Space | 3.85 Gb Free Space | 37.23% Space Free | Partition Type: NTFS

Computer Name: APOLLO | User Name: Raghavendra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP 4\FlashFXP.exe" = C:\Program Files\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\FlashFXP 4\FlashFXP.exe" = C:\Program Files\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A779DFD0-9094-4DE1-AE93-E6C2B6E45BD5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025CE4A3-1736-411D-B864-40348A333E72}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2174FFCF-3D1F-4F35-B159-F1DDF29B91C9}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3774E4F0-A63A-4742-BA0A-9D196AEC52F7}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3A8BB367-4798-44EA-9B6C-F30ADC8B1769}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{672BB756-FBEE-4B21-9FA8-898C19A5F532}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6BA9C056-2FF3-4706-8DA8-3991A46B4CD6}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{7648068E-550E-4B8D-9EAF-E2AEC0F4030A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B0DB4182-1848-424E-8591-9A2D24DB3BFD}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{EAA9C718-64A0-458D-81C8-F4981FB52E03}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{F710CF2F-8983-41F9-98CB-D00849B26DF6}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"TCP Query User{50548EE1-D300-436F-AF32-50A7A108922F}C:\program files\foxit software\pdf editor\pdfedit.exe" = protocol=6 | dir=in | app=c:\program files\foxit software\pdf editor\pdfedit.exe |
"TCP Query User{72216DEC-88A4-49D0-B5AD-F2B01473ABD2}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"UDP Query User{1D43AC48-AB30-40C6-8715-B0D1D0555F24}C:\program files\foxit software\pdf editor\pdfedit.exe" = protocol=17 | dir=in | app=c:\program files\foxit software\pdf editor\pdfedit.exe |
"UDP Query User{AF1F360F-1486-4699-85DB-01EBAA4DC191}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{094E331B-9C5B-44FA-990B-A84207F61F95}" = Ace2Three
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1479472D-3FF7-450C-BC31-FC4F40405FFD}" = ESET Smart Security
"{1517A7CB-5F00-4A88-8F06-E89B6DB63784}" = ESU for Microsoft Vista
"{1B771BDD-6B21-4C61-A458-226910A9C01B}" = Adobe Flash Player 10 Plugin
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{253AD5C7-94ED-44BF-AA0C-890A80817A87}_is1" = Boilsoft Video Splitter 6.11
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54DAAD16-A57A-4524-9C4F-391500945D14}" = Adobe Flash Player 10 ActiveX
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.2.3
"{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1" = Picture Collage Maker Pro 3.2.6
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D9A7CEE-054A-437D-99EF-DD7C77E001FD}" = WebMoney Keeper Classic 3.9.5.1
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.0
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.50 (February 21st, 2012) version v2012.buil
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F6B29003-A078-4491-AFBE-62EFB6CFFE19}" = HP Total Care Advisor
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"5513-1208-7298-9440" = JDownloader 0.9
"AIMP3" = AIMP3
"AviSynth" = AviSynth 2.6
"Azhagi+_is1" = Azhagi+ 10.15
"Boilsoft Video Joiner_is1" = Boilsoft Video Joiner 5.32
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"D42C36B3-E36B-43EC-A8B4-B613D7B92782_is1" = Infix 5.03
"FileZilla Client" = FileZilla Client 3.5.3
"Foxit PDF Creator" = Foxit PDF Creator
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"HDMI" = Intel® Graphics Media Accelerator Driver
"Horoscope Explorer Pro 3.81_is1" = Horoscope Explorer Pro 3.81
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Internet Download Manager" = Internet Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"PRO" = Microsoft Office Professional 2007
"RealAlt_is1" = Real Alternative 2.0.2
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"WebMoney Agent" = WebMoney Agent
"WildTangent hplaptop Master Uninstall" = My HP Games
"WinRAR archiver" = WinRAR archiver
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"Xilisoft Video Cutter" = Xilisoft Video Cutter
"XviD Video Codec" = XviD Video Codec (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/24/2012 2:32:00 AM | Computer Name = Apollo | Source = System Restore | ID = 8193
Description =

Error - 4/24/2012 4:37:59 AM | Computer Name = Apollo | Source = VSS | ID = 8194
Description =

Error - 4/25/2012 4:41:28 AM | Computer Name = Apollo | Source = EventSystem | ID = 4609
Description =

Error - 4/30/2012 10:35:30 AM | Computer Name = Apollo | Source = EventSystem | ID = 4609
Description =

Error - 5/6/2012 3:58:30 AM | Computer Name = Apollo | Source = EventSystem | ID = 4609
Description =

Error - 5/7/2012 10:54:46 AM | Computer Name = Apollo | Source = EventSystem | ID = 4609
Description =

Error - 5/12/2012 10:34:34 PM | Computer Name = Apollo | Source = EventSystem | ID = 4609
Description =

Error - 5/12/2012 10:35:32 PM | Computer Name = Apollo | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =

Error - 5/14/2012 11:01:56 AM | Computer Name = Apollo | Source = EventSystem | ID = 4609
Description =

Error - 5/18/2012 12:54:08 PM | Computer Name = Apollo | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 5/19/2012 1:56:04 AM | Computer Name = Apollo | Source = Service Control Manager | ID = 7000
Description =

Error - 5/19/2012 1:56:45 AM | Computer Name = Apollo | Source = Service Control Manager | ID = 7022
Description =

Error - 5/19/2012 1:56:45 AM | Computer Name = Apollo | Source = Service Control Manager | ID = 7001
Description =

Error - 5/19/2012 3:02:32 AM | Computer Name = Apollo | Source = WinDefend | ID = 5008
Description = %%827 engine has been terminated due to an unexpected error. Failure
Type: %%831 Exception code: Resource: file:C:\Program Files\HP Games\Blackhawk Striker
2\Uninstall.exe

Error - 5/19/2012 3:02:50 AM | Computer Name = Apollo | Source = Service Control Manager | ID = 7031
Description =

Error - 5/19/2012 6:51:31 AM | Computer Name = Apollo | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:59:20 PM on 5/19/2012 was unexpected.

Error - 5/19/2012 6:51:33 AM | Computer Name = Apollo | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001B24C394C2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 5/19/2012 6:52:11 AM | Computer Name = Apollo | Source = Service Control Manager | ID = 7000
Description =

Error - 5/19/2012 8:59:09 AM | Computer Name = Apollo | Source = WinDefend | ID = 5008
Description = %%827 engine has been terminated due to an unexpected error. Failure
Type: %%831 Exception code: Resource: file:C:\Program Files\HP Games\Blackhawk Striker
2\Uninstall.exe

Error - 5/19/2012 8:59:34 AM | Computer Name = Apollo | Source = Service Control Manager | ID = 7031
Description =


< End of report >
  • 0

#7
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

Auslogics BoostSpeed has a registry cleaner. A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
We strongly advise that people stay away from any of the registry cleaners out there.
Go HERE to get more information about why registry cleaners aren't needed.

Step 2.

I noticed that you have two anti-virus programs running ( ESET & Norton Protection Center). I strongly recommend that you have only one antivirus product installed and running on your computer at a time. I would recommend you uninstall Norton Protection Center and keep ESET.

Multiple installed antivirus products can lead to a clash as products fight for access to files which are being opened since they need to be checked for viruses. In general terms, the programs may conflict and cause:
False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
System Performance Problems: Your system may lock up due to multiple products attempting to access the same file at the same time.

After you uninstall Norton Protection Center please run this tool:
Norton removal tool. Go to step two and click the yellow download button and save it to your desktop, then run it. This tool removes all of their products since 2003 so it will do the trick!



Step 3.

P2P Warning!:

IMPORTANT I have noticed that there are signs of uTorrent P2P (Peer to Peer) File Sharing Program on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
infoworld

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep them, please do not use either of them until your computer is cleaned.



Step 4.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    IE - HKLM\..\SearchScopes\{896DB260-1B30-4FF3-B10E-B4961151320C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    IE - HKCU\..\SearchScopes\{896DB260-1B30-4FF3-B10E-B4961151320C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O33 - MountPoints2\{b93276eb-77b4-11e1-b000-001b24c394c2}\Shell - "" = AutoRun
    O33 - MountPoints2\{b93276eb-77b4-11e1-b000-001b24c394c2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    [2012/04/24 14:37:17 | 000,000,000 | ---D | M] -- C:\Users\Raghavendra\AppData\Roaming\uTorrent
    
    
    
    :files
    ipconfig /flushdns /c
    
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 5.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • Get the report by selecting Reports

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 6.

Please post :

OTL fix log
TDSSKiller log


AV - What is this program?

What brand is your hard drive?
  • 0

#8
spicejar

spicejar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Here are the Answers for your Queries :

STEP 1 :
Will Uninstall Auslogics soon after this thing gets resolved !!

STEP 2 :
I had already Uninstalled Norton but iam unable to uninstall it Fully . i Downloaded Norton Removal Tool but it is not running though it is showing in Process ... so unable to continue Further ... Iam using only ESET as of now !!
Need your help in removing Norton !!

STEP 3 :
I haven't used uTorrent after installation ... i had installed it just to have a P2P client in my system ... Will Uninstall it after this resolution...

STEP 4 :
OTL Log for your reference :

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{896DB260-1B30-4FF3-B10E-B4961151320C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{896DB260-1B30-4FF3-B10E-B4961151320C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{896DB260-1B30-4FF3-B10E-B4961151320C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{896DB260-1B30-4FF3-B10E-B4961151320C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ not found.
File C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b93276eb-77b4-11e1-b000-001b24c394c2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b93276eb-77b4-11e1-b000-001b24c394c2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b93276eb-77b4-11e1-b000-001b24c394c2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b93276eb-77b4-11e1-b000-001b24c394c2}\ not found.
File H:\LaunchU3.exe -a not found.
Folder C:\Users\Raghavendra\AppData\Roaming\uTorrent\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Raghavendra\Desktop\cmd.bat deleted successfully.
C:\Users\Raghavendra\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Raghavendra
->Temp folder emptied: 120811 bytes
->Temporary Internet Files folder emptied: 27712437 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54854371 bytes
->Google Chrome cache emptied: 26173109 bytes
->Flash cache emptied: 470 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6112498 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 110.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.0 log created on 05202012_184329

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


STEP 5 :
TDSSKiller Log :

19:09:07.0845 1444 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
19:09:09.0484 1444 ============================================================
19:09:09.0484 1444 Current date / time: 2012/05/20 19:09:09.0484
19:09:09.0484 1444 SystemInfo:
19:09:09.0484 1444
19:09:09.0484 1444 OS Version: 6.0.6002 ServicePack: 2.0
19:09:09.0485 1444 Product type: Workstation
19:09:09.0485 1444 ComputerName: APOLLO
19:09:09.0486 1444 UserName: Raghavendra
19:09:09.0486 1444 Windows directory: C:\Windows
19:09:09.0486 1444 System windows directory: C:\Windows
19:09:09.0486 1444 Processor architecture: Intel x86
19:09:09.0486 1444 Number of processors: 2
19:09:09.0486 1444 Page size: 0x1000
19:09:09.0486 1444 Boot type: Normal boot
19:09:09.0486 1444 ============================================================
19:09:11.0587 1444 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:09:11.0596 1444 ============================================================
19:09:11.0596 1444 \Device\Harddisk0\DR0:
19:09:11.0596 1444 MBR partitions:
19:09:11.0596 1444 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE3847C1
19:09:11.0597 1444 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE384800, BlocksNum 0xD98D000
19:09:11.0597 1444 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BD118FA, BlocksNum 0x14B2C87
19:09:11.0597 1444 ============================================================
19:09:11.0617 1444 C: <-> \Device\Harddisk0\DR0\Partition0
19:09:11.0658 1444 D: <-> \Device\Harddisk0\DR0\Partition1
19:09:11.0701 1444 E: <-> \Device\Harddisk0\DR0\Partition2
19:09:11.0701 1444 ============================================================
19:09:11.0701 1444 Initialize success
19:09:11.0701 1444 ============================================================
19:09:32.0322 3960 ============================================================
19:09:32.0322 3960 Scan started
19:09:32.0322 3960 Mode: Manual; SigCheck; TDLFS;
19:09:32.0322 3960 ============================================================
19:09:33.0344 3960 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:09:33.0797 3960 ACPI - ok
19:09:34.0007 3960 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
19:09:34.0243 3960 adp94xx - ok
19:09:34.0306 3960 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
19:09:34.0450 3960 adpahci - ok
19:09:34.0492 3960 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
19:09:34.0642 3960 adpu160m - ok
19:09:34.0770 3960 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
19:09:34.0844 3960 adpu320 - ok
19:09:34.0925 3960 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:09:35.0123 3960 AeLookupSvc - ok
19:09:35.0232 3960 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:09:35.0354 3960 AFD - ok
19:09:35.0409 3960 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
19:09:35.0467 3960 agp440 - ok
19:09:35.0530 3960 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:09:35.0587 3960 aic78xx - ok
19:09:35.0626 3960 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:09:35.0901 3960 ALG - ok
19:09:36.0059 3960 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
19:09:36.0111 3960 aliide - ok
19:09:36.0150 3960 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
19:09:36.0210 3960 amdagp - ok
19:09:36.0242 3960 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
19:09:36.0303 3960 amdide - ok
19:09:36.0337 3960 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
19:09:36.0693 3960 AmdK7 - ok
19:09:36.0783 3960 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
19:09:37.0021 3960 AmdK8 - ok
19:09:37.0101 3960 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:09:37.0199 3960 Appinfo - ok
19:09:37.0273 3960 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
19:09:37.0340 3960 arc - ok
19:09:37.0393 3960 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
19:09:37.0481 3960 arcsas - ok
19:09:37.0619 3960 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:09:37.0778 3960 AsyncMac - ok
19:09:37.0841 3960 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:09:37.0903 3960 atapi - ok
19:09:37.0999 3960 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:09:38.0170 3960 AudioEndpointBuilder - ok
19:09:38.0224 3960 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:09:38.0329 3960 Audiosrv - ok
19:09:38.0612 3960 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
19:09:38.0981 3960 BCM43XV - ok
19:09:39.0041 3960 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:09:39.0179 3960 Beep - ok
19:09:39.0280 3960 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:09:39.0408 3960 BFE - ok
19:09:39.0721 3960 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
19:09:39.0912 3960 BITS - ok
19:09:39.0953 3960 blbdrive - ok
19:09:40.0048 3960 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:09:40.0153 3960 bowser - ok
19:09:40.0212 3960 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:09:40.0321 3960 BrFiltLo - ok
19:09:40.0365 3960 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:09:40.0628 3960 BrFiltUp - ok
19:09:40.0746 3960 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:09:40.0906 3960 Browser - ok
19:09:40.0994 3960 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:09:41.0221 3960 Brserid - ok
19:09:41.0294 3960 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:09:41.0524 3960 BrSerWdm - ok
19:09:41.0571 3960 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:09:41.0926 3960 BrUsbMdm - ok
19:09:41.0979 3960 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:09:42.0219 3960 BrUsbSer - ok
19:09:42.0317 3960 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:09:42.0570 3960 BTHMODEM - ok
19:09:42.0833 3960 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:09:43.0094 3960 cdfs - ok
19:09:43.0151 3960 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:09:43.0270 3960 cdrom - ok
19:09:43.0360 3960 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:09:43.0481 3960 CertPropSvc - ok
19:09:43.0528 3960 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
19:09:43.0753 3960 circlass - ok
19:09:43.0878 3960 CLCapSvc (dbafc6734c054feef9087754bd80f847) C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
19:09:43.0930 3960 CLCapSvc ( UnsignedFile.Multi.Generic ) - warning
19:09:43.0930 3960 CLCapSvc - detected UnsignedFile.Multi.Generic (1)
19:09:43.0989 3960 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:09:44.0076 3960 CLFS - ok
19:09:44.0137 3960 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:09:44.0232 3960 clr_optimization_v2.0.50727_32 - ok
19:09:44.0318 3960 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:09:44.0404 3960 clr_optimization_v4.0.30319_32 - ok
19:09:44.0449 3960 CLSched (e67f8f036fd882e4ab62501c0d45b536) C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
19:09:44.0492 3960 CLSched ( UnsignedFile.Multi.Generic ) - warning
19:09:44.0492 3960 CLSched - detected UnsignedFile.Multi.Generic (1)
19:09:44.0565 3960 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:09:44.0798 3960 CmBatt - ok
19:09:44.0869 3960 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
19:09:44.0924 3960 cmdide - ok
19:09:45.0051 3960 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
19:09:45.0142 3960 Com4QLBEx - ok
19:09:45.0168 3960 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:09:45.0242 3960 Compbatt - ok
19:09:45.0256 3960 COMSysApp - ok
19:09:45.0378 3960 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
19:09:45.0433 3960 crcdisk - ok
19:09:45.0551 3960 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
19:09:45.0771 3960 Crusoe - ok
19:09:45.0868 3960 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
19:09:46.0003 3960 CryptSvc - ok
19:09:46.0113 3960 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:09:46.0293 3960 DcomLaunch - ok
19:09:46.0355 3960 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:09:46.0501 3960 DfsC - ok
19:09:46.0802 3960 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:09:47.0073 3960 DFSR - ok
19:09:47.0291 3960 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:09:47.0400 3960 Dhcp - ok
19:09:47.0456 3960 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:09:47.0524 3960 disk - ok
19:09:47.0573 3960 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:09:47.0684 3960 Dnscache - ok
19:09:47.0733 3960 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:09:47.0840 3960 dot3svc - ok
19:09:47.0898 3960 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:09:48.0036 3960 DPS - ok
19:09:48.0164 3960 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:09:48.0276 3960 drmkaud - ok
19:09:48.0518 3960 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:09:48.0636 3960 DXGKrnl - ok
19:09:48.0737 3960 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
19:09:48.0992 3960 E100B - ok
19:09:49.0037 3960 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:09:49.0298 3960 E1G60 - ok
19:09:49.0408 3960 eamonm (04238864710460c5682e260207d06192) C:\Windows\system32\DRIVERS\eamonm.sys
19:09:49.0577 3960 eamonm - ok
19:09:49.0627 3960 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:09:49.0745 3960 EapHost - ok
19:09:49.0818 3960 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:09:49.0918 3960 Ecache - ok
19:09:50.0022 3960 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\Windows\system32\DRIVERS\ehdrv.sys
19:09:50.0072 3960 ehdrv - ok
19:09:50.0294 3960 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:09:50.0389 3960 ehRecvr - ok
19:09:50.0444 3960 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:09:50.0555 3960 ehSched - ok
19:09:50.0589 3960 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:09:50.0651 3960 ehstart - ok
19:09:51.0247 3960 ekrn (f0eebac2f362aa866188a1c0ef819cb9) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
19:09:51.0382 3960 ekrn - ok
19:09:51.0735 3960 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
19:09:51.0820 3960 elxstor - ok
19:09:52.0060 3960 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:09:52.0233 3960 EMDMgmt - ok
19:09:52.0311 3960 epfw (5ba193ca0ae31209aaa39939ce6736b2) C:\Windows\system32\DRIVERS\epfw.sys
19:09:52.0364 3960 epfw - ok
19:09:52.0400 3960 EpfwLWF (9cefd59c8e5ebfb48165aef54617f539) C:\Windows\system32\DRIVERS\EpfwLWF.sys
19:09:52.0442 3960 EpfwLWF - ok
19:09:52.0494 3960 epfwwfp (7144a06ac105a2a7302944602e415ec1) C:\Windows\system32\DRIVERS\epfwwfp.sys
19:09:52.0542 3960 epfwwfp - ok
19:09:52.0859 3960 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:09:52.0984 3960 EventSystem - ok
19:09:53.0067 3960 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:09:53.0168 3960 exfat - ok
19:09:53.0275 3960 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:09:53.0397 3960 fastfat - ok
19:09:53.0441 3960 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
19:09:53.0653 3960 fdc - ok
19:09:53.0701 3960 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:09:53.0838 3960 fdPHost - ok
19:09:53.0889 3960 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:09:54.0164 3960 FDResPub - ok
19:09:54.0235 3960 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:09:54.0302 3960 FileInfo - ok
19:09:54.0365 3960 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:09:54.0507 3960 Filetrace - ok
19:09:54.0549 3960 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
19:09:54.0807 3960 flpydisk - ok
19:09:54.0899 3960 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:09:54.0976 3960 FltMgr - ok
19:09:55.0232 3960 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:09:55.0399 3960 FontCache - ok
19:09:55.0550 3960 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:09:55.0606 3960 FontCache3.0.0.0 - ok
19:09:55.0662 3960 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
19:09:55.0783 3960 Fs_Rec - ok
19:09:55.0841 3960 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
19:09:55.0907 3960 gagp30kx - ok
19:09:56.0151 3960 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:09:56.0293 3960 gpsvc - ok
19:09:56.0366 3960 HBtnKey (93aee3434935fc2f805fefd8dc5ed1b4) C:\Windows\system32\DRIVERS\cpqbttn.sys
19:09:56.0412 3960 HBtnKey - ok
19:09:56.0499 3960 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:09:56.0748 3960 HdAudAddService - ok
19:09:56.0989 3960 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:09:57.0204 3960 HDAudBus - ok
19:09:57.0249 3960 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:09:57.0491 3960 HidBth - ok
19:09:57.0534 3960 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:09:57.0769 3960 HidIr - ok
19:09:57.0827 3960 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
19:09:57.0931 3960 hidserv - ok
19:09:58.0018 3960 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:09:58.0146 3960 HidUsb - ok
19:09:58.0210 3960 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:09:58.0359 3960 hkmsvc - ok
19:09:58.0490 3960 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
19:09:58.0519 3960 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
19:09:58.0520 3960 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
19:09:58.0562 3960 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
19:09:58.0631 3960 HpCISSs - ok
19:09:58.0663 3960 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
19:09:58.0731 3960 HpqKbFiltr - ok
19:09:58.0879 3960 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
19:09:58.0945 3960 hpqwmiex - ok
19:09:59.0066 3960 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:09:59.0199 3960 HSFHWAZL - ok
19:09:59.0381 3960 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:09:59.0615 3960 HSF_DPV - ok
19:09:59.0701 3960 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:09:59.0900 3960 HTTP - ok
19:09:59.0939 3960 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
19:09:59.0993 3960 i2omp - ok
19:10:00.0070 3960 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:10:00.0220 3960 i8042prt - ok
19:10:00.0391 3960 IAANTMON (f79525634b192f5a18de503568f94ef3) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:10:00.0465 3960 IAANTMON - ok
19:10:00.0772 3960 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:10:01.0029 3960 ialm - ok
19:10:01.0266 3960 iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\DRIVERS\iaStor.sys
19:10:01.0414 3960 iaStor - ok
19:10:01.0483 3960 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
19:10:01.0592 3960 iaStorV - ok
19:10:01.0718 3960 IDMWFP (46409459cdef95588d042d21d30ba50e) C:\Windows\system32\DRIVERS\idmwfp.sys
19:10:01.0780 3960 IDMWFP - ok
19:10:01.0867 3960 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:10:01.0918 3960 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:10:01.0918 3960 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:10:02.0096 3960 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:10:02.0236 3960 idsvc - ok
19:10:02.0275 3960 IDSvix86 - ok
19:10:02.0584 3960 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:10:02.0781 3960 igfx - ok
19:10:02.0963 3960 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:10:03.0019 3960 iirsp - ok
19:10:03.0110 3960 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:10:03.0261 3960 IKEEXT - ok
19:10:03.0577 3960 IntcAzAudAddService (1f10ed6f98c57efb4e7fb9972b2dbb71) C:\Windows\system32\drivers\RTKVHDA.sys
19:10:03.0859 3960 IntcAzAudAddService - ok
19:10:04.0049 3960 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
19:10:04.0102 3960 intelide - ok
19:10:04.0148 3960 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:10:04.0281 3960 intelppm - ok
19:10:04.0325 3960 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:10:04.0444 3960 IPBusEnum - ok
19:10:04.0480 3960 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:10:04.0611 3960 IpFilterDriver - ok
19:10:04.0670 3960 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:10:04.0782 3960 iphlpsvc - ok
19:10:04.0795 3960 IpInIp - ok
19:10:04.0854 3960 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
19:10:05.0073 3960 IPMIDRV - ok
19:10:05.0111 3960 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:10:05.0238 3960 IPNAT - ok
19:10:05.0268 3960 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:10:05.0382 3960 IRENUM - ok
19:10:05.0410 3960 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
19:10:05.0476 3960 isapnp - ok
19:10:05.0535 3960 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:10:05.0606 3960 iScsiPrt - ok
19:10:05.0628 3960 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:10:05.0682 3960 iteatapi - ok
19:10:05.0709 3960 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:10:05.0769 3960 iteraid - ok
19:10:05.0808 3960 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:10:05.0869 3960 kbdclass - ok
19:10:05.0901 3960 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:10:05.0993 3960 kbdhid - ok
19:10:06.0042 3960 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:10:06.0146 3960 KeyIso - ok
19:10:06.0215 3960 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:10:06.0342 3960 KSecDD - ok
19:10:06.0432 3960 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:10:06.0639 3960 KtmRm - ok
19:10:06.0691 3960 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
19:10:06.0800 3960 LanmanServer - ok
19:10:06.0861 3960 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:10:06.0967 3960 LanmanWorkstation - ok
19:10:07.0055 3960 LightScribeService (559c9b7800fac92fc515cd0003d7c631) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:10:07.0105 3960 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:10:07.0105 3960 LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:10:07.0167 3960 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:10:07.0300 3960 lltdio - ok
19:10:07.0361 3960 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:10:07.0500 3960 lltdsvc - ok
19:10:07.0544 3960 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:10:07.0746 3960 lmhosts - ok
19:10:07.0849 3960 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
19:10:07.0915 3960 LSI_FC - ok
19:10:07.0947 3960 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
19:10:08.0013 3960 LSI_SAS - ok
19:10:08.0062 3960 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
19:10:08.0117 3960 LSI_SCSI - ok
19:10:08.0163 3960 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:10:08.0299 3960 luafv - ok
19:10:08.0355 3960 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
19:10:08.0414 3960 MBAMProtector - ok
19:10:08.0518 3960 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:10:08.0610 3960 MBAMService - ok
19:10:08.0655 3960 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:10:08.0731 3960 Mcx2Svc - ok
19:10:08.0789 3960 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
19:10:08.0858 3960 megasas - ok
19:10:08.0901 3960 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:10:09.0042 3960 MMCSS - ok
19:10:09.0091 3960 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:10:09.0236 3960 Modem - ok
19:10:09.0274 3960 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
19:10:09.0397 3960 MODEMCSA - ok
19:10:09.0439 3960 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:10:09.0575 3960 monitor - ok
19:10:09.0621 3960 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:10:09.0680 3960 mouclass - ok
19:10:09.0701 3960 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:10:09.0825 3960 mouhid - ok
19:10:09.0867 3960 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:10:09.0926 3960 MountMgr - ok
19:10:09.0982 3960 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:10:10.0041 3960 MozillaMaintenance - ok
19:10:10.0106 3960 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
19:10:10.0173 3960 mpio - ok
19:10:10.0221 3960 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:10:10.0313 3960 mpsdrv - ok
19:10:10.0400 3960 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
19:10:10.0525 3960 MpsSvc - ok
19:10:10.0569 3960 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:10:10.0624 3960 Mraid35x - ok
19:10:10.0674 3960 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:10:10.0765 3960 MRxDAV - ok
19:10:10.0822 3960 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:10:10.0931 3960 mrxsmb - ok
19:10:10.0981 3960 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:10:11.0080 3960 mrxsmb10 - ok
19:10:11.0127 3960 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:10:11.0189 3960 mrxsmb20 - ok
19:10:11.0229 3960 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
19:10:11.0282 3960 msahci - ok
19:10:11.0314 3960 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
19:10:11.0382 3960 msdsm - ok
19:10:11.0429 3960 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:10:11.0553 3960 MSDTC - ok
19:10:11.0674 3960 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:10:11.0802 3960 Msfs - ok
19:10:11.0841 3960 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:10:11.0903 3960 msisadrv - ok
19:10:11.0950 3960 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:10:12.0089 3960 MSiSCSI - ok
19:10:12.0103 3960 msiserver - ok
19:10:12.0151 3960 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:10:12.0277 3960 MSKSSRV - ok
19:10:12.0322 3960 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:10:12.0452 3960 MSPCLOCK - ok
19:10:12.0495 3960 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:10:12.0609 3960 MSPQM - ok
19:10:12.0659 3960 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:10:12.0731 3960 MsRPC - ok
19:10:12.0786 3960 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:10:12.0842 3960 mssmbios - ok
19:10:12.0874 3960 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:10:13.0005 3960 MSTEE - ok
19:10:13.0037 3960 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:10:13.0101 3960 Mup - ok
19:10:13.0175 3960 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:10:13.0295 3960 napagent - ok
19:10:13.0352 3960 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:10:13.0430 3960 NativeWifiP - ok
19:10:13.0537 3960 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:10:13.0641 3960 NDIS - ok
19:10:13.0685 3960 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:10:13.0788 3960 NdisTapi - ok
19:10:13.0823 3960 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:10:13.0938 3960 Ndisuio - ok
19:10:13.0978 3960 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:10:14.0073 3960 NdisWan - ok
19:10:14.0109 3960 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:10:14.0203 3960 NDProxy - ok
19:10:14.0239 3960 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:10:14.0365 3960 NetBIOS - ok
19:10:14.0428 3960 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:10:14.0538 3960 netbt - ok
19:10:14.0585 3960 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:10:14.0648 3960 Netlogon - ok
19:10:14.0704 3960 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:10:14.0837 3960 Netman - ok
19:10:14.0909 3960 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:10:15.0064 3960 netprofm - ok
19:10:15.0161 3960 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:10:15.0221 3960 NetTcpPortSharing - ok
19:10:15.0489 3960 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
19:10:15.0978 3960 NETw3v32 - ok
19:10:16.0441 3960 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys
19:10:16.0715 3960 NETw4v32 - ok
19:10:17.0330 3960 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
19:10:17.0727 3960 NETw5v32 - ok
19:10:17.0927 3960 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:10:17.0984 3960 nfrd960 - ok
19:10:18.0037 3960 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:10:18.0183 3960 NlaSvc - ok
19:10:18.0231 3960 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:10:18.0324 3960 Npfs - ok
19:10:18.0378 3960 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:10:18.0510 3960 nsi - ok
19:10:18.0543 3960 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:10:18.0677 3960 nsiproxy - ok
19:10:18.0854 3960 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:10:19.0060 3960 Ntfs - ok
19:10:19.0109 3960 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:10:19.0322 3960 ntrigdigi - ok
19:10:19.0363 3960 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:10:19.0497 3960 Null - ok
19:10:19.0538 3960 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
19:10:19.0605 3960 nvraid - ok
19:10:19.0635 3960 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
19:10:19.0688 3960 nvstor - ok
19:10:19.0725 3960 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
19:10:19.0786 3960 nv_agp - ok
19:10:19.0799 3960 NwlnkFlt - ok
19:10:19.0833 3960 NwlnkFwd - ok
19:10:19.0986 3960 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:10:20.0074 3960 odserv - ok
19:10:20.0127 3960 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:10:20.0233 3960 ohci1394 - ok
19:10:20.0280 3960 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:10:20.0333 3960 ose - ok
19:10:20.0448 3960 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:10:20.0567 3960 p2pimsvc - ok
19:10:20.0605 3960 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:10:20.0704 3960 p2psvc - ok
19:10:20.0761 3960 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:10:20.0962 3960 Parport - ok
19:10:21.0018 3960 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
19:10:21.0095 3960 partmgr - ok
19:10:21.0113 3960 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:10:21.0328 3960 Parvdm - ok
19:10:21.0381 3960 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:10:21.0480 3960 PcaSvc - ok
19:10:21.0541 3960 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:10:21.0610 3960 pci - ok
19:10:21.0646 3960 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys
19:10:21.0707 3960 pciide - ok
19:10:21.0750 3960 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:10:21.0813 3960 pcmcia - ok
19:10:21.0952 3960 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:10:22.0230 3960 PEAUTH - ok
19:10:22.0552 3960 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:10:22.0806 3960 pla - ok
19:10:23.0006 3960 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:10:23.0134 3960 PlugPlay - ok
19:10:23.0242 3960 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:10:23.0356 3960 PNRPAutoReg - ok
19:10:23.0393 3960 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:10:23.0494 3960 PNRPsvc - ok
19:10:23.0576 3960 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:10:23.0713 3960 PolicyAgent - ok
19:10:23.0789 3960 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:10:23.0930 3960 PptpMiniport - ok
19:10:23.0977 3960 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
19:10:24.0194 3960 Processor - ok
19:10:24.0245 3960 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:10:24.0360 3960 ProfSvc - ok
19:10:24.0398 3960 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:10:24.0460 3960 ProtectedStorage - ok
19:10:24.0502 3960 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:10:24.0607 3960 PSched - ok
19:10:24.0647 3960 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
19:10:24.0696 3960 PxHelp20 - ok
19:10:24.0837 3960 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
19:10:25.0008 3960 ql2300 - ok
19:10:25.0048 3960 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:10:25.0108 3960 ql40xx - ok
19:10:25.0177 3960 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:10:25.0273 3960 QWAVE - ok
19:10:25.0313 3960 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:10:25.0389 3960 QWAVEdrv - ok
19:10:25.0422 3960 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:10:25.0552 3960 RasAcd - ok
19:10:25.0615 3960 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:10:25.0771 3960 RasAuto - ok
19:10:25.0813 3960 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:10:25.0930 3960 Rasl2tp - ok
19:10:26.0000 3960 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:10:26.0118 3960 RasMan - ok
19:10:26.0166 3960 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:10:26.0270 3960 RasPppoe - ok
19:10:26.0309 3960 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:10:26.0371 3960 RasSstp - ok
19:10:26.0427 3960 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:10:26.0535 3960 rdbss - ok
19:10:26.0569 3960 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:10:26.0702 3960 RDPCDD - ok
19:10:26.0780 3960 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
19:10:26.0987 3960 rdpdr - ok
19:10:27.0047 3960 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:10:27.0164 3960 RDPENCDD - ok
19:10:27.0274 3960 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
19:10:27.0356 3960 RDPWD - ok
19:10:27.0412 3960 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:10:27.0549 3960 RemoteAccess - ok
19:10:27.0611 3960 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:10:27.0725 3960 RemoteRegistry - ok
19:10:27.0780 3960 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
19:10:27.0828 3960 Revoflt - ok
19:10:27.0874 3960 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
19:10:27.0966 3960 rimmptsk - ok
19:10:27.0988 3960 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
19:10:28.0049 3960 rimsptsk - ok
19:10:28.0069 3960 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\Windows\system32\DRIVERS\rixdptsk.sys
19:10:28.0152 3960 rismxdp - ok
19:10:28.0363 3960 RoxMediaDB9 (08fb7d968805001c7adcbb14b0651fa2) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
19:10:28.0488 3960 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
19:10:28.0488 3960 RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
19:10:28.0536 3960 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:10:28.0629 3960 RpcLocator - ok
19:10:28.0730 3960 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:10:28.0856 3960 RpcSs - ok
19:10:28.0914 3960 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:10:29.0062 3960 rspndr - ok
19:10:29.0118 3960 RTL8169 (cb0bd9e10e3e244d312c106dee1bbb93) C:\Windows\system32\DRIVERS\Rtlh86.sys
19:10:29.0266 3960 RTL8169 - ok
19:10:29.0305 3960 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:10:29.0366 3960 SamSs - ok
19:10:29.0409 3960 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:10:29.0480 3960 sbp2port - ok
19:10:29.0537 3960 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:10:29.0637 3960 SCardSvr - ok
19:10:29.0750 3960 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:10:29.0876 3960 Schedule - ok
19:10:29.0919 3960 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:10:30.0013 3960 SCPolicySvc - ok
19:10:30.0059 3960 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
19:10:30.0151 3960 sdbus - ok
19:10:30.0217 3960 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:10:30.0325 3960 SDRSVC - ok
19:10:30.0368 3960 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:10:30.0578 3960 secdrv - ok
19:10:30.0660 3960 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:10:30.0782 3960 seclogon - ok
19:10:30.0819 3960 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
19:10:30.0941 3960 SENS - ok
19:10:30.0972 3960 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:10:31.0175 3960 Serenum - ok
19:10:31.0217 3960 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:10:31.0428 3960 Serial - ok
19:10:31.0464 3960 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:10:31.0585 3960 sermouse - ok
19:10:31.0681 3960 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:10:31.0807 3960 SessionEnv - ok
19:10:31.0838 3960 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
19:10:32.0037 3960 sffdisk - ok
19:10:32.0066 3960 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
19:10:32.0260 3960 sffp_mmc - ok
19:10:32.0292 3960 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
19:10:32.0507 3960 sffp_sd - ok
19:10:32.0546 3960 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:10:32.0761 3960 sfloppy - ok
19:10:32.0827 3960 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:10:32.0974 3960 SharedAccess - ok
19:10:33.0042 3960 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:10:33.0141 3960 ShellHWDetection - ok
19:10:33.0173 3960 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
19:10:33.0236 3960 sisagp - ok
19:10:33.0259 3960 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
19:10:33.0329 3960 SiSRaid2 - ok
19:10:33.0362 3960 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
19:10:33.0430 3960 SiSRaid4 - ok
19:10:33.0864 3960 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:10:34.0252 3960 slsvc - ok
19:10:34.0453 3960 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:10:34.0576 3960 SLUINotify - ok
19:10:34.0645 3960 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:10:34.0753 3960 Smb - ok
19:10:34.0936 3960 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
19:10:35.0124 3960 smserial - ok
19:10:35.0198 3960 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:10:35.0269 3960 SNMPTRAP - ok
19:10:35.0318 3960 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:10:35.0377 3960 spldr - ok
19:10:35.0431 3960 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:10:35.0534 3960 Spooler - ok
19:10:35.0602 3960 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:10:35.0731 3960 srv - ok
19:10:35.0785 3960 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:10:35.0896 3960 srv2 - ok
19:10:35.0936 3960 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:10:36.0010 3960 srvnet - ok
19:10:36.0070 3960 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:10:36.0206 3960 SSDPSRV - ok
19:10:36.0365 3960 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:10:36.0444 3960 SstpSvc - ok
19:10:36.0535 3960 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:10:36.0638 3960 stisvc - ok
19:10:36.0734 3960 stllssvr (a9a23c8af361f7a93fd632e91a8c346f) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
19:10:36.0791 3960 stllssvr - ok
19:10:36.0838 3960 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:10:36.0897 3960 swenum - ok
19:10:36.0980 3960 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:10:37.0093 3960 swprv - ok
19:10:37.0143 3960 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:10:37.0197 3960 Symc8xx - ok
19:10:37.0232 3960 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:10:37.0284 3960 Sym_hi - ok
19:10:37.0310 3960 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:10:37.0380 3960 Sym_u3 - ok
19:10:37.0456 3960 SynTP (6dd49e1a5fa0f01824652f1a0a8866fb) C:\Windows\system32\DRIVERS\SynTP.sys
19:10:37.0535 3960 SynTP - ok
19:10:37.0636 3960 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:10:37.0796 3960 SysMain - ok
19:10:37.0837 3960 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:10:37.0930 3960 TabletInputService - ok
19:10:38.0000 3960 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:10:38.0109 3960 TapiSrv - ok
19:10:38.0156 3960 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:10:38.0279 3960 TBS - ok
19:10:38.0427 3960 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
19:10:38.0578 3960 Tcpip - ok
19:10:38.0624 3960 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
19:10:38.0761 3960 Tcpip6 - ok
19:10:38.0813 3960 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:10:38.0890 3960 tcpipreg - ok
19:10:38.0939 3960 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:10:39.0056 3960 TDPIPE - ok
19:10:39.0102 3960 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:10:39.0217 3960 TDTCP - ok
19:10:39.0255 3960 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:10:39.0348 3960 tdx - ok
19:10:39.0390 3960 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:10:39.0465 3960 TermDD - ok
19:10:39.0552 3960 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:10:39.0676 3960 TermService - ok
19:10:39.0751 3960 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:10:39.0828 3960 Themes - ok
19:10:39.0877 3960 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:10:39.0995 3960 THREADORDER - ok
19:10:40.0029 3960 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:10:40.0167 3960 TrkWks - ok
19:10:40.0225 3960 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:10:40.0324 3960 TrustedInstaller - ok
19:10:40.0377 3960 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:10:40.0492 3960 tssecsrv - ok
19:10:40.0542 3960 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:10:40.0620 3960 tunmp - ok
19:10:40.0664 3960 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:10:40.0725 3960 tunnel - ok
19:10:40.0792 3960 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
19:10:40.0847 3960 uagp35 - ok
19:10:40.0915 3960 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:10:41.0025 3960 udfs - ok
19:10:41.0168 3960 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:10:41.0319 3960 UI0Detect - ok
19:10:41.0364 3960 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
19:10:41.0418 3960 uliagpkx - ok
19:10:41.0466 3960 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
19:10:41.0541 3960 uliahci - ok
19:10:41.0578 3960 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:10:41.0638 3960 UlSata - ok
19:10:41.0676 3960 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:10:41.0739 3960 ulsata2 - ok
19:10:41.0776 3960 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:10:41.0899 3960 umbus - ok
19:10:41.0973 3960 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:10:42.0134 3960 upnphost - ok
19:10:42.0196 3960 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:10:42.0322 3960 usbccgp - ok
19:10:42.0362 3960 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:10:42.0573 3960 usbcir - ok
19:10:42.0627 3960 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:10:42.0719 3960 usbehci - ok
19:10:42.0778 3960 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:10:42.0917 3960 usbhub - ok
19:10:42.0949 3960 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:10:43.0166 3960 usbohci - ok
19:10:43.0202 3960 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
19:10:43.0423 3960 usbprint - ok
19:10:43.0461 3960 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:10:43.0554 3960 USBSTOR - ok
19:10:43.0600 3960 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:10:43.0706 3960 usbuhci - ok
19:10:43.0772 3960 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:10:43.0908 3960 usbvideo - ok
19:10:43.0953 3960 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:10:44.0072 3960 UxSms - ok
19:10:44.0164 3960 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:10:44.0309 3960 vds - ok
19:10:44.0359 3960 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
19:10:44.0561 3960 vga - ok
19:10:44.0600 3960 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:10:44.0714 3960 VgaSave - ok
19:10:44.0760 3960 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
19:10:44.0816 3960 viaagp - ok
19:10:44.0852 3960 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
19:10:45.0052 3960 ViaC7 - ok
19:10:45.0081 3960 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
19:10:45.0133 3960 viaide - ok
19:10:45.0188 3960 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:10:45.0249 3960 volmgr - ok
19:10:45.0323 3960 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:10:45.0407 3960 volmgrx - ok
19:10:45.0470 3960 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:10:45.0552 3960 volsnap - ok
19:10:45.0608 3960 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
19:10:45.0674 3960 vsmraid - ok
19:10:45.0866 3960 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:10:46.0075 3960 VSS - ok
19:10:46.0144 3960 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:10:46.0283 3960 W32Time - ok
19:10:46.0379 3960 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:10:46.0579 3960 WacomPen - ok
19:10:46.0632 3960 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:10:46.0740 3960 Wanarp - ok
19:10:46.0753 3960 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:10:46.0851 3960 Wanarpv6 - ok
19:10:46.0922 3960 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:10:47.0037 3960 wcncsvc - ok
19:10:47.0094 3960 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:10:47.0214 3960 WcsPlugInService - ok
19:10:47.0257 3960 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
19:10:47.0311 3960 Wd - ok
19:10:47.0396 3960 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:10:47.0501 3960 Wdf01000 - ok
19:10:47.0541 3960 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:10:47.0688 3960 WdiServiceHost - ok
19:10:47.0701 3960 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:10:47.0828 3960 WdiSystemHost - ok
19:10:47.0962 3960 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:10:48.0072 3960 WebClient - ok
19:10:48.0128 3960 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:10:48.0207 3960 Wecsvc - ok
19:10:48.0250 3960 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:10:48.0362 3960 wercplsupport - ok
19:10:48.0411 3960 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:10:48.0516 3960 WerSvc - ok
19:10:48.0649 3960 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:10:48.0841 3960 winachsf - ok
19:10:48.0957 3960 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:10:49.0031 3960 WinDefend - ok
19:10:49.0057 3960 WinHttpAutoProxySvc - ok
19:10:49.0220 3960 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:10:49.0343 3960 Winmgmt - ok
19:10:49.0520 3960 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:10:49.0734 3960 WinRM - ok
19:10:49.0861 3960 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:10:50.0000 3960 Wlansvc - ok
19:10:50.0051 3960 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:10:50.0142 3960 WmiAcpi - ok
19:10:50.0237 3960 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:10:50.0352 3960 wmiApSrv - ok
19:10:50.0530 3960 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:10:50.0709 3960 WMPNetworkSvc - ok
19:10:50.0754 3960 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:10:50.0872 3960 WPCSvc - ok
19:10:50.0925 3960 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:10:51.0023 3960 WPDBusEnum - ok
19:10:51.0228 3960 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:10:51.0350 3960 WPFFontCache_v0400 - ok
19:10:51.0412 3960 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:10:51.0526 3960 ws2ifsl - ok
19:10:51.0569 3960 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
19:10:51.0662 3960 wscsvc - ok
19:10:51.0684 3960 WSearch - ok
19:10:51.0960 3960 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
19:10:52.0189 3960 wuauserv - ok
19:10:52.0413 3960 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:10:52.0533 3960 WUDFRd - ok
19:10:52.0582 3960 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:10:52.0711 3960 wudfsvc - ok
19:10:52.0771 3960 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
19:10:52.0937 3960 \Device\Harddisk0\DR0 - ok
19:10:52.0956 3960 Boot (0x1200) (b5f56358d3ecc3b4529bd584237802f0) \Device\Harddisk0\DR0\Partition0
19:10:52.0962 3960 \Device\Harddisk0\DR0\Partition0 - ok
19:10:52.0975 3960 Boot (0x1200) (b2b1fd6ea674e041b00cb822a358c152) \Device\Harddisk0\DR0\Partition1
19:10:52.0979 3960 \Device\Harddisk0\DR0\Partition1 - ok
19:10:53.0004 3960 Boot (0x1200) (5cf1113840b5132f2e67df4e76009204) \Device\Harddisk0\DR0\Partition2
19:10:53.0010 3960 \Device\Harddisk0\DR0\Partition2 - ok
19:10:53.0012 3960 ============================================================
19:10:53.0012 3960 Scan finished
19:10:53.0012 3960 ============================================================
19:10:53.0065 0956 Detected object count: 6
19:10:53.0065 0956 Actual detected object count: 6
19:14:11.0512 0956 CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:11.0513 0956 CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:11.0561 0956 CLSched ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:11.0562 0956 CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:11.0642 0956 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:11.0644 0956 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:11.0760 0956 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:11.0761 0956 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:11.0877 0956 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:11.0878 0956 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:11.0936 0956 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:11.0937 0956 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip



STEP 6 :

Couldn't quite Understand what you exactly mean by AV .. i suppose it's Antivirus and it's ESET Smart Security 5.0.93.0

Brand of HDD : Seagate


Thanks for the quick response and help !!
  • 0

#9
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts

Couldn't quite Understand what you exactly mean by AV

I know ESET is in your add/remove program lists, there is also a program that is titled AV and nothing else. That is the one I am asking about. :)


Step 1.

Reboot into safe mode. Then run the Norton removal tool.


Step 2.

OK next we will check the disc and then the file structure

  • On the desktop click the My Computer icon
  • Right click your main drive (I am on C) and select properties
  • Select the tools tab
  • Select error checking
  • Place a tick in both boxes
  • Press start
  • You will get a warning that it needs to reboot to continue
  • Allow it to do so

Posted Image

Once completedgo on to the next step.


Step 3.

Run an elevated command prompt
Go to Start, All programs, Accessories
Right click command prompt and select run as administrator
Posted Image

In the black box that opens type or copy and paste the following command and press enter:

sfc /scannow

Posted Image

After all this is completed could you update me on the problems being experienced and if there is any change.

  • 0

#10
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Have you completed the steps in my previous post to run check disk and sfc?

If so is there any change in the computer issues?

Regards,

CompCav
  • 0

Advertisements


#11
spicejar

spicejar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi !!

Yes Have completed all the steps mentioned :
Here are the details :

STEP 1 :
Norton Protection Center got sucessfully removed at last ..

STEP 2 :
The chkdsk went clean and it didn't show any problems ..no bad sectors ...

STEP 3 :

The sfc scannow function showed some glitches ... This is what i got :
"Windows Resource Protection found corrupt files but was unable to remove some of them . Details are included in the CBS.log "

The problem was i was unable to open the concerned log file as it is showing me access denied . :(

What should my next point of action be ??

and by the way ..there no improvement in my running of coputer than previously .. still many hangs ..be it with internet or without it...

Thanks for your wonderful and patient support.

Edited by spicejar, 22 May 2012 - 07:58 PM.

  • 0

#12
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts

The sfc scannow function showed some glitches ... This is what i got :
"Windows Resource Protection found corrupt files but was unable to remove some of them . Details are included in the CBS.log "

The problem was i was unable to open the concerned log file as it is showing me access denied . :(

What should my next point of action be ??


We will retrieve what is in the log and we will continue to clean the computer because of the continuing symptoms:

and by the way ..there no improvement in my running of coputer than previously .. still many hangs ..be it with internet or without it...



Thanks for your wonderful and patient support.

You are most welcome :)


Step 1.

sfc log from windows vista
  • Click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator. (See screenshot below)
    Posted Image
  • Copy the line below and paste it at the command prompt. Then press Enter

    findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >%userprofile%\Desktop\sfcdetails.txt
  • The file sfcdetails.txt will now be on your desktop. Please open it , Edit | select all | copy and paste it in your next reply.


Step 2.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to somethng problems. Simply reboot the computer.


Step 3.

Please post:

sfcdetails.txt
ComboFix.txt


Please provide an update on any change in the computer symptoms your computer is having.
  • 0

#13
spicejar

spicejar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi !!

Here are the logs you had requested :

SFCDETAILS :

2012-05-22 21:35:50, Info CSI 00000006 [SR] Verifying 100 (0x00000064) components
2012-05-22 21:35:50, Info CSI 00000007 [SR] Beginning Verify and Repair transaction
2012-05-22 21:36:32, Info CSI 00000009 [SR] Verify complete
2012-05-22 21:36:44, Info CSI 0000000a [SR] Verifying 100 (0x00000064) components
2012-05-22 21:36:44, Info CSI 0000000b [SR] Beginning Verify and Repair transaction
2012-05-22 21:37:37, Info CSI 0000000d [SR] Verify complete
2012-05-22 21:37:47, Info CSI 0000000e [SR] Verifying 100 (0x00000064) components
2012-05-22 21:37:47, Info CSI 0000000f [SR] Beginning Verify and Repair transaction
2012-05-22 21:38:05, Info CSI 00000011 [SR] Verify complete
2012-05-22 21:38:15, Info CSI 00000012 [SR] Verifying 100 (0x00000064) components
2012-05-22 21:38:15, Info CSI 00000013 [SR] Beginning Verify and Repair transaction
2012-05-22 21:38:23, Info CSI 00000015 [SR] Verify complete
2012-05-22 21:38:33, Info CSI 00000016 [SR] Verifying 100 (0x00000064) components
2012-05-22 21:38:33, Info CSI 00000017 [SR] Beginning Verify and Repair transaction
2012-05-22 21:38:41, Info CSI 00000019 [SR] Verify complete
2012-05-22 21:38:52, Info CSI 0000001a [SR] Verifying 100 (0x00000064) components
2012-05-22 21:38:52, Info CSI 0000001b [SR] Beginning Verify and Repair transaction
2012-05-22 21:38:59, Info CSI 0000001d [SR] Verify complete
2012-05-22 21:39:09, Info CSI 0000001e [SR] Verifying 100 (0x00000064) components
2012-05-22 21:39:09, Info CSI 0000001f [SR] Beginning Verify and Repair transaction
2012-05-22 21:39:17, Info CSI 00000021 [SR] Verify complete
2012-05-22 21:39:26, Info CSI 00000022 [SR] Verifying 100 (0x00000064) components
2012-05-22 21:39:26, Info CSI 00000023 [SR] Beginning Verify and Repair transaction
2012-05-22 21:39:34, Info CSI 00000025 [SR] Verify complete
2012-05-22 21:39:44, Info CSI 00000026 [SR] Verifying 100 (0x00000064) components
2012-05-22 21:39:44, Info CSI 00000027 [SR] Beginning Verify and Repair transaction
2012-05-22 21:39:52, Info CSI 00000029 [SR] Verify complete
2012-05-22 21:40:02, Info CSI 0000002a [SR] Verifying 100 (0x00000064) components
2012-05-22 21:40:02, Info CSI 0000002b [SR] Beginning Verify and Repair transaction
2012-05-22 21:40:10, Info CSI 0000002d [SR] Verify complete
2012-05-22 21:40:20, Info CSI 0000002e [SR] Verifying 100 (0x00000064) components
2012-05-22 21:40:20, Info CSI 0000002f [SR] Beginning Verify and Repair transaction
2012-05-22 21:40:27, Info CSI 00000031 [SR] Verify complete
2012-05-22 21:40:37, Info CSI 00000032 [SR] Verifying 100 (0x00000064) components
2012-05-22 21:40:37, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
2012-05-22 21:40:54, Info CSI 00000035 [SR] Verify complete
2012-05-22 21:41:06, Info CSI 00000036 [SR] Verifying 100 (0x00000064) components
2012-05-22 21:41:06, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2012-05-22 21:41:14, Info CSI 00000039 [SR] Verify complete
2012-05-22 21:41:24, Info CSI 0000003a [SR] Verifying 100 (0x00000064) components
2012-05-22 21:41:24, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2012-05-22 21:41:47, Info CSI 0000003d [SR] Verify complete
2012-05-22 21:41:57, Info CSI 0000003e [SR] Verifying 100 (0x00000064) components
2012-05-22 21:41:57, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
2012-05-22 21:42:04, Info CSI 00000041 [SR] Verify complete
2012-05-22 21:42:14, Info CSI 00000042 [SR] Verifying 100 (0x00000064) components
2012-05-22 21:42:14, Info CSI 00000043 [SR] Beginning Verify and Repair transaction
2012-05-22 21:42:22, Info CSI 00000045 [SR] Verify complete
2012-05-22 21:42:32, Info CSI 00000046 [SR] Verifying 100 (0x00000064) components
2012-05-22 21:42:32, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2012-05-22 21:42:40, Info CSI 00000049 [SR] Verify complete
2012-05-22 21:42:50, Info CSI 0000004a [SR] Verifying 100 (0x00000064) components
2012-05-22 21:42:50, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2012-05-22 21:42:57, Info CSI 0000004d [SR] Verify complete
2012-05-22 21:43:07, Info CSI 0000004e [SR] Verifying 100 (0x00000064) components
2012-05-22 21:43:07, Info CSI 0000004f [SR] Beginning Verify and Repair transaction
2012-05-22 21:43:27, Info CSI 00000051 [SR] Verify complete
2012-05-22 21:43:38, Info CSI 00000052 [SR] Verifying 100 (0x00000064) components
2012-05-22 21:43:38, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
2012-05-22 21:43:47, Info CSI 00000055 [SR] Verify complete
2012-05-22 21:43:56, Info CSI 00000056 [SR] Verifying 100 (0x00000064) components
2012-05-22 21:43:56, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2012-05-22 21:44:12, Info CSI 00000059 [SR] Verify complete
2012-05-22 21:44:22, Info CSI 0000005a [SR] Verifying 100 (0x00000064) components
2012-05-22 21:44:22, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
2012-05-22 21:44:33, Info CSI 0000005d [SR] Verify complete
2012-05-22 21:44:53, Info CSI 0000005e [SR] Verifying 100 (0x00000064) components
2012-05-22 21:44:53, Info CSI 0000005f [SR] Beginning Verify and Repair transaction
2012-05-22 21:45:06, Info CSI 00000061 [SR] Verify complete
2012-05-22 21:45:16, Info CSI 00000062 [SR] Verifying 100 (0x00000064) components
2012-05-22 21:45:16, Info CSI 00000063 [SR] Beginning Verify and Repair transaction
2012-05-22 21:45:42, Info CSI 00000065 [SR] Verify complete
2012-05-22 21:45:52, Info CSI 00000066 [SR] Verifying 100 (0x00000064) components
2012-05-22 21:45:52, Info CSI 00000067 [SR] Beginning Verify and Repair transaction
2012-05-22 21:45:59, Info CSI 00000069 [SR] Verify complete
2012-05-22 21:46:10, Info CSI 0000006a [SR] Verifying 100 (0x00000064) components
2012-05-22 21:46:10, Info CSI 0000006b [SR] Beginning Verify and Repair transaction
2012-05-22 21:46:22, Info CSI 0000006d [SR] Verify complete
2012-05-22 21:46:31, Info CSI 0000006e [SR] Verifying 100 (0x00000064) components
2012-05-22 21:46:31, Info CSI 0000006f [SR] Beginning Verify and Repair transaction
2012-05-22 21:46:52, Info CSI 00000071 [SR] Verify complete
2012-05-22 21:47:11, Info CSI 00000072 [SR] Verifying 100 (0x00000064) components
2012-05-22 21:47:11, Info CSI 00000073 [SR] Beginning Verify and Repair transaction
2012-05-22 21:48:17, Info CSI 00000075 [SR] Verify complete
2012-05-22 21:48:26, Info CSI 00000076 [SR] Verifying 100 (0x00000064) components
2012-05-22 21:48:26, Info CSI 00000077 [SR] Beginning Verify and Repair transaction
2012-05-22 21:49:04, Info CSI 00000079 [SR] Verify complete
2012-05-22 21:49:13, Info CSI 0000007a [SR] Verifying 100 (0x00000064) components
2012-05-22 21:49:13, Info CSI 0000007b [SR] Beginning Verify and Repair transaction
2012-05-22 21:50:09, Info CSI 0000007e [SR] Verify complete
2012-05-22 21:50:18, Info CSI 0000007f [SR] Verifying 100 (0x00000064) components
2012-05-22 21:50:18, Info CSI 00000080 [SR] Beginning Verify and Repair transaction
2012-05-22 21:51:10, Info CSI 00000082 [SR] Verify complete
2012-05-22 21:51:20, Info CSI 00000083 [SR] Verifying 100 (0x00000064) components
2012-05-22 21:51:21, Info CSI 00000084 [SR] Beginning Verify and Repair transaction
2012-05-22 21:52:15, Info CSI 00000087 [SR] Verify complete
2012-05-22 21:52:25, Info CSI 00000088 [SR] Verifying 100 (0x00000064) components
2012-05-22 21:52:25, Info CSI 00000089 [SR] Beginning Verify and Repair transaction
2012-05-22 21:53:25, Info CSI 0000008b [SR] Verify complete
2012-05-22 21:53:34, Info CSI 0000008c [SR] Verifying 100 (0x00000064) components
2012-05-22 21:53:34, Info CSI 0000008d [SR] Beginning Verify and Repair transaction
2012-05-22 21:55:33, Info CSI 00000097 [SR] Verify complete
2012-05-22 21:55:42, Info CSI 00000098 [SR] Verifying 100 (0x00000064) components
2012-05-22 21:55:42, Info CSI 00000099 [SR] Beginning Verify and Repair transaction
2012-05-22 21:56:38, Info CSI 0000009b [SR] Verify complete
2012-05-22 21:56:48, Info CSI 0000009c [SR] Verifying 100 (0x00000064) components
2012-05-22 21:56:48, Info CSI 0000009d [SR] Beginning Verify and Repair transaction
2012-05-22 21:57:43, Info CSI 0000009f [SR] Verify complete
2012-05-22 21:57:52, Info CSI 000000a0 [SR] Verifying 100 (0x00000064) components
2012-05-22 21:57:52, Info CSI 000000a1 [SR] Beginning Verify and Repair transaction
2012-05-22 21:58:45, Info CSI 000000a3 [SR] Verify complete
2012-05-22 21:58:55, Info CSI 000000a4 [SR] Verifying 100 (0x00000064) components
2012-05-22 21:58:55, Info CSI 000000a5 [SR] Beginning Verify and Repair transaction
2012-05-22 22:00:46, Info CSI 000000a7 [SR] Verify complete
2012-05-22 22:00:58, Info CSI 000000a8 [SR] Verifying 100 (0x00000064) components
2012-05-22 22:00:58, Info CSI 000000a9 [SR] Beginning Verify and Repair transaction
2012-05-22 22:03:08, Info CSI 000000ad [SR] Verify complete
2012-05-22 22:03:21, Info CSI 000000ae [SR] Verifying 100 (0x00000064) components
2012-05-22 22:03:21, Info CSI 000000af [SR] Beginning Verify and Repair transaction
2012-05-22 22:05:31, Info CSI 000000b1 [SR] Verify complete
2012-05-22 22:05:47, Info CSI 000000b2 [SR] Verifying 100 (0x00000064) components
2012-05-22 22:05:47, Info CSI 000000b3 [SR] Beginning Verify and Repair transaction
2012-05-22 22:10:02, Info CSI 000000b5 [SR] Verify complete
2012-05-22 22:10:16, Info CSI 000000b6 [SR] Verifying 100 (0x00000064) components
2012-05-22 22:10:16, Info CSI 000000b7 [SR] Beginning Verify and Repair transaction
2012-05-22 22:13:33, Info CSI 000000b9 [SR] Verify complete
2012-05-22 22:13:50, Info CSI 000000ba [SR] Verifying 100 (0x00000064) components
2012-05-22 22:13:50, Info CSI 000000bb [SR] Beginning Verify and Repair transaction
2012-05-22 22:15:58, Info CSI 000000bd [SR] Verify complete
2012-05-22 22:16:21, Info CSI 000000be [SR] Verifying 100 (0x00000064) components
2012-05-22 22:16:21, Info CSI 000000bf [SR] Beginning Verify and Repair transaction
2012-05-22 22:18:25, Info CSI 000000c1 [SR] Verify complete
2012-05-22 22:18:45, Info CSI 000000c2 [SR] Verifying 100 (0x00000064) components
2012-05-22 22:18:45, Info CSI 000000c3 [SR] Beginning Verify and Repair transaction
2012-05-22 22:22:47, Info CSI 000000cc [SR] Verify complete
2012-05-22 22:23:09, Info CSI 000000cd [SR] Verifying 100 (0x00000064) components
2012-05-22 22:23:09, Info CSI 000000ce [SR] Beginning Verify and Repair transaction
2012-05-22 22:26:39, Info CSI 000000e5 [SR] Verify complete
2012-05-22 22:26:52, Info CSI 000000e6 [SR] Verifying 100 (0x00000064) components
2012-05-22 22:26:52, Info CSI 000000e7 [SR] Beginning Verify and Repair transaction
2012-05-22 22:27:14, Info CSI 000000e9 [SR] Verify complete
2012-05-22 22:27:24, Info CSI 000000ea [SR] Verifying 100 (0x00000064) components
2012-05-22 22:27:24, Info CSI 000000eb [SR] Beginning Verify and Repair transaction
2012-05-22 22:28:09, Info CSI 000000ed [SR] Verify complete
2012-05-22 22:28:20, Info CSI 000000ee [SR] Verifying 100 (0x00000064) components
2012-05-22 22:28:20, Info CSI 000000ef [SR] Beginning Verify and Repair transaction
2012-05-22 22:29:07, Info CSI 000000f1 [SR] Verify complete
2012-05-22 22:29:18, Info CSI 000000f2 [SR] Verifying 100 (0x00000064) components
2012-05-22 22:29:18, Info CSI 000000f3 [SR] Beginning Verify and Repair transaction
2012-05-22 22:31:00, Info CSI 000000f6 [SR] Verify complete
2012-05-22 22:31:10, Info CSI 000000f7 [SR] Verifying 100 (0x00000064) components
2012-05-22 22:31:10, Info CSI 000000f8 [SR] Beginning Verify and Repair transaction
2012-05-22 22:33:13, Info CSI 000000fa [SR] Verify complete
2012-05-22 22:33:37, Info CSI 000000fb [SR] Verifying 100 (0x00000064) components
2012-05-22 22:33:37, Info CSI 000000fc [SR] Beginning Verify and Repair transaction
2012-05-22 22:34:14, Info CSI 000000fe [SR] Verify complete
2012-05-22 22:34:29, Info CSI 000000ff [SR] Verifying 100 (0x00000064) components
2012-05-22 22:34:29, Info CSI 00000100 [SR] Beginning Verify and Repair transaction
2012-05-22 22:36:32, Info CSI 00000102 [SR] Verify complete
2012-05-22 22:36:56, Info CSI 00000103 [SR] Verifying 100 (0x00000064) components
2012-05-22 22:36:56, Info CSI 00000104 [SR] Beginning Verify and Repair transaction
2012-05-22 22:38:42, Info CSI 00000106 [SR] Verify complete
2012-05-22 22:39:26, Info CSI 00000107 [SR] Verifying 100 (0x00000064) components
2012-05-22 22:39:26, Info CSI 00000108 [SR] Beginning Verify and Repair transaction
2012-05-22 22:42:20, Info CSI 0000010a [SR] Verify complete
2012-05-22 22:42:36, Info CSI 0000010b [SR] Verifying 100 (0x00000064) components
2012-05-22 22:42:36, Info CSI 0000010c [SR] Beginning Verify and Repair transaction
2012-05-22 22:47:33, Info CSI 00000131 [SR] Verify complete
2012-05-22 22:47:55, Info CSI 00000132 [SR] Verifying 100 (0x00000064) components
2012-05-22 22:47:55, Info CSI 00000133 [SR] Beginning Verify and Repair transaction
2012-05-22 22:52:51, Info CSI 00000135 [SR] Verify complete
2012-05-22 22:53:07, Info CSI 00000136 [SR] Verifying 100 (0x00000064) components
2012-05-22 22:53:07, Info CSI 00000137 [SR] Beginning Verify and Repair transaction
2012-05-22 22:59:31, Info CSI 00000139 [SR] Verify complete
2012-05-22 22:59:44, Info CSI 0000013a [SR] Verifying 100 (0x00000064) components
2012-05-22 22:59:44, Info CSI 0000013b [SR] Beginning Verify and Repair transaction
2012-05-22 23:03:03, Info CSI 0000013d [SR] Verify complete
2012-05-22 23:03:17, Info CSI 0000013e [SR] Verifying 100 (0x00000064) components
2012-05-22 23:03:17, Info CSI 0000013f [SR] Beginning Verify and Repair transaction
2012-05-22 23:04:43, Info CSI 00000141 [SR] Verify complete
2012-05-22 23:04:54, Info CSI 00000142 [SR] Verifying 100 (0x00000064) components
2012-05-22 23:04:54, Info CSI 00000143 [SR] Beginning Verify and Repair transaction
2012-05-22 23:06:05, Info CSI 00000145 [SR] Verify complete
2012-05-22 23:06:16, Info CSI 00000146 [SR] Verifying 100 (0x00000064) components
2012-05-22 23:06:16, Info CSI 00000147 [SR] Beginning Verify and Repair transaction
2012-05-22 23:07:32, Info CSI 00000149 [SR] Verify complete
2012-05-22 23:07:43, Info CSI 0000014a [SR] Verifying 100 (0x00000064) components
2012-05-22 23:07:43, Info CSI 0000014b [SR] Beginning Verify and Repair transaction
2012-05-22 23:08:49, Info CSI 0000014e [SR] Verify complete
2012-05-22 23:08:59, Info CSI 0000014f [SR] Verifying 100 (0x00000064) components
2012-05-22 23:08:59, Info CSI 00000150 [SR] Beginning Verify and Repair transaction
2012-05-22 23:12:22, Info CSI 00000152 [SR] Verify complete
2012-05-22 23:12:40, Info CSI 00000153 [SR] Verifying 100 (0x00000064) components
2012-05-22 23:12:40, Info CSI 00000154 [SR] Beginning Verify and Repair transaction
2012-05-22 23:15:32, Info CSI 00000156 [SR] Verify complete
2012-05-22 23:15:45, Info CSI 00000157 [SR] Verifying 100 (0x00000064) components
2012-05-22 23:15:45, Info CSI 00000158 [SR] Beginning Verify and Repair transaction
2012-05-22 23:16:50, Info CSI 0000015a [SR] Verify complete
2012-05-22 23:17:02, Info CSI 0000015b [SR] Verifying 100 (0x00000064) components
2012-05-22 23:17:02, Info CSI 0000015c [SR] Beginning Verify and Repair transaction
2012-05-22 23:19:53, Info CSI 0000015e [SR] Verify complete
2012-05-22 23:20:04, Info CSI 0000015f [SR] Verifying 100 (0x00000064) components
2012-05-22 23:20:04, Info CSI 00000160 [SR] Beginning Verify and Repair transaction
2012-05-22 23:21:28, Info CSI 00000162 [SR] Verify complete
2012-05-22 23:21:36, Info CSI 00000163 [SR] Verifying 100 (0x00000064) components
2012-05-22 23:21:36, Info CSI 00000164 [SR] Beginning Verify and Repair transaction
2012-05-22 23:22:26, Info CSI 00000166 [SR] Verify complete
2012-05-22 23:22:34, Info CSI 00000167 [SR] Verifying 100 (0x00000064) components
2012-05-22 23:22:34, Info CSI 00000168 [SR] Beginning Verify and Repair transaction
2012-05-22 23:25:35, Info CSI 0000016b [SR] Verify complete
2012-05-22 23:25:43, Info CSI 0000016c [SR] Verifying 100 (0x00000064) components
2012-05-22 23:25:43, Info CSI 0000016d [SR] Beginning Verify and Repair transaction
2012-05-22 23:26:59, Info CSI 0000016f [SR] Verify complete
2012-05-22 23:27:07, Info CSI 00000170 [SR] Verifying 100 (0x00000064) components
2012-05-22 23:27:07, Info CSI 00000171 [SR] Beginning Verify and Repair transaction
2012-05-22 23:27:42, Info CSI 00000173 [SR] Verify complete
2012-05-22 23:27:51, Info CSI 00000174 [SR] Verifying 100 (0x00000064) components
2012-05-22 23:27:51, Info CSI 00000175 [SR] Beginning Verify and Repair transaction
2012-05-22 23:28:54, Info CSI 00000177 [SR] Verify complete
2012-05-22 23:29:03, Info CSI 00000178 [SR] Verifying 100 (0x00000064) components
2012-05-22 23:29:04, Info CSI 00000179 [SR] Beginning Verify and Repair transaction
2012-05-22 23:30:18, Info CSI 0000017e [SR] Verify complete
2012-05-22 23:30:26, Info CSI 0000017f [SR] Verifying 100 (0x00000064) components
2012-05-22 23:30:26, Info CSI 00000180 [SR] Beginning Verify and Repair transaction
2012-05-22 23:31:40, Info CSI 00000182 [SR] Verify complete
2012-05-22 23:31:49, Info CSI 00000183 [SR] Verifying 100 (0x00000064) components
2012-05-22 23:31:49, Info CSI 00000184 [SR] Beginning Verify and Repair transaction
2012-05-22 23:33:22, Info CSI 00000186 [SR] Verify complete
2012-05-22 23:33:31, Info CSI 00000187 [SR] Verifying 100 (0x00000064) components
2012-05-22 23:33:31, Info CSI 00000188 [SR] Beginning Verify and Repair transaction
2012-05-22 23:34:13, Info CSI 0000018a [SR] Verify complete
2012-05-22 23:34:23, Info CSI 0000018b [SR] Verifying 100 (0x00000064) components
2012-05-22 23:34:23, Info CSI 0000018c [SR] Beginning Verify and Repair transaction
2012-05-22 23:34:45, Info CSI 0000018e [SR] Verify complete
2012-05-22 23:34:55, Info CSI 0000018f [SR] Verifying 100 (0x00000064) components
2012-05-22 23:34:55, Info CSI 00000190 [SR] Beginning Verify and Repair transaction
2012-05-22 23:36:22, Info CSI 00000192 [SR] Verify complete
2012-05-22 23:36:33, Info CSI 00000193 [SR] Verifying 100 (0x00000064) components
2012-05-22 23:36:33, Info CSI 00000194 [SR] Beginning Verify and Repair transaction
2012-05-22 23:37:33, Info CSI 00000196 [SR] Verify complete
2012-05-22 23:37:43, Info CSI 00000197 [SR] Verifying 100 (0x00000064) components
2012-05-22 23:37:43, Info CSI 00000198 [SR] Beginning Verify and Repair transaction
2012-05-22 23:38:28, Info CSI 00000199 [SR] Repairing corrupted file [ml:520{260},l:82{41}]"\??\C:\Windows\System32\LogFiles\Firewall"\[l:20{10}]"mpssvc.dat" from store
2012-05-22 23:38:46, Info CSI 0000019b [SR] Verify complete
2012-05-22 23:38:56, Info CSI 0000019c [SR] Verifying 100 (0x00000064) components
2012-05-22 23:38:56, Info CSI 0000019d [SR] Beginning Verify and Repair transaction
2012-05-22 23:40:59, Info CSI 0000019f [SR] Verify complete
2012-05-22 23:41:09, Info CSI 000001a0 [SR] Verifying 100 (0x00000064) components
2012-05-22 23:41:09, Info CSI 000001a1 [SR] Beginning Verify and Repair transaction
2012-05-22 23:41:57, Info CSI 000001a3 [SR] Verify complete
2012-05-22 23:42:07, Info CSI 000001a4 [SR] Verifying 100 (0x00000064) components
2012-05-22 23:42:07, Info CSI 000001a5 [SR] Beginning Verify and Repair transaction
2012-05-22 23:42:56, Info CSI 000001a7 [SR] Verify complete
2012-05-22 23:43:05, Info CSI 000001a8 [SR] Verifying 94 (0x0000005e) components
2012-05-22 23:43:05, Info CSI 000001a9 [SR] Beginning Verify and Repair transaction
2012-05-22 23:44:26, Info CSI 000001b4 [SR] Verify complete
2012-05-22 23:44:26, Info CSI 000001b5 [SR] Repairing 1 components
2012-05-22 23:44:26, Info CSI 000001b6 [SR] Beginning Verify and Repair transaction
2012-05-22 23:44:26, Info CSI 000001b7 [SR] Repairing corrupted file [ml:520{260},l:82{41}]"\??\C:\Windows\System32\LogFiles\Firewall"\[l:20{10}]"mpssvc.dat" from store
2012-05-22 23:44:28, Info CSI 000001b9 [SR] Repair complete
2012-05-22 23:44:28, Info CSI 000001ba [SR] Committing transaction
2012-05-22 23:44:29, Info CSI 000001be [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired




COMBOFIX :

ComboFix 12-05-23.01 - Raghavendra 05/23/2012 20:58:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1767 [GMT 5.5:30]
Running from: c:\users\Raghavendra\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 48
R6025
- pure virtual function call
SED: can't read temp1505: No such file or directory
grep: temp2401: No such file or directory
SED: can't read temp3300: No such file or directory
R6025
- pure virtual function call
.
/wow section - STAGE 50
.
.
((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))
.
.
2012-05-23 17:40 . 2012-05-23 17:49 -------- d-----w- c:\users\Raghavendra\AppData\Local\temp
2012-05-23 17:40 . 2012-05-23 17:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-22 16:19 . 2012-05-23 16:05 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73B1E0B4-77B0-4A7D-BBD1-4DE1498905A4}\offreg.dll
2012-05-22 15:49 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73B1E0B4-77B0-4A7D-BBD1-4DE1498905A4}\mpengine.dll
2012-05-20 12:46 . 2012-05-20 12:46 -------- d-----w- C:\_OTL
2012-05-10 15:26 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 15:26 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 15:24 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 15:24 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-10 15:24 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 15:24 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 15:24 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 15:24 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-05-10 15:24 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 15:24 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 15:24 . 2012-04-02 13:36 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 15:22 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 15:22 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 15:22 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 15:22 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 15:22 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-05 13:54 . 2012-05-05 13:54 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-05 13:54 . 2012-05-05 13:54 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-05 13:54 . 2012-05-05 13:54 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 06:18 . 2012-04-25 06:18 -------- d-----w- c:\program files\Azhagi+
2012-04-24 09:21 . 2012-04-24 09:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-24 09:21 . 2012-04-04 10:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-24 05:56 . 2012-04-24 05:56 -------- d-----w- c:\users\Raghavendra\AppData\Roaming\Malwarebytes
2012-04-24 05:55 . 2012-04-24 05:55 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-09 03:36 . 2012-04-09 03:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-25 03:21 . 2012-03-25 03:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-18 06:54 . 2012-03-18 06:54 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-18 06:54 . 2012-03-18 06:54 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-18 06:54 . 2012-03-18 06:54 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-18 06:54 . 2012-03-18 06:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-18 06:54 . 2012-03-18 06:54 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-18 06:54 . 2012-03-18 06:54 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-18 06:54 . 2012-03-18 06:54 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-18 06:54 . 2012-03-18 06:54 367104 ----a-w- c:\windows\system32\html.iec
2012-03-18 06:54 . 2012-03-18 06:54 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-18 06:54 . 2012-03-18 06:54 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-18 06:54 . 2012-03-18 06:54 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-18 06:54 . 2012-03-18 06:54 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-18 06:54 . 2012-03-18 06:54 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-18 06:54 . 2012-03-18 06:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-18 06:54 . 2012-03-18 06:54 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-18 06:54 . 2012-03-18 06:54 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-18 06:54 . 2012-03-18 06:54 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-14 13:13 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2012-03-14 13:13 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2012-03-13 09:03 . 2012-03-13 09:03 23552 ----a-w- c:\windows\system32\lpk.dll
2012-03-13 09:03 . 2012-03-13 09:03 10240 ----a-w- c:\windows\system32\dciman32.dll
2012-03-13 08:59 . 2012-03-13 08:59 61440 ----a-w- c:\windows\system32\winipsec.dll
2012-03-13 08:59 . 2012-03-13 08:59 272896 ----a-w- c:\windows\system32\polstore.dll
2012-03-13 08:56 . 2012-03-13 08:56 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-03-13 08:56 . 2012-03-13 08:56 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-03-13 08:56 . 2012-03-13 08:56 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2012-03-13 08:56 . 2012-03-13 08:56 105984 ----a-w- c:\windows\system32\netiohlp.dll
2012-03-13 08:56 . 2012-03-13 08:56 10240 ----a-w- c:\windows\system32\finger.exe
2012-03-13 08:56 . 2012-03-13 08:56 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-03-13 08:56 . 2012-03-13 08:56 19968 ----a-w- c:\windows\system32\ARP.EXE
2012-03-13 08:56 . 2012-03-13 08:56 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2012-03-13 08:55 . 2012-03-13 08:55 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2012-03-13 08:55 . 2012-03-13 08:55 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2012-03-13 08:55 . 2012-03-13 08:55 65024 ----a-w- c:\windows\system32\wlanapi.dll
2012-03-13 08:55 . 2012-03-13 08:55 513536 ----a-w- c:\windows\system32\wlansvc.dll
2012-03-13 08:55 . 2012-03-13 08:55 302592 ----a-w- c:\windows\system32\wlansec.dll
2012-03-13 08:55 . 2012-03-13 08:55 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2012-03-13 08:55 . 2012-03-13 08:55 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2012-03-13 08:54 . 2012-03-13 08:54 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-03-13 08:54 . 2012-03-13 08:54 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-03-13 08:54 . 2012-03-13 08:54 2048 ----a-w- c:\windows\system32\msxml6r.dll
2012-03-13 08:53 . 2012-03-13 08:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2012-03-13 08:52 . 2012-03-13 08:52 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2012-03-13 08:52 . 2012-03-13 08:52 24576 ----a-w- c:\windows\system32\mfpmp.exe
2012-03-13 08:52 . 2012-03-13 08:52 2048 ----a-w- c:\windows\system32\mferror.dll
2012-03-13 08:50 . 2012-03-13 08:50 499712 ----a-w- c:\windows\system32\kerberos.dll
2012-03-13 08:50 . 2012-03-13 08:50 175104 ----a-w- c:\windows\system32\wdigest.dll
2012-03-13 08:49 . 2012-03-13 08:49 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2012-03-13 08:49 . 2012-03-13 08:49 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2012-03-13 08:49 . 2012-03-13 08:49 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll
2012-03-13 08:49 . 2012-03-13 08:49 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll
2012-03-13 08:49 . 2012-03-13 08:49 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll
2012-03-13 08:49 . 2012-03-13 08:49 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll
2012-03-13 08:48 . 2012-03-13 08:48 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll
2012-03-13 08:48 . 2012-03-13 08:48 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll
2012-03-13 08:48 . 2012-03-13 08:48 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll
2012-03-13 08:48 . 2012-03-13 08:48 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll
2012-03-13 08:48 . 2012-03-13 08:48 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll
2012-03-13 08:48 . 2012-03-13 08:48 4175872 ----a-w- c:\windows\system32\NlsLexicons0010.dll
2012-03-13 08:48 . 2012-03-13 08:48 2466816 ----a-w- c:\windows\system32\NlsLexicons0011.dll
2012-03-13 08:48 . 2012-03-13 08:48 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll
2012-03-13 08:48 . 2012-03-13 08:48 3331072 ----a-w- c:\windows\system32\NlsLexicons0018.dll
2012-03-13 08:48 . 2012-03-13 08:48 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll
2012-03-13 08:48 . 2012-03-13 08:48 11722752 ----a-w- c:\windows\system32\NlsLexicons0001.dll
2012-03-13 08:48 . 2012-03-13 08:48 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll
2012-03-13 08:48 . 2012-03-13 08:48 1452544 ----a-w- c:\windows\system32\NlsLexicons0003.dll
2012-03-13 08:48 . 2012-03-13 08:48 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll
2012-03-13 08:48 . 2012-03-13 08:48 1702912 ----a-w- c:\windows\system32\NlsLexicons004b.dll
2012-03-13 08:48 . 2012-03-13 08:48 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll
2012-03-13 08:48 . 2012-03-13 08:48 1972736 ----a-w- c:\windows\system32\NlsLexicons004e.dll
2012-03-13 08:48 . 2012-03-13 08:48 4045824 ----a-w- c:\windows\system32\NlsLexicons003e.dll
2012-03-13 08:48 . 2012-03-13 08:48 4096 ----a-w- c:\windows\system32\NlsLexicons002a.dll
2012-03-13 08:48 . 2012-03-13 08:48 6014976 ----a-w- c:\windows\system32\NlsLexicons001a.dll
2012-03-13 08:48 . 2012-03-13 08:48 6585856 ----a-w- c:\windows\system32\NlsLexicons001b.dll
2012-03-13 08:48 . 2012-03-13 08:48 6346240 ----a-w- c:\windows\system32\NlsLexicons001d.dll
2012-03-13 08:48 . 2012-03-13 08:48 9892864 ----a-w- c:\windows\system32\NlsLexicons000a.dll
2012-03-13 08:48 . 2012-03-13 08:48 6237696 ----a-w- c:\windows\system32\NlsLexicons000c.dll
2012-03-13 08:48 . 2012-03-13 08:48 1722368 ----a-w- c:\windows\system32\NlsLexicons000d.dll
2012-03-13 08:48 . 2012-03-13 08:48 5654528 ----a-w- c:\windows\system32\NlsLexicons000f.dll
2012-03-13 08:48 . 2012-03-13 08:48 4616192 ----a-w- c:\windows\system32\NlsLexicons0414.dll
2012-03-13 08:48 . 2012-03-13 08:48 5090816 ----a-w- c:\windows\system32\NlsLexicons0416.dll
2012-03-13 08:48 . 2012-03-13 08:48 5031936 ----a-w- c:\windows\system32\NlsLexicons0816.dll
2012-03-13 08:48 . 2012-03-13 08:48 7042560 ----a-w- c:\windows\system32\NlsLexicons081a.dll
2012-03-13 08:48 . 2012-03-13 08:48 5071872 ----a-w- c:\windows\system32\NlsModels0011.dll
2012-03-13 08:48 . 2012-03-13 08:48 3104768 ----a-w- c:\windows\system32\NlsData0047.dll
2012-03-13 08:48 . 2012-03-13 08:48 3104768 ----a-w- c:\windows\system32\NlsData0046.dll
2012-03-13 08:48 . 2012-03-13 08:48 3104768 ----a-w- c:\windows\system32\NlsData0045.dll
2012-03-13 08:48 . 2012-03-13 08:48 3104768 ----a-w- c:\windows\system32\NlsData0049.dll
2012-03-13 08:48 . 2012-03-13 08:48 3104768 ----a-w- c:\windows\system32\NlsData0039.dll
2012-03-13 08:48 . 2012-03-13 08:48 3104768 ----a-w- c:\windows\system32\NlsData0020.dll
2012-03-13 08:48 . 2012-03-13 08:48 1801216 ----a-w- c:\windows\system32\NlsData0021.dll
2012-03-13 08:48 . 2012-03-13 08:48 1966592 ----a-w- c:\windows\system32\NlsData0027.dll
2012-03-13 08:48 . 2012-03-13 08:48 1965056 ----a-w- c:\windows\system32\NlsData0026.dll
2012-03-13 08:48 . 2012-03-13 08:48 1965056 ----a-w- c:\windows\system32\NlsData0024.dll
2012-03-13 08:48 . 2012-03-13 08:48 1801216 ----a-w- c:\windows\system32\NlsData0022.dll
2012-03-13 08:48 . 2012-03-13 08:48 4495360 ----a-w- c:\windows\system32\NlsData0010.dll
2012-03-13 08:48 . 2012-03-13 08:48 3466752 ----a-w- c:\windows\system32\NlsData0013.dll
2012-03-13 08:48 . 2012-03-13 08:48 2657280 ----a-w- c:\windows\system32\NlsData0011.dll
2012-05-05 13:54 . 2012-03-12 10:45 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 05:36 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 07:17 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 09:00 216064 --sha-r- c:\windows\System32\nbDX.dll
2010-01-06 17:30 107520 --sha-r- c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-13 2299176]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-09 7539232]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-08-09 3076144]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-03-13 15:13 136176 ----atw- c:\users\Raghavendra\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 02:28 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 06:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpenDNS Updater]
2010-06-16 21:42 839680 ----a-w- c:\program files\OpenDNS Updater\OpenDNSUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2009-11-24 05:37 323640 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-24 05:37 323640 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-04-24 01:11 176128 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-10 23:12 317128 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wmagent.exe]
2009-10-19 11:47 210400 ----a-w- c:\program files\WebMoney Agent\wmagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - WS2IFSL
*Deregistered* - comHost
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-435282272-506716919-4068098482-1000Core.job
- c:\users\Raghavendra\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-13 15:13]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-435282272-506716919-4068098482-1000UA.job
- c:\users\Raghavendra\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-13 15:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.in/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AAECF98D-936B-4CB8-9F10-9B1C41375907}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Raghavendra\AppData\Roaming\Mozilla\Firefox\Profiles\z7io7ajy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-IS CfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-23 23:19
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-435282272-506716919-4068098482-1000_Classes\CLSID\{3ee6bff9-b52a-4752-bea7-d0b89fc82107}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000008c
"Therad"=dword:0000000d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-435282272-506716919-4068098482-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):07,7d,dd,ba,f6,71,ed,13,ac,ed,13,38,d1,e5,f8,b2,34,e9,66,61,c5,
7b,0e,90,ca,27,42,cb,39,34,cd,7b,6c,5d,e8,ea,7c,cb,7c,f9,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\ESET\ESET Smart Security\ekrn.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\system32\WerFault.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-05-23 23:27:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-23 17:57
.
Pre-Run: 68,313,632,768 bytes free
Post-Run: 68,035,059,712 bytes free
.
- - End Of File - - 4B58E41A4D41AC2C76E7535021C7284C



Was this Helpful ??

Anything more you want me to provide with ??

Thanks for your Help !!
  • 0

#14
CompCav

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Please provide an update on any change in the computer symptoms your computer is having.
  • 0

#15
spicejar

spicejar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
There is no marked improvement in the speed... it just a grade up from what it was before...

Some Programs are not working , but i could see that is due to Registry changes done by the fixes i suppose ... i could reinstall them no problem ...

What did you find as problematic from these logs ...

Thanks..
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP