Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD and I cant access Safe mode


  • This topic is locked This topic is locked
44 replies to this topic

#1 Kris55

Kris55

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 16 January 2013 - 04:28 PM

The error code it would give is
Stop:0x0000008E(0xC000005,0xBf956A02,0xB4E40c00,0x00000000)
win32k.sys-Adress Bf956A02 base at BF800000, datestamp 50a1a161

The first time this happened I thought it was an error but then it happened a week later and it restarted twice in the same day. I had scanned the computer and didn't find any viruses. I went into safe mode to test it and see if it would happen again. It didn't so I did a system restore instead of scanning for viruses(how smart of me...ahem).

Everything seemed fine for a couple of days but now it's back to the way it was except this time I can't get into safe mode.
When I tried scanning again(without safe mode) Malewarebytes gave me an error message saying that I was either missing or had corrupt components. I forgot what i clicked on but it was the only option and seemed to be okay but it's not. It says that I am upgraded to the new 1.70 version with the blue icon but I'm still getting the red one. It also scan much slower than before.

Super Antispyware also won't upgrade. While Avg is just fine.

I also noticed that a coupon printer is on my computer that I don't remember downloading.


P.S. I don't know if this is relevant but i did take the computer to get fixed for a problem similar to this one. I thought that once I got it fixed I can upgrade to windows 7 or 8. They told me it would be better if I just bought a new computer. I'm wondering if it's that time already?

I hope I explained everything clearly.

Thanks

BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:21 PM

Posted 17 January 2013 - 04:13 PM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs, unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
- Do NOT backup any unknown files ending in .exe, .com, .scr, .pif, and .bat since files of these types are more likely to be infected.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

:step1:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Under Objects to scan, check the boxes next to Verify file digital signatures, Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.


:step2:

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.


:step3:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply.


:step4:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 Kris55

Kris55
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 18 January 2013 - 06:09 PM

Sorry about posting late.

TDSS log.

16:10:09.0484 1328 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:10:10.0046 1328 ============================================================
16:10:10.0046 1328 Current date / time: 2013/01/18 16:10:10.0046
16:10:10.0046 1328 SystemInfo:
16:10:10.0046 1328
16:10:10.0046 1328 OS Version: 5.1.2600 ServicePack: 3.0
16:10:10.0046 1328 Product type: Workstation
16:10:10.0046 1328 ComputerName: COMPUTER01
16:10:10.0046 1328 UserName: User
16:10:10.0046 1328 Windows directory: C:\WINDOWS
16:10:10.0046 1328 System windows directory: C:\WINDOWS
16:10:10.0046 1328 Processor architecture: Intel x86
16:10:10.0046 1328 Number of processors: 1
16:10:10.0046 1328 Page size: 0x1000
16:10:10.0046 1328 Boot type: Normal boot
16:10:10.0046 1328 ============================================================
16:10:12.0062 1328 Drive \Device\Harddisk0\DR0 - Size: 0x262AE80000 (152.67 Gb), SectorSize: 0x200, Cylinders: 0x4DD9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:10:12.0156 1328 Drive \Device\Harddisk1\DR2 - Size: 0x3BF80000 (0.94 Gb), SectorSize: 0x200, Cylinders: 0x7A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:10:12.0156 1328 ============================================================
16:10:12.0156 1328 \Device\Harddisk0\DR0:
16:10:12.0156 1328 MBR partitions:
16:10:12.0156 1328 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1314FF99
16:10:12.0156 1328 \Device\Harddisk1\DR2:
16:10:12.0171 1328 MBR partitions:
16:10:12.0171 1328 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0xF8, BlocksNum 0x1DFB08
16:10:12.0171 1328 ============================================================
16:10:12.0359 1328 C: <-> \Device\Harddisk0\DR0\Partition1
16:10:12.0375 1328 ============================================================
16:10:12.0375 1328 Initialize success
16:10:12.0375 1328 ============================================================
16:42:31.0187 2204 ============================================================
16:42:31.0187 2204 Scan started
16:42:31.0187 2204 Mode: Manual; SigCheck; TDLFS;
16:42:31.0187 2204 ============================================================
16:42:32.0125 2204 ================ Scan system memory ========================
16:42:32.0125 2204 System memory - ok
16:42:32.0140 2204 ================ Scan services =============================
16:42:32.0218 2204 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
16:42:32.0437 2204 !SASCORE - ok
16:42:32.0531 2204 Abiosdsk - ok
16:42:32.0531 2204 abp480n5 - ok
16:42:32.0578 2204 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:42:32.0953 2204 ACPI - ok
16:42:32.0984 2204 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
16:42:33.0203 2204 ACPIEC - ok
16:42:33.0265 2204 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:42:33.0296 2204 AdobeFlashPlayerUpdateSvc - ok
16:42:33.0312 2204 adpu160m - ok
16:42:33.0343 2204 [ CDE1F62FE63631B932ACE2249FB11DA0 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys
16:42:33.0375 2204 aeaudio ( UnsignedFile.Multi.Generic ) - warning
16:42:33.0375 2204 aeaudio - detected UnsignedFile.Multi.Generic (1)
16:42:33.0421 2204 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:42:33.0609 2204 aec - ok
16:42:33.0656 2204 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:42:33.0750 2204 AFD - ok
16:42:33.0781 2204 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
16:42:34.0000 2204 agp440 - ok
16:42:34.0000 2204 Aha154x - ok
16:42:34.0015 2204 aic78u2 - ok
16:42:34.0031 2204 aic78xx - ok
16:42:34.0281 2204 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files\common files\akamai/netsession_win_ce5ba24.dll
16:42:34.0281 2204 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
16:42:34.0296 2204 Akamai ( HiddenFile.Multi.Generic ) - warning
16:42:34.0296 2204 Akamai - detected HiddenFile.Multi.Generic (1)
16:42:34.0328 2204 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:42:34.0515 2204 Alerter - ok
16:42:34.0531 2204 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:42:34.0609 2204 ALG - ok
16:42:34.0625 2204 AliIde - ok
16:42:34.0640 2204 amsint - ok
16:42:34.0703 2204 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:42:34.0734 2204 Apple Mobile Device - ok
16:42:34.0765 2204 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:42:34.0859 2204 AppMgmt - ok
16:42:34.0859 2204 asc - ok
16:42:34.0875 2204 asc3350p - ok
16:42:34.0875 2204 asc3550 - ok
16:42:34.0984 2204 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:42:35.0062 2204 aspnet_state - ok
16:42:35.0093 2204 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:42:35.0312 2204 AsyncMac - ok
16:42:35.0328 2204 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:42:35.0531 2204 atapi - ok
16:42:35.0531 2204 Atdisk - ok
16:42:35.0562 2204 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:42:35.0765 2204 Atmarpc - ok
16:42:35.0796 2204 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:42:35.0984 2204 AudioSrv - ok
16:42:36.0015 2204 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:42:36.0250 2204 audstub - ok
16:42:36.0406 2204 [ 124D235185004F699FAF115EBD85733E ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
16:42:36.0500 2204 AVG Security Toolbar Service - ok
16:42:36.0734 2204 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
16:42:37.0093 2204 AVGIDSAgent - ok
16:42:37.0140 2204 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
16:42:37.0187 2204 AVGIDSDriver - ok
16:42:37.0218 2204 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
16:42:37.0250 2204 AVGIDSHX - ok
16:42:37.0312 2204 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
16:42:37.0343 2204 AVGIDSShim - ok
16:42:37.0390 2204 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:42:37.0421 2204 Avgldx86 - ok
16:42:37.0468 2204 [ 87E88A36279C8E5869270CC87F5BB7CD ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
16:42:37.0531 2204 Avglogx - ok
16:42:37.0546 2204 [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:42:37.0578 2204 Avgmfx86 - ok
16:42:37.0593 2204 [ B8392B63D795A3DE866793220D3559EF ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
16:42:37.0625 2204 Avgrkx86 - ok
16:42:37.0640 2204 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
16:42:37.0687 2204 Avgtdix - ok
16:42:37.0703 2204 [ 34F335FEC0D7A7A4D329390B7C7B59B8 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
16:42:37.0750 2204 avgtp - ok
16:42:37.0796 2204 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
16:42:37.0828 2204 avgwd - ok
16:42:37.0859 2204 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:42:38.0093 2204 Beep - ok
16:42:38.0140 2204 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:42:38.0390 2204 BITS - ok
16:42:38.0468 2204 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:42:38.0515 2204 Bonjour Service - ok
16:42:38.0546 2204 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
16:42:38.0609 2204 Browser - ok
16:42:38.0640 2204 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:42:38.0828 2204 cbidf2k - ok
16:42:38.0890 2204 [ 58BF7714A312698108A96D0DE2BB6825 ] cbVSCService11 C:\Program Files\Cobian Backup 11\cbVSCService11.exe
16:42:38.0921 2204 cbVSCService11 ( UnsignedFile.Multi.Generic ) - warning
16:42:38.0921 2204 cbVSCService11 - detected UnsignedFile.Multi.Generic (1)
16:42:38.0937 2204 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:42:39.0187 2204 CCDECODE - ok
16:42:39.0203 2204 cd20xrnt - ok
16:42:39.0218 2204 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:42:39.0421 2204 Cdaudio - ok
16:42:39.0453 2204 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:42:39.0671 2204 Cdfs - ok
16:42:39.0687 2204 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:42:39.0906 2204 Cdrom - ok
16:42:39.0921 2204 Changer - ok
16:42:39.0953 2204 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:42:40.0187 2204 CiSvc - ok
16:42:40.0234 2204 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:42:40.0453 2204 ClipSrv - ok
16:42:40.0484 2204 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:42:40.0531 2204 clr_optimization_v2.0.50727_32 - ok
16:42:40.0578 2204 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:42:40.0609 2204 clr_optimization_v4.0.30319_32 - ok
16:42:40.0625 2204 CmdIde - ok
16:42:40.0625 2204 COMSysApp - ok
16:42:40.0656 2204 Cpqarray - ok
16:42:40.0687 2204 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:42:40.0875 2204 CryptSvc - ok
16:42:40.0890 2204 dac2w2k - ok
16:42:40.0890 2204 dac960nt - ok
16:42:40.0937 2204 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:42:41.0000 2204 DcomLaunch - ok
16:42:41.0031 2204 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:42:41.0218 2204 Dhcp - ok
16:42:41.0250 2204 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:42:41.0468 2204 Disk - ok
16:42:41.0484 2204 dmadmin - ok
16:42:41.0531 2204 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:42:41.0812 2204 dmboot - ok
16:42:41.0828 2204 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:42:42.0062 2204 dmio - ok
16:42:42.0078 2204 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:42:42.0281 2204 dmload - ok
16:42:42.0328 2204 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:42:42.0515 2204 dmserver - ok
16:42:42.0546 2204 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:42:42.0750 2204 DMusic - ok
16:42:42.0781 2204 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:42:42.0859 2204 Dnscache - ok
16:42:42.0890 2204 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:42:43.0093 2204 Dot3svc - ok
16:42:43.0093 2204 dpti2o - ok
16:42:43.0125 2204 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:42:43.0312 2204 drmkaud - ok
16:42:43.0343 2204 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:42:43.0546 2204 EapHost - ok
16:42:43.0578 2204 [ 6E883BF518296A40959131C2304AF714 ] EL90XBC C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
16:42:43.0812 2204 EL90XBC - ok
16:42:43.0859 2204 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:42:44.0062 2204 ERSvc - ok
16:42:44.0093 2204 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:42:44.0125 2204 Eventlog - ok
16:42:44.0156 2204 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
16:42:44.0250 2204 EventSystem - ok
16:42:44.0281 2204 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:42:44.0500 2204 Fastfat - ok
16:42:44.0531 2204 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:42:44.0625 2204 FastUserSwitchingCompatibility - ok
16:42:44.0671 2204 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
16:42:44.0906 2204 Fdc - ok
16:42:44.0937 2204 [ B73EC688C29F81F9DA0FCF63682B3ECB ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
16:42:44.0968 2204 FilterService - ok
16:42:44.0984 2204 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:42:45.0203 2204 Fips - ok
16:42:45.0234 2204 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:42:45.0437 2204 Flpydisk - ok
16:42:45.0468 2204 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:42:45.0671 2204 FltMgr - ok
16:42:45.0734 2204 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:42:45.0781 2204 FontCache3.0.0.0 - ok
16:42:45.0812 2204 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:42:46.0000 2204 Fs_Rec - ok
16:42:46.0031 2204 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:42:46.0218 2204 Ftdisk - ok
16:42:46.0265 2204 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:42:46.0296 2204 GEARAspiWDM - ok
16:42:46.0328 2204 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:42:46.0546 2204 Gpc - ok
16:42:46.0625 2204 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:42:46.0656 2204 gupdate - ok
16:42:46.0656 2204 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:42:46.0687 2204 gupdatem - ok
16:42:46.0734 2204 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:42:46.0953 2204 helpsvc - ok
16:42:46.0984 2204 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:42:47.0171 2204 HidServ - ok
16:42:47.0187 2204 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:42:47.0421 2204 HidUsb - ok
16:42:47.0453 2204 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:42:47.0687 2204 hkmsvc - ok
16:42:47.0687 2204 hpn - ok
16:42:47.0796 2204 [ F50F7984FDD151EDD8A70A8DBD9E2A44 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
16:42:47.0812 2204 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
16:42:47.0812 2204 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
16:42:47.0843 2204 [ DF446BA625CC441617843E87798CE048 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
16:42:47.0875 2204 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
16:42:47.0875 2204 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
16:42:47.0906 2204 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:42:48.0062 2204 HPZid412 - ok
16:42:48.0093 2204 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:42:48.0140 2204 HPZipr12 - ok
16:42:48.0171 2204 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:42:48.0296 2204 HPZius12 - ok
16:42:48.0343 2204 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:42:48.0406 2204 HTTP - ok
16:42:48.0437 2204 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:42:48.0656 2204 HTTPFilter - ok
16:42:48.0671 2204 i2omgmt - ok
16:42:48.0671 2204 i2omp - ok
16:42:48.0718 2204 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:42:48.0921 2204 i8042prt - ok
16:42:49.0000 2204 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:42:49.0078 2204 idsvc - ok
16:42:49.0093 2204 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:42:49.0312 2204 Imapi - ok
16:42:49.0359 2204 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:42:49.0562 2204 ImapiService - ok
16:42:49.0578 2204 ini910u - ok
16:42:49.0593 2204 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
16:42:49.0812 2204 IntelIde - ok
16:42:49.0843 2204 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:42:50.0031 2204 intelppm - ok
16:42:50.0109 2204 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
16:42:50.0125 2204 IntuitUpdateService - ok
16:42:50.0171 2204 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
16:42:50.0187 2204 IntuitUpdateServiceV4 - ok
16:42:50.0218 2204 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:42:50.0437 2204 Ip6Fw - ok
16:42:50.0468 2204 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:42:50.0687 2204 IpFilterDriver - ok
16:42:50.0718 2204 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:42:50.0921 2204 IpInIp - ok
16:42:50.0953 2204 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:42:51.0156 2204 IpNat - ok
16:42:51.0203 2204 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:42:51.0265 2204 iPod Service - ok
16:42:51.0296 2204 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:42:51.0515 2204 IPSec - ok
16:42:51.0531 2204 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:42:51.0671 2204 IRENUM - ok
16:42:51.0718 2204 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:42:51.0890 2204 isapnp - ok
16:42:51.0984 2204 [ 4F2143570D2250CA4C4A4C98553C82CD ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
16:42:52.0015 2204 JavaQuickStarterService - ok
16:42:52.0031 2204 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:42:52.0250 2204 Kbdclass - ok
16:42:52.0296 2204 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:42:52.0468 2204 kbdhid - ok
16:42:52.0500 2204 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:42:52.0703 2204 kmixer - ok
16:42:52.0718 2204 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:42:52.0828 2204 KSecDD - ok
16:42:52.0859 2204 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:42:52.0937 2204 lanmanserver - ok
16:42:52.0968 2204 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:42:53.0031 2204 lanmanworkstation - ok
16:42:53.0046 2204 lbrtfdc - ok
16:42:53.0078 2204 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:42:53.0281 2204 LmHosts - ok
16:42:53.0375 2204 [ E1158B0CB852DB0573922C92E6E564DE ] lvpopflt C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
16:42:53.0546 2204 lvpopflt - ok
16:42:53.0593 2204 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
16:42:53.0640 2204 LVPr2Mon - ok
16:42:53.0734 2204 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
16:42:53.0781 2204 LVPrcSrv - ok
16:42:53.0843 2204 [ 37072EC9299E825F4335CC554B6FAC6A ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
16:42:53.0906 2204 LVRS - ok
16:42:53.0937 2204 [ BE5E104BE263921D6842C555DB6A5C23 ] LVUSBSta C:\WINDOWS\system32\drivers\LVUSBSta.sys
16:42:53.0968 2204 LVUSBSta - ok
16:42:54.0187 2204 [ A240E42A7402E927A71B6E8AA4629B13 ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
16:42:54.0625 2204 LVUVC - ok
16:42:54.0703 2204 MD - ok
16:42:54.0765 2204 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
16:42:54.0796 2204 MDM - ok
16:42:54.0843 2204 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:42:55.0093 2204 Messenger - ok
16:42:55.0140 2204 [ 63C34814492AA65FC517B002DE77B191 ] MidiSyn C:\WINDOWS\system32\drivers\MidiSyn.sys
16:42:55.0203 2204 MidiSyn - ok
16:42:55.0234 2204 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:42:55.0500 2204 mnmdd - ok
16:42:55.0531 2204 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:42:55.0765 2204 mnmsrvc - ok
16:42:55.0812 2204 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:42:56.0000 2204 Modem - ok
16:42:56.0031 2204 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:42:56.0250 2204 Mouclass - ok
16:42:56.0281 2204 [ 9B5D39ED7659BA9B38B64DF2A83F1768 ] moufiltr C:\WINDOWS\system32\DRIVERS\moufiltr.sys
16:42:56.0375 2204 moufiltr - ok
16:42:56.0406 2204 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:42:56.0593 2204 mouhid - ok
16:42:56.0625 2204 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:42:56.0828 2204 MountMgr - ok
16:42:56.0890 2204 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:42:56.0937 2204 MozillaMaintenance - ok
16:42:56.0937 2204 mraid35x - ok
16:42:56.0968 2204 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:42:57.0140 2204 MRxDAV - ok
16:42:57.0187 2204 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:42:57.0406 2204 MRxSmb - ok
16:42:57.0453 2204 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:42:57.0671 2204 MSDTC - ok
16:42:57.0687 2204 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:42:57.0906 2204 Msfs - ok
16:42:57.0906 2204 MSIServer - ok
16:42:57.0937 2204 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:42:58.0171 2204 MSKSSRV - ok
16:42:58.0203 2204 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:42:58.0375 2204 MSPCLOCK - ok
16:42:58.0406 2204 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:42:58.0609 2204 MSPQM - ok
16:42:58.0625 2204 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:42:58.0812 2204 mssmbios - ok
16:42:58.0859 2204 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
16:42:59.0078 2204 MSTEE - ok
16:42:59.0093 2204 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:42:59.0156 2204 Mup - ok
16:42:59.0171 2204 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:42:59.0390 2204 NABTSFEC - ok
16:42:59.0437 2204 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:42:59.0671 2204 napagent - ok
16:42:59.0703 2204 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:42:59.0906 2204 NDIS - ok
16:42:59.0953 2204 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:43:00.0187 2204 NdisIP - ok
16:43:00.0234 2204 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:43:00.0312 2204 NdisTapi - ok
16:43:00.0328 2204 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:43:00.0515 2204 Ndisuio - ok
16:43:00.0562 2204 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:43:00.0750 2204 NdisWan - ok
16:43:00.0796 2204 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:43:00.0890 2204 NDProxy - ok
16:43:00.0921 2204 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
16:43:00.0953 2204 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:43:00.0953 2204 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:43:00.0984 2204 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:43:01.0218 2204 NetBIOS - ok
16:43:01.0265 2204 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:43:01.0468 2204 NetBT - ok
16:43:01.0500 2204 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:43:01.0718 2204 NetDDE - ok
16:43:01.0718 2204 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:43:01.0906 2204 NetDDEdsdm - ok
16:43:01.0937 2204 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:43:02.0140 2204 Netlogon - ok
16:43:02.0171 2204 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:43:02.0343 2204 Netman - ok
16:43:02.0390 2204 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:43:02.0421 2204 NetTcpPortSharing - ok
16:43:02.0453 2204 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:43:02.0484 2204 Nla - ok
16:43:02.0515 2204 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:43:02.0734 2204 Npfs - ok
16:43:02.0765 2204 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:43:03.0031 2204 Ntfs - ok
16:43:03.0046 2204 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:43:03.0234 2204 NtLmSsp - ok
16:43:03.0265 2204 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:43:03.0500 2204 NtmsSvc - ok
16:43:03.0515 2204 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:43:03.0718 2204 Null - ok
16:43:03.0859 2204 [ B19C2AAE0922072FF4A467F2A37620AD ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:43:04.0281 2204 nv - ok
16:43:04.0312 2204 [ 9F40402087B6D4A428571DD6CA83AC1E ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
16:43:04.0359 2204 NVSvc - ok
16:43:04.0390 2204 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:43:04.0578 2204 NwlnkFlt - ok
16:43:04.0609 2204 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:43:04.0796 2204 NwlnkFwd - ok
16:43:04.0828 2204 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:43:04.0859 2204 ose - ok
16:43:04.0906 2204 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:43:05.0125 2204 Parport - ok
16:43:05.0156 2204 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:43:05.0390 2204 PartMgr - ok
16:43:05.0421 2204 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:43:05.0609 2204 ParVdm - ok
16:43:05.0640 2204 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:43:05.0859 2204 PCI - ok
16:43:05.0875 2204 PCIDump - ok
16:43:05.0921 2204 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
16:43:06.0093 2204 PCIIde - ok
16:43:06.0109 2204 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
16:43:06.0328 2204 Pcmcia - ok
16:43:06.0328 2204 PDCOMP - ok
16:43:06.0343 2204 PDFRAME - ok
16:43:06.0359 2204 PDRELI - ok
16:43:06.0359 2204 PDRFRAME - ok
16:43:06.0375 2204 perc2 - ok
16:43:06.0390 2204 perc2hib - ok
16:43:06.0421 2204 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:43:06.0468 2204 PlugPlay - ok
16:43:06.0500 2204 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
16:43:06.0531 2204 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:43:06.0531 2204 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:43:06.0546 2204 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:43:06.0734 2204 PolicyAgent - ok
16:43:06.0750 2204 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:43:06.0968 2204 PptpMiniport - ok
16:43:06.0984 2204 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:43:07.0156 2204 ProtectedStorage - ok
16:43:07.0171 2204 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:43:07.0375 2204 PSched - ok
16:43:07.0406 2204 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:43:07.0609 2204 Ptilink - ok
16:43:07.0640 2204 [ C456C2DB7F7D6A3112A360DDF315298B ] PTSimBus C:\WINDOWS\system32\DRIVERS\PTSimBus.sys
16:43:07.0828 2204 PTSimBus - ok
16:43:07.0859 2204 [ F98BB914074A43E7E83EA98D7D13D612 ] PTSimHid C:\WINDOWS\system32\DRIVERS\PTSimHid.sys
16:43:08.0015 2204 PTSimHid - ok
16:43:08.0046 2204 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:43:08.0093 2204 PxHelp20 - ok
16:43:08.0093 2204 ql1080 - ok
16:43:08.0109 2204 Ql10wnt - ok
16:43:08.0125 2204 ql12160 - ok
16:43:08.0125 2204 ql1240 - ok
16:43:08.0156 2204 ql1280 - ok
16:43:08.0203 2204 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:43:08.0390 2204 RasAcd - ok
16:43:08.0421 2204 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:43:08.0625 2204 RasAuto - ok
16:43:08.0640 2204 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:43:08.0859 2204 Rasl2tp - ok
16:43:08.0906 2204 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:43:09.0125 2204 RasMan - ok
16:43:09.0140 2204 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:43:09.0359 2204 RasPppoe - ok
16:43:09.0375 2204 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:43:09.0578 2204 Raspti - ok
16:43:09.0625 2204 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:43:09.0828 2204 Rdbss - ok
16:43:09.0843 2204 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:43:10.0046 2204 RDPCDD - ok
16:43:10.0078 2204 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:43:10.0265 2204 rdpdr - ok
16:43:10.0328 2204 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:43:10.0421 2204 RDPWD - ok
16:43:10.0500 2204 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:43:10.0703 2204 RDSessMgr - ok
16:43:10.0718 2204 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:43:10.0937 2204 redbook - ok
16:43:10.0968 2204 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:43:11.0171 2204 RemoteAccess - ok
16:43:11.0203 2204 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:43:11.0421 2204 RemoteRegistry - ok
16:43:11.0453 2204 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
16:43:11.0687 2204 RpcLocator - ok
16:43:11.0718 2204 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:43:11.0765 2204 RpcSs - ok
16:43:11.0812 2204 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:43:12.0000 2204 RSVP - ok
16:43:12.0015 2204 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:43:12.0203 2204 SamSs - ok
16:43:12.0234 2204 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:43:12.0359 2204 SASDIFSV - ok
16:43:12.0390 2204 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:43:12.0515 2204 SASKUTIL - ok
16:43:12.0531 2204 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:43:12.0750 2204 SCardSvr - ok
16:43:12.0781 2204 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:43:12.0968 2204 Schedule - ok
16:43:13.0000 2204 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:43:13.0093 2204 Secdrv - ok
16:43:13.0125 2204 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:43:13.0328 2204 seclogon - ok
16:43:13.0390 2204 [ 9A4C4A4B191200F12085D188BE70E4E3 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
16:43:13.0437 2204 senfilt ( UnsignedFile.Multi.Generic ) - warning
16:43:13.0437 2204 senfilt - detected UnsignedFile.Multi.Generic (1)
16:43:13.0500 2204 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:43:13.0750 2204 SENS - ok
16:43:13.0781 2204 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
16:43:13.0968 2204 serenum - ok
16:43:14.0000 2204 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
16:43:14.0203 2204 Serial - ok
16:43:14.0265 2204 [ 8DA9C7FEEDBA52CFD91EE2E2113DF6A9 ] sf C:\WINDOWS\system32\drivers\sf.sys
16:43:14.0281 2204 sf ( UnsignedFile.Multi.Generic ) - warning
16:43:14.0281 2204 sf - detected UnsignedFile.Multi.Generic (1)
16:43:14.0296 2204 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:43:14.0531 2204 Sfloppy - ok
16:43:14.0562 2204 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:43:14.0812 2204 SharedAccess - ok
16:43:14.0828 2204 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:43:14.0875 2204 ShellHWDetection - ok
16:43:14.0875 2204 Simbad - ok
16:43:14.0921 2204 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:43:15.0109 2204 SLIP - ok
16:43:15.0156 2204 [ CE52BFFEBFAF1E59553E2885CAB80B52 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
16:43:15.0187 2204 smwdm ( UnsignedFile.Multi.Generic ) - warning
16:43:15.0187 2204 smwdm - detected UnsignedFile.Multi.Generic (1)
16:43:15.0250 2204 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
16:43:15.0312 2204 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - warning
16:43:15.0312 2204 SoundMAX Agent Service (default) - detected UnsignedFile.Multi.Generic (1)
16:43:15.0328 2204 Sparrow - ok
16:43:15.0359 2204 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:43:15.0531 2204 splitter - ok
16:43:15.0562 2204 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:43:15.0609 2204 Spooler - ok
16:43:15.0671 2204 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:43:15.0781 2204 sr - ok
16:43:15.0828 2204 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:43:15.0921 2204 srservice - ok
16:43:15.0968 2204 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:43:16.0046 2204 Srv - ok
16:43:16.0093 2204 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:43:16.0218 2204 SSDPSRV - ok
16:43:16.0265 2204 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:43:16.0453 2204 stisvc - ok
16:43:16.0484 2204 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:43:16.0703 2204 streamip - ok
16:43:16.0734 2204 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:43:16.0953 2204 swenum - ok
16:43:16.0984 2204 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:43:17.0187 2204 swmidi - ok
16:43:17.0187 2204 SwPrv - ok
16:43:17.0203 2204 symc810 - ok
16:43:17.0218 2204 symc8xx - ok
16:43:17.0234 2204 sym_hi - ok
16:43:17.0234 2204 sym_u3 - ok
16:43:17.0265 2204 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:43:17.0468 2204 sysaudio - ok
16:43:17.0500 2204 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:43:17.0718 2204 SysmonLog - ok
16:43:17.0734 2204 Tablet2k - ok
16:43:17.0765 2204 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:43:17.0953 2204 TapiSrv - ok
16:43:18.0000 2204 [ 9B10F2BE724D8E978E21A5DA498FF5C1 ] TClass2k C:\WINDOWS\system32\DRIVERS\TClass2k.sys
16:43:18.0156 2204 TClass2k - ok
16:43:18.0203 2204 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:43:18.0265 2204 Tcpip - ok
16:43:18.0296 2204 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:43:18.0515 2204 TDPIPE - ok
16:43:18.0531 2204 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:43:18.0750 2204 TDTCP - ok
16:43:18.0765 2204 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:43:18.0968 2204 TermDD - ok
16:43:19.0015 2204 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:43:19.0218 2204 TermService - ok
16:43:19.0234 2204 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:43:19.0281 2204 Themes - ok
16:43:19.0328 2204 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:43:19.0453 2204 TlntSvr - ok
16:43:19.0468 2204 TosIde - ok
16:43:19.0515 2204 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:43:19.0718 2204 TrkWks - ok
16:43:19.0765 2204 [ 915A53A87CF9B3BC27359846ECD6A547 ] UCTblHid C:\WINDOWS\system32\DRIVERS\UCTblHid.sys
16:43:19.0968 2204 UCTblHid - ok
16:43:20.0000 2204 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:43:20.0218 2204 Udfs - ok
16:43:20.0218 2204 ultra - ok
16:43:20.0265 2204 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:43:20.0484 2204 Update - ok
16:43:20.0515 2204 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:43:20.0640 2204 upnphost - ok
16:43:20.0671 2204 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:43:20.0875 2204 UPS - ok
16:43:20.0906 2204 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
16:43:21.0187 2204 USBAAPL - ok
16:43:21.0218 2204 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
16:43:21.0437 2204 usbaudio - ok
16:43:21.0453 2204 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:43:21.0656 2204 usbccgp - ok
16:43:21.0687 2204 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:43:21.0906 2204 usbehci - ok
16:43:21.0953 2204 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:43:22.0156 2204 usbhub - ok
16:43:22.0187 2204 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:43:22.0390 2204 usbprint - ok
16:43:22.0421 2204 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:43:22.0625 2204 usbscan - ok
16:43:22.0656 2204 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:43:22.0843 2204 USBSTOR - ok
16:43:22.0875 2204 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:43:23.0093 2204 usbuhci - ok
16:43:23.0109 2204 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:43:23.0312 2204 VgaSave - ok
16:43:23.0343 2204 [ 2AB44BE1479FDB6D99D3AD0E765AC233 ] vhidmini C:\WINDOWS\system32\DRIVERS\walvhid.sys
16:43:23.0437 2204 vhidmini - ok
16:43:23.0437 2204 ViaIde - ok
16:43:23.0453 2204 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:43:23.0671 2204 VolSnap - ok
16:43:23.0703 2204 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:43:23.0828 2204 VSS - ok
16:43:23.0921 2204 [ 7DB85B78309C05C9F06F469ED976DC9E ] vToolbarUpdater13.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
16:43:24.0000 2204 vToolbarUpdater13.2.0 - ok
16:43:24.0046 2204 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
16:43:24.0234 2204 W32Time - ok
16:43:24.0265 2204 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:43:24.0484 2204 Wanarp - ok
16:43:24.0484 2204 WDICA - ok
16:43:24.0515 2204 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:43:24.0718 2204 wdmaud - ok
16:43:24.0750 2204 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:43:24.0953 2204 WebClient - ok
16:43:25.0015 2204 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:43:25.0187 2204 winmgmt - ok
16:43:25.0234 2204 [ 3682B6FD90CD43ABB137ACE79D1A0180 ] WinTabService C:\WINDOWS\System32\Drivers\WTSRV.EXE
16:43:25.0468 2204 WinTabService ( UnsignedFile.Multi.Generic ) - warning
16:43:25.0468 2204 WinTabService - detected UnsignedFile.Multi.Generic (1)
16:43:25.0500 2204 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:43:25.0609 2204 WmdmPmSN - ok
16:43:25.0640 2204 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:43:25.0734 2204 Wmi - ok
16:43:25.0781 2204 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:43:25.0984 2204 WmiApSrv - ok
16:43:26.0031 2204 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
16:43:26.0203 2204 WMPNetworkSvc - ok
16:43:26.0218 2204 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:43:26.0281 2204 WpdUsb - ok
16:43:26.0343 2204 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:43:26.0421 2204 WPFFontCache_v0400 - ok
16:43:26.0468 2204 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:43:26.0656 2204 wscsvc - ok
16:43:26.0687 2204 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:43:26.0890 2204 WSTCODEC - ok
16:43:26.0937 2204 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:43:27.0156 2204 wuauserv - ok
16:43:27.0171 2204 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:43:27.0265 2204 WudfPf - ok
16:43:27.0281 2204 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:43:27.0359 2204 WudfRd - ok
16:43:27.0390 2204 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:43:27.0453 2204 WudfSvc - ok
16:43:27.0500 2204 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:43:27.0718 2204 WZCSVC - ok
16:43:27.0734 2204 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:43:27.0921 2204 xmlprov - ok
16:43:28.0046 2204 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:43:28.0125 2204 YahooAUService - ok
16:43:28.0140 2204 ================ Scan global ===============================
16:43:28.0187 2204 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:43:28.0234 2204 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:43:28.0234 2204 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:43:28.0250 2204 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:43:28.0250 2204 [Global] - ok
16:43:28.0265 2204 ================ Scan MBR ==================================
16:43:28.0390 2204 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:43:28.0734 2204 \Device\Harddisk0\DR0 - ok
16:43:28.0750 2204 [ 66D0B28C8B44E531D0C19F436252ABAA ] \Device\Harddisk1\DR2
16:43:28.0843 2204 \Device\Harddisk1\DR2 - ok
16:43:28.0843 2204 ================ Scan VBR ==================================
16:43:28.0953 2204 [ CDC318EBAC3BD6258C490D17A44EB55E ] \Device\Harddisk0\DR0\Partition1
16:43:28.0953 2204 \Device\Harddisk0\DR0\Partition1 - ok
16:43:28.0968 2204 [ F75F48F499CDDEE2F9C3EB81DAECC27B ] \Device\Harddisk1\DR2\Partition1
16:43:28.0968 2204 \Device\Harddisk1\DR2\Partition1 - ok
16:43:28.0968 2204 ============================================================
16:43:28.0968 2204 Scan finished
16:43:28.0968 2204 ============================================================
16:43:29.0093 0540 Detected object count: 12
16:43:29.0093 0540 Actual detected object count: 12
16:45:10.0453 0540 aeaudio ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:10.0453 0540 aeaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:45:10.0453 0540 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
16:45:10.0453 0540 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
16:45:10.0453 0540 cbVSCService11 ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:10.0453 0540 cbVSCService11 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:45:10.0453 0540 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:10.0453 0540 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:45:10.0453 0540 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:10.0453 0540 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:45:10.0453 0540 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:10.0453 0540 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:45:10.0453 0540 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:10.0453 0540 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:45:10.0453 0540 senfilt ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:10.0453 0540 senfilt ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:45:10.0453 0540 sf ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:10.0453 0540 sf ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:45:10.0453 0540 smwdm ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:10.0453 0540 smwdm ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:45:10.0453 0540 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:10.0453 0540 SoundMAX Agent Service (default) ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:45:10.0468 0540 WinTabService ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:10.0468 0540 WinTabService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:50:22.0359 4000 Deinitialize success

__________________________________________________________________________________________________________________

AdwCleaner



# AdwCleaner v2.106 - Logfile created 01/18/2013 at 16:50:32
# Updated 17/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : User - COMPUTER01
# Boot Mode : Normal
# Running from : C:\Documents and Settings\User\My Documents\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\1relbcml.default\searchplugins\Conduit.xml
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\1relbcml.default\searchplugins\Search_Results.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Found : C:\user.js
Folder Found : C:\DOCUME~1\User\LOCALS~1\Temp\avg@toolbar
Folder Found : C:\Documents and Settings\Administrator\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Found : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Found : C:\Documents and Settings\User\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\User\Application Data\OpenCandy
Folder Found : C:\Documents and Settings\User\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\User\Local Settings\Application Data\AVG Security Toolbar
Folder Found : C:\Documents and Settings\User\Local Settings\Application Data\OpenCandy
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\AVG Security Toolbar
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Zugo
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\TENCENT
Key Found : HKU\S-1-5-21-299502267-606747145-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Found : HKU\S-1-5-21-299502267-606747145-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-299502267-606747145-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Found : HKU\S-1-5-21-299502267-606747145-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\1relbcml.default\prefs.js

Found : user_pref("CT2653012..clientLogIsEnabled", true);
Found : user_pref("CT2653012..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2653012..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2653012.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2653012.CTID", "CT2653012");
Found : user_pref("CT2653012.CurrentServerDate", "9-6-2011");
Found : user_pref("CT2653012.DialogsAlignMode", "LTR");
Found : user_pref("CT2653012.DialogsGetterLastCheckTime", "Thu May 19 2011 11:19:15 GMT-0500 (Central Daylig[...]
Found : user_pref("CT2653012.DownloadReferralCookieData", "");
Found : user_pref("CT2653012.FirstServerDate", "19-5-2011");
Found : user_pref("CT2653012.FirstTime", true);
Found : user_pref("CT2653012.FirstTimeFF3", true);
Found : user_pref("CT2653012.FixPageNotFoundErrors", true);
Found : user_pref("CT2653012.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2653012.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2653012.HasUserGlobalKeys", true);
Found : user_pref("CT2653012.Initialize", true);
Found : user_pref("CT2653012.InitializeCommonPrefs", true);
Found : user_pref("CT2653012.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2653012.InstallationId", "CT2653012_Veoh.exe");
Found : user_pref("CT2653012.InstallationType", "ConduitIntegration");
Found : user_pref("CT2653012.InstalledDate", "Thu May 19 2011 11:19:14 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT2653012.InvalidateCache", false);
Found : user_pref("CT2653012.IsGrouping", false);
Found : user_pref("CT2653012.IsMulticommunity", false);
Found : user_pref("CT2653012.IsOpenThankYouPage", false);
Found : user_pref("CT2653012.IsOpenUninstallPage", true);
Found : user_pref("CT2653012.LanguagePackLastCheckTime", "Thu Jun 09 2011 09:54:22 GMT-0500 (Central Dayligh[...]
Found : user_pref("CT2653012.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2653012.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2653012.LastLogin_3.3.3.2", "Thu Jun 09 2011 09:54:21 GMT-0500 (Central Daylight Time)"[...]
Found : user_pref("CT2653012.LatestVersion", "3.3.3.2");
Found : user_pref("CT2653012.Locale", "en");
Found : user_pref("CT2653012.MCDetectTooltipHeight", "83");
Found : user_pref("CT2653012.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2653012.MCDetectTooltipWidth", "295");
Found : user_pref("CT2653012.RadioIsPodcast", false);
Found : user_pref("CT2653012.RadioLastCheckTime", "Thu Jun 09 2011 09:54:20 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2653012.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2653012.RadioLastUpdateServer", "129438915777300000");
Found : user_pref("CT2653012.RadioMediaID", "21806912");
Found : user_pref("CT2653012.RadioMediaType", "Media Player");
Found : user_pref("CT2653012.RadioMenuSelectedID", "EBRadioMenu_CT265301221806912");
Found : user_pref("CT2653012.RadioStationName", "California%20Rock%20-%20Rock");
Found : user_pref("CT2653012.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
Found : user_pref("CT2653012.SavedHomepage", "google.com");
Found : user_pref("CT2653012.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT265[...]
Found : user_pref("CT2653012.SearchInNewTabEnabled", true);
Found : user_pref("CT2653012.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2653012.SearchInNewTabLastCheckTime", "Thu Jun 09 2011 09:54:19 GMT-0500 (Central Dayli[...]
Found : user_pref("CT2653012.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2653012.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2653012.ServiceMapLastCheckTime", "Thu Jun 09 2011 09:54:20 GMT-0500 (Central Daylight [...]
Found : user_pref("CT2653012.SettingsLastCheckTime", "Thu Jun 09 2011 09:54:19 GMT-0500 (Central Daylight Ti[...]
Found : user_pref("CT2653012.SettingsLastUpdate", "1307440476");
Found : user_pref("CT2653012.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2653012.ThirdPartyComponentsLastCheck", "Thu May 19 2011 11:19:12 GMT-0500 (Central Day[...]
Found : user_pref("CT2653012.ThirdPartyComponentsLastUpdate", "1246786978");
Found : user_pref("CT2653012.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2653012");
Found : user_pref("CT2653012.Uninstall", true);
Found : user_pref("CT2653012.UserID", "UN34233717460646496");
Found : user_pref("CT2653012.alertChannelId", "1045667");
Found : user_pref("CT2653012.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Found : user_pref("CT2653012.globalFirstTimeInfoLastCheckTime", "Thu Jun 09 2011 09:54:22 GMT-0500 (Central [...]
Found : user_pref("CT2653012.isAppTrackingManagerOn", true);
Found : user_pref("CT2653012.myStuffEnabled", true);
Found : user_pref("CT2653012.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2653012.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2653012.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2653012.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2653012.oldAppsList", "129199665576502590,129199665576658841,129221945086194357,1292342[...]
Found : user_pref("CT2653012.testingCtid", "");
Found : user_pref("CT2653012.toolbarAppMetaDataLastCheckTime", "Thu Jun 09 2011 09:54:22 GMT-0500 (Central D[...]
Found : user_pref("CT2653012.toolbarContextMenuLastCheckTime", "Thu May 19 2011 11:19:17 GMT-0500 (Central D[...]
Found : user_pref("CT2653012.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1045667/1041378/US", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2653012", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2653012",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2653012/CT2653012[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Found : user_pref("CommunityToolbar.EngineOwner", "CT2653012");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{cd90bf73-20f6-44ef-993d-bb920303bd2e}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "veoh_web_player");
Found : user_pref("CommunityToolbar.IsEngineShown", false);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/route/?d=4dc5f441&[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2653012");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2653012");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu May 19 2011 11:19:16 GMT-05[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 09 2011 09:39:26 GMT-0500 (Centr[...]
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 08 2011 15:13:46 GMT-0500 (Central D[...]
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "87a81362-13c3-43f5-bf21-78ad669b5fd1");
Found : user_pref("CommunityToolbar.globalUserId", "b5e646c0-1bfa-4082-af8c-edb03d1b0aa6");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.defaultthis.engineName", "Veoh Web Player Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&Sea[...]
Found : user_pref("browser.search.order.1", "Search Results");
Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Found : user_pref("extensions.ntk.feedStore", "{\"URLtoFeedCount\":15,\"FeedStoriesCount\":6,\"data\":[{\"ur[...]
Found : user_pref("extensions.ntk.recentClosedPers", "hxxp://isearch.avg.com/tab?cid=%7B75a294a4-7035-44bb-a[...]
Found : user_pref("extensions.ntk.thumbsUrls", "hxxp://www.mlmleadsystempro.com/;hxxp://google.com/;hxxp://k[...]

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e6wtamy1.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v24.0.1312.52

File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.57] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Found [l.60] : keyword = "isearch.avg.com",
Found [l.63] : search_url = "hxxp://isearch.avg.com/search?cid={F4EFBCCC-A1C3-46F6-9286-8480F5701943}&mid=878673b791ff87b19f1b7a533d240ea0-a57a5a2526d2d751aecf7723c7f962b1c3a467de&lang=en&ds=AVG&pr=fr&d=2012-12-08 00:35:15&v=13.2.0.4&sap=dsp&q={searchTerms}",

*************************

AdwCleaner[R1].txt - [20835 octets] - [18/01/2013 16:50:32]

########## EOF - C:\AdwCleaner[R1].txt - [20896 octets] ##########
__________________________________________________________________________________________________________________


Fabar Service Scanner


Farbar Service Scanner Version: 16-01-2013
Ran by User (administrator) on 18-01-2013 at 17:00:52
Running from "C:\Documents and Settings\User\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0900000005000000010000000200000003000000040000005A000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

__________________________________________________________________________________________________________________


MiniToolBox

MiniToolBox by Farbar Version:10-01-2013
Ran by User (administrator) on 18-01-2013 at 17:02:51
Running from "C:\Documents and Settings\User\My Documents\Downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com

There are 15290 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX) = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Computer01

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Mixed

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX)

Physical Address. . . . . . . . . : 00-04-75-F7-9D-15

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.105

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 192.168.0.1

Lease Obtained. . . . . . . . . . : Friday, January 18, 2013 4:53:58 PM

Lease Expires . . . . . . . . . . : Friday, January 18, 2013 7:53:58 PM

Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 173.194.33.14, 173.194.33.7, 173.194.33.8, 173.194.33.1
173.194.33.9, 173.194.33.6, 173.194.33.4, 173.194.33.0, 173.194.33.2
173.194.33.5, 173.194.33.3



Pinging google.com [173.194.33.3] with 32 bytes of data:



Reply from 173.194.33.3: bytes=32 time=141ms TTL=49

Reply from 173.194.33.3: bytes=32 time=143ms TTL=49



Ping statistics for 173.194.33.3:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 141ms, Maximum = 143ms, Average = 142ms

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.139.183.24, 98.138.253.109, 206.190.36.45



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=128ms TTL=46

Reply from 206.190.36.45: bytes=32 time=141ms TTL=46



Ping statistics for 206.190.36.45:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 128ms, Maximum = 141ms, Average = 134ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x20002 ...00 04 75 f7 9d 15 ...... 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX) - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.105 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.0.105 192.168.0.105 20
192.168.0.0 255.255.255.0 192.168.0.105 192.168.0.105 20
192.168.0.105 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.105 192.168.0.105 20
224.0.0.0 240.0.0.0 192.168.0.105 192.168.0.105 20
255.255.255.255 255.255.255.255 192.168.0.105 192.168.0.105 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/15/2013 02:21:17 PM) (Source: Application Hang) (User: )
Description: Fault bucket -1147136951.

Error: (01/15/2013 02:19:46 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.62.0.140, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/15/2013 02:19:44 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.62.0.140, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/15/2013 09:22:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2938

Error: (01/15/2013 09:22:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2938

Error: (01/15/2013 09:22:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/10/2013 04:44:18 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (01/10/2013 04:36:45 PM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 16582, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Error: (01/10/2013 04:36:43 PM) (Source: LoadPerf) (User: )
Description: Unloading the performance counter strings for service aspnet_state (ASP.NET State Service) failed. The
Error code is the first DWORD in Data section.

Error: (01/10/2013 04:36:43 PM) (Source: LoadPerf) (User: )
Description: The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 16582, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.


System errors:
=============
Error: (01/18/2013 04:53:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (01/18/2013 03:55:50 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (01/18/2013 03:54:11 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/18/2013 03:54:11 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/18/2013 03:53:03 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (01/18/2013 03:52:55 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (01/18/2013 02:55:56 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (01/18/2013 02:54:26 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/18/2013 02:54:26 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/16/2013 02:53:00 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}


Microsoft Office Sessions:
=========================
Error: (01/15/2013 02:21:17 PM) (Source: Application Hang)(User: )
Description: -1147136951

Error: (01/15/2013 02:19:46 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.62.0.140hungapp0.0.0.000000000

Error: (01/15/2013 02:19:44 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.62.0.140hungapp0.0.0.000000000

Error: (01/15/2013 09:22:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2938

Error: (01/15/2013 09:22:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2938

Error: (01/15/2013 09:22:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/10/2013 04:44:18 PM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (01/10/2013 04:36:45 PM) (Source: LoadPerf)(User: )
Description: 16582

Error: (01/10/2013 04:36:43 PM) (Source: LoadPerf)(User: )
Description: aspnet_stateASP.NET State Service

Error: (01/10/2013 04:36:43 PM) (Source: LoadPerf)(User: )
Description: 16582


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 3.1.0.4880)
Adobe Community Help (Version: 3.2.1)
Adobe Community Help (Version: 3.2.1.650)
Adobe Connect Add-in
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.6.636)
Akamai NetSession Interface Service
Any Video Converter 3.2.7
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
ASHelper (Version: 1.4.1)
AVG 2013 (Version: 13.0.2639)
AVG 2013 (Version: 13.0.2890)
AVG 2013 (Version: 2013.0.2890)
AVG Security Toolbar
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 100.0.170.000)
Camtasia Studio 7 (Version: 7.1.1)
Cobian Backup 11 Gravity
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Copy (Version: 100.0.170.000)
Coupon Printer for Windows (Version: 5.0.0.0)
CustomerResearchQFolder (Version: 1.00.0000)
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 100.0.190.000)
DeviceManagementQFolder (Version: 1.00.0000)
DJ_AIO_03_F2200_ProductContext (Version: 100.0.215.000)
DJ_AIO_03_F2200_Software (Version: 100.0.206.000)
DJ_AIO_03_F2200_Software_Min (Version: 100.0.239.000)
eSupportQFolder (Version: 1.00.0000)
F2200 (Version: 100.0.206.000)
F2200_Help (Version: 100.0.206.000)
Free File Opener v2011.7.0.1 (Version: 2011.7.0.1)
Google Chrome (Version: 24.0.1312.52)
Google Update Helper (Version: 1.3.21.123)
GoToMeeting 5.1.0.873 (Version: 5.1.0.873)
GPBaseService (Version: 100.0.187.000)
HitmanPro 3.6 (Version: 3.6.2.171)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3 (Version: 10.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Photo Creations (Version: 1.0.0.7702)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Smart Web Printing (Version: 3.5)
HP Solution Center 10.0 (Version: 10.0)
HP Update (Version: 5.003.003.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 100.0.170.000)
HPSSupply (Version: 100.0.170.000)
Instalación de DivX (Version: 2.5.0.8)
iTunes (Version: 11.0.1.12)
Java 7 Update 10 (Version: 7.0.100)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 31 (Version: 6.0.310)
JavaFX 2.1.1 (Version: 2.1.1)
Jing (Version: 2.4.10231)
jZip
Logitech Desktop Messenger (Version: 2.54.11)
Logitech Vid HD (Version: 7.2 (7259))
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
MarketMeSuite (Version: 3.4.5)
MarketResearch (Version: 100.0.170.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
Mozilla Thunderbird (7.0.1) (Version: 7.0.1 (en-US))
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
NetAssistant (Version: 3.6.5)
NetAssistant for Firefox (Version: 3.6.5)
NVIDIA Drivers
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org 3.3 (Version: 3.3.9567)
Paint.NET v3.5.6 (Version: 3.56.0)
PSSWCORE (Version: 2.02.0000)
QuickTime (Version: 7.71.80.42)
Safari (Version: 5.34.52.7)
Scan (Version: 10.1.0.0)
Shop for HP Supplies (Version: 10.0)
Smart Media Desktop (Version: 2.3.12)
SmartSound Quicktracks for Premiere Elements 9.0 (Version: 3.12.3090)
SmartWebPrintingOC (Version: 100.0.189.000)
Snagit 10.0.1 (Version: 10.0.1)
SolutionCenter (Version: 100.0.175.000)
SoundMAX (Version: 5.12.01.5240)
Spybot - Search & Destroy (Version: 1.6.2)
Status (Version: 100.0.175.000)
SUPERAntiSpyware (Version: 5.6.1014)
swMSM (Version: 12.0.0.1)
Toolbox (Version: 100.0.170.000)
TrayApp (Version: 100.0.170.000)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.3236)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0404)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0192)
TurboTax 2010 wrapper (Version: 010.000.0155)
TurboTax 2011
TurboTax 2011 WinPerFedFormset (Version: 011.000.2596)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0424)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0209)
TurboTax 2011 wrapper (Version: 011.000.0120)
UnloadSupport (Version: 10.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VideoToolkit01 (Version: 100.0.128.000)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 100.0.170.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
ZoneAlarm LTD Toolbar

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 2046.73 MB
Available physical RAM: 1283.75 MB
Total Pagefile: 3942.94 MB
Available Pagefile: 3126.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.49 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:152.66 GB) (Free:68.37 GB) NTFS
4 Drive e: (KINGSTON) (Removable) (Total:0.94 GB) (Free:0.16 GB) FAT

========================= Users: ========================================

User accounts for \\COMPUTER01

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0 User

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini010813-01.dmp
C:\WINDOWS\Minidump\Mini011013-01.dmp
C:\WINDOWS\Minidump\Mini011013-02.dmp
C:\WINDOWS\Minidump\Mini011513-01.dmp
C:\WINDOWS\Minidump\Mini091712-01.dmp
C:\WINDOWS\Minidump\Mini091912-01.dmp
C:\WINDOWS\Minidump\Mini100612-01.dmp
========================= Restore Points ==================================

23-10-2012 03:56:47 Restore Operation
23-10-2012 04:01:39 Restore Operation
08-12-2012 17:52:16 Software Distribution Service 3.0
08-12-2012 23:46:19 Removed COMODO Internet Security
17-12-2012 18:52:12 System Checkpoint
17-12-2012 20:47:40 Installed Java 7 Update 10
17-12-2012 21:06:09 Removed Vizzed Retro Game Room
17-12-2012 21:09:21 Installed Vizzed Retro Game Room
17-12-2012 22:00:39 Software Distribution Service 3.0
19-12-2012 22:11:52 System Checkpoint
20-12-2012 19:15:44 Software Distribution Service 3.0
22-12-2012 20:25:50 System Checkpoint
26-12-2012 18:26:58 Removed Vizzed Retro Game Room
27-12-2012 20:47:36 System Checkpoint
30-12-2012 04:15:44 System Checkpoint
31-12-2012 15:35:21 System Checkpoint
02-01-2013 03:31:34 System Checkpoint
05-01-2013 22:00:20 Software Distribution Service 3.0
08-01-2013 02:22:40 System Checkpoint
08-01-2013 23:49:28 Software Distribution Service 3.0
09-01-2013 19:45:50 Software Distribution Service 3.0
10-01-2013 12:37:43 Removed HP Deskjet 3510 series Basic Device Software
10-01-2013 20:44:20 Restore Operation
10-01-2013 22:00:55 Software Distribution Service 3.0
15-01-2013 02:10:05 System Checkpoint
15-01-2013 18:27:27 Software Distribution Service 3.0
18-01-2013 22:19:19 Removed GeekBuddy.
18-01-2013 22:21:21 Removed HP Deskjet 3510 series Basic Device Software
18-01-2013 22:22:44 Removed HP Deskjet 3510 series Help
18-01-2013 22:23:19 Removed HP Deskjet 3510 series Product Improvement Study

**** End of log ****

#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:21 PM

Posted 19 January 2013 - 07:05 AM

Hi

Please do the following next:

:step1:

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Mode > Advanced Mode.
    Posted Image
  • You may be presented with a warning dialog. If so, click Yes
  • Click on Tools and then Resident
    Posted Image
  • Uncheck this checkbox: "Resident TeaTimer {protection of over-all system settings) active"
  • Close/Exit Spybot Search and Destroy


:step2:

Note this step will remove the AVG Secure search toolbar. You can reinstall this afterwards if needed.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


:step3:

I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista / Windows 7 / Windows 8 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


:step4:

We need to analyse the BSOD:

Download BlueScreenView (in Zip file) to your desktop.

  • No installation required.
  • Unzip downloaded file to your desktop
  • Double click on BlueScreenView.exe file to run the program and When scanning is done, go to Edit > Select All.
  • Then go to File > Save Selected Items, and save the report as BSOD.txt.
  • Open BSOD.txt in Notepad
  • Copy all content, and paste it into your next reply.

Edited by dev00790, 19 January 2013 - 07:06 AM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 Kris55

Kris55
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 19 January 2013 - 12:10 PM

Seems that teatimer was already disabled. When ever i try running adwcleaner avg saw it as a threat and removed it. I havent done the other steps yet.

#6 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:21 PM

Posted 19 January 2013 - 02:31 PM

Hi

Please disable AVG, then run Adwcleaner in delete mode, then enable AVG again.

Then continue with instructions for the ESET scan and BlueScreenView.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#7 Kris55

Kris55
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 19 January 2013 - 05:27 PM

Thank you for being patient with me. Ever Since I ran that Adwcleaner my computer is much faster. I hate to admit but it is running even better than when I got it back from being fixed. Still getting the blue screen though and I haven't tried safe mode yet.





# AdwCleaner v2.106 - Logfile created 01/19/2013 at 14:08:12
# Updated 17/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : User - COMPUTER01
# Boot Mode : Normal
# Running from : C:\Documents and Settings\User\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\1relbcml.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\1relbcml.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\user.js
Folder Deleted : C:\DOCUME~1\User\LOCALS~1\Temp\avg@toolbar
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\User\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\User\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\TENCENT
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\1relbcml.default\prefs.js

C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\1relbcml.default\user.js ... Deleted !

Deleted : user_pref("CT2653012..clientLogIsEnabled", true);
Deleted : user_pref("CT2653012..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2653012..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2653012.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2653012.CTID", "CT2653012");
Deleted : user_pref("CT2653012.CurrentServerDate", "9-6-2011");
Deleted : user_pref("CT2653012.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2653012.DialogsGetterLastCheckTime", "Thu May 19 2011 11:19:15 GMT-0500 (Central Daylig[...]
Deleted : user_pref("CT2653012.DownloadReferralCookieData", "");
Deleted : user_pref("CT2653012.FirstServerDate", "19-5-2011");
Deleted : user_pref("CT2653012.FirstTime", true);
Deleted : user_pref("CT2653012.FirstTimeFF3", true);
Deleted : user_pref("CT2653012.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2653012.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2653012.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2653012.HasUserGlobalKeys", true);
Deleted : user_pref("CT2653012.Initialize", true);
Deleted : user_pref("CT2653012.InitializeCommonPrefs", true);
Deleted : user_pref("CT2653012.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2653012.InstallationId", "CT2653012_Veoh.exe");
Deleted : user_pref("CT2653012.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT2653012.InstalledDate", "Thu May 19 2011 11:19:14 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2653012.InvalidateCache", false);
Deleted : user_pref("CT2653012.IsGrouping", false);
Deleted : user_pref("CT2653012.IsMulticommunity", false);
Deleted : user_pref("CT2653012.IsOpenThankYouPage", false);
Deleted : user_pref("CT2653012.IsOpenUninstallPage", true);
Deleted : user_pref("CT2653012.LanguagePackLastCheckTime", "Thu Jun 09 2011 09:54:22 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("CT2653012.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2653012.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2653012.LastLogin_3.3.3.2", "Thu Jun 09 2011 09:54:21 GMT-0500 (Central Daylight Time)"[...]
Deleted : user_pref("CT2653012.LatestVersion", "3.3.3.2");
Deleted : user_pref("CT2653012.Locale", "en");
Deleted : user_pref("CT2653012.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2653012.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2653012.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2653012.RadioIsPodcast", false);
Deleted : user_pref("CT2653012.RadioLastCheckTime", "Thu Jun 09 2011 09:54:20 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2653012.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2653012.RadioLastUpdateServer", "129438915777300000");
Deleted : user_pref("CT2653012.RadioMediaID", "21806912");
Deleted : user_pref("CT2653012.RadioMediaType", "Media Player");
Deleted : user_pref("CT2653012.RadioMenuSelectedID", "EBRadioMenu_CT265301221806912");
Deleted : user_pref("CT2653012.RadioStationName", "California%20Rock%20-%20Rock");
Deleted : user_pref("CT2653012.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
Deleted : user_pref("CT2653012.SavedHomepage", "google.com");
Deleted : user_pref("CT2653012.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT265[...]
Deleted : user_pref("CT2653012.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2653012.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2653012.SearchInNewTabLastCheckTime", "Thu Jun 09 2011 09:54:19 GMT-0500 (Central Dayli[...]
Deleted : user_pref("CT2653012.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2653012.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2653012.ServiceMapLastCheckTime", "Thu Jun 09 2011 09:54:20 GMT-0500 (Central Daylight [...]
Deleted : user_pref("CT2653012.SettingsLastCheckTime", "Thu Jun 09 2011 09:54:19 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2653012.SettingsLastUpdate", "1307440476");
Deleted : user_pref("CT2653012.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2653012.ThirdPartyComponentsLastCheck", "Thu May 19 2011 11:19:12 GMT-0500 (Central Day[...]
Deleted : user_pref("CT2653012.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT2653012.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2653012");
Deleted : user_pref("CT2653012.Uninstall", true);
Deleted : user_pref("CT2653012.UserID", "UN34233717460646496");
Deleted : user_pref("CT2653012.alertChannelId", "1045667");
Deleted : user_pref("CT2653012.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Deleted : user_pref("CT2653012.globalFirstTimeInfoLastCheckTime", "Thu Jun 09 2011 09:54:22 GMT-0500 (Central [...]
Deleted : user_pref("CT2653012.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2653012.myStuffEnabled", true);
Deleted : user_pref("CT2653012.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2653012.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2653012.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2653012.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2653012.oldAppsList", "129199665576502590,129199665576658841,129221945086194357,1292342[...]
Deleted : user_pref("CT2653012.testingCtid", "");
Deleted : user_pref("CT2653012.toolbarAppMetaDataLastCheckTime", "Thu Jun 09 2011 09:54:22 GMT-0500 (Central D[...]
Deleted : user_pref("CT2653012.toolbarContextMenuLastCheckTime", "Thu May 19 2011 11:19:17 GMT-0500 (Central D[...]
Deleted : user_pref("CT2653012.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1045667/1041378/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2653012", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2653012",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2653012/CT2653012[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2653012");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{cd90bf73-20f6-44ef-993d-bb920303bd2e}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "veoh_web_player");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/route/?d=4dc5f441&[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2653012");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2653012");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu May 19 2011 11:19:16 GMT-05[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 09 2011 09:39:26 GMT-0500 (Centr[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 08 2011 15:13:46 GMT-0500 (Central D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "87a81362-13c3-43f5-bf21-78ad669b5fd1");
Deleted : user_pref("CommunityToolbar.globalUserId", "b5e646c0-1bfa-4082-af8c-edb03d1b0aa6");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "Veoh Web Player Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&Sea[...]
Deleted : user_pref("browser.search.order.1", "Search Results");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("extensions.ntk.feedStore", "{\"URLtoFeedCount\":15,\"FeedStoriesCount\":6,\"data\":[{\"ur[...]
Deleted : user_pref("extensions.ntk.recentClosedPers", "hxxp://isearch.avg.com/tab?cid=%7B75a294a4-7035-44bb-a[...]
Deleted : user_pref("extensions.ntk.thumbsUrls", "hxxp://www.mlmleadsystempro.com/;hxxp://google.com/;hxxp://k[...]

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e6wtamy1.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v24.0.1312.52

File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.57] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Deleted [l.60] : keyword = "isearch.avg.com",
Deleted [l.63] : search_url = "hxxp://isearch.avg.com/search?cid={F4EFBCCC-A1C3-46F6-9286-8480F5701943}&mid=87[...]

*************************

AdwCleaner[R1].txt - [20966 octets] - [18/01/2013 16:50:32]
AdwCleaner[S1].txt - [20392 octets] - [19/01/2013 14:08:12]
AdwCleaner[S2].txt - [383 octets] - [19/01/2013 11:00:53]

########## EOF - C:\AdwCleaner[S1].txt - [20512 octets] ##########
__________________________________________________________________________________________________________________


Eset Scan


C:\Documents and Settings\User\My Documents\Downloads\avc-free.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\Downloads\winzip155.exe Win32/OpenCandy application deleted - quarantined
C:\Program Files\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Program Files\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
__________________________________________________________________________________________________________________

Blue Screen View

==================================================
Dump File : Mini011513-01.dmp
Crash Time : 1/15/2013 11:33:54 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xe4c6901c
Parameter 2 : 0x00000000
Parameter 3 : 0xbf82ebc1
Parameter 4 : 0x00000001
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+2ebc1
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6322 (xpsp_sp3_gdr.121113-0419)
Processor : 32-bit
Crash Address : win32k.sys+2ebc1
Stack Address 1 : win32k.sys+1569f9
Stack Address 2 : win32k.sys+14e08f
Stack Address 3 : win32k.sys+14e10b
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini011513-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini011013-02.dmp
Crash Time : 1/10/2013 6:49:04 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf956a02
Parameter 3 : 0xf7566c00
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+156a02
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6322 (xpsp_sp3_gdr.121113-0419)
Processor : 32-bit
Crash Address : win32k.sys+156a02
Stack Address 1 : win32k.sys+14e08f
Stack Address 2 : win32k.sys+14e10b
Stack Address 3 : ntoskrnl.exe+77ec
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini011013-02.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
==================================================

==================================================
Dump File : Mini011013-01.dmp
Crash Time : 1/10/2013 6:33:27 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf956a02
Parameter 3 : 0xb4e40c00
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+156a02
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6322 (xpsp_sp3_gdr.121113-0419)
Processor : 32-bit
Crash Address : win32k.sys+156a02
Stack Address 1 : win32k.sys+14e08f
Stack Address 2 : win32k.sys+14e10b
Stack Address 3 : ntoskrnl.exe+77ec
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini011013-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 94,208
==================================================

==================================================
Dump File : Mini010813-01.dmp
Crash Time : 1/8/2013 5:44:45 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x10000050
Parameter 1 : 0xf0f40bfc
Parameter 2 : 0x00000001
Parameter 3 : 0xbf8483dc
Parameter 4 : 0x00000001
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+483dc
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6322 (xpsp_sp3_gdr.121113-0419)
Processor : 32-bit
Crash Address : win32k.sys+483dc
Stack Address 1 : win32k.sys+28521
Stack Address 2 : win32k.sys+f6caf
Stack Address 3 : win32k.sys+f6a69
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini010813-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini100612-01.dmp
Crash Time : 10/6/2012 2:03:26 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf9568c8
Parameter 3 : 0xb6bd3c00
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+1568c8
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6322 (xpsp_sp3_gdr.121113-0419)
Processor : 32-bit
Crash Address : win32k.sys+1568c8
Stack Address 1 : win32k.sys+14df55
Stack Address 2 : win32k.sys+14dfd1
Stack Address 3 : ntoskrnl.exe+77ec
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini100612-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini091912-01.dmp
Crash Time : 9/19/2012 1:08:29 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf9568c8
Parameter 3 : 0xb75eec00
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+1568c8
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6322 (xpsp_sp3_gdr.121113-0419)
Processor : 32-bit
Crash Address : win32k.sys+1568c8
Stack Address 1 : win32k.sys+14df55
Stack Address 2 : win32k.sys+14dfd1
Stack Address 3 : ntoskrnl.exe+77ec
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini091912-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini091712-01.dmp
Crash Time : 9/17/2012 4:52:11 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0xbf9568c8
Parameter 3 : 0xb5128c00
Parameter 4 : 0x00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+1568c8
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6322 (xpsp_sp3_gdr.121113-0419)
Processor : 32-bit
Crash Address : win32k.sys+1568c8
Stack Address 1 : win32k.sys+14df55
Stack Address 2 : win32k.sys+14dfd1
Stack Address 3 : ntoskrnl.exe+77ec
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini091712-01.dmp
Processors Count : 1
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

#8 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:21 PM

Posted 20 January 2013 - 12:49 PM

Hi

The latest crash that bluescreenview log shows is 15th January.
Since you say that the BSOD has happened since then, please do the following next:

:step1:

We Need to Diagnose Your BlueScreen

  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:

    Posted Image
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:

    Posted Image

Please post me the error(s).

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#9 Kris55

Kris55
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 20 January 2013 - 07:18 PM

Im sorry for reponding late iI was away from my computer. To makebthings even worse I have made a mistake in my message. I meant malwarebytes isnt working still along with the safe mode. Im terribly sorry for the error on my part. Any how i followed the intructions anyway and nothing happened but I dont know if everything is okay either. If it does ppop up agian i ll keep those instructions in mind

#10 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:21 PM

Posted 21 January 2013 - 12:43 AM

Do you get the BSOD in Safe mode now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#11 Kris55

Kris55
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 21 January 2013 - 10:15 AM

when I had access to safe mode I didn't have a problem with the BSOD. I still can't get into safe mode.

#12 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:21 PM

Posted 21 January 2013 - 05:42 PM

What happens when you try and boot into Safe mode?
- Please describe it in detail.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#13 Kris55

Kris55
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 23 January 2013 - 01:58 PM

Well whenever I try to go into safe mode it brings up the usual screen with code scanning but when it gets to a certain point it freezes. I have to push the restart or power button on my computer to get out of it.

#14 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:21 PM

Posted 23 January 2013 - 02:31 PM

What is the last file the screen shows before it freezes?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#15 Kris55

Kris55
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 23 January 2013 - 08:52 PM

mlti(0)disk(0)partition(1)\WINDOWS\system32\DRIVERS\agp440.sys

mlti(0)disk(0)partition(1)\WINDOWS\system32\DRIVERS\agp440.sys




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users