Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Microsoft Essentials does not open and Google search redirected to oth


  • Please log in to reply

#1
Manisha_sam

Manisha_sam

    New Member

  • Member
  • Pip
  • 3 posts
Hi,
I use google chrome browser and for the last couple of weeks I have observed that the browser gets redirected to other websites. I have also observed tat Microsoft Security Essentials does not open as well. The screen shot taken during the couple of seconds indicates Real Time protection : Off and Virus and Spyware definitions : Out of Date. I have used Registry mechanic and TDSSKiller. But none of them seemed to detect any virus on the system.
Please find the OTL.txt content below


OTL logfile created on: 8/13/2012 1:43:51 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\Manisha_ibkr\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 66.58% Memory free
5.09 Gb Paging File | 3.97 Gb Available in Paging File | 78.09% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 164.26 Gb Free Space | 84.10% Space Free | Partition Type: NTFS
Drive D: | 400.86 Gb Total Space | 400.78 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Computer Name: MANISHA | User Name: Manisha_ibkr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/13 13:43:24 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Manisha_ibkr\My Documents\Downloads\OTL.exe
PRC - [2012/08/07 15:43:41 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/04/26 21:33:16 | 002,743,104 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011/06/18 02:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/01/28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2008/04/14 21:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/07 15:43:40 | 000,442,392 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\ppgooglenaclpluginchrome.dll
MOD - [2012/08/07 15:43:39 | 012,235,800 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
MOD - [2012/08/07 15:43:37 | 003,997,720 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\pdf.dll
MOD - [2012/08/07 15:42:09 | 000,144,424 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\avutil-51.dll
MOD - [2012/08/07 15:42:08 | 000,266,792 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\avformat-54.dll
MOD - [2012/08/07 15:42:07 | 002,480,680 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\avcodec-54.dll
MOD - [2012/06/15 03:09:23 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/15 03:05:50 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/15 03:05:41 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/15 03:04:23 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/05/12 03:09:08 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/12 03:08:41 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/12 03:06:56 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/12 03:05:41 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/12 03:05:24 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/07 13:42:49 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3223.36990__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll
MOD - [2012/05/07 13:42:49 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3223.36982__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2012/05/07 13:42:49 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3223.36981__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2012/05/07 13:42:49 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3223.36987__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2012/05/07 13:42:49 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3223.36982__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2012/05/07 13:42:48 | 001,691,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3223.36856__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2012/05/07 13:42:48 | 000,278,528 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3223.36839__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:48 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3223.36858__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2012/05/07 13:42:48 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3223.36852__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2012/05/07 13:42:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3223.36846__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:47 | 000,692,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3223.36925__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2012/05/07 13:42:47 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3223.36961__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2012/05/07 13:42:47 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3223.36942__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2012/05/07 13:42:47 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3223.36962__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:47 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3223.36857__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:47 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3223.36936__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:47 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3223.36846__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:47 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3223.36912__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:47 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3223.36895__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:47 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3223.36856__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:46 | 000,356,352 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3223.36919__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:46 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3223.36919__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2012/05/07 13:42:46 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3223.36918__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:45 | 000,671,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3223.36980__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:44 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3223.36979__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:43 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3223.36930__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2012/05/07 13:42:42 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3223.36897__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:42 | 000,720,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3223.36848__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:42 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3223.36859__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:42 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3223.36858__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:42 | 000,122,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3223.36909__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:42 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3223.36896__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3223.36862__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:42 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3223.36908__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:41 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3223.36937__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:41 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3223.36891__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3223.36910__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:40 | 000,675,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3223.36913__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:40 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3223.36896__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:40 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3223.36895__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:40 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3223.36896__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3184.27499__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2012/05/07 13:42:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3184.27491__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2012/05/07 13:42:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3184.27506__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2012/05/07 13:42:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3184.27533__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2012/05/07 13:42:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3184.27509__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2012/05/07 13:42:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3184.27533__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2012/05/07 13:42:39 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2012/05/07 13:42:38 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3184.27483__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2012/05/07 13:42:38 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3184.27484__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2012/05/07 13:42:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3184.27511__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2012/05/07 13:42:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3184.27510__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2012/05/07 13:42:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3184.27511__90ba9c70f846762e\DEM.OS.dll
MOD - [2012/05/07 13:42:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2012/05/07 13:42:37 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3184.27485__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2012/05/07 13:42:37 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2012/05/07 13:42:37 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3184.27567__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2012/05/07 13:42:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2012/05/07 13:42:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3184.27503__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2012/05/07 13:42:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3184.27499__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2012/05/07 13:42:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3184.27492__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2012/05/07 13:42:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3184.27512__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2012/05/07 13:42:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2012/05/07 13:42:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3184.27498__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2012/05/07 13:42:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3184.27515__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2012/05/07 13:42:36 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3184.27501__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2012/05/07 13:42:36 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3184.27520__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2012/05/07 13:42:36 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3184.27528__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2012/05/07 13:42:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3184.27516__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2012/05/07 13:42:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3184.27513__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2012/05/07 13:42:35 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3184.27534__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2012/05/07 13:42:35 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3184.27518__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2012/05/07 13:42:34 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3184.27520__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2012/05/07 13:42:34 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3184.27517__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2012/05/07 13:42:34 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3184.27520__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2012/05/07 13:42:34 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3184.27509__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2012/05/07 13:42:34 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3184.27516__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2012/05/07 13:42:34 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3184.27513__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2012/05/07 13:42:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3184.27519__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2012/05/07 13:42:34 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3184.27514__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2012/05/07 13:42:33 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3184.27518__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2012/05/07 13:42:33 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3184.27510__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2012/05/07 13:42:33 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3184.27508__90ba9c70f846762e\APM.Foundation.dll
MOD - [2012/05/07 13:42:33 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3184.27499__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2012/05/07 13:42:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2012/05/07 13:42:32 | 000,011,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3223.36983__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2012/05/07 13:42:31 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3223.36973__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2012/05/07 13:42:31 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3223.36836__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2012/05/07 13:42:30 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3223.36953__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2012/05/07 13:42:30 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3184.27488__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2012/05/07 13:42:30 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2012/05/07 13:42:30 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2012/05/07 13:42:29 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3223.36951__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2012/05/07 13:42:29 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3184.27493__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2012/05/07 13:42:29 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3184.27510__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2012/05/07 13:42:28 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3184.27488__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2012/05/07 13:42:28 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3184.27504__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2012/05/07 13:42:25 | 000,536,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3223.36947__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2012/05/07 13:42:25 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3223.36851__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2012/05/07 13:42:25 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3223.36838__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2012/05/07 13:42:25 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3184.27505__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2012/05/07 13:42:24 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3223.36837__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2012/05/07 13:42:23 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3184.27504__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2012/05/07 13:42:21 | 001,077,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3223.36843__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2012/05/07 13:42:18 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3184.27496__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2012/05/07 13:42:17 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3184.27521__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2012/05/07 13:42:16 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3223.36837__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2012/05/07 13:42:16 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2012/05/07 13:42:16 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3223.36953__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2012/05/07 13:42:15 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3223.36835__90ba9c70f846762e\APM.Server.dll
MOD - [2012/05/07 13:42:15 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3223.36836__90ba9c70f846762e\AEM.Server.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2008/10/30 14:39:12 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008/04/14 21:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 21:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/18 02:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/01/28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2008/07/29 13:10:46 | 003,201,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/06/29 15:56:07 | 000,126,048 | ---- | M] (Kings Information & Network) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\kcrtx86.sys -- (kcrtx86)
DRV - [2012/05/30 17:59:52 | 000,042,792 | R--- | M] (SoftForum Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\JRSKD24.SYS -- (JRSKD24)
DRV - [2012/05/30 17:59:52 | 000,019,496 | R--- | M] (Soft Security Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\JRSUKD25.SYS -- (JRSUKD25)
DRV - [2012/05/07 09:48:06 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/05/02 20:18:04 | 000,014,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2012/04/13 10:05:20 | 000,062,216 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2012/04/13 10:05:06 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2011/11/29 22:12:38 | 000,022,128 | ---- | M] (Integrated Biometrics LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UsbFpDrv.sys -- (NA2USB)
DRV - [2011/08/17 23:23:14 | 000,016,896 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmUsbIce.sys -- (WmUsbIce)
DRV - [2011/05/27 01:23:00 | 000,096,200 | ---- | M] (AhnLab, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmonTDNt.sys -- (AMonTDnt)
DRV - [2010/06/28 16:54:00 | 000,121,536 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys -- (MfIPSEnt)
DRV - [2010/06/28 16:54:00 | 000,101,368 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys -- (MfFWEnt)
DRV - [2009/07/21 10:13:00 | 000,019,616 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CdmDrvNt.sys -- (CdmDrvNt)
DRV - [2009/07/13 16:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/10/29 12:10:58 | 003,341,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/10/02 19:01:46 | 004,878,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/09/25 21:51:42 | 000,115,328 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{750E287F-D083-4D3F-AACC-1DF37DF188F8}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npKeyPro: C:\WINDOWS\system32\npKeyPro.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/14 21:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} https://ck.softforum...Pro3026_32k.cab (XecureCKKB Class)
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} https://ubi.wooriban.../xw_install.cab (XecureWeb 4.0 Client Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 168.126.63.1 168.126.63.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2147C126-EA1E-484B-9D18-D332BEDCB799}: DhcpNameServer = 168.126.63.1 168.126.63.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/05/02 20:01:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2020/03/09 15:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Analog Devices
[2020/03/09 15:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2012/08/13 09:59:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/08/09 19:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manisha_ibkr\Application Data\Registry Mechanic
[2012/05/30 17:26:00 | 003,259,699 | ---- | C] (ESTsoft Corp. ) -- C:\Program Files\ALZip_eng_632.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/13 13:14:04 | 000,001,917 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/08/13 13:01:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1547161642-1801674531-1003UA.job
[2012/08/13 11:01:57 | 000,482,734 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/13 11:01:57 | 000,086,438 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/13 10:58:03 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/13 10:57:43 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\yogdukgi.job
[2012/08/13 10:57:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/13 10:57:39 | 000,060,452 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012/08/13 10:10:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/08/13 09:48:01 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2012/08/13 09:13:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/08/13 09:09:14 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2012/08/12 20:40:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/08/12 16:01:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1547161642-1801674531-1003Core.job
[2012/08/12 14:00:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/08/10 16:08:39 | 000,123,958 | ---- | M] () -- C:\1_thinning.bmp
[2012/08/10 16:08:39 | 000,123,958 | ---- | M] () -- C:\1_postprocessing.bmp
[2012/08/10 16:08:39 | 000,123,958 | ---- | M] () -- C:\1_period.bmp
[2012/08/10 16:08:39 | 000,123,958 | ---- | M] () -- C:\1_original.bmp
[2012/08/10 16:08:39 | 000,123,958 | ---- | M] () -- C:\1_orientation.bmp
[2012/08/10 16:08:39 | 000,123,958 | ---- | M] () -- C:\1_localnormalization.bmp
[2012/08/10 16:08:39 | 000,123,958 | ---- | M] () -- C:\1_gabor.bmp
[2012/08/10 16:08:39 | 000,123,958 | ---- | M] () -- C:\1_cuthistogram.bmp
[2012/08/10 16:08:39 | 000,123,958 | ---- | M] () -- C:\1_binary.bmp
[2012/08/10 16:08:39 | 000,123,958 | ---- | M] () -- C:\1_background.bmp
[2012/08/10 16:08:13 | 000,123,958 | ---- | M] () -- C:\0_thinning.bmp
[2012/08/10 16:08:13 | 000,123,958 | ---- | M] () -- C:\0_postprocessing.bmp
[2012/08/10 16:08:13 | 000,123,958 | ---- | M] () -- C:\0_period.bmp
[2012/08/10 16:08:13 | 000,123,958 | ---- | M] () -- C:\0_original.bmp
[2012/08/10 16:08:13 | 000,123,958 | ---- | M] () -- C:\0_orientation.bmp
[2012/08/10 16:08:13 | 000,123,958 | ---- | M] () -- C:\0_localnormalization.bmp
[2012/08/10 16:08:13 | 000,123,958 | ---- | M] () -- C:\0_gabor.bmp
[2012/08/10 16:08:13 | 000,123,958 | ---- | M] () -- C:\0_cuthistogram.bmp
[2012/08/10 16:08:13 | 000,123,958 | ---- | M] () -- C:\0_binary.bmp
[2012/08/10 16:08:13 | 000,123,958 | ---- | M] () -- C:\0_background.bmp
[2012/08/10 09:02:52 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Desktop\Google Chrome.lnk
[2012/08/10 09:02:52 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/09 09:46:51 | 000,114,688 | RHS- | M] () -- C:\WINDOWS\System32\ntkrnlpa4.dll
[2012/08/07 12:14:05 | 000,101,376 | ---- | M] () -- C:\VignettingBuf.raw
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/10 15:10:03 | 000,123,958 | ---- | C] () -- C:\1_thinning.bmp
[2012/08/10 15:10:03 | 000,123,958 | ---- | C] () -- C:\1_postprocessing.bmp
[2012/08/10 15:10:03 | 000,123,958 | ---- | C] () -- C:\1_period.bmp
[2012/08/10 15:10:03 | 000,123,958 | ---- | C] () -- C:\1_original.bmp
[2012/08/10 15:10:03 | 000,123,958 | ---- | C] () -- C:\1_orientation.bmp
[2012/08/10 15:10:03 | 000,123,958 | ---- | C] () -- C:\1_localnormalization.bmp
[2012/08/10 15:10:03 | 000,123,958 | ---- | C] () -- C:\1_gabor.bmp
[2012/08/10 15:10:03 | 000,123,958 | ---- | C] () -- C:\1_cuthistogram.bmp
[2012/08/10 15:10:03 | 000,123,958 | ---- | C] () -- C:\1_binary.bmp
[2012/08/10 15:10:03 | 000,123,958 | ---- | C] () -- C:\1_background.bmp
[2012/08/10 15:09:14 | 000,123,958 | ---- | C] () -- C:\0_thinning.bmp
[2012/08/10 15:09:14 | 000,123,958 | ---- | C] () -- C:\0_postprocessing.bmp
[2012/08/10 15:09:14 | 000,123,958 | ---- | C] () -- C:\0_period.bmp
[2012/08/10 15:09:14 | 000,123,958 | ---- | C] () -- C:\0_original.bmp
[2012/08/10 15:09:14 | 000,123,958 | ---- | C] () -- C:\0_orientation.bmp
[2012/08/10 15:09:14 | 000,123,958 | ---- | C] () -- C:\0_localnormalization.bmp
[2012/08/10 15:09:14 | 000,123,958 | ---- | C] () -- C:\0_gabor.bmp
[2012/08/10 15:09:14 | 000,123,958 | ---- | C] () -- C:\0_cuthistogram.bmp
[2012/08/10 15:09:14 | 000,123,958 | ---- | C] () -- C:\0_binary.bmp
[2012/08/10 15:09:14 | 000,123,958 | ---- | C] () -- C:\0_background.bmp
[2012/08/09 09:46:51 | 000,114,688 | RHS- | C] () -- C:\WINDOWS\System32\ntkrnlpa4.dll
[2012/08/09 09:46:51 | 000,000,324 | ---- | C] () -- C:\WINDOWS\tasks\yogdukgi.job
[2012/06/04 16:23:00 | 003,071,288 | ---- | C] () -- C:\Program Files\TBN2xx Driver.zip
[2012/05/25 12:36:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\aosbackv.INI
[2012/05/25 12:36:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AosLogVw.INI
[2012/05/07 10:07:52 | 000,000,172 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/05/07 09:48:41 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2012/05/05 03:02:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/05/03 04:50:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/05/03 04:49:31 | 000,276,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/02 20:11:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/05/02 20:09:14 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012/05/02 20:03:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/05/02 19:58:13 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/01/19 18:39:58 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2012/01/19 18:39:58 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/01/19 18:39:58 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/01/19 18:39:57 | 000,176,214 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/01/19 18:39:57 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2012/01/19 18:39:57 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe

========== LOP Check ==========

[2012/05/07 09:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2012/05/07 10:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2012/08/13 09:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/25 12:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manisha_ibkr\Application Data\AhnLab
[2012/05/30 18:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manisha_ibkr\Application Data\ClientKeeper
[2012/05/07 09:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manisha_ibkr\Application Data\DAEMON Tools Pro
[2012/05/07 09:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manisha_ibkr\Application Data\OpenCandy
[2012/08/09 19:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manisha_ibkr\Application Data\Registry Mechanic
[2012/08/13 10:10:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/08/12 20:40:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/08/13 09:13:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/08/12 14:00:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2012/08/13 09:09:14 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
[2012/08/13 09:48:01 | 000,000,468 | ---- | M] () -- C:\WINDOWS\Tasks\RMSmartUpdate.job
[2012/08/13 10:57:43 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\yogdukgi.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >


Would appreciate help in resolving both these issues.

Edited by Manisha_sam, 12 August 2012 - 11:06 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
[2012/08/09 09:46:51 | 000,114,688 | RHS- | C] () -- C:\WINDOWS\System32\ntkrnlpa4.dll
[2012/08/09 09:46:51 | 000,000,324 | ---- | C] () -- C:\WINDOWS\tasks\yogdukgi.job
[2012/08/13 10:10:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/08/12 20:40:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/08/13 09:13:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/08/12 14:00:00 | 000,000,462 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2012/08/13 09:09:14 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
[2012/08/13 09:48:01 | 000,000,468 | ---- | M] () -- C:\WINDOWS\Tasks\RMSmartUpdate.job
[2012/08/13 10:57:43 | 000,000,324 | ---- | M] () -- C:\WINDOWS\Tasks\yogdukgi.job

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Documents and Settings\All Users\Application Data\*.exe
C:\WINDOWS\tasks\*.job
     
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

ComboFix

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan (Allow the Avast Engine)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
Manisha_sam

Manisha_sam

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
The Fix button was disabled. A quick note: I checked Microsoft Security essentials even before I executed the steps suggested. Microsoft Security Essentials didnt have any problems in staying open and running a scan for me. Although I am not sure if the problem of redirecting the webpage was resolved. In order to resolve this issue I still went ahead and executed all the steps suggested. Also I did not download the AVAST full version when prompted, and went ahead with the Scan after I had unchecked Trace disk I/O calls. Please find all the logs as attachment as well.


OTL log


========== OTL ==========
C:\WINDOWS\system32\ntkrnlpa4.dll moved successfully.
C:\WINDOWS\tasks\yogdukgi.job moved successfully.
C:\WINDOWS\Tasks\At1.job moved successfully.
C:\WINDOWS\Tasks\At2.job moved successfully.
C:\WINDOWS\Tasks\At3.job moved successfully.
C:\WINDOWS\Tasks\At4.job moved successfully.
C:\WINDOWS\Tasks\RMSchedule.job moved successfully.
C:\WINDOWS\Tasks\RMSmartUpdate.job moved successfully.
File C:\WINDOWS\Tasks\yogdukgi.job not found.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Manisha_ibkr\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Manisha_ibkr\My Documents\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Manisha_ibkr\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Manisha_ibkr\My Documents\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Manisha_ibkr\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Manisha_ibkr\My Documents\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Manisha_ibkr\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Manisha_ibkr\My Documents\Downloads\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\All Users\Application Data\*.exe not found.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1547161642-1801674531-1003Core.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1547161642-1801674531-1003UA.job moved successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: Manisha_ibkr

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: Manisha_ibkr
->Flash cache emptied: 9575 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.57.0 log created on 08132012_170351


ComboFix.txt file is attached






TDSSKiller.txt content





17:35:13.0859 3692 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
17:35:15.0171 3692 ============================================================
17:35:15.0171 3692 Current date / time: 2012/08/13 17:35:15.0171
17:35:15.0171 3692 SystemInfo:
17:35:15.0171 3692
17:35:15.0171 3692 OS Version: 5.1.2600 ServicePack: 3.0
17:35:15.0171 3692 Product type: Workstation
17:35:15.0171 3692 ComputerName: MANISHA
17:35:15.0171 3692 UserName: Manisha_ibkr
17:35:15.0171 3692 Windows directory: C:\WINDOWS
17:35:15.0171 3692 System windows directory: C:\WINDOWS
17:35:15.0171 3692 Processor architecture: Intel x86
17:35:15.0171 3692 Number of processors: 4
17:35:15.0171 3692 Page size: 0x1000
17:35:15.0171 3692 Boot type: Normal boot
17:35:15.0171 3692 ============================================================
17:35:16.0171 3692 Drive \Device\Harddisk0\DR0 - Size: 0x950AF4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:35:16.0171 3692 ============================================================
17:35:16.0171 3692 \Device\Harddisk0\DR0:
17:35:16.0171 3692 MBR partitions:
17:35:16.0171 3692 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1869E559
17:35:16.0187 3692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1869E5D7, BlocksNum 0x321B88EA
17:35:16.0187 3692 ============================================================
17:35:16.0218 3692 C: <-> \Device\Harddisk0\DR0\Partition0
17:35:16.0234 3692 D: <-> \Device\Harddisk0\DR0\Partition1
17:35:16.0234 3692 ============================================================
17:35:16.0234 3692 Initialize success
17:35:16.0234 3692 ============================================================
17:35:19.0453 3468 ============================================================
17:35:19.0453 3468 Scan started
17:35:19.0453 3468 Mode: Manual;
17:35:19.0453 3468 ============================================================
17:35:20.0046 3468 Abiosdsk - ok
17:35:20.0046 3468 abp480n5 - ok
17:35:20.0078 3468 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:35:20.0093 3468 ACPI - ok
17:35:20.0109 3468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:35:20.0109 3468 ACPIEC - ok
17:35:20.0109 3468 adpu160m - ok
17:35:20.0140 3468 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:35:20.0140 3468 aec - ok
17:35:20.0171 3468 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:35:20.0171 3468 AFD - ok
17:35:20.0171 3468 Aha154x - ok
17:35:20.0171 3468 aic78u2 - ok
17:35:20.0171 3468 aic78xx - ok
17:35:20.0203 3468 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:35:20.0203 3468 Alerter - ok
17:35:20.0218 3468 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:35:20.0218 3468 ALG - ok
17:35:20.0218 3468 AliIde - ok
17:35:20.0250 3468 AMonTDnt (7ae4f193ca2ad413a0bca3d846625f75) C:\WINDOWS\system32\Drivers\AMonTDnt.sys
17:35:20.0250 3468 AMonTDnt - ok
17:35:20.0250 3468 amsint - ok
17:35:20.0265 3468 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:35:20.0265 3468 AppMgmt - ok
17:35:20.0265 3468 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:35:20.0281 3468 Arp1394 - ok
17:35:20.0281 3468 asc - ok
17:35:20.0281 3468 asc3350p - ok
17:35:20.0281 3468 asc3550 - ok
17:35:20.0343 3468 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:35:20.0343 3468 aspnet_state - ok
17:35:20.0343 3468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:35:20.0343 3468 AsyncMac - ok
17:35:20.0359 3468 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:35:20.0375 3468 atapi - ok
17:35:20.0375 3468 Atdisk - ok
17:35:20.0406 3468 Ati HotKey Poller (fce2918d8dc01e02bccb64f06fe91d45) C:\WINDOWS\system32\Ati2evxx.exe
17:35:20.0421 3468 Ati HotKey Poller - ok
17:35:20.0453 3468 ATI Smart (5b867f6d5331d7df70b70e18586f8d0f) C:\WINDOWS\system32\ati2sgag.exe
17:35:20.0453 3468 ATI Smart - ok
17:35:20.0640 3468 ati2mtag (067fca861588b18399555412a456de12) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:35:20.0656 3468 ati2mtag - ok
17:35:20.0718 3468 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:35:20.0718 3468 Atmarpc - ok
17:35:20.0750 3468 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:35:20.0750 3468 AudioSrv - ok
17:35:20.0750 3468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:35:20.0750 3468 audstub - ok
17:35:20.0843 3468 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
17:35:20.0843 3468 BBSvc - ok
17:35:20.0875 3468 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
17:35:20.0890 3468 BBUpdate - ok
17:35:20.0890 3468 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:35:20.0890 3468 Beep - ok
17:35:20.0937 3468 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:35:20.0937 3468 BITS - ok
17:35:20.0968 3468 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:35:20.0968 3468 Browser - ok
17:35:20.0968 3468 catchme - ok
17:35:20.0984 3468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:35:20.0984 3468 cbidf2k - ok
17:35:20.0984 3468 cd20xrnt - ok
17:35:20.0984 3468 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:35:20.0984 3468 Cdaudio - ok
17:35:20.0984 3468 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:35:20.0984 3468 Cdfs - ok
17:35:21.0015 3468 CdmDrvNt (21c0133490fc6afb1fbdc7ed9ee32312) C:\WINDOWS\system32\Drivers\CdmDrvNt.sys
17:35:21.0015 3468 CdmDrvNt - ok
17:35:21.0015 3468 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:35:21.0015 3468 Cdrom - ok
17:35:21.0015 3468 Changer - ok
17:35:21.0046 3468 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:35:21.0046 3468 CiSvc - ok
17:35:21.0046 3468 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:35:21.0046 3468 ClipSrv - ok
17:35:21.0093 3468 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:35:21.0109 3468 clr_optimization_v2.0.50727_32 - ok
17:35:21.0109 3468 CmdIde - ok
17:35:21.0109 3468 COMSysApp - ok
17:35:21.0109 3468 Cpqarray - ok
17:35:21.0125 3468 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:35:21.0125 3468 CryptSvc - ok
17:35:21.0125 3468 dac2w2k - ok
17:35:21.0125 3468 dac960nt - ok
17:35:21.0156 3468 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:35:21.0156 3468 DcomLaunch - ok
17:35:21.0171 3468 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:35:21.0171 3468 Dhcp - ok
17:35:21.0187 3468 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:35:21.0187 3468 Disk - ok
17:35:21.0187 3468 dmadmin - ok
17:35:21.0218 3468 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:35:21.0234 3468 dmboot - ok
17:35:21.0250 3468 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:35:21.0250 3468 dmio - ok
17:35:21.0250 3468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:35:21.0250 3468 dmload - ok
17:35:21.0250 3468 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:35:21.0250 3468 dmserver - ok
17:35:21.0281 3468 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:35:21.0281 3468 DMusic - ok
17:35:21.0296 3468 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:35:21.0296 3468 Dnscache - ok
17:35:21.0312 3468 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:35:21.0312 3468 Dot3svc - ok
17:35:21.0312 3468 dpti2o - ok
17:35:21.0328 3468 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:35:21.0328 3468 drmkaud - ok
17:35:21.0343 3468 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
17:35:21.0343 3468 dtsoftbus01 - ok
17:35:21.0359 3468 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:35:21.0359 3468 EapHost - ok
17:35:21.0359 3468 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:35:21.0359 3468 ERSvc - ok
17:35:21.0375 3468 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:35:21.0390 3468 Eventlog - ok
17:35:21.0406 3468 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:35:21.0406 3468 EventSystem - ok
17:35:21.0421 3468 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:35:21.0421 3468 Fastfat - ok
17:35:21.0437 3468 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:35:21.0437 3468 FastUserSwitchingCompatibility - ok
17:35:21.0453 3468 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:35:21.0453 3468 Fdc - ok
17:35:21.0468 3468 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:35:21.0468 3468 Fips - ok
17:35:21.0468 3468 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:35:21.0468 3468 Flpydisk - ok
17:35:21.0484 3468 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:35:21.0484 3468 FltMgr - ok
17:35:21.0546 3468 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:35:21.0546 3468 FontCache3.0.0.0 - ok
17:35:21.0546 3468 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:35:21.0546 3468 Fs_Rec - ok
17:35:21.0562 3468 FTDIBUS (d6e3667f5e2bc6afc50308b480de2999) C:\WINDOWS\system32\drivers\ftdibus.sys
17:35:21.0562 3468 FTDIBUS - ok
17:35:21.0578 3468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:35:21.0578 3468 Ftdisk - ok
17:35:21.0578 3468 FTSER2K (e4cf4c1f9e3d57a66850f484c08e9ecf) C:\WINDOWS\system32\drivers\ftser2k.sys
17:35:21.0593 3468 FTSER2K - ok
17:35:21.0609 3468 gdrv (ad6bd6bdc97bede8a5507ee01220c00f) C:\WINDOWS\gdrv.sys
17:35:21.0609 3468 gdrv - ok
17:35:21.0625 3468 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:35:21.0625 3468 Gpc - ok
17:35:21.0640 3468 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:35:21.0640 3468 HDAudBus - ok
17:35:21.0640 3468 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:35:21.0640 3468 helpsvc - ok
17:35:21.0656 3468 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
17:35:21.0656 3468 HidServ - ok
17:35:21.0671 3468 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:35:21.0671 3468 hidusb - ok
17:35:21.0687 3468 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:35:21.0687 3468 hkmsvc - ok
17:35:21.0703 3468 hpn - ok
17:35:21.0781 3468 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:35:21.0781 3468 HTTP - ok
17:35:21.0812 3468 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:35:21.0812 3468 HTTPFilter - ok
17:35:21.0812 3468 i2omgmt - ok
17:35:21.0812 3468 i2omp - ok
17:35:21.0906 3468 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:35:21.0937 3468 idsvc - ok
17:35:21.0953 3468 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:35:21.0953 3468 Imapi - ok
17:35:21.0984 3468 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:35:21.0984 3468 ImapiService - ok
17:35:21.0984 3468 ini910u - ok
17:35:22.0203 3468 IntcAzAudAddService (6f336c2d18ba1e7ce8d0f31541c87a1d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:35:22.0234 3468 IntcAzAudAddService - ok
17:35:22.0281 3468 IntelIde - ok
17:35:22.0296 3468 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:35:22.0296 3468 intelppm - ok
17:35:22.0312 3468 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:35:22.0312 3468 Ip6Fw - ok
17:35:22.0328 3468 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:35:22.0328 3468 IpFilterDriver - ok
17:35:22.0328 3468 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:35:22.0328 3468 IpInIp - ok
17:35:22.0343 3468 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:35:22.0343 3468 IpNat - ok
17:35:22.0375 3468 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:35:22.0375 3468 IPSec - ok
17:35:22.0390 3468 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:35:22.0390 3468 IRENUM - ok
17:35:22.0406 3468 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:35:22.0406 3468 isapnp - ok
17:35:22.0437 3468 JRSUKD25 (813ecde501d8970645360b4151ecb5b9) C:\WINDOWS\system32\JRSUKD25.SYS
17:35:22.0437 3468 JRSUKD25 - ok
17:35:22.0437 3468 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:35:22.0437 3468 Kbdclass - ok
17:35:22.0453 3468 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:35:22.0453 3468 kbdhid - ok
17:35:22.0468 3468 kcrtx86 (cbbc332b9a94d9eb16e3328b50760587) C:\WINDOWS\system32\kcrtx86.sys
17:35:22.0468 3468 kcrtx86 - ok
17:35:22.0500 3468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:35:22.0500 3468 kmixer - ok
17:35:22.0515 3468 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:35:22.0515 3468 KSecDD - ok
17:35:22.0546 3468 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:35:22.0546 3468 LanmanServer - ok
17:35:22.0562 3468 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:35:22.0578 3468 lanmanworkstation - ok
17:35:22.0578 3468 lbrtfdc - ok
17:35:22.0609 3468 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:35:22.0609 3468 LmHosts - ok
17:35:22.0671 3468 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
17:35:22.0671 3468 McComponentHostService - ok
17:35:22.0718 3468 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:35:22.0718 3468 Messenger - ok
17:35:22.0781 3468 MfFWEnt (5a60a55f6b8af51a6b7642b8981fd834) C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys
17:35:22.0781 3468 MfFWEnt - ok
17:35:22.0796 3468 MfIPSEnt (99c7209b747e4d25afaf241a140e4be5) C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys
17:35:22.0796 3468 MfIPSEnt - ok
17:35:22.0859 3468 Microsoft SharePoint Workspace Audit Service - ok
17:35:22.0875 3468 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:35:22.0875 3468 mnmdd - ok
17:35:22.0906 3468 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:35:22.0906 3468 mnmsrvc - ok
17:35:22.0921 3468 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:35:22.0921 3468 Modem - ok
17:35:22.0937 3468 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:35:22.0937 3468 Mouclass - ok
17:35:22.0953 3468 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:35:22.0953 3468 mouhid - ok
17:35:22.0953 3468 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:35:22.0953 3468 MountMgr - ok
17:35:22.0984 3468 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:35:22.0984 3468 MpFilter - ok
17:35:22.0984 3468 mraid35x - ok
17:35:23.0015 3468 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:35:23.0015 3468 MRxDAV - ok
17:35:23.0046 3468 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:35:23.0062 3468 MRxSmb - ok
17:35:23.0078 3468 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:35:23.0078 3468 MSDTC - ok
17:35:23.0078 3468 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:35:23.0078 3468 Msfs - ok
17:35:23.0078 3468 MSIServer - ok
17:35:23.0109 3468 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:35:23.0109 3468 MSKSSRV - ok
17:35:23.0140 3468 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
17:35:23.0140 3468 MsMpSvc - ok
17:35:23.0140 3468 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:35:23.0140 3468 MSPCLOCK - ok
17:35:23.0140 3468 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:35:23.0140 3468 MSPQM - ok
17:35:23.0156 3468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:35:23.0156 3468 mssmbios - ok
17:35:23.0203 3468 MSSQL$SQLEXPRESS - ok
17:35:23.0250 3468 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:35:23.0250 3468 MSSQLServerADHelper - ok
17:35:23.0468 3468 msvsmon90 (70e994d23895df6b1ee1e70145299fcf) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
17:35:23.0531 3468 msvsmon90 - ok
17:35:23.0625 3468 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:35:23.0625 3468 Mup - ok
17:35:23.0640 3468 NA2USB (63214ad48ba99a2d0f0c77b3a4369bb0) C:\WINDOWS\system32\Drivers\UsbFpDrv.sys
17:35:23.0640 3468 NA2USB - ok
17:35:23.0656 3468 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:35:23.0671 3468 napagent - ok
17:35:23.0718 3468 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:35:23.0718 3468 NDIS - ok
17:35:23.0734 3468 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:35:23.0734 3468 NdisTapi - ok
17:35:23.0765 3468 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:35:23.0765 3468 Ndisuio - ok
17:35:23.0765 3468 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:35:23.0765 3468 NdisWan - ok
17:35:23.0796 3468 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:35:23.0796 3468 NDProxy - ok
17:35:23.0796 3468 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:35:23.0796 3468 NetBIOS - ok
17:35:23.0812 3468 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:35:23.0812 3468 NetBT - ok
17:35:23.0828 3468 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:35:23.0843 3468 NetDDE - ok
17:35:23.0843 3468 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:35:23.0843 3468 NetDDEdsdm - ok
17:35:23.0859 3468 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:35:23.0859 3468 Netlogon - ok
17:35:23.0890 3468 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:35:23.0890 3468 Netman - ok
17:35:23.0968 3468 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:35:23.0984 3468 NetTcpPortSharing - ok
17:35:24.0000 3468 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:35:24.0000 3468 NIC1394 - ok
17:35:24.0015 3468 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:35:24.0031 3468 Nla - ok
17:35:24.0031 3468 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:35:24.0031 3468 Npfs - ok
17:35:24.0062 3468 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:35:24.0062 3468 Ntfs - ok
17:35:24.0078 3468 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:35:24.0078 3468 NtLmSsp - ok
17:35:24.0109 3468 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:35:24.0109 3468 NtmsSvc - ok
17:35:24.0125 3468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:35:24.0125 3468 Null - ok
17:35:24.0156 3468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:35:24.0156 3468 NwlnkFlt - ok
17:35:24.0156 3468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:35:24.0156 3468 NwlnkFwd - ok
17:35:24.0171 3468 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:35:24.0171 3468 ohci1394 - ok
17:35:24.0234 3468 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:35:24.0250 3468 ose - ok
17:35:24.0437 3468 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:35:24.0500 3468 osppsvc - ok
17:35:24.0593 3468 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:35:24.0593 3468 Parport - ok
17:35:24.0609 3468 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:35:24.0609 3468 PartMgr - ok
17:35:24.0640 3468 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:35:24.0640 3468 ParVdm - ok
17:35:24.0640 3468 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:35:24.0640 3468 PCI - ok
17:35:24.0640 3468 PCIDump - ok
17:35:24.0656 3468 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:35:24.0656 3468 PCIIde - ok
17:35:24.0687 3468 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:35:24.0687 3468 Pcmcia - ok
17:35:24.0765 3468 PCToolsSSDMonitorSvc (c98cd9ee0012df72206bd519db9780d4) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
17:35:24.0765 3468 PCToolsSSDMonitorSvc - ok
17:35:24.0781 3468 PDCOMP - ok
17:35:24.0781 3468 PDFRAME - ok
17:35:24.0781 3468 PDRELI - ok
17:35:24.0781 3468 PDRFRAME - ok
17:35:24.0781 3468 perc2 - ok
17:35:24.0781 3468 perc2hib - ok
17:35:24.0812 3468 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:35:24.0812 3468 PlugPlay - ok
17:35:24.0828 3468 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:35:24.0828 3468 PolicyAgent - ok
17:35:24.0843 3468 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:35:24.0843 3468 PptpMiniport - ok
17:35:24.0843 3468 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:35:24.0843 3468 ProtectedStorage - ok
17:35:24.0843 3468 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:35:24.0843 3468 PSched - ok
17:35:24.0843 3468 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:35:24.0843 3468 Ptilink - ok
17:35:24.0843 3468 ql1080 - ok
17:35:24.0859 3468 Ql10wnt - ok
17:35:24.0859 3468 ql12160 - ok
17:35:24.0859 3468 ql1240 - ok
17:35:24.0859 3468 ql1280 - ok
17:35:24.0875 3468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:35:24.0875 3468 RasAcd - ok
17:35:24.0890 3468 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:35:24.0906 3468 RasAuto - ok
17:35:24.0906 3468 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:35:24.0906 3468 Rasl2tp - ok
17:35:24.0921 3468 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:35:24.0937 3468 RasMan - ok
17:35:24.0937 3468 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:35:24.0937 3468 RasPppoe - ok
17:35:24.0937 3468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:35:24.0937 3468 Raspti - ok
17:35:24.0953 3468 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:35:24.0953 3468 Rdbss - ok
17:35:24.0953 3468 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:35:24.0953 3468 RDPCDD - ok
17:35:24.0984 3468 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:35:25.0000 3468 rdpdr - ok
17:35:25.0031 3468 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
17:35:25.0031 3468 RDPWD - ok
17:35:25.0062 3468 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:35:25.0078 3468 RDSessMgr - ok
17:35:25.0093 3468 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:35:25.0093 3468 redbook - ok
17:35:25.0125 3468 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:35:25.0125 3468 RemoteAccess - ok
17:35:25.0140 3468 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:35:25.0140 3468 RemoteRegistry - ok
17:35:25.0156 3468 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:35:25.0156 3468 RpcLocator - ok
17:35:25.0187 3468 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
17:35:25.0187 3468 RpcSs - ok
17:35:25.0218 3468 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:35:25.0218 3468 RSVP - ok
17:35:25.0234 3468 RTLE8023xp (185641ad7e80bfce0aa545d3ec79d557) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:35:25.0234 3468 RTLE8023xp - ok
17:35:25.0250 3468 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:35:25.0250 3468 SamSs - ok
17:35:25.0265 3468 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:35:25.0265 3468 SCardSvr - ok
17:35:25.0281 3468 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:35:25.0296 3468 Schedule - ok
17:35:25.0296 3468 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:35:25.0296 3468 Secdrv - ok
17:35:25.0296 3468 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:35:25.0296 3468 seclogon - ok
17:35:25.0312 3468 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:35:25.0312 3468 SENS - ok
17:35:25.0312 3468 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:35:25.0312 3468 serenum - ok
17:35:25.0312 3468 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:35:25.0328 3468 Serial - ok
17:35:25.0328 3468 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:35:25.0328 3468 Sfloppy - ok
17:35:25.0359 3468 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:35:25.0375 3468 SharedAccess - ok
17:35:25.0406 3468 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:35:25.0406 3468 ShellHWDetection - ok
17:35:25.0406 3468 Simbad - ok
17:35:25.0406 3468 Sparrow - ok
17:35:25.0421 3468 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:35:25.0421 3468 splitter - ok
17:35:25.0437 3468 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:35:25.0437 3468 Spooler - ok
17:35:25.0531 3468 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:35:25.0531 3468 SQLBrowser - ok
17:35:25.0562 3468 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:35:25.0562 3468 SQLWriter - ok
17:35:25.0578 3468 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:35:25.0578 3468 sr - ok
17:35:25.0578 3468 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:35:25.0593 3468 srservice - ok
17:35:25.0609 3468 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:35:25.0625 3468 Srv - ok
17:35:25.0640 3468 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:35:25.0640 3468 SSDPSRV - ok
17:35:25.0656 3468 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
17:35:25.0656 3468 StillCam - ok
17:35:25.0703 3468 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:35:25.0703 3468 stisvc - ok
17:35:25.0734 3468 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:35:25.0734 3468 swenum - ok
17:35:25.0750 3468 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:35:25.0750 3468 swmidi - ok
17:35:25.0750 3468 SwPrv - ok
17:35:25.0750 3468 symc810 - ok
17:35:25.0750 3468 symc8xx - ok
17:35:25.0750 3468 sym_hi - ok
17:35:25.0750 3468 sym_u3 - ok
17:35:25.0765 3468 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:35:25.0765 3468 sysaudio - ok
17:35:25.0781 3468 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:35:25.0781 3468 SysmonLog - ok
17:35:25.0796 3468 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:35:25.0796 3468 TapiSrv - ok
17:35:25.0828 3468 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:35:25.0828 3468 Tcpip - ok
17:35:25.0859 3468 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:35:25.0859 3468 TDPIPE - ok
17:35:25.0875 3468 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:35:25.0875 3468 TDTCP - ok
17:35:25.0890 3468 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:35:25.0890 3468 TermDD - ok
17:35:25.0921 3468 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:35:25.0937 3468 TermService - ok
17:35:25.0968 3468 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:35:25.0968 3468 Themes - ok
17:35:25.0984 3468 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
17:35:25.0984 3468 TlntSvr - ok
17:35:25.0984 3468 TosIde - ok
17:35:26.0000 3468 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:35:26.0000 3468 TrkWks - ok
17:35:26.0031 3468 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:35:26.0031 3468 Udfs - ok
17:35:26.0031 3468 ultra - ok
17:35:26.0062 3468 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:35:26.0062 3468 Update - ok
17:35:26.0093 3468 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:35:26.0093 3468 upnphost - ok
17:35:26.0093 3468 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:35:26.0093 3468 UPS - ok
17:35:26.0109 3468 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:35:26.0109 3468 usbccgp - ok
17:35:26.0125 3468 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:35:26.0125 3468 usbehci - ok
17:35:26.0125 3468 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:35:26.0125 3468 usbhub - ok
17:35:26.0156 3468 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:35:26.0156 3468 USBSTOR - ok
17:35:26.0171 3468 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:35:26.0171 3468 usbuhci - ok
17:35:26.0187 3468 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:35:26.0187 3468 VgaSave - ok
17:35:26.0203 3468 ViaIde - ok
17:35:26.0218 3468 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:35:26.0218 3468 VolSnap - ok
17:35:26.0265 3468 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:35:26.0281 3468 VSS - ok
17:35:26.0296 3468 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:35:26.0296 3468 W32Time - ok
17:35:26.0312 3468 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:35:26.0312 3468 Wanarp - ok
17:35:26.0359 3468 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:35:26.0359 3468 Wdf01000 - ok
17:35:26.0375 3468 WDICA - ok
17:35:26.0406 3468 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:35:26.0406 3468 wdmaud - ok
17:35:26.0406 3468 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:35:26.0421 3468 WebClient - ok
17:35:26.0468 3468 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:35:26.0468 3468 winmgmt - ok
17:35:26.0484 3468 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\WINDOWS\system32\DRIVERS\winusb.sys
17:35:26.0484 3468 WinUSB - ok
17:35:26.0656 3468 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:35:26.0671 3468 wlidsvc - ok
17:35:26.0750 3468 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
17:35:26.0750 3468 WmdmPmSN - ok
17:35:26.0796 3468 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
17:35:26.0796 3468 Wmi - ok
17:35:26.0843 3468 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:35:26.0843 3468 WmiApSrv - ok
17:35:26.0859 3468 WmUsbIce (a654186474c38764ba82e5b47976193f) C:\WINDOWS\system32\Drivers\WmUsbIce.sys
17:35:26.0859 3468 WmUsbIce - ok
17:35:26.0875 3468 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:35:26.0875 3468 WS2IFSL - ok
17:35:26.0890 3468 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:35:26.0890 3468 wscsvc - ok
17:35:26.0921 3468 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:35:26.0921 3468 wuauserv - ok
17:35:26.0953 3468 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:35:26.0953 3468 WZCSVC - ok
17:35:27.0000 3468 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:35:27.0000 3468 xmlprov - ok
17:35:27.0000 3468 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:35:27.0281 3468 \Device\Harddisk0\DR0 - ok
17:35:27.0281 3468 Boot (0x1200) (ff7914e8cc132e0d992fcd15312d7f66) \Device\Harddisk0\DR0\Partition0
17:35:27.0281 3468 \Device\Harddisk0\DR0\Partition0 - ok
17:35:27.0296 3468 Boot (0x1200) (e200ec1dc2803bc4494a845f6e6bb182) \Device\Harddisk0\DR0\Partition1
17:35:27.0296 3468 \Device\Harddisk0\DR0\Partition1 - ok
17:35:27.0296 3468 ============================================================
17:35:27.0296 3468 Scan finished
17:35:27.0296 3468 ============================================================
17:35:27.0312 3936 Detected object count: 0
17:35:27.0312 3936 Actual detected object count: 0
17:36:44.0140 0960 Deinitialize success






TDSSkiller second run:






17:37:55.0421 0932 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
17:37:56.0171 0932 ============================================================
17:37:56.0171 0932 Current date / time: 2012/08/13 17:37:56.0171
17:37:56.0171 0932 SystemInfo:
17:37:56.0171 0932
17:37:56.0171 0932 OS Version: 5.1.2600 ServicePack: 3.0
17:37:56.0171 0932 Product type: Workstation
17:37:56.0171 0932 ComputerName: MANISHA
17:37:56.0171 0932 UserName: Manisha_ibkr
17:37:56.0171 0932 Windows directory: C:\WINDOWS
17:37:56.0171 0932 System windows directory: C:\WINDOWS
17:37:56.0171 0932 Processor architecture: Intel x86
17:37:56.0171 0932 Number of processors: 4
17:37:56.0171 0932 Page size: 0x1000
17:37:56.0171 0932 Boot type: Normal boot
17:37:56.0171 0932 ============================================================
17:37:57.0234 0932 Drive \Device\Harddisk0\DR0 - Size: 0x950AF4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:37:57.0234 0932 ============================================================
17:37:57.0234 0932 \Device\Harddisk0\DR0:
17:37:57.0234 0932 MBR partitions:
17:37:57.0234 0932 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1869E559
17:37:57.0234 0932 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1869E5D7, BlocksNum 0x321B88EA
17:37:57.0234 0932 ============================================================
17:37:57.0265 0932 C: <-> \Device\Harddisk0\DR0\Partition0
17:37:57.0296 0932 D: <-> \Device\Harddisk0\DR0\Partition1
17:37:57.0296 0932 ============================================================
17:37:57.0296 0932 Initialize success
17:37:57.0296 0932 ============================================================
17:38:22.0984 2144 ============================================================
17:38:22.0984 2144 Scan started
17:38:22.0984 2144 Mode: Manual; SigCheck; TDLFS;
17:38:22.0984 2144 ============================================================
17:38:23.0468 2144 Abiosdsk - ok
17:38:23.0468 2144 abp480n5 - ok
17:38:23.0515 2144 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:38:23.0687 2144 ACPI - ok
17:38:23.0718 2144 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:38:23.0796 2144 ACPIEC - ok
17:38:23.0796 2144 adpu160m - ok
17:38:23.0828 2144 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:38:23.0921 2144 aec - ok
17:38:23.0937 2144 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:38:23.0984 2144 AFD - ok
17:38:23.0984 2144 Aha154x - ok
17:38:23.0984 2144 aic78u2 - ok
17:38:23.0984 2144 aic78xx - ok
17:38:24.0015 2144 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:38:24.0078 2144 Alerter - ok
17:38:24.0109 2144 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:38:24.0140 2144 ALG - ok
17:38:24.0140 2144 AliIde - ok
17:38:24.0171 2144 AMonTDnt (7ae4f193ca2ad413a0bca3d846625f75) C:\WINDOWS\system32\Drivers\AMonTDnt.sys
17:38:24.0187 2144 AMonTDnt - ok
17:38:24.0203 2144 amsint - ok
17:38:24.0218 2144 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:38:24.0250 2144 AppMgmt - ok
17:38:24.0265 2144 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:38:24.0328 2144 Arp1394 - ok
17:38:24.0328 2144 asc - ok
17:38:24.0328 2144 asc3350p - ok
17:38:24.0343 2144 asc3550 - ok
17:38:24.0406 2144 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:38:24.0406 2144 aspnet_state - ok
17:38:24.0421 2144 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:38:24.0484 2144 AsyncMac - ok
17:38:24.0500 2144 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:38:24.0562 2144 atapi - ok
17:38:24.0578 2144 Atdisk - ok
17:38:24.0609 2144 Ati HotKey Poller (fce2918d8dc01e02bccb64f06fe91d45) C:\WINDOWS\system32\Ati2evxx.exe
17:38:24.0656 2144 Ati HotKey Poller - ok
17:38:24.0687 2144 ATI Smart (5b867f6d5331d7df70b70e18586f8d0f) C:\WINDOWS\system32\ati2sgag.exe
17:38:24.0718 2144 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
17:38:24.0718 2144 ATI Smart - detected UnsignedFile.Multi.Generic (1)
17:38:24.0906 2144 ati2mtag (067fca861588b18399555412a456de12) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:38:25.0000 2144 ati2mtag - ok
17:38:25.0078 2144 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:38:25.0140 2144 Atmarpc - ok
17:38:25.0171 2144 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:38:25.0250 2144 AudioSrv - ok
17:38:25.0265 2144 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:38:25.0343 2144 audstub - ok
17:38:25.0421 2144 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
17:38:25.0437 2144 BBSvc - ok
17:38:25.0453 2144 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
17:38:25.0468 2144 BBUpdate - ok
17:38:25.0500 2144 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:38:25.0578 2144 Beep - ok
17:38:25.0609 2144 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:38:25.0687 2144 BITS - ok
17:38:25.0718 2144 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:38:25.0796 2144 Browser - ok
17:38:25.0796 2144 catchme - ok
17:38:25.0812 2144 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:38:25.0890 2144 cbidf2k - ok
17:38:25.0890 2144 cd20xrnt - ok
17:38:25.0906 2144 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:38:26.0000 2144 Cdaudio - ok
17:38:26.0015 2144 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:38:26.0093 2144 Cdfs - ok
17:38:26.0125 2144 CdmDrvNt (21c0133490fc6afb1fbdc7ed9ee32312) C:\WINDOWS\system32\Drivers\CdmDrvNt.sys
17:38:26.0125 2144 CdmDrvNt - ok
17:38:26.0218 2144 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:38:26.0359 2144 Cdrom - ok
17:38:26.0359 2144 Changer - ok
17:38:26.0375 2144 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:38:26.0437 2144 CiSvc - ok
17:38:26.0468 2144 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:38:26.0625 2144 ClipSrv - ok
17:38:26.0734 2144 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:38:26.0968 2144 clr_optimization_v2.0.50727_32 - ok
17:38:26.0968 2144 CmdIde - ok
17:38:26.0984 2144 COMSysApp - ok
17:38:26.0984 2144 Cpqarray - ok
17:38:27.0078 2144 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:38:27.0500 2144 CryptSvc - ok
17:38:27.0500 2144 dac2w2k - ok
17:38:27.0500 2144 dac960nt - ok
17:38:27.0546 2144 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:38:29.0281 2144 DcomLaunch - ok
17:38:29.0312 2144 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:38:29.0625 2144 Dhcp - ok
17:38:29.0671 2144 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:38:29.0765 2144 Disk - ok
17:38:29.0765 2144 dmadmin - ok
17:38:29.0890 2144 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:38:30.0093 2144 dmboot - ok
17:38:30.0125 2144 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:38:30.0250 2144 dmio - ok
17:38:30.0281 2144 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:38:30.0375 2144 dmload - ok
17:38:30.0406 2144 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:38:30.0484 2144 dmserver - ok
17:38:30.0515 2144 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:38:30.0593 2144 DMusic - ok
17:38:30.0609 2144 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:38:30.0625 2144 Dnscache - ok
17:38:30.0656 2144 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:38:30.0734 2144 Dot3svc - ok
17:38:30.0734 2144 dpti2o - ok
17:38:30.0781 2144 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:38:30.0859 2144 drmkaud - ok
17:38:31.0031 2144 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
17:38:31.0046 2144 dtsoftbus01 - ok
17:38:31.0062 2144 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:38:31.0218 2144 EapHost - ok
17:38:31.0234 2144 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:38:31.0328 2144 ERSvc - ok
17:38:31.0359 2144 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:38:31.0375 2144 Eventlog - ok
17:38:31.0406 2144 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:38:31.0406 2144 EventSystem - ok
17:38:31.0437 2144 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:38:31.0515 2144 Fastfat - ok
17:38:31.0562 2144 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:38:31.0578 2144 FastUserSwitchingCompatibility - ok
17:38:31.0609 2144 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:38:31.0687 2144 Fdc - ok
17:38:31.0703 2144 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:38:31.0765 2144 Fips - ok
17:38:31.0781 2144 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:38:31.0859 2144 Flpydisk - ok
17:38:31.0890 2144 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:38:31.0953 2144 FltMgr - ok
17:38:32.0015 2144 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:38:32.0031 2144 FontCache3.0.0.0 - ok
17:38:32.0046 2144 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:38:32.0125 2144 Fs_Rec - ok
17:38:32.0125 2144 FTDIBUS (d6e3667f5e2bc6afc50308b480de2999) C:\WINDOWS\system32\drivers\ftdibus.sys
17:38:32.0140 2144 FTDIBUS - ok
17:38:32.0156 2144 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:38:32.0234 2144 Ftdisk - ok
17:38:32.0234 2144 FTSER2K (e4cf4c1f9e3d57a66850f484c08e9ecf) C:\WINDOWS\system32\drivers\ftser2k.sys
17:38:32.0234 2144 FTSER2K - ok
17:38:32.0265 2144 gdrv (ad6bd6bdc97bede8a5507ee01220c00f) C:\WINDOWS\gdrv.sys
17:38:32.0265 2144 gdrv - ok
17:38:32.0281 2144 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:38:32.0359 2144 Gpc - ok
17:38:32.0406 2144 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:38:32.0500 2144 HDAudBus - ok
17:38:32.0515 2144 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:38:32.0593 2144 helpsvc - ok
17:38:32.0609 2144 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
17:38:32.0687 2144 HidServ - ok
17:38:32.0703 2144 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:38:32.0781 2144 hidusb - ok
17:38:32.0796 2144 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:38:32.0875 2144 hkmsvc - ok
17:38:32.0875 2144 hpn - ok
17:38:32.0906 2144 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:38:32.0921 2144 HTTP - ok
17:38:32.0953 2144 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:38:33.0031 2144 HTTPFilter - ok
17:38:33.0031 2144 i2omgmt - ok
17:38:33.0031 2144 i2omp - ok
17:38:33.0109 2144 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:38:33.0140 2144 idsvc - ok
17:38:33.0156 2144 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:38:33.0234 2144 Imapi - ok
17:38:33.0250 2144 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:38:33.0343 2144 ImapiService - ok
17:38:33.0343 2144 ini910u - ok
17:38:33.0578 2144 IntcAzAudAddService (6f336c2d18ba1e7ce8d0f31541c87a1d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:38:33.0765 2144 IntcAzAudAddService - ok
17:38:33.0843 2144 IntelIde - ok
17:38:33.0859 2144 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:38:33.0937 2144 intelppm - ok
17:38:33.0937 2144 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:38:34.0031 2144 Ip6Fw - ok
17:38:34.0046 2144 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:38:34.0125 2144 IpFilterDriver - ok
17:38:34.0125 2144 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:38:34.0203 2144 IpInIp - ok
17:38:34.0218 2144 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:38:34.0296 2144 IpNat - ok
17:38:34.0328 2144 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:38:34.0421 2144 IPSec - ok
17:38:34.0437 2144 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:38:34.0468 2144 IRENUM - ok
17:38:34.0515 2144 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:38:34.0593 2144 isapnp - ok
17:38:34.0625 2144 JRSUKD25 (813ecde501d8970645360b4151ecb5b9) C:\WINDOWS\system32\JRSUKD25.SYS
17:38:34.0625 2144 JRSUKD25 - ok
17:38:34.0656 2144 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:38:34.0734 2144 Kbdclass - ok
17:38:34.0750 2144 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:38:34.0828 2144 kbdhid - ok
17:38:34.0843 2144 kcrtx86 (cbbc332b9a94d9eb16e3328b50760587) C:\WINDOWS\system32\kcrtx86.sys
17:38:34.0859 2144 kcrtx86 - ok
17:38:34.0906 2144 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:38:34.0984 2144 kmixer - ok
17:38:35.0015 2144 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:38:35.0046 2144 KSecDD - ok
17:38:35.0078 2144 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:38:35.0109 2144 LanmanServer - ok
17:38:35.0156 2144 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:38:35.0203 2144 lanmanworkstation - ok
17:38:35.0203 2144 lbrtfdc - ok
17:38:35.0250 2144 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:38:35.0625 2144 LmHosts - ok
17:38:35.0703 2144 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
17:38:35.0703 2144 McComponentHostService - ok
17:38:35.0734 2144 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:38:35.0812 2144 Messenger - ok
17:38:35.0890 2144 MfFWEnt (5a60a55f6b8af51a6b7642b8981fd834) C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys
17:38:35.0906 2144 MfFWEnt - ok
17:38:35.0921 2144 MfIPSEnt (99c7209b747e4d25afaf241a140e4be5) C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys
17:38:35.0937 2144 MfIPSEnt - ok
17:38:36.0000 2144 Microsoft SharePoint Workspace Audit Service - ok
17:38:36.0015 2144 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:38:36.0093 2144 mnmdd - ok
17:38:36.0109 2144 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:38:36.0187 2144 mnmsrvc - ok
17:38:36.0218 2144 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:38:36.0296 2144 Modem - ok
17:38:36.0328 2144 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:38:36.0406 2144 Mouclass - ok
17:38:36.0437 2144 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:38:36.0515 2144 mouhid - ok
17:38:36.0531 2144 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:38:36.0609 2144 MountMgr - ok
17:38:36.0640 2144 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:38:36.0656 2144 MpFilter - ok
17:38:36.0671 2144 mraid35x - ok
17:38:36.0671 2144 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:38:36.0750 2144 MRxDAV - ok
17:38:36.0796 2144 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:38:36.0812 2144 MRxSmb - ok
17:38:36.0828 2144 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:38:36.0906 2144 MSDTC - ok
17:38:36.0906 2144 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:38:36.0968 2144 Msfs - ok
17:38:36.0984 2144 MSIServer - ok
17:38:37.0015 2144 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:38:37.0093 2144 MSKSSRV - ok
17:38:37.0156 2144 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
17:38:37.0156 2144 MsMpSvc - ok
17:38:37.0187 2144 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:38:37.0265 2144 MSPCLOCK - ok
17:38:37.0265 2144 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:38:37.0343 2144 MSPQM - ok
17:38:37.0359 2144 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:38:37.0437 2144 mssmbios - ok
17:38:37.0500 2144 MSSQL$SQLEXPRESS - ok
17:38:37.0546 2144 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:38:37.0546 2144 MSSQLServerADHelper - ok
17:38:37.0828 2144 msvsmon90 (70e994d23895df6b1ee1e70145299fcf) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
17:38:37.0921 2144 msvsmon90 - ok
17:38:38.0031 2144 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:38:38.0046 2144 Mup - ok
17:38:38.0062 2144 NA2USB (63214ad48ba99a2d0f0c77b3a4369bb0) C:\WINDOWS\system32\Drivers\UsbFpDrv.sys
17:38:38.0078 2144 NA2USB - ok
17:38:38.0421 2144 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:38:38.0500 2144 napagent - ok
17:38:38.0671 2144 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:38:38.0796 2144 NDIS - ok
17:38:38.0859 2144 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:38:38.0906 2144 NdisTapi - ok
17:38:39.0046 2144 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:38:39.0187 2144 Ndisuio - ok
17:38:39.0296 2144 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:38:39.0375 2144 NdisWan - ok
17:38:39.0593 2144 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:38:39.0640 2144 NDProxy - ok
17:38:39.0687 2144 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:38:39.0765 2144 NetBIOS - ok
17:38:39.0812 2144 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:38:39.0890 2144 NetBT - ok
17:38:39.0953 2144 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:38:40.0031 2144 NetDDE - ok
17:38:40.0031 2144 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:38:40.0109 2144 NetDDEdsdm - ok
17:38:40.0140 2144 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:38:40.0218 2144 Netlogon - ok
17:38:40.0281 2144 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:38:40.0546 2144 Netman - ok
17:38:40.0906 2144 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:38:40.0921 2144 NetTcpPortSharing - ok
17:38:41.0609 2144 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:38:41.0703 2144 NIC1394 - ok
17:38:41.0750 2144 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:38:41.0765 2144 Nla - ok
17:38:41.0781 2144 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:38:41.0859 2144 Npfs - ok
17:38:42.0046 2144 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:38:42.0140 2144 Ntfs - ok
17:38:42.0140 2144 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:38:42.0218 2144 NtLmSsp - ok
17:38:43.0718 2144 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:38:43.0812 2144 NtmsSvc - ok
17:38:43.0937 2144 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:38:44.0031 2144 Null - ok
17:38:44.0156 2144 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:38:44.0234 2144 NwlnkFlt - ok
17:38:44.0250 2144 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:38:44.0343 2144 NwlnkFwd - ok
17:38:44.0421 2144 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:38:44.0500 2144 ohci1394 - ok
17:38:44.0625 2144 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:38:44.0640 2144 ose - ok
17:38:46.0656 2144 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:38:46.0812 2144 osppsvc - ok
17:38:47.0078 2144 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:38:47.0156 2144 Parport - ok
17:38:47.0171 2144 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:38:47.0250 2144 PartMgr - ok
17:38:47.0296 2144 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:38:47.0375 2144 ParVdm - ok
17:38:47.0390 2144 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:38:47.0468 2144 PCI - ok
17:38:47.0468 2144 PCIDump - ok
17:38:47.0500 2144 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:38:47.0562 2144 PCIIde - ok
17:38:47.0625 2144 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:38:47.0703 2144 Pcmcia - ok
17:38:47.0875 2144 PCToolsSSDMonitorSvc (c98cd9ee0012df72206bd519db9780d4) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
17:38:47.0906 2144 PCToolsSSDMonitorSvc - ok
17:38:47.0906 2144 PDCOMP - ok
17:38:47.0906 2144 PDFRAME - ok
17:38:47.0906 2144 PDRELI - ok
17:38:47.0906 2144 PDRFRAME - ok
17:38:47.0921 2144 perc2 - ok
17:38:47.0921 2144 perc2hib - ok
17:38:47.0968 2144 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:38:47.0968 2144 PlugPlay - ok
17:38:48.0000 2144 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:38:48.0078 2144 PolicyAgent - ok
17:38:48.0125 2144 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:38:48.0203 2144 PptpMiniport - ok
17:38:48.0218 2144 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:38:48.0281 2144 ProtectedStorage - ok
17:38:48.0296 2144 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:38:48.0390 2144 PSched - ok
17:38:48.0406 2144 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:38:48.0484 2144 Ptilink - ok
17:38:48.0484 2144 ql1080 - ok
17:38:48.0500 2144 Ql10wnt - ok
17:38:48.0500 2144 ql12160 - ok
17:38:48.0500 2144 ql1240 - ok
17:38:48.0500 2144 ql1280 - ok
17:38:48.0609 2144 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:38:48.0671 2144 RasAcd - ok
17:38:48.0718 2144 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:38:48.0828 2144 RasAuto - ok
17:38:48.0843 2144 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:38:48.0937 2144 Rasl2tp - ok
17:38:49.0109 2144 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:38:49.0187 2144 RasMan - ok
17:38:49.0203 2144 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:38:49.0281 2144 RasPppoe - ok
17:38:49.0328 2144 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:38:49.0406 2144 Raspti - ok
17:38:49.0437 2144 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:38:49.0546 2144 Rdbss - ok
17:38:49.0578 2144 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:38:49.0656 2144 RDPCDD - ok
17:38:49.0671 2144 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:38:49.0750 2144 rdpdr - ok
17:38:49.0828 2144 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
17:38:49.0875 2144 RDPWD - ok
17:38:49.0890 2144 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:38:49.0968 2144 RDSessMgr - ok
17:38:50.0015 2144 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:38:50.0093 2144 redbook - ok
17:38:50.0187 2144 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:38:50.0265 2144 RemoteAccess - ok
17:38:50.0375 2144 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:38:50.0468 2144 RemoteRegistry - ok
17:38:50.0546 2144 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:38:50.0609 2144 RpcLocator - ok
17:38:50.0718 2144 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
17:38:50.0734 2144 RpcSs - ok
17:38:50.0843 2144 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:38:50.0937 2144 RSVP - ok
17:38:51.0000 2144 RTLE8023xp (185641ad7e80bfce0aa545d3ec79d557) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:38:51.0031 2144 RTLE8023xp - ok
17:38:51.0156 2144 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:38:51.0218 2144 SamSs - ok
17:38:51.0406 2144 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:38:51.0500 2144 SCardSvr - ok
17:38:51.0546 2144 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:38:51.0609 2144 Schedule - ok
17:38:51.0640 2144 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:38:51.0687 2144 Secdrv - ok
17:38:51.0765 2144 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:38:51.0843 2144 seclogon - ok
17:38:51.0859 2144 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:38:51.0968 2144 SENS - ok
17:38:52.0015 2144 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:38:52.0093 2144 serenum - ok
17:38:52.0156 2144 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:38:52.0250 2144 Serial - ok
17:38:52.0265 2144 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:38:52.0343 2144 Sfloppy - ok
17:38:52.0515 2144 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:38:52.0593 2144 SharedAccess - ok
17:38:52.0875 2144 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:38:52.0890 2144 ShellHWDetection - ok
17:38:52.0890 2144 Simbad - ok
17:38:52.0890 2144 Sparrow - ok
17:38:52.0937 2144 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:38:53.0031 2144 splitter - ok
17:38:53.0078 2144 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:38:53.0093 2144 Spooler - ok
17:38:53.0343 2144 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:38:53.0359 2144 SQLBrowser - ok
17:38:53.0359 2144 Scan interrupted by user!
17:38:53.0359 2144 Scan interrupted by user!
17:38:53.0359 2144 Scan interrupted by user!
17:38:53.0359 2144 ============================================================
17:38:53.0359 2144 Scan finished
17:38:53.0359 2144 ============================================================
17:38:53.0468 0892 Detected object count: 1
17:38:53.0468 0892 Actual detected object count: 1
17:38:59.0390 0892 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
17:38:59.0390 0892 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:39:27.0343 3396 ============================================================
17:39:27.0343 3396 Scan started
17:39:27.0343 3396 Mode: Manual; SigCheck; TDLFS;
17:39:27.0343 3396 ============================================================
17:39:27.0484 3396 Abiosdsk - ok
17:39:27.0484 3396 abp480n5 - ok
17:39:27.0515 3396 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:39:27.0593 3396 ACPI - ok
17:39:27.0609 3396 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:39:27.0687 3396 ACPIEC - ok
17:39:27.0687 3396 adpu160m - ok
17:39:27.0703 3396 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:39:27.0781 3396 aec - ok
17:39:27.0828 3396 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:39:27.0828 3396 AFD - ok
17:39:27.0843 3396 Aha154x - ok
17:39:27.0843 3396 aic78u2 - ok
17:39:27.0843 3396 aic78xx - ok
17:39:27.0859 3396 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
17:39:27.0921 3396 Alerter - ok
17:39:27.0953 3396 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
17:39:27.0984 3396 ALG - ok
17:39:27.0984 3396 AliIde - ok
17:39:28.0015 3396 AMonTDnt (7ae4f193ca2ad413a0bca3d846625f75) C:\WINDOWS\system32\Drivers\AMonTDnt.sys
17:39:28.0031 3396 AMonTDnt - ok
17:39:28.0031 3396 amsint - ok
17:39:28.0046 3396 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
17:39:28.0093 3396 AppMgmt - ok
17:39:28.0093 3396 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:39:28.0156 3396 Arp1394 - ok
17:39:28.0156 3396 asc - ok
17:39:28.0171 3396 asc3350p - ok
17:39:28.0171 3396 asc3550 - ok
17:39:28.0218 3396 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:39:28.0234 3396 aspnet_state - ok
17:39:28.0234 3396 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:39:28.0312 3396 AsyncMac - ok
17:39:28.0312 3396 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:39:28.0390 3396 atapi - ok
17:39:28.0390 3396 Atdisk - ok
17:39:28.0421 3396 Ati HotKey Poller (fce2918d8dc01e02bccb64f06fe91d45) C:\WINDOWS\system32\Ati2evxx.exe
17:39:28.0453 3396 Ati HotKey Poller - ok
17:39:28.0500 3396 ATI Smart (5b867f6d5331d7df70b70e18586f8d0f) C:\WINDOWS\system32\ati2sgag.exe
17:39:28.0500 3396 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
17:39:28.0500 3396 ATI Smart - detected UnsignedFile.Multi.Generic (1)
17:39:28.0687 3396 ati2mtag (067fca861588b18399555412a456de12) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:39:28.0750 3396 ati2mtag - ok
17:39:28.0828 3396 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:39:28.0890 3396 Atmarpc - ok
17:39:28.0921 3396 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
17:39:29.0000 3396 AudioSrv - ok
17:39:29.0015 3396 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:39:29.0078 3396 audstub - ok
17:39:29.0156 3396 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
17:39:29.0171 3396 BBSvc - ok
17:39:29.0203 3396 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
17:39:29.0218 3396 BBUpdate - ok
17:39:29.0250 3396 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:39:29.0312 3396 Beep - ok
17:39:29.0343 3396 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
17:39:29.0421 3396 BITS - ok
17:39:29.0437 3396 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
17:39:29.0515 3396 Browser - ok
17:39:29.0515 3396 catchme - ok
17:39:29.0531 3396 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:39:29.0609 3396 cbidf2k - ok
17:39:29.0609 3396 cd20xrnt - ok
17:39:29.0625 3396 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:39:29.0703 3396 Cdaudio - ok
17:39:29.0703 3396 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:39:29.0781 3396 Cdfs - ok
17:39:29.0796 3396 CdmDrvNt (21c0133490fc6afb1fbdc7ed9ee32312) C:\WINDOWS\system32\Drivers\CdmDrvNt.sys
17:39:29.0796 3396 CdmDrvNt - ok
17:39:29.0812 3396 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:39:29.0875 3396 Cdrom - ok
17:39:29.0890 3396 Changer - ok
17:39:29.0890 3396 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
17:39:29.0968 3396 CiSvc - ok
17:39:29.0968 3396 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
17:39:30.0046 3396 ClipSrv - ok
17:39:30.0078 3396 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:39:30.0093 3396 clr_optimization_v2.0.50727_32 - ok
17:39:30.0093 3396 CmdIde - ok
17:39:30.0109 3396 COMSysApp - ok
17:39:30.0109 3396 Cpqarray - ok
17:39:30.0125 3396 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
17:39:30.0187 3396 CryptSvc - ok
17:39:30.0187 3396 dac2w2k - ok
17:39:30.0203 3396 dac960nt - ok
17:39:30.0234 3396 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
17:39:30.0250 3396 DcomLaunch - ok
17:39:30.0281 3396 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
17:39:30.0343 3396 Dhcp - ok
17:39:30.0343 3396 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:39:30.0421 3396 Disk - ok
17:39:30.0421 3396 dmadmin - ok
17:39:30.0468 3396 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:39:30.0562 3396 dmboot - ok
17:39:30.0562 3396 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:39:30.0640 3396 dmio - ok
17:39:30.0656 3396 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:39:30.0718 3396 dmload - ok
17:39:30.0718 3396 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
17:39:30.0796 3396 dmserver - ok
17:39:30.0828 3396 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:39:30.0890 3396 DMusic - ok
17:39:30.0906 3396 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
17:39:30.0906 3396 Dnscache - ok
17:39:30.0921 3396 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
17:39:31.0000 3396 Dot3svc - ok
17:39:31.0000 3396 dpti2o - ok
17:39:31.0015 3396 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:39:31.0078 3396 drmkaud - ok
17:39:31.0109 3396 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
17:39:31.0109 3396 dtsoftbus01 - ok
17:39:31.0125 3396 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
17:39:31.0187 3396 EapHost - ok
17:39:31.0203 3396 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
17:39:31.0265 3396 ERSvc - ok
17:39:31.0296 3396 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:39:31.0296 3396 Eventlog - ok
17:39:31.0328 3396 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
17:39:31.0343 3396 EventSystem - ok
17:39:31.0343 3396 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:39:31.0421 3396 Fastfat - ok
17:39:31.0453 3396 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:39:31.0453 3396 FastUserSwitchingCompatibility - ok
17:39:31.0468 3396 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:39:31.0546 3396 Fdc - ok
17:39:31.0546 3396 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:39:31.0609 3396 Fips - ok
17:39:31.0625 3396 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:39:31.0687 3396 Flpydisk - ok
17:39:31.0734 3396 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:39:31.0812 3396 FltMgr - ok
17:39:31.0890 3396 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:39:31.0890 3396 FontCache3.0.0.0 - ok
17:39:31.0906 3396 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:39:31.0984 3396 Fs_Rec - ok
17:39:32.0000 3396 FTDIBUS (d6e3667f5e2bc6afc50308b480de2999) C:\WINDOWS\system32\drivers\ftdibus.sys
17:39:32.0015 3396 FTDIBUS - ok
17:39:32.0031 3396 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:39:32.0093 3396 Ftdisk - ok
17:39:32.0109 3396 FTSER2K (e4cf4c1f9e3d57a66850f484c08e9ecf) C:\WINDOWS\system32\drivers\ftser2k.sys
17:39:32.0109 3396 FTSER2K - ok
17:39:32.0125 3396 gdrv (ad6bd6bdc97bede8a5507ee01220c00f) C:\WINDOWS\gdrv.sys
17:39:32.0140 3396 gdrv - ok
17:39:32.0156 3396 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:39:32.0218 3396 Gpc - ok
17:39:32.0250 3396 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:39:32.0328 3396 HDAudBus - ok
17:39:32.0359 3396 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:39:32.0437 3396 helpsvc - ok
17:39:32.0453 3396 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
17:39:32.0515 3396 HidServ - ok
17:39:32.0531 3396 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:39:32.0609 3396 hidusb - ok
17:39:32.0625 3396 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
17:39:32.0687 3396 hkmsvc - ok
17:39:32.0687 3396 hpn - ok
17:39:32.0734 3396 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:39:32.0734 3396 HTTP - ok
17:39:32.0765 3396 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
17:39:32.0828 3396 HTTPFilter - ok
17:39:32.0828 3396 i2omgmt - ok
17:39:32.0843 3396 i2omp - ok
17:39:32.0921 3396 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:39:32.0968 3396 idsvc - ok
17:39:33.0000 3396 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:39:33.0078 3396 Imapi - ok
17:39:33.0109 3396 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
17:39:33.0171 3396 ImapiService - ok
17:39:33.0171 3396 ini910u - ok
17:39:33.0406 3396 IntcAzAudAddService (6f336c2d18ba1e7ce8d0f31541c87a1d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:39:33.0531 3396 IntcAzAudAddService - ok
17:39:33.0593 3396 IntelIde - ok
17:39:33.0609 3396 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:39:33.0687 3396 intelppm - ok
17:39:33.0687 3396 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:39:33.0765 3396 Ip6Fw - ok
17:39:33.0781 3396 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:39:33.0859 3396 IpFilterDriver - ok
17:39:33.0859 3396 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:39:33.0921 3396 IpInIp - ok
17:39:33.0953 3396 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:39:34.0015 3396 IpNat - ok
17:39:34.0046 3396 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:39:34.0125 3396 IPSec - ok
17:39:34.0140 3396 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:39:34.0171 3396 IRENUM - ok
17:39:34.0203 3396 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:39:34.0265 3396 isapnp - ok
17:39:34.0296 3396 JRSUKD25 (813ecde501d8970645360b4151ecb5b9) C:\WINDOWS\system32\JRSUKD25.SYS
17:39:34.0296 3396 JRSUKD25 - ok
17:39:34.0312 3396 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:39:34.0375 3396 Kbdclass - ok
17:39:34.0390 3396 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:39:34.0453 3396 kbdhid - ok
17:39:34.0468 3396 kcrtx86 (cbbc332b9a94d9eb16e3328b50760587) C:\WINDOWS\system32\kcrtx86.sys
17:39:34.0484 3396 kcrtx86 - ok
17:39:34.0515 3396 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:39:34.0578 3396 kmixer - ok
17:39:34.0593 3396 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:39:34.0609 3396 KSecDD - ok
17:39:34.0625 3396 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
17:39:34.0640 3396 LanmanServer - ok
17:39:34.0656 3396 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
17:39:34.0671 3396 lanmanworkstation - ok
17:39:34.0671 3396 lbrtfdc - ok
17:39:34.0687 3396 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
17:39:34.0750 3396 LmHosts - ok
17:39:34.0828 3396 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
17:39:34.0843 3396 McComponentHostService - ok
17:39:34.0859 3396 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
17:39:34.0937 3396 Messenger - ok
17:39:35.0000 3396 MfFWEnt (5a60a55f6b8af51a6b7642b8981fd834) C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys
17:39:35.0015 3396 MfFWEnt - ok
17:39:35.0031 3396 MfIPSEnt (99c7209b747e4d25afaf241a140e4be5) C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys
17:39:35.0031 3396 MfIPSEnt - ok
17:39:35.0078 3396 Microsoft SharePoint Workspace Audit Service - ok
17:39:35.0093 3396 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:39:35.0171 3396 mnmdd - ok
17:39:35.0187 3396 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
17:39:35.0265 3396 mnmsrvc - ok
17:39:35.0265 3396 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:39:35.0343 3396 Modem - ok
17:39:35.0359 3396 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:39:35.0453 3396 Mouclass - ok
17:39:35.0453 3396 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:39:35.0531 3396 mouhid - ok
17:39:35.0531 3396 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:39:35.0593 3396 MountMgr - ok
17:39:35.0625 3396 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:39:35.0625 3396 MpFilter - ok
17:39:35.0640 3396 mraid35x - ok
17:39:35.0640 3396 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:39:35.0718 3396 MRxDAV - ok
17:39:35.0750 3396 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:39:35.0765 3396 MRxSmb - ok
17:39:35.0781 3396 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
17:39:35.0859 3396 MSDTC - ok
17:39:35.0859 3396 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:39:35.0937 3396 Msfs - ok
17:39:35.0937 3396 MSIServer - ok
17:39:35.0953 3396 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:39:36.0031 3396 MSKSSRV - ok
17:39:36.0062 3396 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
17:39:36.0078 3396 MsMpSvc - ok
17:39:36.0078 3396 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:39:36.0140 3396 MSPCLOCK - ok
17:39:36.0140 3396 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:39:36.0218 3396 MSPQM - ok
17:39:36.0218 3396 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:39:36.0281 3396 mssmbios - ok
17:39:36.0343 3396 MSSQL$SQLEXPRESS - ok
17:39:36.0390 3396 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:39:36.0390 3396 MSSQLServerADHelper - ok
17:39:36.0593 3396 msvsmon90 (70e994d23895df6b1ee1e70145299fcf) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
17:39:36.0703 3396 msvsmon90 - ok
17:39:36.0781 3396 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:39:36.0796 3396 Mup - ok
17:39:36.0812 3396 NA2USB (63214ad48ba99a2d0f0c77b3a4369bb0) C:\WINDOWS\system32\Drivers\UsbFpDrv.sys
17:39:36.0828 3396 NA2USB - ok
17:39:36.0843 3396 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
17:39:36.0921 3396 napagent - ok
17:39:36.0937 3396 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:39:37.0015 3396 NDIS - ok
17:39:37.0031 3396 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:39:37.0046 3396 NdisTapi - ok
17:39:37.0062 3396 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:39:37.0140 3396 Ndisuio - ok
17:39:37.0140 3396 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:39:37.0218 3396 NdisWan - ok
17:39:37.0234 3396 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:39:37.0234 3396 NDProxy - ok
17:39:37.0250 3396 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:39:37.0312 3396 NetBIOS - ok
17:39:37.0328 3396 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:39:37.0406 3396 NetBT - ok
17:39:37.0421 3396 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:39:37.0484 3396 NetDDE - ok
17:39:37.0500 3396 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
17:39:37.0562 3396 NetDDEdsdm - ok
17:39:37.0578 3396 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:39:37.0640 3396 Netlogon - ok
17:39:37.0671 3396 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
17:39:37.0734 3396 Netman - ok
17:39:37.0812 3396 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:39:37.0828 3396 NetTcpPortSharing - ok
17:39:37.0843 3396 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:39:37.0921 3396 NIC1394 - ok
17:39:37.0953 3396 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
17:39:37.0953 3396 Nla - ok
17:39:37.0968 3396 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:39:38.0031 3396 Npfs - ok
17:39:38.0062 3396 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:39:38.0140 3396 Ntfs - ok
17:39:38.0140 3396 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:39:38.0203 3396 NtLmSsp - ok
17:39:38.0234 3396 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
17:39:38.0312 3396 NtmsSvc - ok
17:39:38.0328 3396 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:39:38.0390 3396 Null - ok
17:39:38.0421 3396 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:39:38.0484 3396 NwlnkFlt - ok
17:39:38.0500 3396 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:39:38.0562 3396 NwlnkFwd - ok
17:39:38.0578 3396 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:39:38.0640 3396 ohci1394 - ok
17:39:38.0703 3396 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:39:38.0718 3396 ose - ok
17:39:38.0906 3396 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:39:39.0078 3396 osppsvc - ok
17:39:39.0171 3396 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:39:39.0234 3396 Parport - ok
17:39:39.0234 3396 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:39:39.0312 3396 PartMgr - ok
17:39:39.0328 3396 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:39:39.0390 3396 ParVdm - ok
17:39:39.0406 3396 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:39:39.0468 3396 PCI - ok
17:39:39.0468 3396 PCIDump - ok
17:39:39.0468 3396 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:39:39.0546 3396 PCIIde - ok
17:39:39.0578 3396 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:39:39.0640 3396 Pcmcia - ok
17:39:39.0703 3396 PCToolsSSDMonitorSvc (c98cd9ee0012df72206bd519db9780d4) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
17:39:39.0718 3396 PCToolsSSDMonitorSvc - ok
17:39:39.0718 3396 PDCOMP - ok
17:39:39.0718 3396 PDFRAME - ok
17:39:39.0734 3396 PDRELI - ok
17:39:39.0734 3396 PDRFRAME - ok
17:39:39.0734 3396 perc2 - ok
17:39:39.0734 3396 perc2hib - ok
17:39:39.0765 3396 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
17:39:39.0781 3396 PlugPlay - ok
17:39:39.0781 3396 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:39:39.0843 3396 PolicyAgent - ok
17:39:39.0843 3396 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:39:39.0921 3396 PptpMiniport - ok
17:39:39.0921 3396 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:39:39.0984 3396 ProtectedStorage - ok
17:39:40.0000 3396 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:39:40.0062 3396 PSched - ok
17:39:40.0062 3396 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:39:40.0140 3396 Ptilink - ok
17:39:40.0140 3396 ql1080 - ok
17:39:40.0140 3396 Ql10wnt - ok
17:39:40.0140 3396 ql12160 - ok
17:39:40.0140 3396 ql1240 - ok
17:39:40.0140 3396 ql1280 - ok
17:39:40.0156 3396 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:39:40.0234 3396 RasAcd - ok
17:39:40.0250 3396 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
17:39:40.0312 3396 RasAuto - ok
17:39:40.0312 3396 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:39:40.0390 3396 Rasl2tp - ok
17:39:40.0406 3396 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
17:39:40.0500 3396 RasMan - ok
17:39:40.0500 3396 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:39:40.0562 3396 RasPppoe - ok
17:39:40.0578 3396 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:39:40.0640 3396 Raspti - ok
17:39:40.0656 3396 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:39:40.0734 3396 Rdbss - ok
17:39:40.0734 3396 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:39:40.0796 3396 RDPCDD - ok
17:39:40.0828 3396 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:39:40.0906 3396 rdpdr - ok
17:39:40.0937 3396 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
17:39:40.0953 3396 RDPWD - ok
17:39:40.0968 3396 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
17:39:41.0046 3396 RDSessMgr - ok
17:39:41.0062 3396 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:39:41.0140 3396 redbook - ok
17:39:41.0156 3396 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
17:39:41.0218 3396 RemoteAccess - ok
17:39:41.0250 3396 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
17:39:41.0312 3396 RemoteRegistry - ok
17:39:41.0328 3396 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
17:39:41.0406 3396 RpcLocator - ok
17:39:41.0421 3396 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
17:39:41.0437 3396 RpcSs - ok
17:39:41.0453 3396 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
17:39:41.0515 3396 RSVP - ok
17:39:41.0531 3396 RTLE8023xp (185641ad7e80bfce0aa545d3ec79d557) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:39:41.0546 3396 RTLE8023xp - ok
17:39:41.0562 3396 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
17:39:41.0625 3396 SamSs - ok
17:39:41.0640 3396 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
17:39:41.0718 3396 SCardSvr - ok
17:39:41.0734 3396 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
17:39:41.0812 3396 Schedule - ok
17:39:41.0812 3396 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:39:41.0843 3396 Secdrv - ok
17:39:41.0843 3396 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
17:39:41.0921 3396 seclogon - ok
17:39:41.0921 3396 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
17:39:42.0000 3396 SENS - ok
17:39:42.0000 3396 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:39:42.0062 3396 serenum - ok
17:39:42.0078 3396 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:39:42.0140 3396 Serial - ok
17:39:42.0171 3396 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:39:42.0234 3396 Sfloppy - ok
17:39:42.0265 3396 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
17:39:42.0343 3396 SharedAccess - ok
17:39:42.0359 3396 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:39:42.0375 3396 ShellHWDetection - ok
17:39:42.0375 3396 Simbad - ok
17:39:42.0375 3396 Sparrow - ok
17:39:42.0375 3396 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:39:42.0453 3396 splitter - ok
17:39:42.0468 3396 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:39:42.0484 3396 Spooler - ok
17:39:42.0578 3396 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:39:42.0578 3396 SQLBrowser - ok
17:39:42.0609 3396 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:39:42.0609 3396 SQLWriter - ok
17:39:42.0640 3396 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:39:42.0687 3396 sr - ok
17:39:42.0687 3396 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
17:39:42.0718 3396 srservice - ok
17:39:42.0750 3396 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:39:42.0781 3396 Srv - ok
17:39:42.0781 3396 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
17:39:42.0828 3396 SSDPSRV - ok
17:39:42.0843 3396 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
17:39:42.0921 3396 StillCam - ok
17:39:42.0937 3396 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
17:39:43.0015 3396 stisvc - ok
17:39:43.0046 3396 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:39:43.0125 3396 swenum - ok
17:39:43.0125 3396 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:39:43.0203 3396 swmidi - ok
17:39:43.0203 3396 SwPrv - ok
17:39:43.0203 3396 symc810 - ok
17:39:43.0218 3396 symc8xx - ok
17:39:43.0218 3396 sym_hi - ok
17:39:43.0218 3396 sym_u3 - ok
17:39:43.0218 3396 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:39:43.0296 3396 sysaudio - ok
17:39:43.0312 3396 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
17:39:43.0375 3396 SysmonLog - ok
17:39:43.0406 3396 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
17:39:43.0468 3396 TapiSrv - ok
17:39:43.0515 3396 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:39:43.0515 3396 Tcpip - ok
17:39:43.0546 3396 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:39:43.0625 3396 TDPIPE - ok
17:39:43.0640 3396 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:39:43.0718 3396 TDTCP - ok
17:39:43.0734 3396 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:39:43.0796 3396 TermDD - ok
17:39:43.0828 3396 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
17:39:43.0906 3396 TermService - ok
17:39:43.0921 3396 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
17:39:43.0937 3396 Themes - ok
17:39:43.0953 3396 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
17:39:43.0984 3396 TlntSvr - ok
17:39:44.0000 3396 TosIde - ok
17:39:44.0015 3396 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
17:39:44.0093 3396 TrkWks - ok
17:39:44.0109 3396 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:39:44.0203 3396 Udfs - ok
17:39:44.0203 3396 ultra - ok
17:39:44.0234 3396 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:39:44.0312 3396 Update - ok
17:39:44.0343 3396 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
17:39:44.0375 3396 upnphost - ok
17:39:44.0390 3396 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
17:39:44.0468 3396 UPS - ok
17:39:44.0468 3396 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:39:44.0546 3396 usbccgp - ok
17:39:44.0562 3396 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:39:44.0625 3396 usbehci - ok
17:39:44.0625 3396 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:39:44.0703 3396 usbhub - ok
17:39:44.0734 3396 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:39:44.0796 3396 USBSTOR - ok
17:39:44.0812 3396 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:39:44.0875 3396 usbuhci - ok
17:39:44.0906 3396 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:39:44.0984 3396 VgaSave - ok
17:39:44.0984 3396 ViaIde - ok
17:39:45.0000 3396 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:39:45.0062 3396 VolSnap - ok
17:39:45.0109 3396 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
17:39:45.0156 3396 VSS - ok
17:39:45.0187 3396 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
17:39:45.0250 3396 W32Time - ok
17:39:45.0265 3396 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:39:45.0328 3396 Wanarp - ok
17:39:45.0375 3396 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:39:45.0390 3396 Wdf01000 - ok
17:39:45.0390 3396 WDICA - ok
17:39:45.0421 3396 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:39:45.0500 3396 wdmaud - ok
17:39:45.0515 3396 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
17:39:45.0593 3396 WebClient - ok
17:39:45.0656 3396 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:39:45.0734 3396 winmgmt - ok
17:39:45.0750 3396 WinUSB (30fc6e5448d0cbaaa95280eeef7fedae) C:\WINDOWS\system32\DRIVERS\winusb.sys
17:39:45.0765 3396 WinUSB - ok
17:39:45.0921 3396 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:39:45.0968 3396 wlidsvc - ok
17:39:46.0031 3396 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
17:39:46.0109 3396 WmdmPmSN - ok
17:39:46.0156 3396 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
17:39:46.0187 3396 Wmi - ok
17:39:46.0234 3396 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:39:46.0312 3396 WmiApSrv - ok
17:39:46.0328 3396 WmUsbIce (a654186474c38764ba82e5b47976193f) C:\WINDOWS\system32\Drivers\WmUsbIce.sys
17:39:46.0328 3396 WmUsbIce ( UnsignedFile.Multi.Generic ) - warning
17:39:46.0328 3396 WmUsbIce - detected UnsignedFile.Multi.Generic (1)
17:39:46.0343 3396 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:39:46.0421 3396 WS2IFSL - ok
17:39:46.0437 3396 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
17:39:46.0515 3396 wscsvc - ok
17:39:46.0531 3396 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
17:39:46.0609 3396 wuauserv - ok
17:39:46.0625 3396 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
17:39:46.0718 3396 WZCSVC - ok
17:39:46.0750 3396 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
17:39:46.0812 3396 xmlprov - ok
17:39:46.0828 3396 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:39:47.0203 3396 \Device\Harddisk0\DR0 - ok
17:39:47.0203 3396 Boot (0x1200) (ff7914e8cc132e0d992fcd15312d7f66) \Device\Harddisk0\DR0\Partition0
17:39:47.0203 3396 \Device\Harddisk0\DR0\Partition0 - ok
17:39:47.0218 3396 Boot (0x1200) (e200ec1dc2803bc4494a845f6e6bb182) \Device\Harddisk0\DR0\Partition1
17:39:47.0218 3396 \Device\Harddisk0\DR0\Partition1 - ok
17:39:47.0218 3396 ============================================================
17:39:47.0218 3396 Scan finished
17:39:47.0218 3396 ============================================================
17:39:47.0218 3584 Detected object count: 2
17:39:47.0218 3584 Actual detected object count: 2
17:40:55.0187 3584 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
17:40:55.0187 3584 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:40:55.0187 3584 WmUsbIce ( UnsignedFile.Multi.Generic ) - skipped by user
17:40:55.0187 3584 WmUsbIce ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:40:58.0250 2072 Deinitialize success




OTL 2 logs

Extras.txt

OTL Extras logfile created on: 8/13/2012 5:48:19 PM - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\Manisha_ibkr\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 81.20% Memory free
5.09 Gb Paging File | 4.56 Gb Available in Paging File | 89.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 165.24 Gb Free Space | 84.60% Space Free | Partition Type: NTFS
Drive D: | 400.86 Gb Total Space | 400.78 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Computer Name: MANISHA | User Name: Manisha_ibkr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\ImageJ\jre\bin\javaw.exe" = C:\Program Files\ImageJ\jre\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00E15D21-B68B-D7C4-574B-636E2D1ECEBE}" = Catalyst Control Center HydraVision Full
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1170F665-2359-E439-5BC5-932B87423EF1}" = ccc-utility
"{13D324E9-9DB1-478D-944C-28BBE1BB80DC}" = HP Officejet Pro 8500 A910 Help
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39D74E81-5DED-C7EE-8807-91A8800212FA}" = ccc-core-preinstall
"{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)
"{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161" = Visual C++ 2008 x86 Runtime - v9.0.30729.6161
"{41C01225-45FD-7BCE-1EDA-F7E50945ADD7}" = Catalyst Control Center Core Implementation
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5E8E1294-7951-6DA9-10F1-C877871346F3}" = Skins
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148
"{826F3B4F-C597-AF1D-4CB1-2F441BE8E2BF}" = ccc-core-static
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{869D453C-53E8-4DE0-92EA-F574A22E82AE}" = HP Officejet Pro 8500 A910 Basic Device Software
"{87B20692-9E9D-FAE0-76C7-E75E3CC7B0D1}" = Catalyst Control Center Graphics Full Existing
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPROR_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.02
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C29769BE-BEDF-DC9E-67A9-5E7AEFF039CF}" = CCC Help English
"{C740289B-FC90-D938-8317-1FFEBF7C04DB}" = Catalyst Control Center Graphics Previews Common
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{E3624DFE-B0AB-410A-9BDC-5D1681E5E388}" = HP Officejet Pro 8500 A910 Product Improvement Study
"{E3C79593-DC72-4B99-A627-F40826F000B6}" = IBScanUltimateSDK
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F30A8BF7-288C-57C0-357E-6D67BB694682}" = Catalyst Control Center Graphics Full New
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F54543CF-EC73-D847-1780-84A6420EA229}" = Catalyst Control Center Graphics Light
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Shortcuts
"1DE53D4BF1BBEB711DE2B1DC550DA4C5436EF788" = Windows Driver Package - Integrated Biometrics LLC (NA2USB) Biometric (06/03/2009 2.0.2.00)
"63EE9E433F535724C200FCA239B6A78A732E2483" = Windows Driver Package - Integrated Biometrics LLC (WinUSB) Biometric (11/30/2011 1.0.0.01)
"ABC Amber PDF Converter" = ABC Amber PDF Converter
"ABC Amber Text Converter" = ABC Amber Text Converter
"AhnLab Online Security" = AhnLab Online Security
"All ATI Software" = ATI - Software Uninstall Utility
"ALZip_is1" = ALZip
"ATI Display Driver" = ATI Display Driver
"CMake 2.8.9" = CMake 2.8, a cross-platform, open-source build system
"DAEMON Tools Pro" = DAEMON Tools Pro
"HTML Help Workshop" = HTML Help Workshop
"ie8" = Windows Internet Explorer 8
"ImageJ_is1" = ImageJ 1.44p
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PDF2CHM 2012_is1" = PDF2CHM 2012
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualDSP_{56BBC5BD-684A-4B70-8B78-BF6A1F9A66AD}" = VisualDSP++ 5.0 Update 10 (C:\Program Files\Analog Devices\VisualDSP 5.0)
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"winusb0200" = Microsoft WinUsb 2.0
"XecureCK" = ClientKeeper KeyPro with E2E for 32bit
"XecureWeb Control" = XecureWeb Control
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/9/2020 2:37:10 AM | Computer Name = MANISHA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/9/2020 2:37:10 AM | Computer Name = MANISHA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/9/2020 2:37:10 AM | Computer Name = MANISHA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/9/2020 2:37:10 AM | Computer Name = MANISHA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/9/2020 2:37:11 AM | Computer Name = MANISHA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/9/2020 2:37:11 AM | Computer Name = MANISHA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/9/2020 2:37:11 AM | Computer Name = MANISHA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/9/2020 2:37:11 AM | Computer Name = MANISHA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/9/2020 2:37:11 AM | Computer Name = MANISHA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 8/13/2012 4:15:49 AM | Computer Name = MANISHA | Source = Microsoft Security Client | ID = 5000
Description =

[ System Events ]
Error - 6/13/2012 12:34:26 AM | Computer Name = MANISHA | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.150 for the Network Card with network
address 001FD0A11314 has been denied by the DHCP server 192.168.123.254 (The DHCP
Server sent a DHCPNACK message).


< End of report >


OTL.txt

OTL logfile created on: 8/13/2012 5:48:19 PM - Run 2
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\Manisha_ibkr\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 81.20% Memory free
5.09 Gb Paging File | 4.56 Gb Available in Paging File | 89.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195.31 Gb Total Space | 165.24 Gb Free Space | 84.60% Space Free | Partition Type: NTFS
Drive D: | 400.86 Gb Total Space | 400.78 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Computer Name: MANISHA | User Name: Manisha_ibkr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/13 17:42:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Manisha_ibkr\Desktop\aswMBR.exe
PRC - [2012/08/13 13:43:24 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Manisha_ibkr\My Documents\Downloads\OTL.exe
PRC - [2012/08/07 15:43:41 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/04/26 21:33:16 | 002,743,104 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2011/06/18 02:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/01/28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2008/04/14 21:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/07 15:43:40 | 000,442,392 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\ppgooglenaclpluginchrome.dll
MOD - [2012/08/07 15:43:37 | 003,997,720 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\pdf.dll
MOD - [2012/08/07 15:42:09 | 000,144,424 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\avutil-51.dll
MOD - [2012/08/07 15:42:08 | 000,266,792 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\avformat-54.dll
MOD - [2012/08/07 15:42:07 | 002,480,680 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\avcodec-54.dll
MOD - [2012/06/15 03:09:23 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/15 03:05:50 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/15 03:05:41 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/15 03:04:23 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/05/12 03:09:08 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/12 03:08:41 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/12 03:06:56 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/12 03:05:41 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/12 03:05:24 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/05/07 13:42:49 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HydraVision.Wizard\2.0.3223.36990__90ba9c70f846762e\CLI.Aspect.HydraVision.Wizard.dll
MOD - [2012/05/07 13:42:49 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3223.36982__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll
MOD - [2012/05/07 13:42:49 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3223.36981__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll
MOD - [2012/05/07 13:42:49 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3223.36987__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll
MOD - [2012/05/07 13:42:49 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3223.36982__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll
MOD - [2012/05/07 13:42:48 | 001,691,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3223.36856__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2012/05/07 13:42:48 | 000,278,528 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3223.36839__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:48 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3223.36858__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2012/05/07 13:42:48 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3223.36852__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2012/05/07 13:42:48 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3223.36846__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:47 | 000,692,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3223.36925__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll
MOD - [2012/05/07 13:42:47 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3223.36961__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2012/05/07 13:42:47 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3223.36942__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2012/05/07 13:42:47 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3223.36962__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:47 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3223.36857__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:47 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3223.36936__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:47 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3223.36846__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:47 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3223.36912__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:47 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3223.36895__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:47 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3223.36856__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:46 | 000,356,352 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3223.36919__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:46 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3223.36919__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2012/05/07 13:42:46 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3223.36918__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:45 | 000,671,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3223.36980__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:44 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3223.36979__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:43 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3223.36930__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2012/05/07 13:42:42 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3223.36897__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:42 | 000,720,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3223.36848__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:42 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3223.36859__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:42 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3223.36858__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:42 | 000,122,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3223.36909__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:42 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3223.36896__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3223.36862__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:42 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3223.36908__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:41 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3223.36937__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:41 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3223.36891__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3223.36910__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:40 | 000,675,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3223.36913__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:40 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3223.36896__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2012/05/07 13:42:40 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3223.36895__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:40 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3223.36896__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2012/05/07 13:42:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3184.27499__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2012/05/07 13:42:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3184.27491__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2012/05/07 13:42:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3184.27506__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2012/05/07 13:42:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3184.27533__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2012/05/07 13:42:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3184.27509__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2012/05/07 13:42:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3184.27533__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2012/05/07 13:42:39 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2012/05/07 13:42:38 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3184.27483__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2012/05/07 13:42:38 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3184.27484__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2012/05/07 13:42:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3184.27511__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2012/05/07 13:42:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3184.27510__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2012/05/07 13:42:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3184.27511__90ba9c70f846762e\DEM.OS.dll
MOD - [2012/05/07 13:42:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2012/05/07 13:42:37 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3184.27485__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2012/05/07 13:42:37 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2012/05/07 13:42:37 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3184.27567__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2012/05/07 13:42:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2012/05/07 13:42:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3184.27503__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2012/05/07 13:42:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3184.27499__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2012/05/07 13:42:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3184.27492__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2012/05/07 13:42:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3184.27512__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2012/05/07 13:42:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2012/05/07 13:42:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3184.27498__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2012/05/07 13:42:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3184.27515__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2012/05/07 13:42:36 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3184.27501__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2012/05/07 13:42:36 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3184.27520__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2012/05/07 13:42:36 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3184.27528__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2012/05/07 13:42:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3184.27516__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2012/05/07 13:42:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3184.27513__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2012/05/07 13:42:35 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3184.27534__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2012/05/07 13:42:35 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3184.27518__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2012/05/07 13:42:34 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3184.27520__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2012/05/07 13:42:34 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3184.27517__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2012/05/07 13:42:34 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3184.27520__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2012/05/07 13:42:34 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3184.27509__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2012/05/07 13:42:34 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3184.27516__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2012/05/07 13:42:34 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3184.27513__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2012/05/07 13:42:34 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3184.27519__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2012/05/07 13:42:34 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3184.27514__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2012/05/07 13:42:33 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3184.27518__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2012/05/07 13:42:33 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3184.27510__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2012/05/07 13:42:33 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3184.27508__90ba9c70f846762e\APM.Foundation.dll
MOD - [2012/05/07 13:42:33 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3184.27499__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2012/05/07 13:42:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2012/05/07 13:42:32 | 000,011,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3223.36983__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2012/05/07 13:42:31 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3223.36973__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2012/05/07 13:42:31 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3223.36836__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2012/05/07 13:42:30 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3223.36953__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2012/05/07 13:42:30 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3184.27488__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2012/05/07 13:42:30 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2012/05/07 13:42:30 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2012/05/07 13:42:29 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3223.36951__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2012/05/07 13:42:29 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3184.27493__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2012/05/07 13:42:29 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3184.27510__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2012/05/07 13:42:28 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3184.27488__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2012/05/07 13:42:28 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3184.27504__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2012/05/07 13:42:25 | 000,536,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3223.36947__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2012/05/07 13:42:25 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3223.36851__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2012/05/07 13:42:25 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3223.36838__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2012/05/07 13:42:25 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3184.27505__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2012/05/07 13:42:24 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3223.36837__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2012/05/07 13:42:23 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3184.27504__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2012/05/07 13:42:21 | 001,077,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3223.36843__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2012/05/07 13:42:18 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3184.27496__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2012/05/07 13:42:17 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3184.27521__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2012/05/07 13:42:16 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3223.36837__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2012/05/07 13:42:16 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2012/05/07 13:42:16 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3223.36953__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2012/05/07 13:42:15 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3223.36835__90ba9c70f846762e\APM.Server.dll
MOD - [2012/05/07 13:42:15 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3223.36836__90ba9c70f846762e\AEM.Server.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2008/10/30 14:39:12 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/18 02:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/01/28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2008/07/29 13:10:46 | 003,201,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\MANISH~1\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\MANISH~1\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/06/29 15:56:07 | 000,126,048 | ---- | M] (Kings Information & Network) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\kcrtx86.sys -- (kcrtx86)
DRV - [2012/05/30 17:59:52 | 000,019,496 | R--- | M] (Soft Security Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\JRSUKD25.SYS -- (JRSUKD25)
DRV - [2012/05/07 09:48:06 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/05/02 20:18:04 | 000,014,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2012/04/13 10:05:20 | 000,062,216 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2012/04/13 10:05:06 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2011/11/29 22:12:38 | 000,022,128 | ---- | M] (Integrated Biometrics LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\UsbFpDrv.sys -- (NA2USB)
DRV - [2011/08/17 23:23:14 | 000,016,896 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmUsbIce.sys -- (WmUsbIce)
DRV - [2011/05/27 01:23:00 | 000,096,200 | ---- | M] (AhnLab, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmonTDNt.sys -- (AMonTDnt)
DRV - [2010/06/28 16:54:00 | 000,121,536 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mfipsent.sys -- (MfIPSEnt)
DRV - [2010/06/28 16:54:00 | 000,101,368 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\mffwent.sys -- (MfFWEnt)
DRV - [2009/07/21 10:13:00 | 000,019,616 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CdmDrvNt.sys -- (CdmDrvNt)
DRV - [2009/07/13 16:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/10/29 12:10:58 | 003,341,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/10/02 19:01:46 | 004,878,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/09/25 21:51:42 | 000,115,328 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{750E287F-D083-4D3F-AACC-1DF37DF188F8}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files\AhnLab\ASP\Components\aosmgr\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npKeyPro: C:\WINDOWS\system32\npKeyPro.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll (SoftForum)
FF - HKLM\Software\MozillaPlugins\@softforum.com/npxwebplugins_file: C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll (SoftForum Co., Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/13 17:28:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} https://ck.softforum...Pro3026_32k.cab (XecureCKKB Class)
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} https://ubi.wooriban.../xw_install.cab (XecureWeb 4.0 Client Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 168.126.63.1 168.126.63.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2147C126-EA1E-484B-9D18-D332BEDCB799}: DhcpNameServer = 168.126.63.1 168.126.63.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/05/02 20:01:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2020/03/09 15:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Analog Devices
[2020/03/09 15:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2012/08/13 17:41:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Manisha_ibkr\Desktop\aswMBR.exe
[2012/08/13 17:35:36 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Manisha_ibkr\Desktop\tdsskiller.exe
[2012/08/13 17:31:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/08/13 17:22:46 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/08/13 17:21:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/13 17:21:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/13 17:21:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/13 17:21:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/13 17:21:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/13 17:21:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Manisha_ibkr\My Documents\My Videos
[2012/08/13 17:21:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Manisha_ibkr\Start Menu\Programs\Administrative Tools
[2012/08/13 17:21:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/08/13 17:18:02 | 004,729,547 | R--- | C] (Swearware) -- C:\Documents and Settings\Manisha_ibkr\Desktop\ComboFix.exe
[2012/08/13 17:03:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/13 15:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manisha_ibkr\Start Menu\Programs\HTML Help Workshop
[2012/08/13 15:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\ABC Amber PDF Converter
[2012/08/13 15:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manisha_ibkr\Start Menu\Programs\ProcessText Group
[2012/08/13 15:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\ABC Amber Text Converter
[2012/08/13 14:46:09 | 000,000,000 | ---D | C] -- C:\Program Files\CMake 2.8
[2012/08/13 14:24:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manisha_ibkr\Application Data\DawningSoft
[2012/08/13 14:24:47 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Itcc.dll
[2012/08/13 14:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DawningSoft
[2012/08/13 14:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\DawningSoft
[2012/08/13 09:59:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/08/09 19:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manisha_ibkr\Application Data\Registry Mechanic
[2012/05/30 17:26:00 | 003,259,699 | ---- | C] (ESTsoft Corp. ) -- C:\Program Files\ALZip_eng_632.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/13 17:47:14 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Desktop\MBR.dat
[2012/08/13 17:42:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Manisha_ibkr\Desktop\aswMBR.exe
[2012/08/13 17:37:50 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/13 17:37:46 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/08/13 17:36:17 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Manisha_ibkr\Desktop\tdsskiller.exe
[2012/08/13 17:32:17 | 000,482,734 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/13 17:32:17 | 000,086,438 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/13 17:28:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/13 17:28:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/13 17:27:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/13 17:27:43 | 000,060,452 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012/08/13 17:22:51 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/08/13 17:18:19 | 004,729,547 | R--- | M] (Swearware) -- C:\Documents and Settings\Manisha_ibkr\Desktop\ComboFix.exe
[2012/08/13 15:36:59 | 000,004,540 | ---- | M] () -- C:\WINDOWS\flash.fpr
[2012/08/13 15:20:06 | 000,000,735 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Desktop\ABC Amber PDF Converter.lnk
[2012/08/13 15:19:21 | 001,855,131 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Desktop\abcpdf.zip
[2012/08/13 15:15:40 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Desktop\ABC Amber Text Converter.lnk
[2012/08/13 15:15:00 | 001,784,264 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Desktop\abctext.zip
[2012/08/13 14:24:47 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Application Data\Microsoft\Internet Explorer\Quick Launch\PDF2CHM 2012.lnk
[2012/08/13 14:24:47 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Desktop\PDF2CHM 2012.lnk
[2012/08/13 13:21:16 | 002,117,108 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Desktop\tdsskiller.zip
[2012/08/13 13:14:04 | 000,001,917 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/08/10 16:08:39 | 000,123,958 | ---- | M] () -- C:\1_thinning.bmp
[2012/08/10 16:08:39 | 000,123,958 | ---- | M] () -- C:\1_postprocessing.bmp
[2012/08/10 16:08:39 | 000,123,958 | ---- | M] () -- C:\1_period.bmp
[2012/08/10 16:08:39 | 000,123,958 | ---- | M] () -- C:\1_original.bmp
[2012/08/10 16:08:39 | 000,123,958 | ---- | M] () -- C:\1_orientation.bmp
[2012/08/10 16:08:39 | 000,123,958 | ---- | M] () -- C:\1_localnormalization.bmp
[2012/08/10 16:08:39 | 000,123,958 | ---- | M] () -- C:\1_gabor.bmp
[2012/08/10 16:08:39 | 000,123,958 | ---- | M] () -- C:\1_cuthistogram.bmp
[2012/08/10 16:08:39 | 000,123,958 | ---- | M] () -- C:\1_binary.bmp
[2012/08/10 16:08:39 | 000,123,958 | ---- | M] () -- C:\1_background.bmp
[2012/08/10 16:08:13 | 000,123,958 | ---- | M] () -- C:\0_thinning.bmp
[2012/08/10 16:08:13 | 000,123,958 | ---- | M] () -- C:\0_postprocessing.bmp
[2012/08/10 16:08:13 | 000,123,958 | ---- | M] () -- C:\0_period.bmp
[2012/08/10 16:08:13 | 000,123,958 | ---- | M] () -- C:\0_original.bmp
[2012/08/10 16:08:13 | 000,123,958 | ---- | M] () -- C:\0_orientation.bmp
[2012/08/10 16:08:13 | 000,123,958 | ---- | M] () -- C:\0_localnormalization.bmp
[2012/08/10 16:08:13 | 000,123,958 | ---- | M] () -- C:\0_gabor.bmp
[2012/08/10 16:08:13 | 000,123,958 | ---- | M] () -- C:\0_cuthistogram.bmp
[2012/08/10 16:08:13 | 000,123,958 | ---- | M] () -- C:\0_binary.bmp
[2012/08/10 16:08:13 | 000,123,958 | ---- | M] () -- C:\0_background.bmp
[2012/08/10 09:02:52 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Desktop\Google Chrome.lnk
[2012/08/10 09:02:52 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\Manisha_ibkr\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/07 12:14:05 | 000,101,376 | ---- | M] () -- C:\VignettingBuf.raw
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/13 17:47:14 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Manisha_ibkr\Desktop\MBR.dat
[2012/08/13 17:25:02 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/13 17:24:59 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/08/13 17:22:51 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/08/13 17:22:48 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/08/13 17:21:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/13 17:21:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/13 17:21:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/13 17:21:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/13 17:21:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/13 15:36:59 | 000,004,540 | ---- | C] () -- C:\WINDOWS\flash.fpr
[2012/08/13 15:20:06 | 000,000,735 | ---- | C] () -- C:\Documents and Settings\Manisha_ibkr\Desktop\ABC Amber PDF Converter.lnk
[2012/08/13 15:19:16 | 001,855,131 | ---- | C] () -- C:\Documents and Settings\Manisha_ibkr\Desktop\abcpdf.zip
[2012/08/13 15:15:40 | 000,000,745 | ---- | C] () -- C:\Documents and Settings\Manisha_ibkr\Desktop\ABC Amber Text Converter.lnk
[2012/08/13 15:14:54 | 001,784,264 | ---- | C] () -- C:\Documents and Settings\Manisha_ibkr\Desktop\abctext.zip
[2012/08/13 14:24:47 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\Manisha_ibkr\Application Data\Microsoft\Internet Explorer\Quick Launch\PDF2CHM 2012.lnk
[2012/08/13 14:24:47 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\Manisha_ibkr\Desktop\PDF2CHM 2012.lnk
[2012/08/13 13:20:59 | 002,117,108 | ---- | C] () -- C:\Documents and Settings\Manisha_ibkr\Desktop\tdsskiller.zip
[2012/08/10 15:10:03 | 000,123,958 | ---- | C] () -- C:\1_thinning.bmp
[2012/08/10 15:10:03 | 000,123,958 | ---- | C] () -- C:\1_postprocessing.bmp
[2012/08/10 15:10:03 | 000,123,958 | ---- | C] () -- C:\1_period.bmp
[2012/08/10 15:10:03 | 000,123,958 | ---- | C] () -- C:\1_original.bmp
[2012/08/10 15:10:03 | 000,123,958 | ---- | C] () -- C:\1_orientation.bmp
[2012/08/10 15:10:03 | 000,123,958 | ---- | C] () -- C:\1_localnormalization.bmp
[2012/08/10 15:10:03 | 000,123,958 | ---- | C] () -- C:\1_gabor.bmp
[2012/08/10 15:10:03 | 000,123,958 | ---- | C] () -- C:\1_cuthistogram.bmp
[2012/08/10 15:10:03 | 000,123,958 | ---- | C] () -- C:\1_binary.bmp
[2012/08/10 15:10:03 | 000,123,958 | ---- | C] () -- C:\1_background.bmp
[2012/08/10 15:09:14 | 000,123,958 | ---- | C] () -- C:\0_thinning.bmp
[2012/08/10 15:09:14 | 000,123,958 | ---- | C] () -- C:\0_postprocessing.bmp
[2012/08/10 15:09:14 | 000,123,958 | ---- | C] () -- C:\0_period.bmp
[2012/08/10 15:09:14 | 000,123,958 | ---- | C] () -- C:\0_original.bmp
[2012/08/10 15:09:14 | 000,123,958 | ---- | C] () -- C:\0_orientation.bmp
[2012/08/10 15:09:14 | 000,123,958 | ---- | C] () -- C:\0_localnormalization.bmp
[2012/08/10 15:09:14 | 000,123,958 | ---- | C] () -- C:\0_gabor.bmp
[2012/08/10 15:09:14 | 000,123,958 | ---- | C] () -- C:\0_cuthistogram.bmp
[2012/08/10 15:09:14 | 000,123,958 | ---- | C] () -- C:\0_binary.bmp
[2012/08/10 15:09:14 | 000,123,958 | ---- | C] () -- C:\0_background.bmp
[2012/06/04 16:23:00 | 003,071,288 | ---- | C] () -- C:\Program Files\TBN2xx Driver.zip
[2012/05/25 12:36:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\aosbackv.INI
[2012/05/25 12:36:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AosLogVw.INI
[2012/05/07 10:07:52 | 000,000,172 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/05/07 09:48:41 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2012/05/05 03:02:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/05/03 04:50:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/05/03 04:49:31 | 000,276,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/02 20:11:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012/05/02 20:09:14 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012/05/02 20:03:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/05/02 19:58:13 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/01/19 18:39:58 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2012/01/19 18:39:58 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/01/19 18:39:58 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012/01/19 18:39:57 | 000,176,214 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/01/19 18:39:57 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2012/01/19 18:39:57 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD6400AAKS-00A7B0
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 195.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 401.00GB
Starting Offset: 209711738880
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/05/11 15:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manisha_ibkr\Application Data\Adobe
[2012/05/25 12:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manisha_ibkr\Application Data\AhnLab
[2012/05/07 13:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manisha_ibkr\Application Data\ATI
[2012/05/30 18:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manisha_ibkr\Application Data\ClientKeeper
[2012/05/07 09:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manisha_ibkr\Application Data\DAEMON Tools Pro
[2012/08/13 14:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manisha_ibkr\Application Data\DawningSoft
[2012/05/30 17:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manisha_ibkr\Application Data\ESTsoft
[2012/05/22 09:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manisha_ibkr\Application Data\HpUpdate
[2012/05/02 20:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manisha_ibkr\Application Data\Identities
[2012/05/04 10:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manisha_ibkr\Application Data\Macromedia
[2012/06/26 09:22:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Manisha_ibkr\Application Data\Microsoft
[2012/05/07 09:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manisha_ibkr\Application Data\OpenCandy
[2012/08/09 19:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manisha_ibkr\Application Data\Registry Mechanic

< MD5 for: ATAPI.SYS >
[2008/04/14 21:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 21:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008/04/14 21:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/04/14 21:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2008/04/14 21:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\dllcache\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 21:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/14 21:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 21:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/06/21 01:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\erdnt\cache\mswsock.dll
[2008/06/21 01:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/21 01:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 21:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/21 02:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2008/04/14 21:00:00 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\dllcache\nwprovau.dll
[2008/04/14 21:00:00 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2008/04/14 21:00:00 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\dllcache\pnrpnsp.dll
[2008/04/14 21:00:00 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 20:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 21:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 20:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\erdnt\cache\services.exe
[2009/02/06 20:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 20:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 21:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/14 21:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 21:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 21:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/14 21:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 21:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 21:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/14 21:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 21:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINRNR.DLL >
[2008/04/14 21:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\dllcache\winrnr.dll
[2008/04/14 21:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/08/07 15:43:41 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/07 15:43:41 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/07 15:43:41 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/07 15:43:41 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/08/07 15:43:41 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 20:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 20:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 20:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/08/07 15:43:41 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/07 15:43:41 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/07 15:43:41 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/07 15:43:41 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Manisha_ibkr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/08/07 15:43:41 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/05/11 20:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/05/11 20:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/05/11 20:38:19 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >


Thank you,
Manisha

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Your logs look clean except that your DNS is in South Korea. IF that's where you live then it's OK but otherwise we have some more work to do.

Are you still getting redirected?

Let's see if anything was damaged by the infection.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#5
Manisha_sam

Manisha_sam

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thank you. Its great relief to know that it is clean. Yes, I am residing in South Korea. I dont think I am getting redirected now. I have tried couple of times and seems to be doing fine. I may have to check for few days to know if the issue persists. Currently, I am not facing the issue.


Vino's Event Viewer v01c run on Windows XP in English
Report run at 14/08/2012 9:34:53 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/08/2012 9:30:08 AM
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001FD0A11314. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.




Application :


Vino's Event Viewer v01c run on Windows XP in English
Report run at 14/08/2012 9:37:39 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 14/08/2012 9:30:26 AM
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance SQLEXPRESS is not valid.


Thank you for all the help. I was really worried. Thanks a lot appreciate all the effort and the brains behind this difficult task

Best,
Manisha
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
That's about all I see so I think we can clean up now.

We need to clean up System Restore.

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP