Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

right click in file window causes the hourglass cursor/hangs


  • Please log in to reply
11 replies to this topic

#1 jamby

jamby

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 26 October 2013 - 08:19 AM

HI

 

   My wife's dell 390 precision, w/ raid 1, XP SP3 has been acting up for the last week.  I was called in yesterday.  It wouldn't boot at first but on later tries it did.  Once the desktop appears moving the cursor into the task bar will display a hourglass.  This will continue for more then 10 minutes before you can use the Start Button.  After the 10 mins. right clicking on the Start Button will cause the cursor to change to a hourglass and nothing will happen for 3 min +.  However if you double click the "My Computer" icon a file window will open after some delay and then the hourglass will be removed. During these spurts and stops the desktop will flash,  all icons will be lost for a few seconds and often the "desktop recovery message" will appear and the wall paper image is gone.

 

  After booting a file window was opened displaying the C:\Documents and Settings\username\Application Data\AVG  with a single file awl2012 showing.  When Thunderbird is started most of the email accounts are missing.  Also any of the files in the C:\Docs and Setting\username\Application Data\Thunderbird that I try to right click/cntl-C will cause the file window to hang.  Task Manager shows one item until the hang,  then displays two indentical lines saying "not responding".

 

  I changed the name of the AVG directory and ended that problem, I tried to follow instructions on the AVG site but was never able to make it work.  I did remove/reinstall AVG 2014 free.

  But the Thunderbird problem continues.  When the prefs.js is still in the default directory and looks okay but it is one of the files that can't be copied or opened.  I was able to get a copy into a higher directory, once.

 

  AVG and Malwarebytes don't find any viruses but I don't know.

Has anyone seen this behavior before?

 

First posted in the Xp forum then moved here.

Mod Edit:  Deleted dupe in XP, possible malware issues take precedence - Hamluis.

 

Thanks

Jim


Edited by hamluis, 26 October 2013 - 10:02 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:49 AM

Posted 01 November 2013 - 11:31 AM

Hello jamby. Can you run these, use Safe Mode with Networking if needed.
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
     
    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner
    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jamby

jamby
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 01 November 2013 - 06:15 PM

MiniToolBox by Farbar  Version: 13-07-2013
Ran by teddie (administrator) on 01-11-2013 at 12:47:24
Running from "C:\Documents and Settings\teddie\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
 Windows IP Configuration  Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




192.168.1.1    nub
192.168.1.2    mill
192.168.1.3    ted
192.168.1.4    mac
192.168.1.5     tra
192.168.1.7    nor.light    nor
192.168.1.8    tri    tri.light
192.168.1.10    dun
192.168.1.12    pri    pri.light

205.171.3.65    nam
205.171.2.65    nam2

192.168.1.8    colony
192.168.1.8    fire
192.168.1.8    centos
192.168.1.8    hcef
192.168.1.8    kiwanis
127.0.0.1       localhost

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection 2 (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=static addr=192.168.1.3 mask=255.255.255.0
set address name="Local Area Connection 2" gateway=192.168.1.1 gwmetric=0
set dns name="Local Area Connection 2" source=static addr=205.171.3.65 register=PRIMARY
add dns name="Local Area Connection 2" addr=205.171.2.65 index=2
set wins name="Local Area Connection 2" source=static addr=none


popd
# End of interface IP configuration


 Windows IP Configuration          Host Name . . . . . . . . . . . . : ted         Primary Dns Suffix  . . . . . . . :          Node Type . . . . . . . . . . . . : Unknown         IP Routing Enabled. . . . . . . . : No         WINS Proxy Enabled. . . . . . . . : No  Ethernet adapter Local Area Connection 2:          Connection-specific DNS Suffix  . :          Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller         Physical Address. . . . . . . . . : 00-1D-09-0F-C6-11         Dhcp Enabled. . . . . . . . . . . : No         IP Address. . . . . . . . . . . . : 192.168.1.3         Subnet Mask . . . . . . . . . . . : 255.255.255.0         Default Gateway . . . . . . . . . : 192.168.1.1         DNS Servers . . . . . . . . . . . : 205.171.3.65                                             205.171.2.65 Server:  resolver.qwest.net
Address:  205.171.3.65

Name:    google.com
Addresses:  173.194.33.164, 173.194.33.160, 173.194.33.168, 173.194.33.161
      173.194.33.165, 173.194.33.167, 173.194.33.169, 173.194.33.162, 173.194.33.166
      173.194.33.163, 173.194.33.174

 Pinging google.com [173.194.33.160] with 32 bytes of data:  Reply from 173.194.33.160: bytes=32 time=56ms TTL=56 Reply from 173.194.33.160: bytes=32 time=55ms TTL=56  Ping statistics for 173.194.33.160:     Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:     Minimum = 55ms, Maximum = 56ms, Average = 55ms Server:  resolver.qwest.net
Address:  205.171.3.65

Name:    yahoo.com
Addresses:  98.138.253.109, 98.139.183.24, 206.190.36.45

 Pinging yahoo.com [98.138.253.109] with 32 bytes of data:  Reply from 98.138.253.109: bytes=32 time=126ms TTL=51 Reply from 98.138.253.109: bytes=32 time=129ms TTL=51  Ping statistics for 98.138.253.109:     Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:     Minimum = 126ms, Maximum = 129ms, Average = 127ms  Pinging 127.0.0.1 with 32 bytes of data:  Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128  Ping statistics for 127.0.0.1:     Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:     Minimum = 0ms, Maximum = 0ms, Average = 0ms ===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 09 0f c6 11 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.3      30
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.1.0    255.255.255.0      192.168.1.3     192.168.1.3      30
      192.168.1.3  255.255.255.255        127.0.0.1       127.0.0.1      30
    192.168.1.255  255.255.255.255      192.168.1.3     192.168.1.3      30
        224.0.0.0        240.0.0.0      192.168.1.3     192.168.1.3      30
  255.255.255.255  255.255.255.255      192.168.1.3     192.168.1.3      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/01/2013 08:34:37 AM) (Source: Application Error) (User: )
Description: Fault bucket 282715825.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (11/01/2013 08:34:20 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x00680073.
Processing media-specific event for [explorer.exe!ws!]

Error: (10/27/2013 02:59:27 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x00680073.
Processing media-specific event for [explorer.exe!ws!]

Error: (10/19/2013 00:42:38 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

Error: (10/10/2013 03:38:58 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/09/2013 00:44:02 PM) (Source: Application Error) (User: )
Description: Fault bucket -1100172323.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (10/09/2013 00:43:59 PM) (Source: Application Error) (User: )
Description: Faulting application qbpatch2.exe, version 15.1.1.4, faulting module qbpatch2.exe, version 15.1.1.4, fault address 0x0001021f.
Processing media-specific event for [qbpatch2.exe!ws!]

Error: (10/09/2013 00:42:02 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (10/09/2013 00:42:02 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (10/09/2013 00:42:02 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle


System errors:
=============
Error: (11/01/2013 00:25:01 PM) (Source: Service Control Manager) (User: )
Description: The mrtRate service failed to start due to the following error:
%%2

Error: (11/01/2013 00:25:01 PM) (Source: Service Control Manager) (User: )
Description: The DeltaCopy Server service failed to start due to the following error:
%%1069

Error: (11/01/2013 00:25:01 PM) (Source: Service Control Manager) (User: )
Description: The DeltaCopyService service was unable to log on as .\teddie with the currently configured
password due to the following error:
%%1385

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (10/29/2013 11:23:10 AM) (Source: Service Control Manager) (User: )
Description: The mrtRate service failed to start due to the following error:
%%2

Error: (10/29/2013 11:23:10 AM) (Source: Service Control Manager) (User: )
Description: The DeltaCopy Server service failed to start due to the following error:
%%1069

Error: (10/29/2013 11:23:10 AM) (Source: Service Control Manager) (User: )
Description: The DeltaCopyService service was unable to log on as .\teddie with the currently configured
password due to the following error:
%%1385

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (10/28/2013 07:43:08 PM) (Source: Service Control Manager) (User: )
Description: The mrtRate service failed to start due to the following error:
%%2

Error: (10/28/2013 07:43:08 PM) (Source: Service Control Manager) (User: )
Description: The DeltaCopy Server service failed to start due to the following error:
%%1069

Error: (10/28/2013 07:43:08 PM) (Source: Service Control Manager) (User: )
Description: The DeltaCopyService service was unable to log on as .\teddie with the currently configured
password due to the following error:
%%1385

To ensure that the service is
configured properly, use the Services snap-in in Microsoft Management
Console (MMC).

Error: (10/28/2013 07:41:43 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (11/01/2013 08:34:37 AM) (Source: Application Error)(User: )
Description: 282715825

Error: (11/01/2013 08:34:20 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.000680073

Error: (10/27/2013 02:59:27 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.000680073

Error: (10/19/2013 00:42:38 PM) (Source: CltMngSvc)(User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

Error: (10/10/2013 03:38:58 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/09/2013 00:44:02 PM) (Source: Application Error)(User: )
Description: -1100172323

Error: (10/09/2013 00:43:59 PM) (Source: Application Error)(User: )
Description: qbpatch2.exe15.1.1.4qbpatch2.exe15.1.1.40001021f

Error: (10/09/2013 00:42:02 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (10/09/2013 00:42:02 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (10/09/2013 00:42:02 PM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle


=========================== Installed Programs ============================

7-Zip 9.20
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
AVG 2014 (Version: 14.0.3615)
AVG 2014 (Version: 14.0.4158)
AVG 2014 (Version: 2014.0.4158)
BufferChm (Version: 61.0.163.000)
Clipartorama Alone 1.5
Corel Paint Shop Pro Photo XI (Version: 11.00.0000)
CP_AtenaShokunin1Config (Version: 61.0.163.000)
CP_CalendarTemplates1 (Version: 61.0.163.000)
cp_OnlineProjectsConfig (Version: 61.0.163.000)
CP_Package_Basic1 (Version: 61.0.163.000)
CP_Package_Variety1 (Version: 61.0.163.000)
CP_Package_Variety2 (Version: 61.0.163.000)
CP_Package_Variety3 (Version: 61.0.163.000)
CP_Panorama1Config (Version: 61.0.163.000)
cp_PosterPrintConfig (Version: 61.0.163.000)
CueTour (Version: 61.0.163.000)
CustomerResearchQFolder (Version: 1.00.0000)
DesignPro 5.0 Standard Edition (Version: 5.2.1201)
Destinations (Version: 61.0.163.000)
DeviceFunctionQFolder (Version: 1.00.0000)
DeviceManagementQFolder (Version: 1.00.0000)
DnsBasic 1.0 build 111
DocProc (Version: 6.0.0.0)
DocumentViewer (Version: 61.0.163.000)
DocumentViewerQFolder (Version: 1.00.0000)
DomaIQ
Double Play Jewel Quest 2 and 3
EaseUS Partition Master 9.1.1 Home Edition
Embird 2013 (32-bit) (Version: Embird 2013 Build 10.3 (32-bit))
eSupportQFolder (Version: 1.00.0000)
Express Invoice (Version: 3.87)
Express Zip (Version: 2.17)
ExtractNow
Fdrawcmd.sys 1.0.1.11 (Version: 1.0.1.11)
FullDPAppQFolder (Version: 1.00.0000)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HP Document Viewer 6.1 (Version: 6.1)
HP Extended Capabilities 6.1 (Version: 6.1)
HP Imaging Device Functions 6.1 (Version: 6.1)
HP Officejet 4620 series Basic Device Software (Version: 28.0.1315.0)
HP Officejet 4620 series Help (Version: 6.0.0)
HP Officejet 4620 series Product Improvement Study (Version: 28.0.1315.0)
HP Photo Creations (Version: 1.0.0.9572)
HP Photosmart Premier Software 6.1 (Version: 6.1)
HP Product Assistant (Version: 100.000.001.000)
HP Product Detection (Version: 11.14.0001)
HP Product Detection (Version: 11.14.0003)
HP Solution Center and Imaging Support Tools 6.1 (Version: 6.1)
HP Update (Version: 5.005.000.002)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 61.0.163.000)
I.R.I.S. OCR (Version: 12.3.4.0)
ImageMagick 6.4.2-0 Q16 (07/01/08)
InstantShareAlert (Version: 1.00.0000)
InstantShareDevices (Version: 61.0.163.000)
Internet Explorer Toolbar 4.7 by SweetPacks (Version: 4.7.0008)
iSEEK AnswerWorks English Runtime (Version: 010.000.0101)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 61.0.163.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.1.0)
Mozilla Thunderbird 24.1.0 (x86 en-US) (Version: 24.1.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
NTI CD & DVD-Maker (Version: 6)
NTI CD & DVD-Maker Platinum  (Version: 6)
NVIDIA Drivers
OpenOffice 4.0.1 (Version: 4.01.9714)
PanoStandAlone (Version: 61.0.163.000)
PhotoGallery (Version: 61.0.163.000)
Pro Surveillance System(EN) (Version: 4.06.0)
QuickBooks (Version: 20.0.4001.807)
QuickBooks Simple Start 2010 Free Edition (Version: 20.0.4001.807)
Quicken 2014 (Version: 23.1.2.12)
Raffle Ticket by Harvest American (Version: 3.00.0000)
RandMap (Version: 61.0.163.000)
ScannerCopy (Version: 6.0.0.0)
SigmaTel Audio (Version: 5.10.4803.0)
SkinsHP1 (Version: 61.0.163.000)
smartmontools (Version: 5.43 2012-06-30 r3573 (sf-5.43-1))
SolutionCenter (Version: 61.0.163.000)
Sonic_PrimoSDK (Version: 61.0.163.000)
Status (Version: 61.0.163.000)
Toolbox (Version: 61.0.163.000)
TrayApp (Version: 61.0.163.000)
TurboTax 2012 (Version: 2012.0)
TurboTax 2012 WinPerFedFormset (Version: 012.000.1983)
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0442)
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0179)
TurboTax 2012 wrapper (Version: 012.000.0127)
Unload (Version: 6.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 61.0.163.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows PowerShell™ 1.0 (Version: 2)
WinZip 17.0 (Version: 17.0.10381)
XP Codec Pack (Version: 2.5.7)

========================= Memory info: ===================================

Percentage of memory in use: 14%
Total physical RAM: 3581.56 MB
Available physical RAM: 3072.36 MB
Total Pagefile: 5460.94 MB
Available Pagefile: 5001.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.97 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:326.02 GB) (Free:291.78 GB) NTFS
3 Drive d: (Designs) (Fixed) (Total:139.73 GB) (Free:82.05 GB) NTFS
6 Drive g: (FreeAgent Drive) (Fixed) (Total:1397.26 GB) (Free:827.17 GB) NTFS

========================= Users: ========================================

User accounts for \\TED

Administrator            ASPNET                   Guest                    
HelpAssistant            SUPPORT_388945a0         teddie                   


**** End of log ****
 

 

12:51:04.0218 0x09c0  TDSS rootkit removing tool 3.0.0.16 Nov  1 2013 15:53:38
12:51:25.0406 0x09c0  ============================================================
12:51:25.0406 0x09c0  Current date / time: 2013/11/01 12:51:25.0406
12:51:25.0406 0x09c0  SystemInfo:
12:51:25.0406 0x09c0  
12:51:25.0406 0x09c0  OS Version: 5.1.2600 ServicePack: 3.0
12:51:25.0406 0x09c0  Product type: Workstation
12:51:25.0406 0x09c0  ComputerName: TED
12:51:25.0406 0x09c0  UserName: teddie
12:51:25.0406 0x09c0  Windows directory: C:\WINDOWS
12:51:25.0406 0x09c0  System windows directory: C:\WINDOWS
12:51:25.0406 0x09c0  Processor architecture: Intel x86
12:51:25.0406 0x09c0  Number of processors: 2
12:51:25.0406 0x09c0  Page size: 0x1000
12:51:25.0406 0x09c0  Boot type: Normal boot
12:51:25.0406 0x09c0  ============================================================
12:51:25.0906 0x09c0  System UUID: {53B6BDA7-E459-02C9-273F-B8B5E1807596}
12:51:26.0453 0x09c0  Drive \Device\Harddisk0\DR0 - Size: 0x7470900000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:51:26.0453 0x09c0  Drive \Device\Harddisk1\DR3 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:51:37.0281 0x09c0  ============================================================
12:51:37.0281 0x09c0  \Device\Harddisk0\DR0:
12:51:37.0281 0x09c0  MBR partitions:
12:51:37.0281 0x09c0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x28C09740
12:51:37.0296 0x09c0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x28C097BE, BlocksNum 0x117775C2
12:51:37.0296 0x09c0  \Device\Harddisk1\DR3:
12:51:37.0296 0x09c0  MBR partitions:
12:51:37.0296 0x09c0  \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA86702
12:51:37.0296 0x09c0  ============================================================
12:51:40.0296 0x09c0  D: <-> \Device\Harddisk0\DR0\Partition2
12:51:40.0390 0x09c0  C: <-> \Device\Harddisk0\DR0\Partition1
12:51:45.0062 0x09c0  G: <-> \Device\Harddisk1\DR3\Partition1
12:51:45.0062 0x09c0  ============================================================
12:51:45.0062 0x09c0  Initialize success
12:51:45.0062 0x09c0  ============================================================
12:53:27.0406 0x0c8c  ============================================================
12:53:27.0406 0x0c8c  Scan started
12:53:27.0406 0x0c8c  Mode: Manual;
12:53:27.0406 0x0c8c  ============================================================
12:53:27.0406 0x0c8c  KSN ping started
12:53:29.0984 0x0c8c  KSN ping finished: true
12:53:38.0328 0x0c8c  ================ Scan system memory ========================
12:53:38.0328 0x0c8c  System memory - ok
12:53:38.0328 0x0c8c  ================ Scan services =============================
12:53:38.0437 0x0c8c  Abiosdsk - ok
12:53:38.0437 0x0c8c  abp480n5 - ok
12:53:38.0546 0x0c8c  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:53:38.0593 0x0c8c  ACPI - ok
12:53:38.0875 0x0c8c  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
12:53:38.0921 0x0c8c  ACPIEC - ok
12:53:39.0031 0x0c8c  [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:53:39.0031 0x0c8c  AdobeFlashPlayerUpdateSvc - ok
12:53:39.0031 0x0c8c  adpu160m - ok
12:53:39.0140 0x0c8c  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
12:53:39.0171 0x0c8c  aec - ok
12:53:39.0281 0x0c8c  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
12:53:39.0296 0x0c8c  AFD - ok
12:53:39.0296 0x0c8c  Aha154x - ok
12:53:39.0296 0x0c8c  aic78u2 - ok
12:53:39.0296 0x0c8c  aic78xx - ok
12:53:39.0343 0x0c8c  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
12:53:39.0359 0x0c8c  Alerter - ok
12:53:39.0421 0x0c8c  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
12:53:39.0437 0x0c8c  ALG - ok
12:53:39.0437 0x0c8c  AliIde - ok
12:53:39.0437 0x0c8c  amsint - ok
12:53:39.0468 0x0c8c  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
12:53:39.0484 0x0c8c  AppMgmt - ok
12:53:39.0484 0x0c8c  asc - ok
12:53:39.0484 0x0c8c  asc3350p - ok
12:53:39.0484 0x0c8c  asc3550 - ok
12:53:39.0578 0x0c8c  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:53:39.0593 0x0c8c  aspnet_state - ok
12:53:39.0593 0x0c8c  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:53:39.0609 0x0c8c  AsyncMac - ok
12:53:39.0625 0x0c8c  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
12:53:39.0625 0x0c8c  atapi - ok
12:53:39.0625 0x0c8c  Atdisk - ok
12:53:39.0625 0x0c8c  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:53:39.0640 0x0c8c  Atmarpc - ok
12:53:39.0703 0x0c8c  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
12:53:39.0750 0x0c8c  AudioSrv - ok
12:53:39.0781 0x0c8c  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
12:53:39.0828 0x0c8c  audstub - ok
12:53:39.0875 0x0c8c  [ 8A7DC10E81E73994AF8D8FB4E921BA20, C9905638CC3CACAE77E907DAE061EC3D2A8AACC412004E905D0CD2BEA418EC91 ] Avgdiskx        C:\WINDOWS\system32\DRIVERS\avgdiskx.sys
12:53:39.0875 0x0c8c  Avgdiskx - ok
12:53:40.0375 0x0c8c  [ 332AEB8F6F9595C8886A7AA7A62322DC, CC2F2856257D10B72558660161732EB5FB5D8CCD8AC78EFED8263895A2529CC9 ] AVGIDSAgent     C:\Program Files\AVG\AVG2014\avgidsagent.exe
12:53:40.0468 0x0c8c  AVGIDSAgent - ok
12:53:40.0515 0x0c8c  [ E2D441E3F58C04DD91286F38916CE102, C03F50CE5BDFCBC2B0DB062D6517ADE99DFF8EB65859CF6122DC95D3167E7C7E ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
12:53:40.0515 0x0c8c  AVGIDSDriver - ok
12:53:40.0531 0x0c8c  [ 7E7E946C5620BD398BFCFA41E435545B, 0B2F496367F36BE20AD075DF0054E8DE083E690179F9C5C9ECF9B3677069D6CF ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
12:53:40.0531 0x0c8c  AVGIDSHX - ok
12:53:40.0531 0x0c8c  [ C3828E5C49924969799ED8B1E123A267, 26713E308FC9BBDF28BD4E47234002D6928AAA234F73B2248BB2466EBA41747E ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
12:53:40.0531 0x0c8c  AVGIDSShim - ok
12:53:40.0531 0x0c8c  [ A997D4A7361F4870A4F13BA5BF36F388, 1DF529F4207081E154BC377154A02FD641C20EF8BDB913C232465519AAC48827 ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
12:53:40.0546 0x0c8c  Avgldx86 - ok
12:53:40.0562 0x0c8c  [ 62C926243D7875BDE097904E4DE4FFAD, 32730FEB5133F51A62DEDB9528EDE5A8F9A3C8121753D09699C5EEB930E4E217 ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
12:53:40.0578 0x0c8c  Avglogx - ok
12:53:40.0625 0x0c8c  [ 02C25C2974F728391E33A2E45A23FFA4, B36A9601BF855ABAC4855023913A8D977567AD15EDCC3FFAB3028A9B6FE5D2CA ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
12:53:40.0625 0x0c8c  Avgmfx86 - ok
12:53:40.0625 0x0c8c  [ 9745AD34365318593909EDDEDAE66B9A, 16374BF9789053AA0124CB8437E1192442F44E46D14435BF80A049CD0D47F16A ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
12:53:40.0625 0x0c8c  Avgrkx86 - ok
12:53:40.0718 0x0c8c  [ E98603F9D1F412F38ADF2F76053F9E5A, 1CE4668E0202ADD8C4C3D7D883DC837F7888F5D6E3B6FEE8338E15A86FE6AC22 ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
12:53:40.0718 0x0c8c  Avgtdix - ok
12:53:40.0812 0x0c8c  [ 07646F5F37F18F1F978CE3B0378EF1C9, 0BC440C3E8E617FA5D70D28413F091678E9FD4CF9F87CB8ED686609A0291D95B ] avgwd           C:\Program Files\AVG\AVG2014\avgwdsvc.exe
12:53:40.0875 0x0c8c  avgwd - ok
12:53:40.0953 0x0c8c  [ D0692F7B8217E3B82D2BFAC535816117, D44E8889E8C1F463479937F130BDCF0321F65BA43442FE66BF6E3654177E3E8E ] b57w2k          C:\WINDOWS\system32\DRIVERS\b57xp32.sys
12:53:41.0000 0x0c8c  b57w2k - ok
12:53:41.0046 0x0c8c  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:53:41.0093 0x0c8c  Beep - ok
12:53:41.0187 0x0c8c  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
12:53:41.0250 0x0c8c  BITS - ok
12:53:41.0312 0x0c8c  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
12:53:41.0359 0x0c8c  Browser - ok
12:53:41.0375 0x0c8c  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
12:53:41.0406 0x0c8c  cbidf2k - ok
12:53:41.0406 0x0c8c  cd20xrnt - ok
12:53:41.0468 0x0c8c  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
12:53:41.0484 0x0c8c  Cdaudio - ok
12:53:41.0500 0x0c8c  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
12:53:41.0500 0x0c8c  Cdfs - ok
12:53:41.0515 0x0c8c  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:53:41.0515 0x0c8c  Cdrom - ok
12:53:41.0531 0x0c8c  Changer - ok
12:53:41.0546 0x0c8c  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
12:53:41.0578 0x0c8c  CiSvc - ok
12:53:41.0593 0x0c8c  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
12:53:41.0625 0x0c8c  ClipSrv - ok
12:53:41.0640 0x0c8c  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:53:41.0640 0x0c8c  clr_optimization_v2.0.50727_32 - ok
12:53:41.0656 0x0c8c  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:53:41.0656 0x0c8c  clr_optimization_v4.0.30319_32 - ok
12:53:41.0656 0x0c8c  CmdIde - ok
12:53:41.0671 0x0c8c  COMSysApp - ok
12:53:41.0671 0x0c8c  Cpqarray - ok
12:53:41.0687 0x0c8c  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
12:53:41.0703 0x0c8c  CryptSvc - ok
12:53:41.0703 0x0c8c  dac2w2k - ok
12:53:41.0703 0x0c8c  dac960nt - ok
12:53:41.0765 0x0c8c  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:53:41.0781 0x0c8c  DcomLaunch - ok
12:53:41.0796 0x0c8c  DeltaCopyService - ok
12:53:41.0843 0x0c8c  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
12:53:41.0859 0x0c8c  Dhcp - ok
12:53:41.0875 0x0c8c  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
12:53:41.0890 0x0c8c  Disk - ok
12:53:41.0890 0x0c8c  dmadmin - ok
12:53:41.0921 0x0c8c  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
12:53:41.0984 0x0c8c  dmboot - ok
12:53:41.0984 0x0c8c  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
12:53:42.0000 0x0c8c  dmio - ok
12:53:42.0000 0x0c8c  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
12:53:42.0000 0x0c8c  dmload - ok
12:53:42.0015 0x0c8c  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
12:53:42.0015 0x0c8c  dmserver - ok
12:53:42.0062 0x0c8c  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
12:53:42.0062 0x0c8c  DMusic - ok
12:53:42.0078 0x0c8c  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:53:42.0078 0x0c8c  Dnscache - ok
12:53:42.0109 0x0c8c  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
12:53:42.0125 0x0c8c  Dot3svc - ok
12:53:42.0125 0x0c8c  dpti2o - ok
12:53:42.0140 0x0c8c  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
12:53:42.0140 0x0c8c  drmkaud - ok
12:53:42.0140 0x0c8c  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
12:53:42.0156 0x0c8c  EapHost - ok
12:53:42.0171 0x0c8c  [ F07BA56B0235F15EFF8F10DC6389C42E, A7202CCB418D03606A97679BCF166ACA12F8341E8AB97DF044AE00401B8496B4 ] epmntdrv        C:\WINDOWS\system32\epmntdrv.sys
12:53:42.0171 0x0c8c  epmntdrv - ok
12:53:42.0187 0x0c8c  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
12:53:42.0187 0x0c8c  ERSvc - ok
12:53:42.0187 0x0c8c  [ 1F2F4AB15CE03ECC257FEB2F6DC5A013, FB06406AD9CCD946155C4E8CA769E0430589A4E4BBBDA2C90A67C84E0D2F8EE0 ] EuGdiDrv        C:\WINDOWS\system32\EuGdiDrv.sys
12:53:42.0187 0x0c8c  EuGdiDrv - ok
12:53:42.0218 0x0c8c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
12:53:42.0234 0x0c8c  Eventlog - ok
12:53:42.0265 0x0c8c  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
12:53:42.0281 0x0c8c  EventSystem - ok
12:53:42.0562 0x0c8c  [ 3773762DB2DF05F721EE01F53ACE38DF, 56D636D1E98B8FED8FA9B832F5A635F6B2C297A806C1C9B8DDD51FF5BA6B39BD ] ExpressInvoiceService C:\Program Files\NCH Software\ExpressInvoice\expressinvoice.exe
12:53:42.0671 0x0c8c  ExpressInvoiceService - ok
12:53:42.0687 0x0c8c  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
12:53:42.0687 0x0c8c  Fastfat - ok
12:53:42.0765 0x0c8c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:53:42.0796 0x0c8c  FastUserSwitchingCompatibility - ok
12:53:42.0796 0x0c8c  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
12:53:42.0843 0x0c8c  Fdc - ok
12:53:42.0890 0x0c8c  [ 273BA621890388A4CCA9E624C435636D, 6AAD8209F6A428ACAA56340EA648473D0C6750CC158A218A5C8838EBE4C591F5 ] fdrawcmd        C:\WINDOWS\system32\drivers\fdrawcmd.sys
12:53:42.0906 0x0c8c  fdrawcmd - ok
12:53:42.0953 0x0c8c  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
12:53:43.0000 0x0c8c  Fips - ok
12:53:43.0031 0x0c8c  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:53:43.0046 0x0c8c  Flpydisk - ok
12:53:43.0093 0x0c8c  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:53:43.0109 0x0c8c  FltMgr - ok
12:53:43.0187 0x0c8c  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:53:43.0218 0x0c8c  FontCache3.0.0.0 - ok
12:53:43.0218 0x0c8c  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:53:43.0234 0x0c8c  Fs_Rec - ok
12:53:43.0234 0x0c8c  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:53:43.0250 0x0c8c  Ftdisk - ok
12:53:43.0250 0x0c8c  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:53:43.0296 0x0c8c  Gpc - ok
12:53:43.0359 0x0c8c  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:53:43.0359 0x0c8c  HDAudBus - ok
12:53:43.0390 0x0c8c  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:53:43.0390 0x0c8c  helpsvc - ok
12:53:43.0406 0x0c8c  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
12:53:43.0406 0x0c8c  HidServ - ok
12:53:43.0437 0x0c8c  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:53:43.0453 0x0c8c  hidusb - ok
12:53:43.0468 0x0c8c  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
12:53:43.0500 0x0c8c  hkmsvc - ok
12:53:43.0500 0x0c8c  hpn - ok
12:53:43.0531 0x0c8c  [ 30CA91E657CEDE2F95359D6EF186F650, 6BBAFBE50E7819695A79586A086A9952B737E174BA2C63C1F180D97EC4AABA4B ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:53:43.0546 0x0c8c  HPZid412 - ok
12:53:43.0562 0x0c8c  [ EFD31AFA752AA7C7BBB57BCBE2B01C78, AC671CEE9F8DD9FE6C51069212AEB1736BB914361D4185D1E87068D244BF2B7A ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:53:43.0562 0x0c8c  HPZipr12 - ok
12:53:43.0578 0x0c8c  [ 7AC43C38CA8FD7ED0B0A4466F753E06E, B4D44B366170D247E0145B9435CC678BEE2A2A42CFF7B485E077B3B582557B5A ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:53:43.0578 0x0c8c  HPZius12 - ok
12:53:43.0640 0x0c8c  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
12:53:43.0671 0x0c8c  HTTP - ok
12:53:43.0703 0x0c8c  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
12:53:43.0718 0x0c8c  HTTPFilter - ok
12:53:43.0734 0x0c8c  i2omgmt - ok
12:53:43.0734 0x0c8c  i2omp - ok
12:53:43.0750 0x0c8c  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:53:43.0750 0x0c8c  i8042prt - ok
12:53:43.0765 0x0c8c  [ CDF6179EC9129E9ABC5B0F0525B159EB, CEC7B10AEDED895FC2F7DC284325EC1112BE7F3DBBC63C8B492F7B6973C4BF32 ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
12:53:43.0781 0x0c8c  iaStor - ok
12:53:43.0828 0x0c8c  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:53:43.0859 0x0c8c  idsvc - ok
12:53:43.0859 0x0c8c  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
12:53:43.0875 0x0c8c  Imapi - ok
12:53:43.0921 0x0c8c  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
12:53:43.0937 0x0c8c  ImapiService - ok
12:53:43.0937 0x0c8c  ini910u - ok
12:53:43.0937 0x0c8c  IntelIde - ok
12:53:43.0984 0x0c8c  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:53:44.0000 0x0c8c  intelppm - ok
12:53:44.0046 0x0c8c  [ D9DA7B3117BF5EFF921C0CDED4D58050, D51A2AFC0E310C5A0EE1540A9E6353F5F7C9E76711187FAD91EEB0B3254EE935 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
12:53:44.0046 0x0c8c  IntuitUpdateServiceV4 - ok
12:53:44.0062 0x0c8c  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:53:44.0093 0x0c8c  Ip6Fw - ok
12:53:44.0125 0x0c8c  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:53:44.0125 0x0c8c  IpFilterDriver - ok
12:53:44.0125 0x0c8c  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:53:44.0140 0x0c8c  IpInIp - ok
12:53:44.0140 0x0c8c  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:53:44.0156 0x0c8c  IpNat - ok
12:53:44.0156 0x0c8c  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:53:44.0171 0x0c8c  IPSec - ok
12:53:44.0171 0x0c8c  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
12:53:44.0171 0x0c8c  IRENUM - ok
12:53:44.0187 0x0c8c  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:53:44.0203 0x0c8c  isapnp - ok
12:53:44.0312 0x0c8c  [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
12:53:44.0312 0x0c8c  JavaQuickStarterService - ok
12:53:44.0328 0x0c8c  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:53:44.0328 0x0c8c  Kbdclass - ok
12:53:44.0328 0x0c8c  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:53:44.0343 0x0c8c  kbdhid - ok
12:53:44.0406 0x0c8c  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
12:53:44.0406 0x0c8c  kmixer - ok
12:53:44.0421 0x0c8c  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
12:53:44.0421 0x0c8c  KSecDD - ok
12:53:44.0468 0x0c8c  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
12:53:44.0484 0x0c8c  LanmanServer - ok
12:53:44.0546 0x0c8c  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:53:44.0546 0x0c8c  lanmanworkstation - ok
12:53:44.0546 0x0c8c  lbrtfdc - ok
12:53:44.0562 0x0c8c  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
12:53:44.0562 0x0c8c  LmHosts - ok
12:53:44.0593 0x0c8c  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
12:53:44.0625 0x0c8c  Messenger - ok
12:53:44.0625 0x0c8c  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
12:53:44.0640 0x0c8c  mnmdd - ok
12:53:44.0640 0x0c8c  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
12:53:44.0671 0x0c8c  mnmsrvc - ok
12:53:44.0687 0x0c8c  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
12:53:44.0703 0x0c8c  Modem - ok
12:53:44.0703 0x0c8c  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:53:44.0718 0x0c8c  Mouclass - ok
12:53:44.0718 0x0c8c  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:53:44.0718 0x0c8c  mouhid - ok
12:53:44.0734 0x0c8c  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
12:53:44.0734 0x0c8c  MountMgr - ok
12:53:44.0781 0x0c8c  [ 034AE0801A40A1A8049B32A235F0116F, 1C6431943FBEDC5A33808FE66A6516DB1F260DA13AFACD3C30E0B6C0EFB129C8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:53:44.0796 0x0c8c  MozillaMaintenance - ok
12:53:44.0796 0x0c8c  mraid35x - ok
12:53:44.0796 0x0c8c  mrtRate - ok
12:53:44.0843 0x0c8c  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:53:44.0859 0x0c8c  MRxDAV - ok
12:53:44.0890 0x0c8c  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:53:44.0906 0x0c8c  MRxSmb - ok
12:53:44.0921 0x0c8c  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
12:53:44.0921 0x0c8c  MSDTC - ok
12:53:44.0953 0x0c8c  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:53:44.0968 0x0c8c  Msfs - ok
12:53:44.0968 0x0c8c  MSIServer - ok
12:53:44.0968 0x0c8c  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:53:44.0984 0x0c8c  MSKSSRV - ok
12:53:44.0984 0x0c8c  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:53:44.0984 0x0c8c  MSPCLOCK - ok
12:53:45.0000 0x0c8c  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
12:53:45.0000 0x0c8c  MSPQM - ok
12:53:45.0031 0x0c8c  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:53:45.0031 0x0c8c  mssmbios - ok
12:53:45.0078 0x0c8c  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
12:53:45.0078 0x0c8c  Mup - ok
12:53:45.0125 0x0c8c  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
12:53:45.0140 0x0c8c  napagent - ok
12:53:45.0140 0x0c8c  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
12:53:45.0156 0x0c8c  NDIS - ok
12:53:45.0171 0x0c8c  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:53:45.0171 0x0c8c  NdisTapi - ok
12:53:45.0203 0x0c8c  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:53:45.0218 0x0c8c  Ndisuio - ok
12:53:45.0234 0x0c8c  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:53:45.0234 0x0c8c  NdisWan - ok
12:53:45.0265 0x0c8c  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
12:53:45.0265 0x0c8c  NDProxy - ok
12:53:45.0265 0x0c8c  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
12:53:45.0265 0x0c8c  NetBIOS - ok
12:53:45.0265 0x0c8c  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
12:53:45.0281 0x0c8c  NetBT - ok
12:53:45.0296 0x0c8c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
12:53:45.0328 0x0c8c  NetDDE - ok
12:53:45.0328 0x0c8c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
12:53:45.0328 0x0c8c  NetDDEdsdm - ok
12:53:45.0359 0x0c8c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:53:45.0359 0x0c8c  Netlogon - ok
12:53:45.0437 0x0c8c  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
12:53:45.0437 0x0c8c  Netman - ok
12:53:45.0468 0x0c8c  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:53:45.0500 0x0c8c  NetTcpPortSharing - ok
12:53:45.0546 0x0c8c  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
12:53:45.0562 0x0c8c  Nla - ok
12:53:45.0562 0x0c8c  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:53:45.0562 0x0c8c  Npfs - ok
12:53:45.0578 0x0c8c  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:53:45.0578 0x0c8c  Ntfs - ok
12:53:45.0640 0x0c8c  [ 15A72D5B8F0B6A718207F14BD5EBB8FF, 61671BB3C2AED3EB28C88551AFEAA56251DA89E4938994B086069CC845FF6436 ] NTIDrvr         C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
12:53:45.0656 0x0c8c  NTIDrvr - ok
12:53:45.0656 0x0c8c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
12:53:45.0656 0x0c8c  NtLmSsp - ok
12:53:45.0687 0x0c8c  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
12:53:45.0703 0x0c8c  NtmsSvc - ok
12:53:45.0718 0x0c8c  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:53:45.0718 0x0c8c  Null - ok
12:53:45.0937 0x0c8c  [ F9D9B55928E811EF9D30830A5211DB53, 1CCC8D915E1495F6CAE6A17A63E26E4106C205301115108B1D068970E0D22A2C ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:53:46.0062 0x0c8c  nv - ok
12:53:46.0125 0x0c8c  [ 595FE1F6D3F00DCBE2000B41CBCF87FB, CCF2E8C8E690FE95B09509B2CBF401CB68A16BEC3067485B168BDD6AC3741F3D ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
12:53:46.0125 0x0c8c  NVSvc - ok
12:53:46.0140 0x0c8c  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:53:46.0171 0x0c8c  NwlnkFlt - ok
12:53:46.0171 0x0c8c  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:53:46.0171 0x0c8c  NwlnkFwd - ok
12:53:46.0187 0x0c8c  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
12:53:46.0187 0x0c8c  Parport - ok
12:53:46.0187 0x0c8c  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
12:53:46.0203 0x0c8c  PartMgr - ok
12:53:46.0234 0x0c8c  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
12:53:46.0234 0x0c8c  ParVdm - ok
12:53:46.0234 0x0c8c  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
12:53:46.0234 0x0c8c  PCI - ok
12:53:46.0234 0x0c8c  PCIDump - ok
12:53:46.0250 0x0c8c  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
12:53:46.0250 0x0c8c  PCIIde - ok
12:53:46.0281 0x0c8c  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
12:53:46.0312 0x0c8c  Pcmcia - ok
12:53:46.0312 0x0c8c  PDCOMP - ok
12:53:46.0312 0x0c8c  PDFRAME - ok
12:53:46.0312 0x0c8c  PDRELI - ok
12:53:46.0312 0x0c8c  PDRFRAME - ok
12:53:46.0328 0x0c8c  perc2 - ok
12:53:46.0328 0x0c8c  perc2hib - ok
12:53:46.0359 0x0c8c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
12:53:46.0375 0x0c8c  PlugPlay - ok
12:53:46.0406 0x0c8c  [ D31F88C5F19EEFA366A415D6BC5F2ABC, ED998680048286454B92AF0E5917B2BC79A3ADA2632A1DB21D478B0597167F5C ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
12:53:46.0406 0x0c8c  Pml Driver HPZ12 - ok
12:53:46.0406 0x0c8c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
12:53:46.0406 0x0c8c  PolicyAgent - ok
12:53:46.0421 0x0c8c  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:53:46.0421 0x0c8c  PptpMiniport - ok
12:53:46.0421 0x0c8c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:53:46.0421 0x0c8c  ProtectedStorage - ok
12:53:46.0437 0x0c8c  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
12:53:46.0437 0x0c8c  PSched - ok
12:53:46.0437 0x0c8c  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:53:46.0453 0x0c8c  Ptilink - ok
12:53:46.0453 0x0c8c  [ 7C81AE3C9B82BA2DA437ED4D31BC56CF, 42407981358C3D27851442441C9A9692A747390469F03C3E89483F85BFCB797B ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:53:46.0468 0x0c8c  PxHelp20 - ok
12:53:46.0500 0x0c8c  [ 35DD92AF8B4EC79162A6A013884797AF, 5BB447C279E1306010A5DB4EE181D729BC081DC0C44AA38BF4F80D99E624F497 ] QBCFMonitorService c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
12:53:46.0500 0x0c8c  QBCFMonitorService - ok
12:53:46.0546 0x0c8c  [ 6BEE1814470DC12FA20C53DFC3C97EBB, 91E8C22E54A090966E9B96395392B2C03A32DB1AF8DB2289E2EA9460F0A76C0F ] QBFCService     c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
12:53:46.0687 0x0c8c  QBFCService - ok
12:53:46.0703 0x0c8c  ql1080 - ok
12:53:46.0703 0x0c8c  Ql10wnt - ok
12:53:46.0703 0x0c8c  ql12160 - ok
12:53:46.0703 0x0c8c  ql1240 - ok
12:53:46.0703 0x0c8c  ql1280 - ok
12:53:46.0703 0x0c8c  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:53:46.0718 0x0c8c  RasAcd - ok
12:53:46.0734 0x0c8c  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
12:53:46.0765 0x0c8c  RasAuto - ok
12:53:46.0765 0x0c8c  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:53:46.0781 0x0c8c  Rasl2tp - ok
12:53:46.0828 0x0c8c  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:53:46.0828 0x0c8c  RasMan - ok
12:53:46.0843 0x0c8c  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:53:46.0843 0x0c8c  RasPppoe - ok
12:53:46.0843 0x0c8c  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
12:53:46.0859 0x0c8c  Raspti - ok
12:53:46.0859 0x0c8c  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:53:46.0859 0x0c8c  Rdbss - ok
12:53:46.0875 0x0c8c  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:53:46.0875 0x0c8c  RDPCDD - ok
12:53:46.0906 0x0c8c  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:53:46.0937 0x0c8c  rdpdr - ok
12:53:46.0968 0x0c8c  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
12:53:46.0984 0x0c8c  RDPWD - ok
12:53:47.0015 0x0c8c  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
12:53:47.0031 0x0c8c  RDSessMgr - ok
12:53:47.0046 0x0c8c  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
12:53:47.0062 0x0c8c  redbook - ok
12:53:47.0078 0x0c8c  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:53:47.0109 0x0c8c  RemoteAccess - ok
12:53:47.0125 0x0c8c  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
12:53:47.0140 0x0c8c  RemoteRegistry - ok
12:53:47.0140 0x0c8c  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
12:53:47.0156 0x0c8c  RpcLocator - ok
12:53:47.0171 0x0c8c  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
12:53:47.0187 0x0c8c  RpcSs - ok
12:53:47.0218 0x0c8c  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
12:53:47.0218 0x0c8c  RSVP - ok
12:53:47.0234 0x0c8c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
12:53:47.0234 0x0c8c  SamSs - ok
12:53:47.0250 0x0c8c  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
12:53:47.0265 0x0c8c  SCardSvr - ok
12:53:47.0312 0x0c8c  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:53:47.0312 0x0c8c  Schedule - ok
12:53:47.0375 0x0c8c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:53:47.0375 0x0c8c  Secdrv - ok
12:53:47.0390 0x0c8c  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
12:53:47.0390 0x0c8c  seclogon - ok
12:53:47.0421 0x0c8c  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
12:53:47.0437 0x0c8c  SENS - ok
12:53:47.0453 0x0c8c  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
12:53:47.0453 0x0c8c  serenum - ok
12:53:47.0468 0x0c8c  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
12:53:47.0484 0x0c8c  Serial - ok
12:53:47.0484 0x0c8c  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
12:53:47.0500 0x0c8c  Sfloppy - ok
12:53:47.0531 0x0c8c  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:53:47.0546 0x0c8c  SharedAccess - ok
12:53:47.0562 0x0c8c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:53:47.0562 0x0c8c  ShellHWDetection - ok
12:53:47.0562 0x0c8c  Simbad - ok
12:53:47.0593 0x0c8c  [ F31472A9C63EF000D3B230825FFF2E3E, 7F3B2275C1664923EA0490939996EF5F44BF62E752E1A0507F794D72986CED69 ] smartd          C:\Program Files\smartmontools\bin\smartd.exe
12:53:47.0609 0x0c8c  smartd - ok
12:53:47.0609 0x0c8c  Sparrow - ok
12:53:47.0656 0x0c8c  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
12:53:47.0656 0x0c8c  splitter - ok
12:53:47.0671 0x0c8c  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
12:53:47.0671 0x0c8c  Spooler - ok
12:53:47.0671 0x0c8c  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
12:53:47.0671 0x0c8c  sr - ok
12:53:47.0687 0x0c8c  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
12:53:47.0687 0x0c8c  srservice - ok
12:53:47.0718 0x0c8c  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
12:53:47.0718 0x0c8c  Srv - ok
12:53:47.0734 0x0c8c  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:53:47.0765 0x0c8c  SSDPSRV - ok
12:53:47.0859 0x0c8c  [ 9DB5DBED65F2D74ACD1D20A53898AF79, 81E7FF8B8C008A554025CD1ADF8D6D1AA23D685E70F2033E8F789B395E32C438 ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
12:53:47.0875 0x0c8c  STHDA - ok
12:53:47.0968 0x0c8c  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:53:48.0015 0x0c8c  stisvc - ok
12:53:48.0062 0x0c8c  [ 965F4DD2870F83642BC9CC7B4F1A1C7B, 8E5B3C4AFB116EE40D9841C38E9D9A6E2094C67900A2063D7D774512EEDD2224 ] SWDUMon         C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
12:53:48.0078 0x0c8c  SWDUMon - ok
12:53:48.0078 0x0c8c  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:53:48.0093 0x0c8c  swenum - ok
12:53:48.0109 0x0c8c  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:53:48.0125 0x0c8c  swmidi - ok
12:53:48.0125 0x0c8c  SwPrv - ok
12:53:48.0125 0x0c8c  symc810 - ok
12:53:48.0125 0x0c8c  symc8xx - ok
12:53:48.0125 0x0c8c  sym_hi - ok
12:53:48.0125 0x0c8c  sym_u3 - ok
12:53:48.0140 0x0c8c  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:53:48.0156 0x0c8c  sysaudio - ok
12:53:48.0156 0x0c8c  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
12:53:48.0171 0x0c8c  SysmonLog - ok
12:53:48.0187 0x0c8c  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:53:48.0203 0x0c8c  TapiSrv - ok
12:53:48.0203 0x0c8c  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:53:48.0218 0x0c8c  Tcpip - ok
12:53:48.0250 0x0c8c  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:53:48.0250 0x0c8c  TDPIPE - ok
12:53:48.0265 0x0c8c  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
12:53:48.0265 0x0c8c  TDTCP - ok
12:53:48.0265 0x0c8c  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
12:53:48.0281 0x0c8c  TermDD - ok
12:53:48.0343 0x0c8c  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
12:53:48.0359 0x0c8c  TermService - ok
12:53:48.0359 0x0c8c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
12:53:48.0375 0x0c8c  Themes - ok
12:53:48.0390 0x0c8c  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
12:53:48.0421 0x0c8c  TlntSvr - ok
12:53:48.0421 0x0c8c  TosIde - ok
12:53:48.0453 0x0c8c  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
12:53:48.0468 0x0c8c  TrkWks - ok
12:53:48.0500 0x0c8c  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
12:53:48.0562 0x0c8c  Udfs - ok
12:53:48.0562 0x0c8c  ultra - ok
12:53:48.0593 0x0c8c  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
12:53:48.0593 0x0c8c  Update - ok
12:53:48.0625 0x0c8c  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:53:48.0640 0x0c8c  upnphost - ok
12:53:48.0640 0x0c8c  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
12:53:48.0656 0x0c8c  UPS - ok
12:53:48.0671 0x0c8c  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:53:48.0671 0x0c8c  usbccgp - ok
12:53:48.0687 0x0c8c  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:53:48.0687 0x0c8c  usbehci - ok
12:53:48.0718 0x0c8c  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:53:48.0734 0x0c8c  usbhub - ok
12:53:48.0734 0x0c8c  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:53:48.0734 0x0c8c  usbprint - ok
12:53:48.0750 0x0c8c  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:53:48.0750 0x0c8c  usbscan - ok
12:53:48.0781 0x0c8c  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:53:48.0796 0x0c8c  USBSTOR - ok
12:53:48.0812 0x0c8c  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:53:48.0828 0x0c8c  usbuhci - ok
12:53:48.0843 0x0c8c  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
12:53:48.0859 0x0c8c  VgaSave - ok
12:53:48.0859 0x0c8c  ViaIde - ok
12:53:48.0859 0x0c8c  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
12:53:48.0859 0x0c8c  VolSnap - ok
12:53:48.0875 0x0c8c  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
12:53:48.0890 0x0c8c  VSS - ok
12:53:48.0906 0x0c8c  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
12:53:48.0921 0x0c8c  W32Time - ok
12:53:48.0921 0x0c8c  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:53:48.0937 0x0c8c  Wanarp - ok
12:53:48.0937 0x0c8c  WDICA - ok
12:53:48.0953 0x0c8c  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
12:53:48.0953 0x0c8c  wdmaud - ok
12:53:48.0968 0x0c8c  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:53:48.0984 0x0c8c  WebClient - ok
12:53:49.0046 0x0c8c  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
12:53:49.0046 0x0c8c  winmgmt - ok
12:53:49.0078 0x0c8c  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
12:53:49.0093 0x0c8c  WmdmPmSN - ok
12:53:49.0156 0x0c8c  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
12:53:49.0171 0x0c8c  Wmi - ok
12:53:49.0203 0x0c8c  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:53:49.0218 0x0c8c  WmiApSrv - ok
12:53:49.0296 0x0c8c  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:53:49.0312 0x0c8c  WPFFontCache_v0400 - ok
12:53:49.0375 0x0c8c  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
12:53:49.0375 0x0c8c  wscsvc - ok
12:53:49.0375 0x0c8c  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
12:53:49.0390 0x0c8c  wuauserv - ok
12:53:49.0421 0x0c8c  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
12:53:49.0421 0x0c8c  WZCSVC - ok
12:53:49.0453 0x0c8c  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
12:53:49.0484 0x0c8c  xmlprov - ok
12:53:49.0484 0x0c8c  ================ Scan global ===============================
12:53:49.0531 0x0c8c  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
12:53:49.0562 0x0c8c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
12:53:49.0578 0x0c8c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
12:53:49.0593 0x0c8c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
12:53:49.0593 0x0c8c  [ Global ] - ok
12:53:49.0593 0x0c8c  ================ Scan MBR ==================================
12:53:49.0593 0x0c8c  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:53:49.0750 0x0c8c  \Device\Harddisk0\DR0 - ok
12:53:49.0765 0x0c8c  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR3
12:53:49.0765 0x0c8c  \Device\Harddisk1\DR3 - ok
12:53:49.0765 0x0c8c  ================ Scan VBR ==================================
12:53:49.0781 0x0c8c  [ BA4AFE2B94C73D7D8EE24ADAD84BC457 ] \Device\Harddisk0\DR0\Partition1
12:53:49.0781 0x0c8c  \Device\Harddisk0\DR0\Partition1 - ok
12:53:49.0796 0x0c8c  [ 95C319FCF92E63B4AA32315D049CD609 ] \Device\Harddisk0\DR0\Partition2
12:53:49.0843 0x0c8c  \Device\Harddisk0\DR0\Partition2 - ok
12:53:49.0843 0x0c8c  [ 328982B431B3126950610C6922169A78 ] \Device\Harddisk1\DR3\Partition1
12:53:49.0859 0x0c8c  \Device\Harddisk1\DR3\Partition1 - ok
12:53:49.0859 0x0c8c  Waiting for KSN requests completion. In queue: 178
12:53:50.0859 0x0c8c  Waiting for KSN requests completion. In queue: 178
12:53:51.0859 0x0c8c  Waiting for KSN requests completion. In queue: 178
12:53:52.0875 0x0c8c  AV detected via SS1: AVG AntiVirus Free Edition 2014, 2014.0, enabled, updated
12:53:52.0875 0x0c8c  Win FW state via NFM: enabled
12:53:55.0531 0x0c8c  ============================================================
12:53:55.0531 0x0c8c  Scan finished
12:53:55.0531 0x0c8c  ============================================================
12:53:55.0531 0x0864  Detected object count: 0
12:53:55.0531 0x0864  Actual detected object count: 0
 

 

 

# AdwCleaner v3.010 - Report created 01/11/2013 at 13:02:43
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : teddie - TED
# Running from : C:\Documents and Settings\teddie\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\All Users\Application Data\DnsBasic
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SweetIM
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Discount Buddy
Folder Deleted : C:\Program Files\DnsBasic
Folder Deleted : C:\Program Files\Dogpile Bundle Toolbar
Folder Deleted : C:\Program Files\DomaIQ Uninstaller
Folder Deleted : C:\Program Files\FindLyrics
Folder Deleted : C:\Program Files\Searchprotect
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\tuguu sl
Folder Deleted : C:\Program Files\SweetPacks_A4
Folder Deleted : C:\Documents and Settings\teddie\Local Settings\Application Data\Bundled software uninstaller
Folder Deleted : C:\Documents and Settings\teddie\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\teddie\Local Settings\Application Data\DownloadTerms
Folder Deleted : C:\Documents and Settings\teddie\Local Settings\Application Data\iac
Folder Deleted : C:\Documents and Settings\teddie\Local Settings\Application Data\Wajam
Folder Deleted : C:\Documents and Settings\teddie\Local Settings\Application Data\SweetPacks_A4
Folder Deleted : C:\Documents and Settings\teddie\Application Data\Ask.com
Folder Deleted : C:\Documents and Settings\teddie\Application Data\Searchprotect
Folder Deleted : C:\Documents and Settings\teddie\Application Data\searchresultstb
Folder Deleted : C:\Documents and Settings\teddie\Application Data\strongvault
Folder Deleted : C:\Documents and Settings\teddie\Application Data\Mozilla\Firefox\Profiles\w5knx1r1.default-1377664653267\CT3314311
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}
Folder Deleted : C:\Documents and Settings\teddie\Application Data\Mozilla\Firefox\Profiles\w5knx1r1.default-1377664653267\Extensions\{4e988b08-8c51-45c1-8d74-73e0c8724579}
File Deleted : C:\DOCUME~1\teddie\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Ask.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Documents and Settings\teddie\Application Data\Mozilla\Firefox\Profiles\w5knx1r1.default-1377664653267\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\teddie\Application Data\Mozilla\Firefox\Profiles\w5knx1r1.default-1377664653267\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287822
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3314311
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E988B08-8C51-45C1-8D74-73E0C8724579}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{944DF747-E5A3-43D6-B83F-F6253603CE4B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E988B08-8C51-45C1-8D74-73E0C8724579}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{944DF747-E5A3-43D6-B83F-F6253603CE4B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{470CD7C8-F641-4034-91F2-EB53BF0B7CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{14E2DCE9-5085-4039-AFA7-FE10867413D4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{09971CEE-01B8-42BC-9D91-456B1FAAD6BE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971CEE-01B8-42BC-9D91-456B1FAAD6BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{4E988B08-8C51-45C1-8D74-73E0C8724579}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{4E988B08-8C51-45C1-8D74-73E0C8724579}]
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\SweetPacks_A4
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DnsBasic
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Supreme Savings
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\SweetPacks_A4
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DnsBasic
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DnsBasic
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\teddie\Application Data\Mozilla\Firefox\Profiles\w5knx1r1.default-1377664653267\prefs.js ]

Line Deleted : user_pref("CT3314311.FF19Solved", "true");
Line Deleted : user_pref("CT3314311.UserID", "UN24351297121027329");
Line Deleted : user_pref("CT3314311.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3314311.fullUserID", "UN24351297121027329.IN.20131019124121");
Line Deleted : user_pref("CT3314311.installDate", "19/10/2013 12:41:22");
Line Deleted : user_pref("CT3314311.installSessionId", "{8D001B18-A08A-4BEE-88EC-5B20A1ACC34B}");
Line Deleted : user_pref("CT3314311.installSp", "TRUE");
Line Deleted : user_pref("CT3314311.installerVersion", "1.7.1.7");
Line Deleted : user_pref("CT3314311.keyword", "true");
Line Deleted : user_pref("CT3314311.originalHomepage", "hxxps://www.google.com/");
Line Deleted : user_pref("CT3314311.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3314311.originalSearchEngine", "");
Line Deleted : user_pref("CT3314311.originalSearchEngineName", "");
Line Deleted : user_pref("CT3314311.searchRevert", "true");
Line Deleted : user_pref("CT3314311.searchUserMode", "2");
Line Deleted : user_pref("CT3314311.smartbar.homepage", "true");
Line Deleted : user_pref("CT3314311.versionFromInstaller", "10.20.3.20");
Line Deleted : user_pref("CT3314311.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3314311&octid=CT3314311&SearchSource=61&CUI=UN24351297121027329&UM=2&UP=SP02D851C8-21F1-4E7E-B317-E7F0123A9247");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultenginename", "SweetPacks A4 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "SweetPacks A4 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3314311&CUI=UN24351297121027329&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "SweetPacks A4 Customized Web Search");
Line Deleted : user_pref("extensions.wajam.affiliate_id", "8752");
Line Deleted : user_pref("extensions.wajam.firstrun", "false");
Line Deleted : user_pref("extensions.wajam.log_send_info", "false");
Line Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21087\",\"update_interval\":1439,\"base_url\":\"hxxp:\\/\\/www.wajam.com\\/\",\"update_url\":\"hxxp:\\/\\/www.wajam.com\\/addon\\/[...]
Line Deleted : user_pref("extensions.wajam.no_trace", "false");
Line Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21087");
Line Deleted : user_pref("extensions.wajam.supported_sites.amazon_product.priam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam'[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.amazon_v2.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';wind[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.bing.wajam_yahoo_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';win[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'W[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.myshopping.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';win[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.wikipedia.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';wind[...]
Line Deleted : user_pref("extensions.wajam.supported_sites.yelp.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wajam';window['APP_LABEL_NAME_FULL_UC'] = 'WAJAM';window['WAJAM_APP_LABEL_NAME_UC'] = 'Wajam';window['W[...]
Line Deleted : user_pref("extensions.wajam.trace_log", "1382211914402 - onFlagInfoReceived - Server mapping version: 0.21087\n1382211914403 - onFlagInfoReceived - No client-side server mapping version, don't update\[...]
Line Deleted : user_pref("extensions.wajam.unique_id", "4193FDF0FB326797E6E60D531D2DF0B2");
Line Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
Line Deleted : user_pref("extensions.wajam.version", "1.26");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3314311&SearchSource=2&CUI=UN24351297121027329&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3314311");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3314311&CUI=UN24351297121027329&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3314311&octid=CT3314311&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3314311&SearchSource=2&CUI=UN24351297121027329&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3314311");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3314311");
Line Deleted : user_pref("smartbar.machineId", "O1NAQHW4AUYN+OMRFCJH30QUSYNZ8LGFEPFCLBKHRV31RZZEKJRUAJBGTH9TNONP49DEJBIJA+0PJYRUXXGPCQ");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3314311&CUI=UN24351297121027329&UM=2&SearchSource=13");

*************************

AdwCleaner[R0].txt - [19198 octets] - [01/11/2013 12:57:44]
AdwCleaner[S0].txt - [19068 octets] - [01/11/2013 13:02:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19129 octets] ##########
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by teddie on Fri 11/01/2013 at 13:08:14.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4623A8C4-150D-4983-8982-68C01E7D6541}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\domaiq uninstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211671166}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CB8B09BB-8E18-4DE8-9CEE-EF3032D1F7FD}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Documents and Settings\teddie\Application Data\FCTB000060231
Successfully deleted: [Folder] "C:\Program Files\couponalert_2pei"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\ai_recyclebin"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/01/2013 at 13:11:31.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

C:\AdwCleaner\Quarantine\C\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe.vir    probably a variant of MSIL/DomaIQ.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Mozilla Firefox\Extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}\chrome\dnsbasic.jar.vir    Win32/Adware.OneStep application    deleted - quarantined
C:\Documents and Settings\teddie\Local Settings\Temporary Internet Files\Content.IE5\0PER89Y7\att[1].exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Documents and Settings\teddie\My Documents\Avery Wizard 4.01 - US 20111209(1).exe    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
C:\Documents and Settings\teddie\My Documents\Avery Wizard 4.01 - US 20111209.exe    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
C:\Documents and Settings\teddie\My Documents\cbsidlm-tr1_6-QuickBooks_Simple_Start_Free_Edition-10608523.exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
C:\Documents and Settings\teddie\My Documents\For.Dummies.Microsoft.Office.Publisher.2007.For.Dummies.Dec.2007_secure.exe    Win32/TopMedia.B application    cleaned by deleting - quarantined
C:\Documents and Settings\teddie\My Documents\Office_Publisher_2003_Pro_Portable_SP2_-_The11thMtnDiv_secure(1).exe    Win32/TopMedia.B application    cleaned by deleting - quarantined
C:\Documents and Settings\teddie\My Documents\Office_Publisher_2003_Pro_Portable_SP2_-_The11thMtnDiv_secure.exe    Win32/TopMedia.B application    cleaned by deleting - quarantined
C:\Documents and Settings\teddie\My Documents\SetupFreeWorkz(1).exe    a variant of Win32/Adware.Gamevance.CP application    cleaned by deleting - quarantined
C:\Documents and Settings\teddie\My Documents\SetupFreeWorkz(2).exe    a variant of Win32/Adware.Gamevance.CP application    cleaned by deleting - quarantined
C:\Documents and Settings\teddie\My Documents\!!!!!!!!!!!!!!!!!!!!!!!!!emails\winzip setup.exe    a variant of Win32/Soft32Downloader.D application    cleaned by deleting - quarantined
C:\Documents and Settings\teddie\My Documents\!!!!!!!!!!!!!!!!!!!!!!!!!emails\WinZip170.exe    a variant of Win32/OpenInstall application    cleaned by deleting - quarantined
C:\Documents and Settings\teddie\My Documents\Downloads\daily_com_oregonpatchworks.zip    a variant of Win32/Kryptik.BBVU trojan    deleted - quarantined
C:\Documents and Settings\teddie\My Documents\Downloads\FlashPlayer_V.U0cbbFFJb.exe.part    Win32/DomaIQ.L application    cleaned by deleting - quarantined
C:\Documents and Settings\teddie\My Documents\Downloads\windows_oregonpatchworks_com.zip    a variant of Win32/Kryptik.BDUM trojan    deleted - quarantined
C:\Documents and Settings\teddie\My Documents\Downloads\winzip setup.exe    a variant of Win32/InstallCore.AZ application    cleaned by deleting - quarantined
C:\Documents and Settings\teddie\My Documents\Downloads\WinZip175.exe    a variant of Win32/OpenInstall application    cleaned by deleting - quarantined
C:\Program Files\Mozilla Firefox\browser\nsprotector.js    Win32/Conduit.SearchProtect.A application    cleaned by deleting - quarantined
C:\Program Files\Mozilla Firefox\components\sprotector.js    Win32/Conduit.SearchProtect.A application    cleaned by deleting - quarantined
D:\cnet_mt41_download_com_exe.exe    a variant of Win32/InstallCore.D application    cleaned by deleting - quarantined
D:\extractnow.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
D:\IWON.exe    a variant of Win32/AdInstaller application    cleaned by deleting - quarantined
D:\mplayer_1193.exe    a variant of Win32/InstallIQ.A application    cleaned by deleting - quarantined
D:\oi_SimpleStartFSEDirect.exe    a variant of Win32/OpenInstall application    cleaned by deleting - quarantined
D:\SetupPlaySushi(5).exe.part    a variant of Win32/Adware.Gamevance.AS application    cleaned by deleting - quarantined
D:\Unlocker1.9.1.exe    multiple threats    cleaned by deleting - quarantined
D:\ZwinkySetup2.3.67.1.ZJfox000.exe    Win32/Toolbar.MyWebSearch application    cleaned by deleting - quarantined
D:\Downloads\Jewel.Match.2.v1.09\Jewel.Match.2.Setup.exe    a variant of Win32/TrojanDownloader.Autoit.NKB trojan    cleaned by deleting - quarantined
 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:49 AM

Posted 03 November 2013 - 03:09 PM

Ok this was a pretty dirty machine.

 

 Empty your temp folders using TFC (Temporary File Cleaner)
 

  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.

 

How is it now?


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 jamby

jamby
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 04 November 2013 - 08:34 AM

Better 'but'.  After the reboot (several),   right click works on, start button, icon on desktop,  and on files in an explorer window.  But on the next reboot it may not work or only work on one type of item. 

Sometimes the hourglass will disapear after a few seconds other times it will only go away if you open another window.  In some cases I have to open task manager and end explorer.exe and then restart explorer.exe

 

Also at shutdown nearly always explorer.exe has to be ended to complete the shutdown.

 

 

Thanks

jamby



#6 jamby

jamby
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 05 November 2013 - 08:34 PM

While working with the right click feature after rerunning TFC,  during the time the hourglass was hung it recovered and kicked out a windows message.

 

"to protect your computer a program was closed"

Name:  explorer.exe



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:49 AM

Posted 05 November 2013 - 09:06 PM

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22002979.gif



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22002980.gif


Go to Step 4 and under "System Restore" click on Create button:

p22002982.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22003030.gif

Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 jamby

jamby
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 05 November 2013 - 10:40 PM

During SFC (option3) I had to press the retry button several times to keep the check going.

 

 

Starting Repairs...
   Start (11/5/2013 7:01:37 PM)

01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (11/5/2013 7:01:37 PM)
   Running Repair Under Current User Account
   Done (11/5/2013 7:01:40 PM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (11/5/2013 7:01:40 PM)
   Running Repair Under System Account
   Done (11/5/2013 7:02:10 PM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (11/5/2013 7:02:10 PM)
   Running Repair Under System Account
   Done (11/5/2013 7:02:29 PM)

03 - Register System Files
   Start (11/5/2013 7:02:29 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:04:25 PM)

04 - Repair WMI
   Start (11/5/2013 7:04:25 PM)
   Running Repair Under Current User Account
   Done (11/5/2013 7:06:25 PM)

05 - Repair Windows Firewall
   Start (11/5/2013 7:06:25 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:06:36 PM)

06 - Repair Internet Explorer
   Start (11/5/2013 7:06:36 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:08:05 PM)

07 - Repair MDAC/MS Jet
   Start (11/5/2013 7:08:05 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:08:13 PM)

08 - Repair Hosts File
   Start (11/5/2013 7:08:13 PM)
   Running Repair Under System Account
   Done (11/5/2013 7:08:15 PM)

09 - Remove Policies Set By Infections
   Start (11/5/2013 7:08:15 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:08:20 PM)

11 - Repair Icons
   Start (11/5/2013 7:08:20 PM)
   Running Repair Under System Account
   Done (11/5/2013 7:08:22 PM)

12 - Repair Winsock & DNS Cache
   Start (11/5/2013 7:08:22 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:08:31 PM)

14 - Repair Proxy Settings
   Start (11/5/2013 7:08:31 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:08:35 PM)

16 - Repair Windows Updates
   Start (11/5/2013 7:08:35 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:09:04 PM)

17 - Repair CD/DVD Missing/Not Working
   Start (11/5/2013 7:09:04 PM)
   Done (11/5/2013 7:09:04 PM)

18 - Repair Volume Shadow Copy Service
   Start (11/5/2013 7:09:04 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:09:18 PM)

20 - Repair MSI (Windows Installer)
   Start (11/5/2013 7:09:18 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:09:27 PM)

22.01 - Repair bat Association
   Start (11/5/2013 7:09:27 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:09:31 PM)

22.02 - Repair cmd Association
   Start (11/5/2013 7:09:31 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:09:36 PM)

22.03 - Repair com Association
   Start (11/5/2013 7:09:36 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:09:40 PM)

22.04 - Repair Directory Association
   Start (11/5/2013 7:09:40 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:09:45 PM)

22.05 - Repair Drive Association
   Start (11/5/2013 7:09:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:09:49 PM)

22.06 - Repair exe Association
   Start (11/5/2013 7:09:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:09:54 PM)

22.07 - Repair Folder Association
   Start (11/5/2013 7:09:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:09:59 PM)

22.08 - Repair inf Association
   Start (11/5/2013 7:09:59 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:10:03 PM)

22.09 - Repair lnk (Shortcuts) Association
   Start (11/5/2013 7:10:03 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:10:08 PM)

22.10 - Repair msc Association
   Start (11/5/2013 7:10:08 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:10:12 PM)

22.11 - Repair reg Association
   Start (11/5/2013 7:10:12 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:10:17 PM)

22.12 - Repair scr Association
   Start (11/5/2013 7:10:17 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:10:21 PM)

23 - Repair Windows Safe Mode
   Start (11/5/2013 7:10:21 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:10:26 PM)

24 - Repair Print Spooler
   Start (11/5/2013 7:10:26 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:10:38 PM)

25 - Restore Important Windows Services
   Start (11/5/2013 7:10:38 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:10:43 PM)

26 - Set Windows Services To Default Startup
   Start (11/5/2013 7:10:43 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (11/5/2013 7:10:55 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done (11/5/2013 7:10:55 PM)
   Total Repair Time: 00:09:18


...YOU MUST RESTART YOUR SYSTEM...
   Running Repair Under Current User Account
 



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:49 AM

Posted 06 November 2013 - 10:52 AM

Did that fix it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 jamby

jamby
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 06 November 2013 - 11:46 AM

Sorry,  No its still locking up.

 

Jamby



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:49 AM

Posted 06 November 2013 - 12:14 PM

OK Jim, now post in XO again so they can look at other items now that malware is out.
Mention this topic so they don't send you back, suspecting malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 jamby

jamby
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 06 November 2013 - 04:45 PM

Thanks for your help.  not sure about OX .  but I posted in Operating Systems XP home and pro.

 

Jim






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users