Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Maimed" XP Needs Help


  • Please log in to reply
13 replies to this topic

#1 A Selene

A Selene

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 PM

Posted 03 August 2013 - 09:36 PM

Very difficult malware infestation was blocking just about everything.

Using UBCDW, I managed to get SuperAntiSpyware and SpyBot to remove some nasties.
Of course, one of them was hooked to the Winlogon service.

 

I had to register the Windows Installer Service and start it.

 

Now, I've been able to download Microsoft Security Essentials and update it and am now running a full scan.

 

But even so, there's still some damage.

 

Cannot install Malwarebytes. Get "Error Code CocreateInstance failed;code 0x80040154. Class not registered"

Followed by:

 

'run time error '372' Failed to load .control 'WebBrowser' from ieframe.dll May be outdated Make sure you're using the version of the control that was provided with your application'

 

Windows Explorer will not start from the start menu. 

No error message; just ignores the double-click.

I can "Explore" from the Start Button but that's not a great deal of help.

I can RUN CMD, navigate to C:\Windows and run "Explorer" from there.

SOME customizations in Explorer aren't saved.

 

The .EXE file association with "Application" is missing.

When I add it, it accepts the add.

But it seem to get removed right away.

 

I don't know what species of bad stuff were there so it's really hard to look for help.

 

I can start Google Chrome from the Start Menu where it's "pinned" but not from the "All Programs" pull-down.

Nothing seems to run from the "All Programs" pull-down.

 

I'm about to run a SFC /SCANNOW just as soon as the MSE scan finishes. (it's taking its time)

 

Is there a tool to repair stuff like this?

 

Thanks in advance,

ASelene

 

Mod Edit: Moved topic from XP to a more appropriate forum. ~bloopie


Edited by A Selene, 03 August 2013 - 10:05 PM.


BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:40 PM

Posted 04 August 2013 - 04:53 AM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs,  unless instructed to do so.
        
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
          
  • Please do not attach logs or use code boxes, just copy and paste the text.
        
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
          
  • Please read every post completely before doing anything.
           
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
          
  • Please provide feedback about your experience as we go.
           
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
          


NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
- Do NOT backup any unknown files ending in .exe, .com, .scr, .pif, and .bat since files of these types are more likely to be infected.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

:step1:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Under Objects to scan, check the boxes next to Verify file digital signatures, Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the full contents of that file in your next reply. - If the log is too long, then split it into multiple posts.



:step2:

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.



:step3:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the full contents of the log in your next reply.



:step4:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (Only Problems)
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points

NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 A Selene

A Selene
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 PM

Posted 04 August 2013 - 12:38 PM

Notes:  I'd done some things before I received your reply.  
 
a) Uninstalled IE8 and made Google Chrome the default browser
B) I had run TDSS previously and also TrendMicro RootkitBusterV5.0-1129 checking all options save "Streams"
c) I had run Malwarebytes as well.  I'm not attaching its log but if you want it, I will.
 
I may have had to do one or more of these in "Safe Mode" but I'm not sure.
 
After these steps, the general condition is:
 
1) Shortcuts don't seem to work, either from the Start Menu or from All Programs List;
2) Windows Explorer double-click on app does not launch the app;
3) Windows Explorer toolbar customization is non-persistent;
4) To launch an app from anywhere save the StartMenu "Pin" area, it's necessary to open a command prompt, navigate to the proper directory, and run the app from the command line
 
5) Removable Storage service was failing to recognize USB Flash Drives..
 
I'm probably missing some things but I haven't had a lot of sleep.
I think I've followed your instructions without allowing any of the tools to make changes.
 

What follows are the logs you requested in the order yo requested.

Please know that I'm grateful for your help.

A Selene

 

--------------------------------------------------------------------------
11:53:55.0906 0556  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
11:53:56.0281 0556  ============================================================
11:53:56.0281 0556  Current date / time: 2013/08/04 11:53:56.0281
11:53:56.0281 0556  SystemInfo:
11:53:56.0281 0556  
11:53:56.0281 0556  OS Version: 5.1.2600 ServicePack: 3.0
11:53:56.0281 0556  Product type: Workstation
11:53:56.0281 0556  ComputerName: DBXHMLL1
11:53:56.0281 0556  UserName: alc
11:53:56.0281 0556  Windows directory: C:\WINDOWS
11:53:56.0281 0556  System windows directory: C:\WINDOWS
11:53:56.0281 0556  Processor architecture: Intel x86
11:53:56.0281 0556  Number of processors: 2
11:53:56.0281 0556  Page size: 0x1000
11:53:56.0281 0556  Boot type: Normal boot
11:53:56.0281 0556  ============================================================
11:53:56.0781 0556  Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:53:56.0781 0556  ============================================================
11:53:56.0781 0556  \Device\Harddisk0\DR0:
11:53:56.0781 0556  MBR partitions:
11:53:56.0781 0556  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x56496, BlocksNum 0x129AEC66
11:53:56.0781 0556  ============================================================
11:53:56.0828 0556  C: <-> \Device\Harddisk0\DR0\Partition1
11:53:56.0828 0556  ============================================================
11:53:56.0828 0556  Initialize success
11:53:56.0828 0556  ============================================================
11:54:46.0968 2148  ============================================================
11:54:46.0968 2148  Scan started
11:54:46.0968 2148  Mode: Manual; SigCheck; TDLFS; 
11:54:46.0968 2148  ============================================================
11:54:47.0062 2148  ================ Scan system memory ========================
11:54:47.0062 2148  System memory - ok
11:54:47.0062 2148  ================ Scan services =============================
11:54:47.0187 2148  [ 28615E07C5B8803841A038418406B98E ] a320raid        C:\WINDOWS\system32\DRIVERS\a320raid.sys
11:54:47.0296 2148  a320raid ( UnsignedFile.Multi.Generic ) - warning
11:54:47.0296 2148  a320raid - detected UnsignedFile.Multi.Generic (1)
11:54:47.0296 2148  [ 74365EA0C390D9AF5D2EE720C65BE2A9 ] aac             C:\WINDOWS\system32\DRIVERS\aac.sys
11:54:47.0343 2148  aac ( UnsignedFile.Multi.Generic ) - warning
11:54:47.0343 2148  aac - detected UnsignedFile.Multi.Generic (1)
11:54:47.0343 2148  [ B7DBE200B5395FE2937EA2B69E413DAD ] aarich          C:\WINDOWS\system32\DRIVERS\aarich.sys
11:54:47.0390 2148  aarich ( UnsignedFile.Multi.Generic ) - warning
11:54:47.0390 2148  aarich - detected UnsignedFile.Multi.Generic (1)
11:54:47.0390 2148  Abiosdsk - ok
11:54:47.0390 2148  abp480n5 - ok
11:54:47.0406 2148  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:54:47.0546 2148  ACPI - ok
11:54:47.0578 2148  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
11:54:47.0640 2148  ACPIEC - ok
11:54:47.0687 2148  [ 307F5E03B02A3022D664C36D1EA25F2C ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
11:54:47.0718 2148  ADIHdAudAddService - ok
11:54:47.0812 2148  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:54:47.0828 2148  AdobeFlashPlayerUpdateSvc - ok
11:54:47.0875 2148  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:54:47.0953 2148  adpu160m - ok
11:54:47.0968 2148  [ E4E13CE4C85C7E45A643BA54B8C8B16B ] adpu320         C:\WINDOWS\system32\drivers\adpu320.sys
11:54:48.0000 2148  adpu320 ( UnsignedFile.Multi.Generic ) - warning
11:54:48.0000 2148  adpu320 - detected UnsignedFile.Multi.Generic (1)
11:54:48.0031 2148  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
11:54:48.0109 2148  aec - ok
11:54:48.0156 2148  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
11:54:48.0187 2148  AFD - ok
11:54:48.0187 2148  Aha154x - ok
11:54:48.0203 2148  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:54:48.0265 2148  aic78u2 - ok
11:54:48.0265 2148  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:54:48.0328 2148  aic78xx - ok
11:54:48.0343 2148  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
11:54:48.0406 2148  Alerter - ok
11:54:48.0437 2148  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
11:54:48.0484 2148  ALG - ok
11:54:48.0484 2148  AliIde - ok
11:54:48.0484 2148  amsint - ok
11:54:48.0625 2148  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:54:48.0640 2148  Apple Mobile Device - ok
11:54:48.0671 2148  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
11:54:48.0703 2148  AppMgmt - ok
11:54:48.0703 2148  asc - ok
11:54:48.0703 2148  asc3350p - ok
11:54:48.0703 2148  asc3550 - ok
11:54:48.0781 2148  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:54:48.0812 2148  aspnet_state - ok
11:54:48.0812 2148  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:54:48.0890 2148  AsyncMac - ok
11:54:48.0921 2148  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
11:54:49.0000 2148  atapi - ok
11:54:49.0015 2148  Atdisk - ok
11:54:49.0015 2148  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:54:49.0093 2148  Atmarpc - ok
11:54:49.0109 2148  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
11:54:49.0203 2148  AudioSrv - ok
11:54:49.0234 2148  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
11:54:49.0312 2148  audstub - ok
11:54:49.0343 2148  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:54:49.0406 2148  Beep - ok
11:54:49.0453 2148  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
11:54:49.0515 2148  BITS - ok
11:54:49.0578 2148  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:54:49.0593 2148  Bonjour Service - ok
11:54:49.0640 2148  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
11:54:49.0640 2148  Browser - ok
11:54:49.0687 2148  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
11:54:49.0750 2148  cbidf2k - ok
11:54:49.0750 2148  cd20xrnt - ok
11:54:49.0781 2148  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
11:54:49.0843 2148  Cdaudio - ok
11:54:49.0890 2148  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
11:54:49.0953 2148  Cdfs - ok
11:54:50.0000 2148  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:54:50.0046 2148  Cdrom - ok
11:54:50.0078 2148  [ 84853B3FD012251690570E9E7E43343F ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
11:54:50.0109 2148  cercsr6 ( UnsignedFile.Multi.Generic ) - warning
11:54:50.0109 2148  cercsr6 - detected UnsignedFile.Multi.Generic (1)
11:54:50.0109 2148  Changer - ok
11:54:50.0140 2148  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
11:54:50.0203 2148  CiSvc - ok
11:54:50.0218 2148  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
11:54:50.0281 2148  ClipSrv - ok
11:54:50.0296 2148  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:54:50.0328 2148  clr_optimization_v2.0.50727_32 - ok
11:54:50.0328 2148  CmdIde - ok
11:54:50.0343 2148  COMSysApp - ok
11:54:50.0343 2148  Cpqarray - ok
11:54:50.0375 2148  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
11:54:50.0453 2148  CryptSvc - ok
11:54:50.0453 2148  dac2w2k - ok
11:54:50.0453 2148  dac960nt - ok
11:54:50.0500 2148  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:54:50.0546 2148  DcomLaunch - ok
11:54:50.0578 2148  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
11:54:50.0640 2148  Dhcp - ok
11:54:50.0687 2148  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
11:54:50.0750 2148  Disk - ok
11:54:50.0750 2148  dmadmin - ok
11:54:50.0796 2148  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
11:54:50.0890 2148  dmboot - ok
11:54:50.0906 2148  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
11:54:50.0968 2148  dmio - ok
11:54:50.0984 2148  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
11:54:51.0046 2148  dmload - ok
11:54:51.0078 2148  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
11:54:51.0156 2148  dmserver - ok
11:54:51.0187 2148  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
11:54:51.0265 2148  DMusic - ok
11:54:51.0281 2148  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:54:51.0296 2148  Dnscache - ok
11:54:51.0296 2148  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:54:51.0375 2148  Dot3svc - ok
11:54:51.0390 2148  [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
11:54:51.0468 2148  dot4 - ok
11:54:51.0484 2148  [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print       C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
11:54:51.0546 2148  Dot4Print - ok
11:54:51.0546 2148  [ 6EC3AF6BB5B30E488A0C559921F012E1 ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys
11:54:51.0609 2148  dot4usb - ok
11:54:51.0609 2148  dpti2o - ok
11:54:51.0656 2148  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:54:51.0718 2148  drmkaud - ok
11:54:51.0765 2148  [ DF9261EB1BCB4983DDDB765B3950FC97 ] e1kexpress      C:\WINDOWS\system32\DRIVERS\e1k5132.sys
11:54:51.0796 2148  e1kexpress - ok
11:54:51.0812 2148  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
11:54:51.0875 2148  EapHost - ok
11:54:51.0906 2148  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
11:54:51.0968 2148  ERSvc - ok
11:54:52.0015 2148  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
11:54:52.0046 2148  Eventlog - ok
11:54:52.0093 2148  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
11:54:52.0093 2148  EventSystem - ok
11:54:52.0156 2148  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
11:54:52.0250 2148  Fastfat - ok
11:54:52.0250 2148  [ B62BA9F5E991D64C28DD75121AA38C81 ] fasttx2k        C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
11:54:52.0312 2148  fasttx2k ( UnsignedFile.Multi.Generic ) - warning
11:54:52.0312 2148  fasttx2k - detected UnsignedFile.Multi.Generic (1)
11:54:52.0343 2148  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:54:52.0359 2148  FastUserSwitchingCompatibility - ok
11:54:52.0390 2148  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
11:54:52.0453 2148  Fdc - ok
11:54:52.0484 2148  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
11:54:52.0546 2148  Fips - ok
11:54:52.0593 2148  [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:54:52.0718 2148  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
11:54:52.0718 2148  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
11:54:52.0734 2148  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:54:52.0796 2148  Flpydisk - ok
11:54:52.0812 2148  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:54:52.0875 2148  FltMgr - ok
11:54:52.0921 2148  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:54:52.0921 2148  FontCache3.0.0.0 - ok
11:54:52.0953 2148  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:54:53.0031 2148  Fs_Rec - ok
11:54:53.0046 2148  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:54:53.0093 2148  Ftdisk - ok
11:54:53.0125 2148  [ 065639773D8B03F33577F6CDAEA21063 ] gameenum        C:\WINDOWS\system32\DRIVERS\gameenum.sys
11:54:53.0187 2148  gameenum - ok
11:54:53.0218 2148  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:54:53.0218 2148  GEARAspiWDM - ok
11:54:53.0218 2148  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:54:53.0312 2148  Gpc - ok
11:54:53.0390 2148  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
11:54:53.0406 2148  gupdate - ok
11:54:53.0406 2148  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
11:54:53.0406 2148  gupdatem - ok
11:54:53.0453 2148  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:54:53.0468 2148  gusvc - ok
11:54:53.0500 2148  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:54:53.0578 2148  HDAudBus - ok
11:54:53.0625 2148  [ 88A67C34E37186665E916FD347B50D19 ] HECI            C:\WINDOWS\system32\DRIVERS\HECI.sys
11:54:53.0640 2148  HECI - ok
11:54:53.0718 2148  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:54:53.0812 2148  helpsvc - ok
11:54:53.0828 2148  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
11:54:53.0875 2148  HidServ - ok
11:54:53.0906 2148  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:54:53.0968 2148  HidUsb - ok
11:54:54.0015 2148  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
11:54:54.0078 2148  hkmsvc - ok
11:54:54.0078 2148  hpn - ok
11:54:54.0125 2148  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
11:54:54.0125 2148  HTTP - ok
11:54:54.0156 2148  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
11:54:54.0218 2148  HTTPFilter - ok
11:54:54.0218 2148  i2omgmt - ok
11:54:54.0218 2148  i2omp - ok
11:54:54.0250 2148  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:54:54.0328 2148  i8042prt - ok
11:54:54.0468 2148  [ A01BB8DA8D73BCA83702A4CF1CD56DCE ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:54:54.0703 2148  ialm - ok
11:54:54.0734 2148  [ 71ECC07BC7C5E24C3DD01D8A29A24054 ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
11:54:54.0750 2148  iaStor - ok
11:54:54.0796 2148  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:54:54.0843 2148  idsvc - ok
11:54:54.0859 2148  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
11:54:54.0953 2148  Imapi - ok
11:54:54.0984 2148  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
11:54:55.0062 2148  ImapiService - ok
11:54:55.0062 2148  ini910u - ok
11:54:55.0109 2148  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
11:54:55.0187 2148  IntelIde - ok
11:54:55.0234 2148  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:54:55.0296 2148  intelppm - ok
11:54:55.0296 2148  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:54:55.0375 2148  Ip6Fw - ok
11:54:55.0390 2148  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:54:55.0468 2148  IpFilterDriver - ok
11:54:55.0468 2148  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:54:55.0531 2148  IpInIp - ok
11:54:55.0546 2148  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:54:55.0640 2148  IpNat - ok
11:54:55.0687 2148  [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
11:54:55.0703 2148  iPod Service - ok
11:54:55.0750 2148  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:54:55.0812 2148  IPSec - ok
11:54:55.0843 2148  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
11:54:55.0875 2148  IRENUM - ok
11:54:55.0906 2148  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:54:56.0000 2148  isapnp - ok
11:54:56.0031 2148  [ 5472D771C0197355C1D347F20392B982 ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
11:54:56.0046 2148  JavaQuickStarterService - ok
11:54:56.0093 2148  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:54:56.0171 2148  Kbdclass - ok
11:54:56.0203 2148  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:54:56.0265 2148  kbdhid - ok
11:54:56.0296 2148  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
11:54:56.0390 2148  kmixer - ok
11:54:56.0406 2148  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
11:54:56.0406 2148  KSecDD - ok
11:54:56.0437 2148  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
11:54:56.0453 2148  LanmanServer - ok
11:54:56.0453 2148  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:54:56.0468 2148  lanmanworkstation - ok
11:54:56.0468 2148  lbrtfdc - ok
11:54:56.0515 2148  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
11:54:56.0578 2148  LmHosts - ok
11:54:56.0609 2148  [ 0DCC83896660268ED3A0325EC353F650 ] LMS             C:\Program Files\Intel\AMT\LMS.exe
11:54:56.0625 2148  LMS - ok
11:54:56.0625 2148  [ 62FA55518F5164A982AAC2D165AB1F13 ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
11:54:56.0703 2148  megasas ( UnsignedFile.Multi.Generic ) - warning
11:54:56.0703 2148  megasas - detected UnsignedFile.Multi.Generic (1)
11:54:56.0734 2148  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
11:54:56.0812 2148  Messenger - ok
11:54:56.0921 2148  MFE_RR - ok
11:54:56.0921 2148  MioNet - ok
11:54:56.0953 2148  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
11:54:57.0015 2148  mnmdd - ok
11:54:57.0046 2148  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
11:54:57.0109 2148  mnmsrvc - ok
11:54:57.0125 2148  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
11:54:57.0203 2148  Modem - ok
11:54:57.0234 2148  [ F3C2E6441348A7FC20F21FE2F5EB28E6 ] MOM             C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
11:54:57.0265 2148  MOM ( UnsignedFile.Multi.Generic ) - warning
11:54:57.0265 2148  MOM - detected UnsignedFile.Multi.Generic (1)
11:54:57.0296 2148  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:54:57.0359 2148  Mouclass - ok
11:54:57.0375 2148  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:54:57.0468 2148  mouhid - ok
11:54:57.0484 2148  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
11:54:57.0562 2148  MountMgr - ok
11:54:57.0593 2148  [ 24406D75B40F0F6B3C1AC7031D734565 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:54:57.0609 2148  MpFilter - ok
11:54:57.0734 2148  [ A69630D039C38018689190234F866D77 ] MpKsl7807c8ad   c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{193E65D6-C63A-4202-9C81-B7824F01006F}\MpKsl7807c8ad.sys
11:54:57.0734 2148  MpKsl7807c8ad - ok
11:54:57.0734 2148  mraid35x - ok
11:54:57.0750 2148  [ E3F17E1EA5256709D4E97EF0DA04B3C9 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:54:57.0765 2148  MRxDAV - ok
11:54:57.0812 2148  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:54:57.0843 2148  MRxSmb - ok
11:54:57.0875 2148  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
11:54:57.0937 2148  MSDTC - ok
11:54:57.0937 2148  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:54:58.0015 2148  Msfs - ok
11:54:58.0015 2148  MSIServer - ok
11:54:58.0031 2148  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:54:58.0093 2148  MSKSSRV - ok
11:54:58.0140 2148  [ 3EA6A1A744D79328AE7E2C6FAE4C4420 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
11:54:58.0156 2148  MsMpSvc - ok
11:54:58.0171 2148  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:54:58.0234 2148  MSPCLOCK - ok
11:54:58.0250 2148  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:54:58.0328 2148  MSPQM - ok
11:54:58.0359 2148  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:54:58.0437 2148  mssmbios - ok
11:54:58.0453 2148  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
11:54:58.0468 2148  Mup - ok
11:54:58.0484 2148  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
11:54:58.0562 2148  napagent - ok
11:54:58.0593 2148  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
11:54:58.0656 2148  NDIS - ok
11:54:58.0703 2148  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:54:58.0718 2148  NdisTapi - ok
11:54:58.0765 2148  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:54:58.0843 2148  Ndisuio - ok
11:54:58.0843 2148  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:54:58.0921 2148  NdisWan - ok
11:54:58.0953 2148  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:54:58.0968 2148  NDProxy - ok
11:54:58.0968 2148  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:54:59.0031 2148  NetBIOS - ok
11:54:59.0046 2148  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:54:59.0125 2148  NetBT - ok
11:54:59.0140 2148  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
11:54:59.0218 2148  NetDDE - ok
11:54:59.0234 2148  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
11:54:59.0281 2148  NetDDEdsdm - ok
11:54:59.0312 2148  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:54:59.0406 2148  Netlogon - ok
11:54:59.0437 2148  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
11:54:59.0515 2148  Netman - ok
11:54:59.0531 2148  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:54:59.0546 2148  NetTcpPortSharing - ok
11:54:59.0578 2148  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
11:54:59.0593 2148  Nla - ok
11:54:59.0625 2148  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:54:59.0687 2148  Npfs - ok
11:54:59.0734 2148  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:54:59.0796 2148  Ntfs - ok
11:54:59.0796 2148  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
11:54:59.0859 2148  NtLmSsp - ok
11:54:59.0875 2148  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
11:54:59.0953 2148  NtmsSvc - ok
11:54:59.0968 2148  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:55:00.0046 2148  Null - ok
11:55:00.0062 2148  [ 6B37162E91A7005BAA753CB611ACEA2D ] nvatabus        C:\WINDOWS\system32\drivers\nvatabus.sys
11:55:00.0109 2148  nvatabus ( UnsignedFile.Multi.Generic ) - warning
11:55:00.0109 2148  nvatabus - detected UnsignedFile.Multi.Generic (1)
11:55:00.0109 2148  [ 3F98F15FCA7420396BD2B1AA205C7247 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
11:55:00.0171 2148  nvraid ( UnsignedFile.Multi.Generic ) - warning
11:55:00.0171 2148  nvraid - detected UnsignedFile.Multi.Generic (1)
11:55:00.0187 2148  NvtSp50 - ok
11:55:00.0203 2148  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:55:00.0265 2148  NwlnkFlt - ok
11:55:00.0281 2148  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:55:00.0343 2148  NwlnkFwd - ok
11:55:00.0468 2148  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:55:00.0484 2148  odserv - ok
11:55:00.0484 2148  omci - ok
11:55:00.0515 2148  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:55:00.0515 2148  ose - ok
11:55:00.0546 2148  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
11:55:00.0625 2148  Parport - ok
11:55:00.0640 2148  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
11:55:00.0687 2148  PartMgr - ok
11:55:00.0718 2148  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
11:55:00.0781 2148  ParVdm - ok
11:55:00.0781 2148  PBADRV - ok
11:55:00.0796 2148  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
11:55:00.0859 2148  PCI - ok
11:55:00.0859 2148  PCIDump - ok
11:55:00.0859 2148  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
11:55:00.0921 2148  PCIIde - ok
11:55:00.0953 2148  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
11:55:01.0015 2148  Pcmcia - ok
11:55:01.0015 2148  PDCOMP - ok
11:55:01.0015 2148  PDFRAME - ok
11:55:01.0015 2148  PDRELI - ok
11:55:01.0015 2148  PDRFRAME - ok
11:55:01.0031 2148  perc2 - ok
11:55:01.0031 2148  perc2hib - ok
11:55:01.0062 2148  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
11:55:01.0062 2148  PlugPlay - ok
11:55:01.0078 2148  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
11:55:01.0125 2148  PolicyAgent - ok
11:55:01.0140 2148  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:55:01.0203 2148  PptpMiniport - ok
11:55:01.0203 2148  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:55:01.0265 2148  ProtectedStorage - ok
11:55:01.0265 2148  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
11:55:01.0328 2148  PSched - ok
11:55:01.0328 2148  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:55:01.0390 2148  Ptilink - ok
11:55:01.0390 2148  ql1080 - ok
11:55:01.0390 2148  Ql10wnt - ok
11:55:01.0406 2148  ql12160 - ok
11:55:01.0406 2148  ql1240 - ok
11:55:01.0406 2148  ql1280 - ok
11:55:01.0421 2148  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:55:01.0484 2148  RasAcd - ok
11:55:01.0515 2148  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:55:01.0578 2148  RasAuto - ok
11:55:01.0609 2148  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:55:01.0656 2148  Rasl2tp - ok
11:55:01.0671 2148  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:55:01.0765 2148  RasMan - ok
11:55:01.0765 2148  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:55:01.0828 2148  RasPppoe - ok
11:55:01.0828 2148  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
11:55:01.0890 2148  Raspti - ok
11:55:01.0921 2148  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:55:02.0000 2148  Rdbss - ok
11:55:02.0031 2148  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:55:02.0093 2148  RDPCDD - ok
11:55:02.0109 2148  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:55:02.0171 2148  rdpdr - ok
11:55:02.0203 2148  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
11:55:02.0218 2148  RDPWD - ok
11:55:02.0234 2148  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
11:55:02.0296 2148  RDSessMgr - ok
11:55:02.0359 2148  [ B2D01290C0E0465ACA54C2088E947823 ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
11:55:02.0375 2148  RealNetworks Downloader Resolver Service - ok
11:55:02.0375 2148  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
11:55:02.0437 2148  redbook - ok
11:55:02.0468 2148  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:55:02.0546 2148  RemoteAccess - ok
11:55:02.0578 2148  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
11:55:02.0656 2148  RemoteRegistry - ok
11:55:02.0687 2148  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:55:02.0750 2148  RpcLocator - ok
11:55:02.0781 2148  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\system32\rpcss.dll
11:55:02.0796 2148  RpcSs - ok
11:55:02.0828 2148  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
11:55:02.0890 2148  RSVP - ok
11:55:02.0906 2148  [ 4294FDF954125CE9E39E68F826415C29 ] s3legacy        C:\WINDOWS\system32\DRIVERS\s3legacy.sys
11:55:02.0968 2148  s3legacy - ok
11:55:02.0984 2148  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:55:03.0046 2148  SamSs - ok
11:55:03.0281 2148  SASDIFSV - ok
11:55:03.0296 2148  SASKUTIL - ok
11:55:03.0390 2148  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
11:55:03.0468 2148  SCardSvr - ok
11:55:03.0500 2148  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:55:03.0593 2148  Schedule - ok
11:55:03.0718 2148  [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
11:55:03.0734 2148  SeaPort - ok
11:55:03.0765 2148  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:55:03.0796 2148  Secdrv - ok
11:55:03.0828 2148  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
11:55:03.0890 2148  seclogon - ok
11:55:03.0890 2148  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
11:55:03.0968 2148  SENS - ok
11:55:04.0015 2148  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
11:55:04.0062 2148  serenum - ok
11:55:04.0078 2148  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
11:55:04.0140 2148  Serial - ok
11:55:04.0187 2148  [ B6401608579B6431994425BA7653F774 ] SFAUDIO         C:\WINDOWS\system32\drivers\sfaudio.sys
11:55:04.0187 2148  SFAUDIO - ok
11:55:04.0203 2148  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
11:55:04.0281 2148  Sfloppy - ok
11:55:04.0359 2148  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:55:04.0421 2148  SharedAccess - ok
11:55:04.0453 2148  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:55:04.0468 2148  ShellHWDetection - ok
11:55:04.0468 2148  Simbad - ok
11:55:04.0500 2148  [ E0A3AA486C4F4D896BBB0FFEAC294B54 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
11:55:04.0531 2148  SiSRaid4 ( UnsignedFile.Multi.Generic ) - warning
11:55:04.0531 2148  SiSRaid4 - detected UnsignedFile.Multi.Generic (1)
11:55:04.0531 2148  Sparrow - ok
11:55:04.0578 2148  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
11:55:04.0656 2148  splitter - ok
11:55:04.0687 2148  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
11:55:04.0687 2148  Spooler - ok
11:55:04.0734 2148  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
11:55:04.0765 2148  sr - ok
11:55:04.0796 2148  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
11:55:04.0812 2148  srservice - ok
11:55:04.0843 2148  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:55:04.0906 2148  Srv - ok
11:55:04.0937 2148  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:55:04.0968 2148  SSDPSRV - ok
11:55:05.0000 2148  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
11:55:05.0062 2148  stisvc - ok
11:55:05.0109 2148  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
11:55:05.0187 2148  swenum - ok
11:55:05.0218 2148  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
11:55:05.0296 2148  swmidi - ok
11:55:05.0312 2148  SwPrv - ok
11:55:05.0312 2148  symc810 - ok
11:55:05.0312 2148  symc8xx - ok
11:55:05.0359 2148  [ A42F863305943869BA00A613C8EE8C7E ] Symmpi          C:\WINDOWS\system32\drivers\symmpi.sys
11:55:05.0406 2148  Symmpi ( UnsignedFile.Multi.Generic ) - warning
11:55:05.0406 2148  Symmpi - detected UnsignedFile.Multi.Generic (1)
11:55:05.0406 2148  sym_hi - ok
11:55:05.0421 2148  sym_u3 - ok
11:55:05.0453 2148  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
11:55:05.0515 2148  sysaudio - ok
11:55:05.0546 2148  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
11:55:05.0609 2148  SysmonLog - ok
11:55:05.0640 2148  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:55:05.0703 2148  TapiSrv - ok
11:55:05.0750 2148  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:55:05.0765 2148  Tcpip - ok
11:55:05.0812 2148  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
11:55:05.0875 2148  TDPIPE - ok
11:55:05.0890 2148  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
11:55:05.0953 2148  TDTCP - ok
11:55:06.0109 2148  [ 57DDE1395F86EE048AB25717EEB8CAEB ] TeamViewer8     C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
11:55:06.0218 2148  TeamViewer8 - ok
11:55:06.0250 2148  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
11:55:06.0328 2148  TermDD - ok
11:55:06.0390 2148  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
11:55:06.0468 2148  TermService - ok
11:55:06.0500 2148  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
11:55:06.0500 2148  Themes - ok
11:55:06.0546 2148  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
11:55:06.0578 2148  TlntSvr - ok
11:55:06.0578 2148  TosIde - ok
11:55:06.0593 2148  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
11:55:06.0687 2148  TrkWks - ok
11:55:06.0703 2148  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
11:55:06.0765 2148  Udfs - ok
11:55:06.0765 2148  ultra - ok
11:55:06.0875 2148  [ 7436D141AF626E76D40E5924550AF378 ] UNS             C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
11:55:06.0968 2148  UNS - ok
11:55:07.0015 2148  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
11:55:07.0078 2148  Update - ok
11:55:07.0125 2148  [ 3F9A3232E5F942874488981F3242C989 ] UPHClean        C:\Program Files\UPHClean\uphclean.exe
11:55:07.0156 2148  UPHClean ( UnsignedFile.Multi.Generic ) - warning
11:55:07.0156 2148  UPHClean - detected UnsignedFile.Multi.Generic (1)
11:55:07.0171 2148  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:55:07.0203 2148  upnphost - ok
11:55:07.0203 2148  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
11:55:07.0265 2148  UPS - ok
11:55:07.0328 2148  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
11:55:07.0343 2148  USBAAPL - ok
11:55:07.0406 2148  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:55:07.0484 2148  usbccgp - ok
11:55:07.0515 2148  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:55:07.0593 2148  usbehci - ok
11:55:07.0625 2148  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:55:07.0687 2148  usbhub - ok
11:55:07.0718 2148  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:55:07.0781 2148  usbprint - ok
11:55:07.0828 2148  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:55:07.0906 2148  usbscan - ok
11:55:07.0921 2148  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:55:07.0984 2148  USBSTOR - ok
11:55:08.0000 2148  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:55:08.0078 2148  usbuhci - ok
11:55:08.0109 2148  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
11:55:08.0171 2148  VgaSave - ok
11:55:08.0171 2148  ViaIde - ok
11:55:08.0218 2148  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
11:55:08.0281 2148  VolSnap - ok
11:55:08.0312 2148  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
11:55:08.0359 2148  VSS - ok
11:55:08.0406 2148  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
11:55:08.0468 2148  W32Time - ok
11:55:08.0468 2148  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:55:08.0531 2148  Wanarp - ok
11:55:08.0531 2148  WDICA - ok
11:55:08.0546 2148  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
11:55:08.0609 2148  wdmaud - ok
11:55:08.0625 2148  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:55:08.0703 2148  WebClient - ok
11:55:08.0796 2148  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:55:08.0875 2148  winmgmt - ok
11:55:08.0906 2148  [ 18F347402DA544A780949B8FDF83351B ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
11:55:08.0953 2148  WinRM - ok
11:55:09.0046 2148  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:55:09.0140 2148  wlidsvc - ok
11:55:09.0156 2148  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
11:55:09.0218 2148  WmdmPmSN - ok
11:55:09.0250 2148  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
11:55:09.0312 2148  Wmi - ok
11:55:09.0343 2148  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:55:09.0406 2148  WmiAcpi - ok
11:55:09.0421 2148  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:55:09.0500 2148  WmiApSrv - ok
11:55:09.0546 2148  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
11:55:09.0625 2148  wscsvc - ok
11:55:09.0656 2148  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
11:55:09.0718 2148  wuauserv - ok
11:55:09.0734 2148  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
11:55:09.0812 2148  WZCSVC - ok
11:55:09.0828 2148  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
11:55:09.0890 2148  xmlprov - ok
11:55:09.0968 2148  [ 881B9164AA223AE22B5D35A6EE454094 ] XobniService    C:\Program Files\Xobni\XobniService.exe
11:55:09.0968 2148  XobniService ( UnsignedFile.Multi.Generic ) - warning
11:55:09.0968 2148  XobniService - detected UnsignedFile.Multi.Generic (1)
11:55:09.0968 2148  ================ Scan global ===============================
11:55:10.0015 2148  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:55:10.0062 2148  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
11:55:10.0078 2148  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
11:55:10.0140 2148  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:55:10.0140 2148  [Global] - ok
11:55:10.0140 2148  ================ Scan MBR ==================================
11:55:10.0171 2148  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
11:55:10.0468 2148  \Device\Harddisk0\DR0 - ok
11:55:10.0468 2148  ================ Scan VBR ==================================
11:55:10.0468 2148  [ 9007000B8DC10A61440C1F4EDD01CA5B ] \Device\Harddisk0\DR0\Partition1
11:55:10.0468 2148  \Device\Harddisk0\DR0\Partition1 - ok
11:55:10.0468 2148  ============================================================
11:55:10.0468 2148  Scan finished
11:55:10.0468 2148  ============================================================
11:55:10.0578 1404  Detected object count: 15
11:55:10.0578 1404  Actual detected object count: 15
11:57:05.0109 1404  a320raid ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:05.0109 1404  a320raid ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:57:05.0109 1404  aac ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:05.0109 1404  aac ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:57:05.0109 1404  aarich ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:05.0109 1404  aarich ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:57:05.0109 1404  adpu320 ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:05.0109 1404  adpu320 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:57:05.0109 1404  cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:05.0109 1404  cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:57:05.0109 1404  fasttx2k ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:05.0109 1404  fasttx2k ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:57:05.0109 1404  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:05.0109 1404  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:57:05.0109 1404  megasas ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:05.0109 1404  megasas ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:57:05.0109 1404  MOM ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:05.0109 1404  MOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:57:05.0109 1404  nvatabus ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:05.0109 1404  nvatabus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:57:05.0109 1404  nvraid ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:05.0109 1404  nvraid ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:57:05.0109 1404  SiSRaid4 ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:05.0109 1404  SiSRaid4 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:57:05.0140 1404  Symmpi ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:05.0140 1404  Symmpi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:57:05.0140 1404  UPHClean ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:05.0140 1404  UPHClean ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:57:05.0140 1404  XobniService ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:05.0140 1404  XobniService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:57:09.0671 2804  Deinitialize success
 
 
# AdwCleaner v2.306 - Logfile created 08/04/2013 at 11:59:56
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : alc - DBXHMLL1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\alc\Desktop\AdwCleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Found : C:\Documents and Settings\All Users\Application Data\Ask
Folder Found : C:\Documents and Settings\Chandra\Application Data\Qwiklinx
Folder Found : C:\Program Files\Qwiklinx
 
***** [Registry] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\QwiklinxBHO
Key Found : HKLM\SOFTWARE\Classes\QwiklinxBHO.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{204C0025-C26A-43E2-853C-D8A8EB1BCE51}
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Found : HKLM\Software\PIP
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v6.0.2900.5512
 
[OK] Registry is clean.
 
-\\ Google Chrome v28.0.1500.95
 
File : C:\Documents and Settings\Chandra\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Documents and Settings\alc\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [2615 octets] - [04/08/2013 11:59:56]
 
########## EOF - C:\AdwCleaner[R1].txt - [2675 octets] ##########
 
Farbar Service Scanner Version: 26-07-2013
Ran by alc (administrator) on 04-08-2013 at 12:03:14
Running from "C:\Documents and Settings\alc\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".
 
sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".
 
 
System Restore Disabled Policy: 
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
 
Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.
 
**** End of log ****

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by alc (administrator) on 04-08-2013 at 12:06:40
Running from "C:\Documents and Settings\alc\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Intel® 82567LM-3 Gigabit Network Connection = Local Area Connection (Connected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : DBXHMLL1
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Hybrid
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
        DNS Suffix Search List. . . . . . : ALC-PVP.local
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Connection-specific DNS Suffix  . : ALC-PVP.local
 
        Description . . . . . . . . . . . : Intel® 82567LM-3 Gigabit Network Connection
 
        Physical Address. . . . . . . . . : 00-25-64-A0-80-9B
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.16.106
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.16.2
 
        DHCP Server . . . . . . . . . . . : 192.168.16.2
 
        DNS Servers . . . . . . . . . . . : 192.168.16.2
 
        Primary WINS Server . . . . . . . : 192.168.16.2
 
        Lease Obtained. . . . . . . . . . : Sunday, August 04, 2013 11:41:18 AM
 
        Lease Expires . . . . . . . . . . : Monday, August 12, 2013 11:41:18 AM
 
Server:  d865alc.alc-pvp.local
Address:  192.168.16.2
 
Name:    google.com
Addresses:  74.125.227.72, 74.125.227.70, 74.125.227.71, 74.125.227.69
 74.125.227.65, 74.125.227.66, 74.125.227.73, 74.125.227.68, 74.125.227.78
 74.125.227.67, 74.125.227.64
 
 
 
Pinging google.com [74.125.227.72] with 32 bytes of data:
 
 
 
Reply from 74.125.227.72: bytes=32 time=25ms TTL=51
 
Reply from 74.125.227.72: bytes=32 time=24ms TTL=51
 
 
 
Ping statistics for 74.125.227.72:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 24ms, Maximum = 25ms, Average = 24ms
 
Server:  d865alc.alc-pvp.local
Address:  192.168.16.2
 
Name:    yahoo.com
Addresses:  206.190.36.45, 98.139.183.24, 98.138.253.109
 
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
 
 
 
Reply from 206.190.36.45: bytes=32 time=116ms TTL=46
 
Reply from 206.190.36.45: bytes=32 time=102ms TTL=46
 
 
 
Ping statistics for 206.190.36.45:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 102ms, Maximum = 116ms, Average = 109ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 25 64 a0 80 9b ...... Intel® 82567LM-3 Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.16.2  192.168.16.106  20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      169.254.0.0      255.255.0.0   192.168.16.106  192.168.16.106  20
     192.168.16.0    255.255.255.0   192.168.16.106  192.168.16.106  20
   192.168.16.106  255.255.255.255        127.0.0.1       127.0.0.1  20
   192.168.16.255  255.255.255.255   192.168.16.106  192.168.16.106  20
        224.0.0.0        240.0.0.0   192.168.16.106  192.168.16.106  20
  255.255.255.255  255.255.255.255   192.168.16.106  192.168.16.106  1
Default Gateway:      192.168.16.2
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (08/04/2013 11:43:05 AM) (Source: Microsoft Operations Manager) (User: NT AUTHORITY)
Description: The agent could not connect to the MOM Server hou-fcs-01.transwestern.net.  The error reported is 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.'.  Verify the management group name is correct, the MOM Server
is running, that it is listening on port 1270, and that any firewalls between this agent and the MOM
server are configured to pass TCP and UDP traffic on port 1270.
 
Error: (08/04/2013 11:41:28 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/04/2013 11:41:28 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/04/2013 11:41:28 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service Manager returned a fatal error (0x80004002). Will stop service
 
Error: (08/04/2013 11:41:21 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/04/2013 11:41:21 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/04/2013 03:24:07 AM) (Source: Microsoft Operations Manager) (User: NT AUTHORITY)
Description: The agent could not connect to the MOM Server hou-fcs-01.transwestern.net.  The error reported is 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.'.  Verify the management group name is correct, the MOM Server
is running, that it is listening on port 1270, and that any firewalls between this agent and the MOM
server are configured to pass TCP and UDP traffic on port 1270.
 
Error: (08/04/2013 03:22:37 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/04/2013 03:22:37 AM) (Source: Userenv) (User: NT AUTHORITY)
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
 
Error: (08/04/2013 03:22:32 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service Manager returned a fatal error (0x80004002). Will stop service
 
 
System errors:
=============
Error: (08/04/2013 11:42:00 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
PBADRV
SASDIFSV
SASKUTIL
 
Error: (08/04/2013 11:41:25 AM) (Source: Service Control Manager) (User: )
Description: The MioNet Service service failed to start due to the following error: 
%%3
 
Error: (08/04/2013 03:23:03 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
PBADRV
SASDIFSV
SASKUTIL
 
Error: (08/04/2013 03:22:27 AM) (Source: Service Control Manager) (User: )
Description: The MioNet Service service failed to start due to the following error: 
%%3
 
Error: (08/04/2013 03:13:51 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
PBADRV
SASDIFSV
SASKUTIL
 
Error: (08/04/2013 03:13:15 AM) (Source: Service Control Manager) (User: )
Description: The MioNet Service service failed to start due to the following error: 
%%3
 
Error: (08/04/2013 03:12:12 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (08/04/2013 03:11:59 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (08/04/2013 03:06:47 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
PBADRV
SASDIFSV
SASKUTIL
 
Error: (08/04/2013 03:06:13 AM) (Source: Service Control Manager) (User: )
Description: The MioNet Service service failed to start due to the following error: 
%%3
 
 
Microsoft Office Sessions:
=========================
Error: (07/29/2013 08:05:30 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 258756 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error: (03/27/2013 02:45:55 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23696 seconds with 5040 seconds of active time.  This session ended with a crash.
 
Error: (01/10/2013 03:14:33 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 160 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error: (09/14/2012 07:28:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (07/23/2012 08:54:15 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 664 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error: (05/31/2012 11:51:03 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 11766 seconds with 2520 seconds of active time.  This session ended with a crash.
 
Error: (12/06/2011 01:19:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 13495 seconds with 3300 seconds of active time.  This session ended with a crash.
 
Error: (11/11/2011 10:26:50 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2930 seconds with 1200 seconds of active time.  This session ended with a crash.
 
Error: (10/11/2011 05:13:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 29872 seconds with 10980 seconds of active time.  This session ended with a crash.
 
Error: (08/22/2011 08:42:58 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 233 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
=========================== Installed Programs ============================
 
Adobe Acrobat  9 Standard (Version: 9.2.0)
Adobe Acrobat 9.2.0 - CPSID_50026
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
BioAPI Framework (Version: 1.0.1)
Bonjour (Version: 3.0.0.10)
Citrix online plug-in (SSON) (Version: 12.1.44.1)
Citrix online plug-in (Version: 12.1.44.1)
Citrix online plug-in (Web) (Version: 12.1.44.1)
FTP Utility (Version: 1.00.0000)
Google Chrome (Version: 28.0.1500.95)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.153)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HijackThis 2.0.2 (Version: 2.0.2)
Intel® Graphics Media Accelerator Driver
Intel® Active Management Technology
IPTInstaller (Version: 4.0.4)
iTunes (Version: 11.0.4.4)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 4 (Version: 7.0.40)
JavaFX 2.1.0 (Version: 2.1.0)
KONICA MINOLTA C364Series(PS_PCL_FAX)
KONICA MINOLTA PageScope Box Operator 3.1.05000 (Version: 3.1.05000)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Conferencing Add-in for Microsoft Office Outlook (Version: 8.0.6362.201)
Microsoft Default Manager (Version: 2.1.54.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Communicator 2007 (Version: 2.0.6362.0)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.201)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Operations Manager 2005 Agent (Version: 5.0.2911.0)
Microsoft Search Enhancement Pack (Version: 3.0.126.0)
Microsoft Security Client (Version: 4.3.0216.0)
Microsoft Security Essentials (Version: 4.3.216.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.363)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
MSN (Version: 10.20.0611.0)
MSN Toolbar (Version: 4.0.0379.0)
MSN Toolbar Platform (Version: 4.0.0379.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Picasa 3 (Version: 3.8)
PowerDVD (Version: 7.0)
Qwiklinx (Version: 1.6.0.1758)
RealDownloader (Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.2)
RealUpgrade 1.1 (Version: 1.1.0)
Symantec Enterprise Vault HTTP-only Outlook Add-In (Version: 8.0.9885)
TeamViewer 8 (Version: 8.0.19045)
Tracking The Eye.NET (Version: 8.5.741)
Uninstall Helper (Version: 2.0.1.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2264107) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2813347-v2) (Version: 2)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
UPEK TouchChip Fingerprint Reader (Version: 1.1.0)
User Profile Hive Cleanup Service (Version: 1.6.30)
Visual C++ 8.0 ATL (x86) WinSXS MSM (Version: 8.0.50727.762)
Visual C++ 8.0 CRT (x86) WinSXS MSM (Version: 8.0.50727.762)
WebFldrs XP (Version: 9.50.7523)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Management Framework Core
Xobni
Xobni Core (Version: 1.0.0)
XPWMUninstall (Version: 6.0.807)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 28%
Total physical RAM: 1979.54 MB
Available physical RAM: 1423.26 MB
Total Pagefile: 3870.71 MB
Available Pagefile: 3506.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.9 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:148.84 GB) (Free:129.28 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DBXHMLL1
 
Administrator            alc                      Chandra                  
Guest                    HelpAssistant            SUPPORT_388945a0         
 
========================= Minidump Files ==================================
 
C:\WINDOWS\Minidump\Mini080213-01.dmp
========================= Restore Points ==================================
 
 
**** End of log ****
 

 

 



#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:40 PM

Posted 04 August 2013 - 02:52 PM

Hi

Please do the following next:

:step1:

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam-download.php to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.


If requested by MBAM, restart the computer.

The log can also be found here:
C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt


:step2:

I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
       icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


:step3:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.



:step4:

How is the computer running now?


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 A Selene

A Selene
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 PM

Posted 04 August 2013 - 03:31 PM

Still Cannot Install Malwarebytes.
Message from Setup:

'CoCreateInstance failed; code 0x80040154
Class not registered.'

This occurs 4 or 5 times.

Followed by:

"Run-time error '372':

Failed to load control 'WebBrowser' from ieframe.dll. Your version of ieframe.dll may be
outdated. Make sure you are using the version of the control that was provided with your
application."

This happens three (3) times.

Let me emphasize that I had un-installed IE8 and what's installed now is IE6.
I have downloaded IE8 and am prepared to re-install it if you say so. That's
what was originally installed.

Query: Was I supposed to allow the tools in your previous response to make changes?
Where I was given the option, I declined since I didn't see you wanting me to
do that.

Respectfully,
A Selene

#6 A Selene

A Selene
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 PM

Posted 04 August 2013 - 04:15 PM

I ran mbam-clean.exe to REALLY uninstall Malware bytes, then re-ran the install.
I get the same results.
The first error seems to occur when the installer is trying to create shortcuts.
The second error seems to occur for each launch attempted by the program.
The StartMenu folders get created but no shortcuts.

When I navigate from command line to program folder and run mbam, I get the 372 error.

A Selene

#7 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:40 PM

Posted 04 August 2013 - 04:27 PM

Hi
 
:step1:
 
Please try uninstalling MBAM via RevoUninstaller:

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    MalwareBytes' AntiMalware
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

Do not restart the computer after it has been uninstalled.
 

:step2:
 
Then Install MBAM, and run the tools again (MBAM / ESET / AdwCleaner), and allow them to make changes if applicable


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#8 A Selene

A Selene
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 PM

Posted 04 August 2013 - 05:03 PM

Hi,

I think I did what you instructed but the MBAM installer found the two left-over folders and contents and refused to go any further until the system was re-booted.
So, I did that and re-started the MBAM installation.
I got the same results.
I even tried the MBAM Chamelion thing and that fails with the 372 error.

OK, I don't know what I'm talking about here but is it possible some .DLL needed by MBAM is not registered? Like "IEFRAME.DLL"? Also, some other support is needed to create the shortcuts. It's interesting to me that the installer creates the application folders and loads the files but cannot create the shortcuts for the start menu and that even if launched from the product folder via command line, the 372 error (IEFRAME.DLL) happens.

I've not tried to simply skip MBAM and move on to the next thing.

It seems Windows will NOT launch a program from a shortcut.

Respectfully,
A Selene

#9 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:40 PM

Posted 05 August 2013 - 06:03 AM

Hi

 

I ran mbam-clean.exe to REALLY uninstall Malware bytes, then re-ran the install.

Did you restart the computer before you did the reinstall here?


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#10 A Selene

A Selene
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 PM

Posted 05 August 2013 - 09:12 AM

I honestly don't remember.  I can try that though.

 

I've found that I cannot re-install IE8 and I cannot install IE7.

They start off and proceed to "Downloading updates" and hang "forever".

And if I option the install to skip updates, they're non-functional.

Only IE6 will work.

 

Windows Updates are blocked somehow.

Basic functions aren't there.

I can launch an app if I open Windows Explorer, navigate to the actual .EXE file, and double-click on it.

But shortcuts will not work.

 

I'm starting to think this thing is beyond help.

 

Respectfully,

 

A Selene



#11 A Selene

A Selene
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 PM

Posted 05 August 2013 - 09:21 AM

Dev,

 

I tried the reboot (MBAM-CLEAN insists on it anyway) but to no avail.

Something is blocking IEFRAME.DLL.

I haven't been able to register it either.

 

I'm grateful for the help but I'm afraid this thing is too far gone.

 

Respectfully,

 

A Selene



#12 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:40 PM

Posted 05 August 2013 - 01:01 PM

Lets skip over MBAM for now. Please run ESET and AdwCleaner delete as per my earlier post.


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#13 A Selene

A Selene
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 PM

Posted 05 August 2013 - 05:59 PM

Tried that but no help.  I had to give up on the machine and will re-format, hoping that expunges the evil.

It's one thing to remove the infectors, and quite another to undo all the damage they did.

 

I'm grateful for your guidance and sorry it didn't work out.  The machine was clearly too far gone.

 

Respectfully,

 

A Selene



#14 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:40 PM

Posted 06 August 2013 - 11:17 AM

Ok thanks for letting us know :)


Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users