Jump to content

Help can't install/uninstall kaspersky internet security(KIS) 2012 & 2013!


Recommended Posts

my pc is running xp sp3 32 bit with all updates installed.

i recently tried to upgrade from kis 2012 to kis 2013 without uninstalling the previous version(which i know is a silly mistake). and it showed an error something about avp.dll (can't remember the exact phrase).

i tried to uninstall it by kaspersky removal tool(and yes i did a reboot).

after this i have tried to install both 2012 and 13 versions but none can be installed it showed an error something about .msi installer.

i have deleted program files folder of kis and also tried "appremover" to uninstall kis.

i have already tried kavremover tool and i have license valid for 200 days.

i have already read this http://support.kaspersky.com/faq/?qid=20… but to no result.

after the uninstall/install of kis failed and i removed kis by kaspersky removal tool( although when i run that tool again it shows kis 2012 to uninstall)

i also tried revo uninstaller pro.

there a advanced system care diagnose report attached also.

please help.

ASCDiagnoseReport.txt

Link to post
Share on other sites

Hello rockstarrocks and welcome to MalwreBytes forums.

Do not do anything else by yourself. Do the following

Check for missing or disabled Windows services, by doing the following, and post detailed results when done !!

From Start button, select RUN (or Win-key +R) and in the run-text-box type in

MSCONFIG

and press OK or Enter.

On Vista or Windows 7, press Windows-key on keybooard, and type in MSCONFIG

You should see the General tab. Click the General tab. It should have Normal startup selected (in the radio-box=selection)

IF it does not, then you click on Normal startup.

Click on Services tab. To get it's display of services.

Keep a written list of any changes from my list of services below. That way you and I have a reference document.

Look at the bottom line Hide all Microsoft services

IF and only IF its is checkmarked, then un-check it.

the list of servies may be shown in non-alphabetical order, so ....

Look at the heading titled "Service". Click on it as needed so the list is sorted and top of list starts with the "A" services.

You can toggle as needed to get the desired order.

IF any of below services are NOT shown, don't panic & do not stop, just write down the info for me and proceed with the others !

Then using the scroll-bar scroll down the list

Look for COM+ Event System. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for COM+ System Application. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Ipsec Policy Agent. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Remote Procedure Call (RPC) Locator. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for RPC Endpoint Mapper. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Firewall. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Management Instrumentation. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Installer. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Update. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

When done, press the Apply button, and the OK button.

You're likely to be prompted to Restart Windows, do so.

If not prompted, you do a Logoff and Restart of Windows.

Then report back here with details.

If any of the services are not shown, just let me know which.

Link to post
Share on other sites

Hi,

Sorry to pop in on this topic.

As a MS MVP, Maurice Naggar is certainly FAR more expert than I am in these matters. :) :)

However, I am a long-time KIS user and forum member there: http://forum.kaspers...php?showforum=4

So, I have seen this problem arise over the years and have some additional suggestions that might help.

Feel free to disregard, as I am just a home user.

Apparently, you have corrupted remnants of both KIS2012 and KIS 2013 on your system.

In this case, a few extra steps, beyond running the Removal Tool will be needed.

If you are still running a version of KIS on the rig, try to exit it from the system tray icon before uninstalling from the control panel.

If you can't do this, skip this step.

1) Download a fresh copy of the removal tool: http://support.kaspe.../?qid=208279463

2) Boot into Windows Safe Mode.

3) Run the removal tool, selecting the version you want to remove, e.g. KIS 2012.

4) Do NOT reboot

5) Run the removal tool again, selecting the other version you want to remove, e.g. KIS 2013. (Repeat if needed for each version)

5) Do NOT reboot

6) Run the removal tool again, selecting ALL KNOWN products

7) Reboot after running the removal tool the final time.

That will usually do the trick, unless your registry is really messed up from the multiple uninstall/reinstall attempts, or your hard disk has corrupted sectors, etc.

Some other suggestions:

1) Never do an on-top upgrade of numbered KIS versions -- always follow the steps for a clean upgrade: http://forum.kaspers...showtopic=67812, after downloading the most current installers from the download page: http://forum.kaspers...howtopic=242386 (Usually, the removal tool is not even needed -- it is only used for problem cases, such as yours.)

2) If you don't succeed with this, KL support can be contacted here: http://support.kaspersky.com/, or you can post at the user forum, where the mod team deals with these issues on a regular basis: http://forum.kaspers...php?showforum=4

Either way, they will ask you to run a diagnostic scanning tool to collect system information: http://forum.kaspers...p?showtopic=915

So, it will help to have this report before you contact support or post in the forum

3) Although it's a bit of overkill & ought not to be needed with current MBAM and KIS versions, I've always had good luck with this procedure: http://forums.malwar...howtopic=113443

4) Always make sure you have completely removed all traces (with their removal tools, if needed) of old Anti-Virus products from your system, e.g. Norton, McAfee, Avira, Avast, MSE, etc before trying to install KIS: http://forum.kaspers...?showtopic=5233 and http://support.kaspersky.com/6340 and http://support.kaspersky.com/8599

5) It also helps to have Windows Defender and Windows firewall disabled from the Control Panel when installing KIS. Many folks skip this step without a problem, but others find it to be necessary.

ANYWAY, please follow Maurice's advice and feel free to ignore any/all of this, if you're not comfortable with my advice.

Good luck!

daledoc1

Link to post
Share on other sites

@rockstar,

Did you buy "Advanced System Care"? As an aside, I do not hold Iobit in good regard.

At this point, is any 1 of K.I.S. still installed? Just want to check current condition.

Now as to services, Ipsec Policy Agent & RPC Endpoint Mapper are not in Windows Xp systems. Since your system is runing XP, we will disregard these as not applicable.

Do the following:

Download this registry-fix file http://download.bleepingcomputer.com/win-services/xp/MSIServer.reg

Save it to your DESKTOP.

Un-zip (Extract) the contents to your DESKTOP.

go to Start, type in

REGEDIT and press Enter-key

from main menu, select File

then select IMPORT

navigate the dialog (click on DESKTOP icon on left to select it)

type in msiserver.reg in the Filename text-box and click Open button.

Once the merge is complete, you will see a confirmation message.

Click OK when done.

Exit/close Regedit.

Logoff and Restart Windows fresh.

Step 2

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

Step 3

Download DDS and save it to your desktop from http://download.bleepingcomputer.com/sUBs/dds.com here

or http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.infospyware.net/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

Make sure you do not attach any log.

Always Copy & Paste the contents directly into main-body of reply box.

Link to post
Share on other sites

no, i didn't buy advanced system care, just using free version.

is advanced system care that bad??

about kis is installed or not??

actually i don't have a clue about it because it is not showing in the control panel>programs installed, but when i try to install them they now show a error that "a previous localization is already present". but when i run the kaspersky removal tool it shows kis 2012 to uninstall and asks to reboot after uninstall. but when i rerun kaspersky removal tool it again shows kis 2012.

here is the report of Farbar scanner

Farbar Service Scanner Version: 09-11-2012

Ran by brij (administrator) on 30-11-2012 at 20:52:57

Running from "C:\Documents and Settings\brij\Desktop\MOBILE_MP4\kis prob"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

The start type of Dnscache service is set to Disabled. The default start type is Auto.

The ImagePath of Dnscache service is OK.

The ServiceDll of Dnscache service is OK.

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys

[2008-06-20 17:21] - [2008-06-20 17:21] - 0361600 ___AC (Microsoft Corporation) 4AFB3B0919649F95C1964AA1FAD27D73

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll => MD5 is legit

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:

=======

aswTdi(15) Gpc(3) IPSec(5) kl2(1) NetBT(6) PSched(7) pwipf6(10) Tcpip(4)

0x12000000010000000500000003000000040000000F00000009000000020000000D0000005A0000000800000006000000070000000B0000000A0000000C0000000E0000001000000011000000

**** End of log ****

Link to post
Share on other sites

here is attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 11/26/2010 4:13:13 PM

System Uptime: 11/30/2012 8:49:01 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | M2A-MX

Processor: AMD Athlon Processor LE-1640 | Socket AM2 | 2593/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 38 GiB total, 20.122 GiB free.

D: is FIXED (NTFS) - 38 GiB total, 5.333 GiB free.

E: is FIXED (NTFS) - 38 GiB total, 7.134 GiB free.

F: is FIXED (NTFS) - 35 GiB total, 5.903 GiB free.

G: is CDROM (UDF)

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP902: 11/24/2012 11:39:00 AM - Unsigned driver install

RP903: 11/24/2012 11:32:21 AM - Restore Operation

RP904: 11/25/2012 8:46:20 PM - Unsigned driver install

RP905: 11/25/2012 8:46:20 PM - Update to an unsigned driver

RP906: 11/25/2012 8:46:19 PM - Restore Operation

RP907: 11/28/2012 2:38:01 PM - good

RP908: 11/28/2012 12:24:02 AM - Installed AVG 2013

RP909: 11/25/2012 2:49:25 PM - Installed AVG 2013

RP910: 11/28/2012 12:24:02 AM - avast! Free Antivirus Setup

RP911: 11/25/2012 8:47:08 PM - good-2

RP912: 11/26/2012 9:14:04 PM - System Checkpoint

RP913: 11/26/2012 9:44:58 PM - First Restore Point

RP914: 11/28/2012 12:24:02 AM - Installed AVG 2013

RP915: 11/28/2012 12:24:02 AM - Installed AVG 2013

RP916: 11/27/2012 11:03:10 PM - After installing Advanced Uninstaller PRO

RP917: 11/28/2012 12:24:02 AM - Revo Uninstaller Pro's restore point - kaspersky internet security 2012

RP918: 11/28/2012 12:24:01 AM - Revo Uninstaller Pro's restore point - avg

RP919: 11/28/2012 12:24:01 AM - Revo Uninstaller Pro's restore point - kaspersky

RP920: 11/28/2012 12:24:01 AM - Revo Uninstaller Pro's restore point - kis

RP921: 11/28/2012 12:24:01 AM - Revo Uninstaller Pro's restore point - kav

RP922: 11/28/2012 12:24:01 AM - Revo Uninstaller Pro's restore point - Advanced Uninstaller PRO - Version 11

RP923: 11/28/2012 12:24:01 AM - Revo Uninstaller Pro's restore point - Desktop Capture Engine

RP924: 11/28/2012 12:23:00 AM - Revo Uninstaller Pro's restore point - Recuva

RP925: 11/28/2012 2:37:57 PM - Revo Uninstaller Pro's restore point - BitTorrent

RP926: 11/28/2012 1:05:11 AM - First Restore Point

RP927: 11/28/2012 1:20:44 AM - Restore Operation

RP928: 11/28/2012 11:40:10 PM - Revo Uninstaller Pro's restore point - BitTorrent

RP929: 11/28/2012 2:37:56 PM - Revo Uninstaller Pro's restore point - kaspersky

RP930: 11/28/2012 3:51:37 PM - Revo Uninstaller Pro's restore point - avg

RP931: 11/28/2012 3:51:37 PM - Revo Uninstaller Pro's restore point - WinPcap 4.1.2

RP932: 11/28/2012 3:51:37 PM - Revo Uninstaller Pro's restore point - avg

RP933: 11/28/2012 11:40:10 PM - Revo Uninstaller Pro's restore point - avira

RP934: 11/28/2012 11:40:10 PM - Revo Uninstaller Pro's restore point - kis

RP935: 11/28/2012 11:00:01 PM - First Restore Point

RP936: 11/28/2012 11:40:10 PM - Revo Uninstaller Pro's restore point - kaspersky

RP937: 11/28/2012 11:40:10 PM - Installed AVG 2013

RP938: 11/28/2012 11:40:09 PM - Installed AVG 2013

RP939: 11/28/2012 11:40:09 PM - Revo Uninstaller Pro's restore point - avg

RP940: 11/28/2012 11:40:09 PM - Revo Uninstaller Pro's restore point - kaspersky

RP941: 11/28/2012 11:40:09 PM - Revo Uninstaller Pro's restore point - Kaspersky Anti-Virus

RP942: 11/30/2012 8:43:48 PM - Revo Uninstaller Pro's restore point - Kaspersky™ Anti-Virus ®

RP943: 11/30/2012 8:43:48 PM - Revo Uninstaller Pro's restore point - Dell Touchpad

RP944: 11/29/2012 11:32:23 AM - Restore Operation

RP945: 11/30/2012 4:40:59 PM - System Checkpoint

RP946: 11/30/2012 8:37:43 PM - Revo Uninstaller Pro's restore point - Uninstall Tool

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Shockwave Player 11.6

Angry Birds

Atheros Communications Inc.® L1 Gigabit Ethernet Driver

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

AutoCAD 2008 - English

avast! Free Antivirus

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center InstallProxy

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Cool & Quiet

Dell Touchpad

dj_sf_software

DVD Solution

FormatFactory 3.00

Fotosizer 1.35

FotoSketcher 2.30

Foxit Reader

Free Download Manager 3.9

Free PDF to Word Doc Converter v1.1

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

InCD

Internet Download Manager

IObit Unlocker

Java 7 Update 9

Java Auto Updater

jv16 PowerTools 2012

KEmulator 0.9.8

LG ODD Auto Firmware Update

Malwarebytes Anti-Malware version 1.65.0.1400

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Calculator Plus

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.9

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC100_CRT_SP1_x86

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

MSVC80_x86_v2

MSVC90_x86

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

Multimedia Launcher

Nero OEM

Nokia Connectivity Cable Driver

OpenDNS Updater 2.2.1

Opera 12.11

Paint.NET v3.5.10

PC Connectivity Solution

PC Probe II

Photo! Editor 1.1

ProtectDisc Helper Driver 10

Protected Folder

Realtek High Definition Audio Driver

Revo Uninstaller Pro 2.5.9

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB982381)

Skins

Smart Defrag 2

swMSM

TeraCopy 2.27

The KMPlayer (remove only)

Try Corel Snapfire muvee autoProducer add on

TweakMASTER

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Internet Explorer 8 (KB2632503)

VBA (2627.01)

VLC media player 2.0.4

WebFldrs XP

Windows Imaging Component

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinRAR 4.20 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

11/29/2012 11:04:40 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service helpsvc with arguments "" in order to run the server: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}

11/29/2012 10:47:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSHX Avglogx KL1 kl2 KLIF

11/28/2012 11:26:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

11/28/2012 11:25:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

11/28/2012 11:25:30 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdPPM AsIO AswRdr aswSnx aswSP aswTdi AVGIDSHX Fips IPSec kl2 KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

11/28/2012 1:18:32 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/28/2012 1:18:29 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdPPM AsIO AswRdr aswSnx aswSP aswTdi AVGIDSHX Fips IPSec KL1 kl2 KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

11/28/2012 1:18:29 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.

11/28/2012 1:18:29 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.

11/28/2012 1:11:36 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSHX KL1 KLIF

11/27/2012 5:20:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSHX Avgrkx86 KLIF

11/26/2012 9:49:06 PM, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the HTTP SSL service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

11/26/2012 9:49:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSHX KLIF

11/26/2012 9:49:02 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

11/26/2012 9:48:59 PM, error: Service Control Manager [7000] - The OrangeWare USB Enhanced Host Controller Service service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

11/26/2012 9:48:57 PM, error: iviVD [9] - The device, \Device\Scsi\iviVD1, did not respond within the timeout period.

11/26/2012 5:35:25 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

11/24/2012 5:01:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSHX Avgmfx86 KLIF

11/24/2012 4:44:59 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KLIF

11/24/2012 4:20:20 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Advanced SystemCare Service 6 service to connect.

11/24/2012 4:20:20 PM, error: Service Control Manager [7000] - The Advanced SystemCare Service 6 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/24/2012 12:21:24 PM, error: Service Control Manager [7000] - The KLIF service failed to start due to the following error: The system cannot find the file specified.

11/24/2012 12:14:27 PM, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

11/24/2012 11:32:08 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSHX Avglogx KLIF

11/24/2012 10:52:08 AM, error: Server [2505] - The server could not bind to the transport \Device\NwlnkNb because another computer on the network has the same name. The server could not start.

11/24/2012 10:52:08 AM, error: Server [2505] - The server could not bind to the transport \Device\NwlnkIpx because another computer on the network has the same name. The server could not start.

11/23/2012 8:16:16 PM, error: Service Control Manager [7000] - The Kaspersky Lab Driver service failed to start due to the following error: The system cannot find the file specified.

11/23/2012 10:12:19 PM, error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2

Run by brij at 21:15:50 on 2012-11-30

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1919.1254 [GMT 5.5:30]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ================

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe

C:\WINDOWS\System32\wudfhost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Page = hxxp://www.google.co.in

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: TweakMASTER PRO Component: {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - c:\program files\tweakmaster\TweakBHO.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

mPolicies-Explorer: NoDriveTypeAutoRun = dword:60

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm

IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm

IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm

IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm

IE: Download with IDM - c:\program files\internet download manager\IEExt.htm

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - <orphaned>

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - <orphaned>

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: mswsock.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: Interfaces\{0005C746-C494-4827-8D07-2C9EADDFA12C} : NameServer = 208.67.222.222 208.67.220.220

Notify: AtiExtEvent - Ati2evxx.dll

Notify: avgrsstarter - <no file>

Notify: klogon - c:\windows\system32\klogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\brij\application data\mozilla\firefox\profiles\60e6ffje.default-1351422784515\

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

FF - ExtSQL: 2012-10-15 10:14; {987311C6-B504-4aa2-90BF-60CC49808D42}; c:\documents and settings\brij\application data\mozilla\firefox\profiles\60e6ffje.default-1351422784515\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi

FF - ExtSQL: 2012-10-15 10:15; {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}; c:\documents and settings\brij\application data\mozilla\firefox\profiles\60e6ffje.default-1351422784515\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

FF - ExtSQL: 2012-10-15 10:20; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\documents and settings\brij\application data\mozilla\firefox\profiles\60e6ffje.default-1351422784515\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

FF - ExtSQL: 2012-10-28 16:50; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; c:\documents and settings\brij\application data\mozilla\firefox\profiles\60e6ffje.default-1351422784515\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi

FF - ExtSQL: 2012-10-28 16:50; {3d7eb24f-2740-49df-8937-200b1cc08f8a}; c:\documents and settings\brij\application data\mozilla\firefox\profiles\60e6ffje.default-1351422784515\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi

FF - ExtSQL: 2012-10-28 16:50; {AE93811A-5C9A-4d34-8462-F7B864FC4696}; c:\documents and settings\brij\application data\mozilla\firefox\profiles\60e6ffje.default-1351422784515\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi

FF - ExtSQL: 2012-10-28 16:51; {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}; c:\documents and settings\brij\application data\mozilla\firefox\profiles\60e6ffje.default-1351422784515\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi

FF - ExtSQL: 2012-10-28 16:53; linkalert.conlan@addons.mozilla.com; c:\documents and settings\brij\application data\mozilla\firefox\profiles\60e6ffje.default-1351422784515\extensions\linkalert.conlan@addons.mozilla.com.xpi

FF - ExtSQL: 2012-10-28 16:53; trafficlight@bitdefender.com; c:\documents and settings\brij\application data\mozilla\firefox\profiles\60e6ffje.default-1351422784515\extensions\trafficlight@bitdefender.com.xpi

FF - ExtSQL: 2012-10-28 16:53; wikilook@testpilot; c:\documents and settings\brij\application data\mozilla\firefox\profiles\60e6ffje.default-1351422784515\extensions\wikilook@testpilot.xpi

FF - ExtSQL: 2012-10-28 16:53; youtube2mp3@mondayx.de; c:\documents and settings\brij\application data\mozilla\firefox\profiles\60e6ffje.default-1351422784515\extensions\youtube2mp3@mondayx.de.xpi

FF - ExtSQL: 2012-10-28 16:54; info@youtube-mp3.org; c:\documents and settings\brij\application data\mozilla\firefox\profiles\60e6ffje.default-1351422784515\extensions\info@youtube-mp3.org.xpi

FF - ExtSQL: 2012-10-28 16:54; lazarus@interclue.com; c:\documents and settings\brij\application data\mozilla\firefox\profiles\60e6ffje.default-1351422784515\extensions\lazarus@interclue.com.xpi

FF - ExtSQL: 2012-10-28 16:55; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\brij\application data\mozilla\firefox\profiles\60e6ffje.default-1351422784515\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2012-10-28 16:56; {DAD0F81A-CF67-4eed-98D6-26F6E47274CA}; c:\documents and settings\brij\application data\mozilla\firefox\profiles\60e6ffje.default-1351422784515\extensions\{DAD0F81A-CF67-4eed-98D6-26F6E47274CA}.xpi

FF - ExtSQL: 2012-11-08 18:53; ERAIL.IN.FFPLUGIN@jetpack; c:\documents and settings\brij\application data\mozilla\firefox\profiles\60e6ffje.default-1351422784515\extensions\ERAIL.IN.FFPLUGIN@jetpack.xpi

FF - ExtSQL: 2012-11-25 14:48; wrc@avast.com; c:\program files\avast software\avast\webrep\FF

.

---- FIREFOX POLICIES ----

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: content.notify.ontimer - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.switch.threshold - 750000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

============= SERVICES / DRIVERS ===============

.

R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-7-23 14776]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-4-27 24408]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-25 738504]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-11-25 361032]

R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2012-9-27 111200]

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]

R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [2007-10-28 583128]

R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-10-26 250560]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-11-25 21256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-25 44808]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-22 399432]

R2 PfFilter;PfFilter;c:\program files\iobit\protected folder\pffilter.sys [2012-9-9 140976]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2012-6-1 37376]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 24920]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-22 22856]

R3 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2012-7-7 135272]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys --> c:\windows\system32\drivers\avgidshx.sys [?]

S0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys --> c:\windows\system32\drivers\avglogx.sys [?]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys --> c:\windows\system32\drivers\avgidsdriverx.sys [?]

S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys --> c:\windows\system32\drivers\avgidsshimx.sys [?]

S1 cdmyasby;cdmyasby; [x]

S1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys --> c:\windows\system32\drivers\klif.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-22 676936]

S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2011-10-2 45312]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2012-8-7 1691480]

S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys --> c:\windows\system32\drivers\klim5.sys [?]

S3 MFE_RR;MFE_RR; [x]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-9-24 137600]

S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2011-10-2 55936]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-11-28 27064]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 IObitUnlocker;IObitUnlocker;c:\program files\iobit\iobit unlocker\IObitUnlocker.sys [2012-11-10 27552]

.

=============== File Associations ===============

.

FileExt: .scr: AutoCADScriptFile="c:\windows\system32\NOTEPAD.EXE" "%1"

.

=============== Created Last 30 ================

.

2012-11-30 15:04:59 -------- d-----w- c:\documents and settings\brij\application data\CrystalIdea Software

2012-11-29 08:09:25 -------- d-----w- c:\program files\jv16 PowerTools 2012

2012-11-29 06:03:44 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-11-29 06:03:44 -------- d-----w- c:\windows\system32\wbem\Repository

2012-11-29 06:03:01 -------- d-----w- c:\documents and settings\brij\local settings\application data\Avg2013

2012-11-29 06:02:47 -------- d--h--w- C:\$AVG

2012-11-29 06:02:47 -------- d-----w- c:\program files\AVG

2012-11-29 06:02:47 -------- d-----w- c:\documents and settings\brij\application data\AVG2013

2012-11-29 06:02:46 -------- d-----w- c:\documents and settings\all users\application data\AVG2013

2012-11-29 06:02:40 -------- d-----w- c:\program files\DellTPad

2012-11-28 17:29:17 -------- d-----w- c:\documents and settings\all users\Kaspersky Lab Setup Files

2012-11-27 18:36:55 -------- d-----w- c:\documents and settings\brij\local settings\application data\VS Revo Group

2012-11-27 18:36:40 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

2012-11-27 18:36:37 -------- d-----w- c:\program files\VS Revo Group

2012-11-27 17:33:02 -------- d-----w- c:\documents and settings\all users\application data\Innovative Solutions

2012-11-27 17:32:54 -------- d-----w- c:\documents and settings\brij\local settings\application data\Innovative Solutions

2012-11-27 17:32:53 -------- d-----w- c:\program files\common files\Innovative Solutions

2012-11-27 17:32:37 -------- d-----w- c:\program files\Innovative Solutions

2012-11-25 09:19:47 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-11-25 09:18:23 41224 ----a-w- c:\windows\avastSS.scr

2012-11-25 09:18:02 -------- d-----w- c:\program files\AVAST Software

2012-11-25 09:18:02 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2012-11-24 16:21:38 -------- d-----w- c:\documents and settings\brij\application data\Malwarebytes

2012-11-24 10:41:16 22 --sha-w- c:\windows\90C7D912BE2316.sys

2012-11-24 10:41:16 22 --sha-w- c:\documents and settings\brij\application data\Windows1569_SettingsRepository.bin

2012-11-24 05:35:17 -------- d-----w- c:\documents and settings\all users\application data\Nokia(2)

2012-11-23 16:44:52 -------- d-----w- c:\documents and settings\brij\local settings\application data\HP

2012-11-23 16:30:40 -------- d-----w- c:\program files\HP

2012-11-23 14:45:10 -------- d-----w- c:\documents and settings\brij\local settings\application data\MFAData

2012-11-23 14:45:10 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2012-11-22 17:33:04 392204 ----a-w- c:\documents and settings\all users\application data\1353604289.bdinstall.bin

2012-11-22 17:32:58 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-22 17:32:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-22 09:37:25 74072 ----a-w- c:\windows\system32\drivers\klflt.sys

2012-11-16 18:12:35 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro

2012-11-12 17:50:40 -------- d-----w- c:\documents and settings\brij\application data\IDM

2012-11-12 17:50:01 -------- d-----w- c:\program files\Internet Download Manager

2012-11-11 14:02:43 -------- d-----w- c:\program files\The KMPlayer

2012-11-09 18:08:18 719872 ----a-w- c:\windows\system32\devil.dll

2012-11-09 18:08:18 70656 ----a-w- c:\windows\system32\yv12vfw.dll

2012-11-09 18:08:18 70656 ----a-w- c:\windows\system32\i420vfw.dll

2012-11-09 18:08:18 369152 ----a-w- c:\windows\system32\avisynth.dll

2012-11-09 18:08:18 32256 ----a-w- c:\windows\system32\AVSredirect.dll

2012-11-09 18:08:15 -------- d-----w- c:\program files\AviSynth 2.5

2012-11-09 17:56:29 327749 ----a-w- c:\windows\system32\drvc.dll

2012-11-06 12:53:26 -------- d-----w- c:\program files\JavaEmulator.com

2012-11-03 16:18:59 -------- d-----w- c:\documents and settings\brij\local settings\application data\Opera

2012-11-02 16:50:11 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

.

==================== Find3M ====================

.

2012-11-17 09:42:39 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-17 09:42:39 697272 -c--a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-25 11:53:06 24920 ----a-w- c:\windows\system32\drivers\klmouflt.sys

2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-27 18:07:24 111200 ----a-w- c:\windows\system32\drivers\idmtdi.sys

2012-09-24 17:46:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-09-09 15:29:46 821736 -c--a-w- c:\windows\system32\npDeployJava1.dll

2012-09-09 15:29:46 746984 -c--a-w- c:\windows\system32\deployJava1.dll

2004-10-01 09:30:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe

2008-04-14 00:12:30 60416 -csha-w- c:\windows\servicepackfiles\i386\msimn.exe

2008-04-14 00:12:30 1695232 -csha-w- c:\windows\servicepackfiles\i386\msmsgs.exe

.

============= FINISH: 21:16:43.46 ===============

Link to post
Share on other sites

I urge you to stop trying to install different antivirus apps. Right now, the logs show you have Avast free antivirus installed and it is starting with Windows.

So would you stay with it for now and for the duration ! Let's address the leftovers of your other antivirus apps: AVG & Kaspersky.

Starting with the most recent and working down to the older a-v installs (you know which order you put them on).

Use Control Panel >> Add-or-Remove Programs

Look to see if AVG is listed

or if Kaspersky is listed

If either is shown, delete them.

While you are in there, Uninstall (if listed) Advanced System Care. Iobit is not held in good regards.

After the uninstalls, then Restart the system again.

Now, try using Revo Uninstaller to remove (if found) any traces of AVG or Kaspersky.

Double click Revo Uninstaller to run it.

From the list of programs double click on AVG

When prompted if you want to uninstall click Yes.

Be sure the Moderate option is selected then click Next.

The program will run, If prompted again click Yes

when the built-in uninstaller is finished click on Next.

Once the program has searched for leftovers click Next.

Check/tick the bolded items only on the list then click Delete

when prompted click on Yes and then on next.

put a check on any folders that are found and select delete

when prompted select yes then on next

Once done click Finish.

Double click Revo Uninstaller to run it.

From the list of programs double click on Kasperky

When prompted if you want to uninstall click Yes.

Be sure the Moderate option is selected then click Next.

The program will run, If prompted again click Yes

when the built-in uninstaller is finished click on Next.

Once the program has searched for leftovers click Next.

Check/tick the bolded items only on the list then click Delete

when prompted click on Yes and then on next.

put a check on any folders that are found and select delete

when prompted select yes then on next

Once done click Finish.

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

since, posting this topic i haven't installed any other antivirus apps.

i could not find avg or kis in programs.

tried to search their remnants using revo forced uninstall- nothing found.

Results of screen317's Security Check version 0.99.56

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Please wait while WMIC compiles updated MOF files.d

i

s

p

l

a

y

N

a

m

e

ECHO is off.

a

v

a

s

t

!

ECHO is off.

A

n

t

i

v

i

r

u

s

ECHO is off.

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

MVPS Hosts File

Malwarebytes Anti-Malware version 1.65.0.1400

CCleaner

Java 7 Update 9

Adobe Flash Player 11.5.502.110

Mozilla Firefox 16.0.2 Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

Malwarebytes' Anti-Malware mbamscheduler.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast avastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Your Firefox is out of date. Start FF, Select Help >> About Firefox >> click on Check for Updates.

Allow it to update now. Apply it and allow it to restart Firefox.

Your MBAM is one version out of date.

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the contents of the latest MBAM scan log into a new reply.

Try running Security Check again. The report is looking goofy.

Right-click on the EXE and select Run as Administrator.

Copy & Paste the new log

Link to post
Share on other sites

Just got another problem!

last night after my previous post, when i tried to shut down my pc, it just remained hanged(showing "windows is shutting down") for about half an hour after which i turned off the main supply.

today in the morning when i booted up it after showing the desktop screen, system again became unresponsive(showing only avast tray icon in task bar).

i restarted(by reset button) again but same problem.

This has happened before with avast so i booted to safe mode and uninstalled avast.

Now, system booted normally.

About firefox, i updated it to 17.0.1 today but it shows version 16 in control panel(i dont know why).

Did a quick scan with malwarebytes after updating it and nothing found.

Results of screen317's Security Check version 0.99.56

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Please wait while WMIC compiles updated MOF files.

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

MVPS Hosts File

Malwarebytes Anti-Malware version 1.65.0.1400

CCleaner

Java 7 Update 9

Adobe Flash Player 11.5.502.110

Mozilla Firefox 16.0.2 Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 6%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Backdoor trojan warning:ZeroAccess / Sirefef

This system has some serious backdoor trojans. ZeroAccess / Sirefef

This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

See this article on creating strong passwords http://www.microsoft.com/security/online-privacy/passwords-create.aspx

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.

While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Rootkits: The Obscure Hacker Attack http://www.microsoft...tip/st1005.mspx

Let me know what you decide.

If you wish to proceed forward with trojan & malware removal, start with the following:

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 4

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    mswsock


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller

Link to post
Share on other sites

19:41:49.0125 0852 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

19:41:49.0125 0852 ============================================================

19:41:49.0125 0852 Current date / time: 2012/12/02 19:41:49.0125

19:41:49.0125 0852 SystemInfo:

19:41:49.0125 0852

19:41:49.0125 0852 OS Version: 5.1.2600 ServicePack: 3.0

19:41:49.0125 0852 Product type: Workstation

19:41:49.0125 0852 ComputerName: BRIJ-9972552523

19:41:49.0125 0852 UserName: brij

19:41:49.0125 0852 Windows directory: C:\WINDOWS

19:41:49.0125 0852 System windows directory: C:\WINDOWS

19:41:49.0125 0852 Processor architecture: Intel x86

19:41:49.0125 0852 Number of processors: 1

19:41:49.0125 0852 Page size: 0x1000

19:41:49.0125 0852 Boot type: Normal boot

19:41:49.0125 0852 ============================================================

19:41:49.0843 0852 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

19:41:49.0843 0852 ============================================================

19:41:49.0843 0852 \Device\Harddisk0\DR0:

19:41:49.0843 0852 MBR partitions:

19:41:49.0843 0852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4C2CC2D

19:41:49.0859 0852 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x4C2CCAB, BlocksNum 0x4C2CC2D

19:41:49.0875 0852 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x9859917, BlocksNum 0x4C2CC2D

19:41:49.0906 0852 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xE486583, BlocksNum 0x459253E

19:41:49.0906 0852 ============================================================

19:41:49.0937 0852 D: <-> \Device\Harddisk0\DR0\Partition2

19:41:49.0968 0852 E: <-> \Device\Harddisk0\DR0\Partition3

19:41:50.0015 0852 C: <-> \Device\Harddisk0\DR0\Partition1

19:41:50.0046 0852 F: <-> \Device\Harddisk0\DR0\Partition4

19:41:50.0046 0852 ============================================================

19:41:50.0046 0852 Initialize success

19:41:50.0046 0852 ============================================================

19:42:26.0375 1760 ============================================================

19:42:26.0375 1760 Scan started

19:42:26.0375 1760 Mode: Manual;

19:42:26.0375 1760 ============================================================

19:42:26.0531 1760 ================ Scan system memory ========================

19:42:26.0531 1760 System memory - ok

19:42:26.0546 1760 ================ Scan services =============================

19:42:26.0609 1760 Abiosdsk - ok

19:42:26.0625 1760 abp480n5 - ok

19:42:26.0671 1760 [ 0059FF74927A27395C5E190F9AA392DF ] acedrv10 C:\WINDOWS\system32\drivers\acedrv10.sys

19:42:26.0687 1760 acedrv10 - ok

19:42:26.0734 1760 [ 6625A32AD17A3FA6C7F405AEAC945AA7 ] acehlp10 C:\WINDOWS\system32\drivers\acehlp10.sys

19:42:26.0734 1760 acehlp10 - ok

19:42:26.0765 1760 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

19:42:26.0765 1760 ACPI - ok

19:42:26.0796 1760 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

19:42:26.0796 1760 ACPIEC - ok

19:42:26.0843 1760 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

19:42:26.0875 1760 AdobeFlashPlayerUpdateSvc - ok

19:42:26.0875 1760 adpu160m - ok

19:42:26.0906 1760 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

19:42:26.0906 1760 aec - ok

19:42:26.0937 1760 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

19:42:26.0953 1760 AFD - ok

19:42:26.0953 1760 Aha154x - ok

19:42:26.0953 1760 aic78u2 - ok

19:42:26.0968 1760 aic78xx - ok

19:42:27.0000 1760 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

19:42:27.0000 1760 Alerter - ok

19:42:27.0031 1760 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

19:42:27.0031 1760 ALG - ok

19:42:27.0046 1760 AliIde - ok

19:42:27.0109 1760 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys

19:42:27.0140 1760 Ambfilt - ok

19:42:27.0156 1760 AmdK8 - ok

19:42:27.0156 1760 AmdLLD - ok

19:42:27.0203 1760 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys

19:42:27.0203 1760 AmdPPM - ok

19:42:27.0203 1760 amsint - ok

19:42:27.0234 1760 [ B21FCBC58CB13BAC70F74B5AC5DA7409 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

19:42:27.0234 1760 ApfiltrService - ok

19:42:27.0250 1760 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

19:42:27.0265 1760 AppMgmt - ok

19:42:27.0265 1760 asc - ok

19:42:27.0281 1760 asc3350p - ok

19:42:27.0281 1760 asc3550 - ok

19:42:27.0281 1760 ASFWHide - ok

19:42:27.0328 1760 [ 663F2FB92608073824EE3106886120F3 ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys

19:42:27.0328 1760 AsIO - ok

19:42:27.0406 1760 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

19:42:27.0468 1760 aspnet_state - ok

19:42:27.0500 1760 [ 81E695913FEFD4E23360A69C0F151797 ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys

19:42:27.0500 1760 aswKbd - ok

19:42:27.0531 1760 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

19:42:27.0531 1760 AsyncMac - ok

19:42:27.0562 1760 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

19:42:27.0562 1760 atapi - ok

19:42:27.0593 1760 [ F43673D97B9DF66999C3DFA6E538EF5B ] AtcL001 C:\WINDOWS\system32\DRIVERS\l151x86.sys

19:42:27.0593 1760 AtcL001 - ok

19:42:27.0609 1760 Atdisk - ok

19:42:27.0625 1760 [ 666E4E583A7CF1233C6425DA16ECDC89 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe

19:42:27.0656 1760 Ati HotKey Poller - ok

19:42:27.0734 1760 [ 0C2CA1C294938139829B1983A0C38B31 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

19:42:27.0750 1760 ati2mtag - ok

19:42:27.0781 1760 [ 4FFE74E33BD9170950116F0CA46EAC89 ] AtiPcie C:\WINDOWS\system32\DRIVERS\AtiPcie.sys

19:42:27.0781 1760 AtiPcie - ok

19:42:27.0812 1760 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

19:42:27.0812 1760 Atmarpc - ok

19:42:27.0843 1760 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

19:42:27.0843 1760 AudioSrv - ok

19:42:27.0875 1760 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

19:42:27.0875 1760 audstub - ok

19:42:27.0937 1760 [ EA2D28BBE98256654397CD1F6EAEBDD8 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

19:42:27.0937 1760 Autodesk Licensing Service - ok

19:42:27.0937 1760 avc3 - ok

19:42:27.0953 1760 AVGIDSDriver - ok

19:42:27.0953 1760 AVGIDSHX - ok

19:42:27.0968 1760 AVGIDSShim - ok

19:42:27.0968 1760 Avglogx - ok

19:42:27.0984 1760 bdfdll - ok

19:42:27.0984 1760 BDFsDrv - ok

19:42:28.0000 1760 BDRsDrv - ok

19:42:28.0031 1760 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

19:42:28.0031 1760 Beep - ok

19:42:28.0078 1760 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

19:42:28.0187 1760 BITS - ok

19:42:28.0218 1760 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

19:42:28.0218 1760 Browser - ok

19:42:28.0250 1760 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

19:42:28.0250 1760 cbidf2k - ok

19:42:28.0281 1760 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

19:42:28.0281 1760 CCDECODE - ok

19:42:28.0281 1760 cd20xrnt - ok

19:42:28.0296 1760 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

19:42:28.0296 1760 Cdaudio - ok

19:42:28.0312 1760 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

19:42:28.0312 1760 Cdfs - ok

19:42:28.0328 1760 cdmyasby - ok

19:42:28.0359 1760 [ 1F4260CC5B42272D71F79E570A27A4FE ] cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

19:42:28.0359 1760 cdrom - ok

19:42:28.0359 1760 Changer - ok

19:42:28.0390 1760 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

19:42:28.0406 1760 CiSvc - ok

19:42:28.0421 1760 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

19:42:28.0421 1760 ClipSrv - ok

19:42:28.0453 1760 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:42:28.0546 1760 clr_optimization_v2.0.50727_32 - ok

19:42:28.0593 1760 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:42:28.0609 1760 clr_optimization_v4.0.30319_32 - ok

19:42:28.0609 1760 CmdIde - ok

19:42:28.0625 1760 COMSysApp - ok

19:42:28.0640 1760 Cpqarray - ok

19:42:28.0671 1760 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

19:42:28.0671 1760 CryptSvc - ok

19:42:28.0671 1760 dac2w2k - ok

19:42:28.0687 1760 dac960nt - ok

19:42:28.0734 1760 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

19:42:28.0734 1760 DcomLaunch - ok

19:42:28.0765 1760 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

19:42:28.0765 1760 Dhcp - ok

19:42:28.0796 1760 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

19:42:28.0796 1760 Disk - ok

19:42:28.0796 1760 dmadmin - ok

19:42:28.0890 1760 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

19:42:28.0921 1760 dmboot - ok

19:42:28.0953 1760 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

19:42:28.0953 1760 dmio - ok

19:42:28.0968 1760 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

19:42:28.0968 1760 dmload - ok

19:42:29.0015 1760 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

19:42:29.0015 1760 dmserver - ok

19:42:29.0031 1760 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

19:42:29.0031 1760 DMusic - ok

19:42:29.0078 1760 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

19:42:29.0078 1760 Dnscache - ok

19:42:29.0109 1760 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

19:42:29.0109 1760 Dot3svc - ok

19:42:29.0125 1760 dpti2o - ok

19:42:29.0156 1760 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

19:42:29.0156 1760 drmkaud - ok

19:42:29.0187 1760 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

19:42:29.0187 1760 EapHost - ok

19:42:29.0234 1760 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

19:42:29.0234 1760 ERSvc - ok

19:42:29.0281 1760 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

19:42:29.0281 1760 Eventlog - ok

19:42:29.0312 1760 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

19:42:29.0312 1760 EventSystem - ok

19:42:29.0328 1760 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

19:42:29.0343 1760 Fastfat - ok

19:42:29.0375 1760 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

19:42:29.0375 1760 FastUserSwitchingCompatibility - ok

19:42:29.0406 1760 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

19:42:29.0406 1760 Fdc - ok

19:42:29.0437 1760 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

19:42:29.0453 1760 Fips - ok

19:42:29.0484 1760 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

19:42:29.0515 1760 FLEXnet Licensing Service - ok

19:42:29.0546 1760 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

19:42:29.0546 1760 Flpydisk - ok

19:42:29.0578 1760 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

19:42:29.0578 1760 FltMgr - ok

19:42:29.0625 1760 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

19:42:29.0625 1760 FontCache3.0.0.0 - ok

19:42:29.0656 1760 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

19:42:29.0656 1760 Fs_Rec - ok

19:42:29.0671 1760 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

19:42:29.0671 1760 Ftdisk - ok

19:42:29.0703 1760 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

19:42:29.0703 1760 Gpc - ok

19:42:29.0734 1760 [ 5F90A1611029B7ABC2DB01ADB534D047 ] HBtnKey C:\WINDOWS\system32\DRIVERS\tkbtnpn.sys

19:42:29.0734 1760 HBtnKey - ok

19:42:29.0750 1760 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

19:42:29.0750 1760 HDAudBus - ok

19:42:29.0812 1760 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

19:42:29.0812 1760 helpsvc - ok

19:42:29.0843 1760 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll

19:42:29.0843 1760 HidServ - ok

19:42:29.0875 1760 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

19:42:29.0875 1760 HidUsb - ok

19:42:29.0890 1760 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

19:42:29.0906 1760 hkmsvc - ok

19:42:29.0906 1760 hpn - ok

19:42:29.0937 1760 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

19:42:29.0937 1760 HTTP - ok

19:42:29.0968 1760 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

19:42:30.0000 1760 HTTPFilter - ok

19:42:30.0015 1760 i2omgmt - ok

19:42:30.0015 1760 i2omp - ok

19:42:30.0046 1760 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

19:42:30.0062 1760 i8042prt - ok

19:42:30.0093 1760 [ 2BBD32672723D37357B22FEC046D1C05 ] IDMTDI C:\WINDOWS\system32\DRIVERS\idmtdi.sys

19:42:30.0093 1760 IDMTDI - ok

19:42:30.0171 1760 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

19:42:30.0234 1760 idsvc - ok

19:42:30.0265 1760 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

19:42:30.0265 1760 Imapi - ok

19:42:30.0296 1760 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

19:42:30.0296 1760 ImapiService - ok

19:42:30.0343 1760 [ B87FC7C71632240DAC8F4D20E9CE8377 ] InCDfs C:\WINDOWS\system32\drivers\InCDfs.sys

19:42:30.0343 1760 InCDfs - ok

19:42:30.0375 1760 [ 2E878405128EC98886EB9C2216AC7BD6 ] InCDPass C:\WINDOWS\system32\DRIVERS\InCDPass.sys

19:42:30.0375 1760 InCDPass - ok

19:42:30.0406 1760 [ DDF078917A42F105385D7EB6DEBB3433 ] InCDrec C:\WINDOWS\system32\drivers\InCDrec.sys

19:42:30.0406 1760 InCDrec - ok

19:42:30.0437 1760 [ 7F352360E947AD2CD4BA60DE27B1A299 ] incdrm C:\WINDOWS\system32\drivers\incdrm.sys

19:42:30.0437 1760 incdrm - ok

19:42:30.0531 1760 [ E9372A17C22FC4E5C9FD8798A97775FC ] InCDsrv C:\Program Files\Ahead\InCD\InCDsrv.exe

19:42:30.0546 1760 InCDsrv - ok

19:42:30.0562 1760 ini910u - ok

19:42:30.0765 1760 [ 063DD51CBDC37B8668E09148E0A118BC ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys

19:42:30.0796 1760 IntcAzAudAddService - ok

19:42:30.0796 1760 IntelIde - ok

19:42:30.0890 1760 [ 2F6CF948117CBD383315EBF070D27AA4 ] IObitUnlocker C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys

19:42:30.0890 1760 IObitUnlocker - ok

19:42:30.0921 1760 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

19:42:30.0921 1760 Ip6Fw - ok

19:42:30.0937 1760 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

19:42:30.0937 1760 IpFilterDriver - ok

19:42:30.0968 1760 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

19:42:30.0968 1760 IpInIp - ok

19:42:31.0000 1760 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

19:42:31.0000 1760 IpNat - ok

19:42:31.0015 1760 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

19:42:31.0015 1760 IPSec - ok

19:42:31.0046 1760 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

19:42:31.0046 1760 IRENUM - ok

19:42:31.0078 1760 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

19:42:31.0078 1760 isapnp - ok

19:42:31.0093 1760 [ 7BD8FF29FECC1F4EF5B26CE3FFA80AE8 ] iviVD C:\WINDOWS\system32\DRIVERS\iviVD.sys

19:42:31.0109 1760 iviVD - ok

19:42:31.0187 1760 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe

19:42:31.0187 1760 JavaQuickStarterService - ok

19:42:31.0218 1760 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

19:42:31.0218 1760 Kbdclass - ok

19:42:31.0250 1760 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

19:42:31.0250 1760 kbdhid - ok

19:42:31.0281 1760 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1 C:\WINDOWS\system32\DRIVERS\kl1.sys

19:42:31.0281 1760 KL1 - ok

19:42:31.0296 1760 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys

19:42:31.0296 1760 kl2 - ok

19:42:31.0312 1760 KLIF - ok

19:42:31.0312 1760 klim5 - ok

19:42:31.0343 1760 [ A8234A8F67B0565F74753FE88A7BF03D ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys

19:42:31.0343 1760 klmouflt - ok

19:42:31.0359 1760 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

19:42:31.0359 1760 kmixer - ok

19:42:31.0390 1760 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

19:42:31.0390 1760 KSecDD - ok

19:42:31.0437 1760 [ 3C342AF6B920D37FD9155877AF2B4B4E ] L8042Kbd C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

19:42:31.0437 1760 L8042Kbd - ok

19:42:31.0453 1760 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

19:42:31.0468 1760 lanmanserver - ok

19:42:31.0500 1760 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

19:42:31.0500 1760 lanmanworkstation - ok

19:42:31.0515 1760 lbrtfdc - ok

19:42:31.0546 1760 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

19:42:31.0546 1760 LmHosts - ok

19:42:31.0578 1760 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys

19:42:31.0578 1760 MBAMProtector - ok

19:42:31.0625 1760 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

19:42:31.0656 1760 MBAMScheduler - ok

19:42:31.0671 1760 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

19:42:31.0687 1760 MBAMService - ok

19:42:31.0703 1760 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

19:42:31.0718 1760 Messenger - ok

19:42:31.0718 1760 MFE_RR - ok

19:42:31.0750 1760 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

19:42:31.0750 1760 mnmdd - ok

19:42:31.0781 1760 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

19:42:31.0781 1760 mnmsrvc - ok

19:42:31.0812 1760 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

19:42:31.0812 1760 Modem - ok

19:42:31.0859 1760 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys

19:42:31.0906 1760 Monfilt - ok

19:42:31.0921 1760 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

19:42:31.0937 1760 Mouclass - ok

19:42:31.0953 1760 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

19:42:31.0953 1760 mouhid - ok

19:42:32.0000 1760 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

19:42:32.0000 1760 MountMgr - ok

19:42:32.0046 1760 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

19:42:32.0062 1760 MozillaMaintenance - ok

19:42:32.0078 1760 mraid35x - ok

19:42:32.0093 1760 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

19:42:32.0093 1760 MRxDAV - ok

19:42:32.0140 1760 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

19:42:32.0140 1760 MRxSmb - ok

19:42:32.0171 1760 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

19:42:32.0171 1760 MSDTC - ok

19:42:32.0203 1760 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

19:42:32.0250 1760 Msfs - ok

19:42:32.0250 1760 MSIServer - ok

19:42:32.0296 1760 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

19:42:32.0296 1760 MSKSSRV - ok

19:42:32.0312 1760 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

19:42:32.0312 1760 MSPCLOCK - ok

19:42:32.0328 1760 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

19:42:32.0328 1760 MSPQM - ok

19:42:32.0359 1760 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

19:42:32.0359 1760 mssmbios - ok

19:42:32.0390 1760 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys

19:42:32.0390 1760 MSTEE - ok

19:42:32.0421 1760 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys

19:42:32.0421 1760 MTsensor - ok

19:42:32.0437 1760 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

19:42:32.0437 1760 Mup - ok

19:42:32.0484 1760 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

19:42:32.0484 1760 NABTSFEC - ok

19:42:32.0515 1760 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

19:42:32.0515 1760 napagent - ok

19:42:32.0546 1760 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

19:42:32.0546 1760 NDIS - ok

19:42:32.0578 1760 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys

19:42:32.0578 1760 NdisIP - ok

19:42:32.0609 1760 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

19:42:32.0609 1760 NdisTapi - ok

19:42:32.0625 1760 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

19:42:32.0625 1760 Ndisuio - ok

19:42:32.0656 1760 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

19:42:32.0656 1760 NdisWan - ok

19:42:32.0687 1760 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

19:42:32.0687 1760 NDProxy - ok

19:42:32.0703 1760 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

19:42:32.0703 1760 NetBIOS - ok

19:42:32.0718 1760 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

19:42:32.0718 1760 NetBT - ok

19:42:32.0765 1760 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

19:42:32.0765 1760 NetDDE - ok

19:42:32.0781 1760 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

19:42:32.0781 1760 NetDDEdsdm - ok

19:42:32.0812 1760 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

19:42:32.0812 1760 Netlogon - ok

19:42:32.0843 1760 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

19:42:32.0859 1760 Netman - ok

19:42:32.0890 1760 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:42:32.0890 1760 NetTcpPortSharing - ok

19:42:32.0921 1760 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

19:42:32.0921 1760 Nla - ok

19:42:32.0937 1760 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys

19:42:32.0968 1760 nmwcd - ok

19:42:33.0000 1760 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys

19:42:33.0000 1760 nmwcdc - ok

19:42:33.0031 1760 [ 99B224F8026CB534724AA3C408561E45 ] nmwcdnsu C:\WINDOWS\system32\drivers\nmwcdnsu.sys

19:42:33.0046 1760 nmwcdnsu - ok

19:42:33.0062 1760 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

19:42:33.0062 1760 Npfs - ok

19:42:33.0093 1760 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

19:42:33.0093 1760 Ntfs - ok

19:42:33.0109 1760 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

19:42:33.0109 1760 NtLmSsp - ok

19:42:33.0156 1760 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

19:42:33.0171 1760 NtmsSvc - ok

19:42:33.0187 1760 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

19:42:33.0187 1760 Null - ok

19:42:33.0218 1760 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

19:42:33.0218 1760 NwlnkFlt - ok

19:42:33.0250 1760 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

19:42:33.0250 1760 NwlnkFwd - ok

19:42:33.0312 1760 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

19:42:33.0359 1760 odserv - ok

19:42:33.0390 1760 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:42:33.0406 1760 ose - ok

19:42:33.0437 1760 [ 432BDA7C4093A7B2C33FCD07896A1400 ] ousb2hub C:\WINDOWS\system32\DRIVERS\ousb2hub.sys

19:42:33.0437 1760 ousb2hub - ok

19:42:33.0484 1760 [ D69BF275AEA9A82742150D9D808F6441 ] ousbehci C:\WINDOWS\system32\Drivers\ousbehci.sys

19:42:33.0484 1760 ousbehci - ok

19:42:33.0531 1760 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

19:42:33.0531 1760 Parport - ok

19:42:33.0546 1760 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

19:42:33.0546 1760 PartMgr - ok

19:42:33.0578 1760 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

19:42:33.0578 1760 ParVdm - ok

19:42:33.0609 1760 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

19:42:33.0640 1760 pccsmcfd - ok

19:42:33.0671 1760 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

19:42:33.0671 1760 PCI - ok

19:42:33.0687 1760 PCIDump - ok

19:42:33.0718 1760 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

19:42:33.0718 1760 PCIIde - ok

19:42:33.0750 1760 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

19:42:33.0750 1760 Pcmcia - ok

19:42:33.0750 1760 PDCOMP - ok

19:42:33.0765 1760 PDFRAME - ok

19:42:33.0765 1760 PDRELI - ok

19:42:33.0781 1760 PDRFRAME - ok

19:42:33.0781 1760 perc2 - ok

19:42:33.0796 1760 perc2hib - ok

19:42:33.0828 1760 [ 444F122E68DB44C0589227781F3C8B3F ] pfc C:\WINDOWS\system32\drivers\pfc.sys

19:42:33.0828 1760 pfc - ok

19:42:33.0890 1760 [ 619EC0E2D7F4F4408049064A75172128 ] PfFilter C:\Program Files\IObit\Protected Folder\pffilter.sys

19:42:33.0890 1760 PfFilter - ok

19:42:33.0906 1760 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

19:42:33.0906 1760 PlugPlay - ok

19:42:33.0921 1760 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

19:42:33.0921 1760 PolicyAgent - ok

19:42:33.0953 1760 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

19:42:33.0953 1760 PptpMiniport - ok

19:42:33.0984 1760 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys

19:42:33.0984 1760 Processor - ok

19:42:34.0000 1760 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

19:42:34.0000 1760 ProtectedStorage - ok

19:42:34.0031 1760 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\WINDOWS\system32\PSIService.exe

19:42:34.0031 1760 ProtexisLicensing - ok

19:42:34.0062 1760 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

19:42:34.0062 1760 PSched - ok

19:42:34.0109 1760 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

19:42:34.0109 1760 Ptilink - ok

19:42:34.0140 1760 [ 944F9CA807FE9E1095FA894D5A7B018A ] pwipf6 C:\WINDOWS\system32\DRIVERS\pwipf6.sys

19:42:34.0140 1760 pwipf6 - ok

19:42:34.0203 1760 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

19:42:34.0218 1760 PxHelp20 - ok

19:42:34.0234 1760 ql1080 - ok

19:42:34.0234 1760 Ql10wnt - ok

19:42:34.0250 1760 ql12160 - ok

19:42:34.0250 1760 ql1240 - ok

19:42:34.0265 1760 ql1280 - ok

19:42:34.0296 1760 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

19:42:34.0296 1760 RasAcd - ok

19:42:34.0328 1760 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

19:42:34.0328 1760 RasAuto - ok

19:42:34.0359 1760 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

19:42:34.0359 1760 Rasl2tp - ok

19:42:34.0390 1760 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

19:42:34.0390 1760 RasMan - ok

19:42:34.0421 1760 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

19:42:34.0421 1760 RasPppoe - ok

19:42:34.0421 1760 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

19:42:34.0437 1760 Raspti - ok

19:42:34.0437 1760 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

19:42:34.0453 1760 Rdbss - ok

19:42:34.0468 1760 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

19:42:34.0468 1760 RDPCDD - ok

19:42:34.0484 1760 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

19:42:34.0484 1760 rdpdr - ok

19:42:34.0515 1760 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

19:42:34.0531 1760 RDPWD - ok

19:42:34.0546 1760 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

19:42:34.0562 1760 RDSessMgr - ok

19:42:34.0593 1760 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

19:42:34.0593 1760 redbook - ok

19:42:34.0625 1760 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

19:42:34.0625 1760 RemoteAccess - ok

19:42:34.0656 1760 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

19:42:34.0656 1760 RemoteRegistry - ok

19:42:34.0687 1760 [ 8B5B8A11306190C6963D3473F052D3C8 ] Revoflt C:\WINDOWS\system32\DRIVERS\revoflt.sys

19:42:34.0687 1760 Revoflt - ok

19:42:34.0718 1760 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys

19:42:34.0718 1760 ROOTMODEM - ok

19:42:34.0765 1760 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

19:42:34.0765 1760 RpcLocator - ok

19:42:34.0781 1760 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

19:42:34.0796 1760 RpcSs - ok

19:42:34.0828 1760 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

19:42:34.0843 1760 RSVP - ok

19:42:34.0875 1760 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

19:42:34.0875 1760 SamSs - ok

19:42:34.0906 1760 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

19:42:34.0906 1760 SCardSvr - ok

19:42:34.0937 1760 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

19:42:34.0953 1760 Schedule - ok

19:42:35.0000 1760 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

19:42:35.0000 1760 Secdrv - ok

19:42:35.0031 1760 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

19:42:35.0046 1760 seclogon - ok

19:42:35.0078 1760 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

19:42:35.0078 1760 SENS - ok

19:42:35.0093 1760 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

19:42:35.0093 1760 serenum - ok

19:42:35.0109 1760 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

19:42:35.0109 1760 Serial - ok

19:42:35.0156 1760 [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

19:42:35.0203 1760 ServiceLayer - ok

19:42:35.0234 1760 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

19:42:35.0234 1760 Sfloppy - ok

19:42:35.0281 1760 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

19:42:35.0281 1760 SharedAccess - ok

19:42:35.0296 1760 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

19:42:35.0296 1760 ShellHWDetection - ok

19:42:35.0312 1760 Simbad - ok

19:42:35.0343 1760 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys

19:42:35.0343 1760 SLIP - ok

19:42:35.0359 1760 [ 14BB60A4F1C5291217A05D5728C403E6 ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys

19:42:35.0375 1760 SmartDefragDriver - ok

19:42:35.0375 1760 Sparrow - ok

19:42:35.0406 1760 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

19:42:35.0406 1760 splitter - ok

19:42:35.0437 1760 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

19:42:35.0437 1760 Spooler - ok

19:42:35.0453 1760 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

19:42:35.0453 1760 sr - ok

19:42:35.0500 1760 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

19:42:35.0500 1760 srservice - ok

19:42:35.0546 1760 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

19:42:35.0546 1760 Srv - ok

19:42:35.0578 1760 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

19:42:35.0593 1760 SSDPSRV - ok

19:42:35.0609 1760 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys

19:42:35.0609 1760 StillCam - ok

19:42:35.0656 1760 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

19:42:35.0671 1760 stisvc - ok

19:42:35.0703 1760 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys

19:42:35.0703 1760 streamip - ok

19:42:35.0734 1760 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

19:42:35.0734 1760 swenum - ok

19:42:35.0750 1760 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

19:42:35.0750 1760 swmidi - ok

19:42:35.0765 1760 SwPrv - ok

19:42:35.0781 1760 symc810 - ok

19:42:35.0781 1760 symc8xx - ok

19:42:35.0796 1760 sym_hi - ok

19:42:35.0796 1760 sym_u3 - ok

19:42:35.0812 1760 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

19:42:35.0812 1760 sysaudio - ok

19:42:35.0843 1760 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

19:42:35.0843 1760 SysmonLog - ok

19:42:35.0890 1760 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

19:42:35.0890 1760 TapiSrv - ok

19:42:35.0921 1760 [ 4AFB3B0919649F95C1964AA1FAD27D73 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

19:42:35.0937 1760 Tcpip - ok

19:42:35.0968 1760 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

19:42:35.0968 1760 TDPIPE - ok

19:42:35.0984 1760 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

19:42:35.0984 1760 TDTCP - ok

19:42:36.0031 1760 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

19:42:36.0031 1760 TermDD - ok

19:42:36.0062 1760 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

19:42:36.0062 1760 TermService - ok

19:42:36.0078 1760 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

19:42:36.0093 1760 Themes - ok

19:42:36.0125 1760 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

19:42:36.0125 1760 TlntSvr - ok

19:42:36.0125 1760 TosIde - ok

19:42:36.0156 1760 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

19:42:36.0171 1760 TrkWks - ok

19:42:36.0203 1760 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

19:42:36.0203 1760 Udfs - ok

19:42:36.0218 1760 ultra - ok

19:42:36.0250 1760 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

19:42:36.0265 1760 Update - ok

19:42:36.0312 1760 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

19:42:36.0328 1760 upnphost - ok

19:42:36.0343 1760 [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys

19:42:36.0359 1760 upperdev - ok

19:42:36.0375 1760 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

19:42:36.0375 1760 UPS - ok

19:42:36.0390 1760 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

19:42:36.0406 1760 usbccgp - ok

19:42:36.0437 1760 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

19:42:36.0437 1760 usbehci - ok

19:42:36.0468 1760 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

19:42:36.0468 1760 usbhub - ok

19:42:36.0500 1760 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys

19:42:36.0500 1760 usbohci - ok

19:42:36.0531 1760 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

19:42:36.0531 1760 usbprint - ok

19:42:36.0562 1760 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys

19:42:36.0562 1760 usbser - ok

19:42:36.0578 1760 [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys

19:42:36.0578 1760 UsbserFilt - ok

19:42:36.0609 1760 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

19:42:36.0609 1760 USBSTOR - ok

19:42:36.0640 1760 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys

19:42:36.0640 1760 usbvideo - ok

19:42:36.0671 1760 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

19:42:36.0671 1760 VgaSave - ok

19:42:36.0671 1760 ViaIde - ok

19:42:36.0687 1760 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

19:42:36.0687 1760 VolSnap - ok

19:42:36.0718 1760 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

19:42:36.0734 1760 VSS - ok

19:42:36.0750 1760 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

19:42:36.0750 1760 W32Time - ok

19:42:36.0781 1760 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

19:42:36.0781 1760 Wanarp - ok

19:42:36.0828 1760 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys

19:42:36.0843 1760 Wdf01000 - ok

19:42:36.0843 1760 WDICA - ok

19:42:36.0859 1760 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

19:42:36.0859 1760 wdmaud - ok

19:42:36.0906 1760 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

19:42:36.0906 1760 WebClient - ok

19:42:36.0968 1760 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

19:42:36.0968 1760 winmgmt - ok

19:42:37.0015 1760 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

19:42:37.0015 1760 WmdmPmSN - ok

19:42:37.0062 1760 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

19:42:37.0062 1760 Wmi - ok

19:42:37.0093 1760 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

19:42:37.0125 1760 WmiApSrv - ok

19:42:37.0203 1760 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe

19:42:37.0218 1760 WMPNetworkSvc - ok

19:42:37.0265 1760 [ C60DC16D4E406810FAD54B98DC92D5EC ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys

19:42:37.0265 1760 WpdUsb - ok

19:42:37.0328 1760 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

19:42:37.0375 1760 WPFFontCache_v0400 - ok

19:42:37.0406 1760 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

19:42:37.0406 1760 WS2IFSL - ok

19:42:37.0421 1760 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

19:42:37.0437 1760 wscsvc - ok

19:42:37.0453 1760 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

19:42:37.0453 1760 WSTCODEC - ok

19:42:37.0484 1760 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

19:42:37.0500 1760 wuauserv - ok

19:42:37.0531 1760 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

19:42:37.0531 1760 WudfPf - ok

19:42:37.0546 1760 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

19:42:37.0546 1760 WudfRd - ok

19:42:37.0593 1760 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

19:42:37.0593 1760 WudfSvc - ok

19:42:37.0625 1760 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

19:42:37.0640 1760 WZCSVC - ok

19:42:37.0671 1760 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

19:42:37.0750 1760 xmlprov - ok

19:42:37.0765 1760 ================ Scan global ===============================

19:42:37.0796 1760 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

19:42:37.0828 1760 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

19:42:37.0843 1760 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

19:42:37.0859 1760 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

19:42:37.0859 1760 [Global] - ok

19:42:37.0875 1760 ================ Scan MBR ==================================

19:42:37.0875 1760 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

19:42:38.0031 1760 \Device\Harddisk0\DR0 - ok

19:42:38.0031 1760 ================ Scan VBR ==================================

19:42:38.0046 1760 [ CB4E518EBA0329E3A42D7B0967BC6BE9 ] \Device\Harddisk0\DR0\Partition1

19:42:38.0046 1760 \Device\Harddisk0\DR0\Partition1 - ok

19:42:38.0062 1760 [ D351587F985C8A78CE093D4DD545B575 ] \Device\Harddisk0\DR0\Partition2

19:42:38.0062 1760 \Device\Harddisk0\DR0\Partition2 - ok

19:42:38.0093 1760 [ BF276449FF33BAB014DBC39D35BF50B9 ] \Device\Harddisk0\DR0\Partition3

19:42:38.0093 1760 \Device\Harddisk0\DR0\Partition3 - ok

19:42:38.0109 1760 [ 13549AED12F4466945F803B90D03A4A7 ] \Device\Harddisk0\DR0\Partition4

19:42:38.0109 1760 \Device\Harddisk0\DR0\Partition4 - ok

19:42:38.0109 1760 ============================================================

19:42:38.0109 1760 Scan finished

19:42:38.0109 1760 ============================================================

19:42:38.0125 1492 Detected object count: 0

19:42:38.0125 1492 Actual detected object count: 0

19:43:31.0140 4016 Deinitialize success

Link to post
Share on other sites

RogueKiller V8.3.1 [Nov 29 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : brij [Admin rights]

Mode : Scan -- Date : 12/02/2012 19:51:28

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{B9092BC9-EB75-47C3-8B34-DEA4C5B4B30D} : NameServer (27.251.58.194 202.148.200.3) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[11] : NtAdjustPrivilegesToken @ 0x805E27C2 -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B33AD0)

SSDT[31] : NtConnectPort @ 0x80599A7E -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B36C90)

SSDT[37] : NtCreateFile @ 0x8056E3EE -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B35ED0)

SSDT[41] : NtCreateKey @ 0x8061AD86 -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B33760)

SSDT[46] : NtCreatePort @ 0x8059A59A -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B36FE0)

SSDT[48] : NtCreateProcessEx @ 0x805C7540 -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B37AE0)

SSDT[50] : NtCreateSection @ 0x805A0880 -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B37240)

SSDT[52] : NtCreateSymbolicLinkObject @ 0x805B9752 -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B36460)

SSDT[53] : NtCreateThread @ 0x805C73DE -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B376E0)

SSDT[57] : NtDebugActiveProcess @ 0x8063A800 -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B33230)

SSDT[63] : NtDeleteKey @ 0x8061B222 -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B35920)

SSDT[65] : NtDeleteValueKey @ 0x8061B3F2 -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B35A80)

SSDT[68] : NtDuplicateObject @ 0x805B3A0C -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B33330)

SSDT[116] : NtOpenFile @ 0x8056F50C -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B361D0)

SSDT[119] : NtOpenKey @ 0x8061C164 -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B33560)

SSDT[122] : NtOpenProcess @ 0x805C1462 -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B35C40)

SSDT[125] : NtOpenSection @ 0x8059F8B6 -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B32D80)

SSDT[128] : NtOpenThread @ 0x805C16EE -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B33980)

SSDT[206] : NtResumeThread @ 0x805CAE60 -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B36730)

SSDT[210] : NtSecureConnectPort @ 0x80599212 -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B36E30)

SSDT[224] : NtSetInformationFile @ 0x805703F6 -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B36580)

SSDT[247] : NtSetValueKey @ 0x806192F8 -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B35750)

SSDT[257] : NtTerminateProcess @ 0x805C86EA -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B35640)

SSDT[258] : NtTerminateThread @ 0x805C88E4 -> HOOKED (\SystemRoot\system32\DRIVERS\pwipf6.sys @ 0xB6B35DB0)

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160215AS +++++

--- User ---

[MBR] ee6daf9fda59330f14be4eee71dc8f03

[bSP] bb1988de3ca03bfc44c573cb8e65dd79 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 39001 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 79875180 | Size: 113623 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_12022012_02d1951.txt >>

RKreport[1]_S_12022012_02d1951.txt

Link to post
Share on other sites

hey,

just a few minutes ago i tried to remove kis 2012 by kavremover tool (after a kaspersky forum moderator asked me to post the kavremover log) it showed kis 2012 to remove and i clicked on remove button and it took some time(which in all previous cases just after clicking remove it(kavremover) shows "removal done you need to reboot') and displayed 'removal done you need to reboot".

i rebooted and when i run that tool again it showed "remove all known products" which i selected and did a reboot.

now my question is -- Should i try to install kis 2013 now or continue with the current malware removal process and install kis later?

Link to post
Share on other sites

Please stop trying different things on your own. Put aside any KIS and let's stick with the current antivirus that is installed.

Switching antivirus apps is at best a tricky procedure.

Let's wait and first clear out any visibile malwares.

I will ask you to stop making changes / addditions/ tweaks of any sort, and kindly follow my guidance.

Await my next reply.

Link to post
Share on other sites

Proceed with doing the following:

Step 1

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in a new reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Step 2

Logoff and Restart the system fresh.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe cf-icon.jpg accept the EULA & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !

Reply & Copy / Paste the contents of C:\Combofix.txt log and tell me, How is the system now ?

RE-Enable your AntiVirus and AntiSpyware applications.

Link to post
Share on other sites

while running Dr. web cureit it found a keylogger and a trojan(INCURABLE, MOVED) but during scanning it showed an error--

this has happened two times should i try to run it again?

68375-xp.exe has encountered a problem and needs to close. We are sorry for the inconvenience.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.