Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nice to meet you :) Kryptik.t Infected- Please help


  • Please log in to reply
7 replies to this topic

#1 mashmash

mashmash

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 07 January 2014 - 11:59 AM

 
 
Hi,
 
I'm new to the forum - thank you for your willingness to help!
 
It appears that my laptop is infected with Kryptik.t, through a file named jave.vbs.
 
I would very much like your assistance in removing this piece of nastiness and cleaning my computer.
 
Thanks,
 
mashmash


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:15 AM

Posted 07 January 2014 - 01:55 PM

Hello, mash mash, let's see how it is after these scans.


Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
.
.
.
ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    .
    .
    .
    .
    • Last run ESET.
      • Hold down Control and click on this link to open ESET OnlineScan in a new window.
      • Click the esetonlinebtn.png button.
      • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetsmartinstaller_enu.png icon on your desktop.
      • Check "YES, I accept the Terms of Use."
      • Click the Start button.
      • Accept any security warnings from your browser.
      • Under scan settings, check "Scan Archives" and "Remove found threats"
      • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
      • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      • When the scan completes, click List Threats
      • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      • Click the Back button.
      • Click the Finish button.
      • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 mashmash

mashmash
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 09 January 2014 - 04:21 PM

Hi boopme

 

I have attached the logs.

 

I also have 2 entries in the registry at: HKCU\Software\Microsoft\CurrentVersion\Run.

 

The first entry is jave, data: wscript.exe //B "C:\Documents and Settings\xp\jave.vbs"

The second entry is supportt, data: wscript.exe //B "C:\Documents and Settings\xp\support.vbs"

 

Thanks!

 

MiniToolBox by Farbar  Version: 18-12-2013
Ran by xp (administrator) on 09-01-2014 at 20:55:30
Running from "C:\Documents and Settings\xp\שולחן העבודה"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.type", 0
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
TAP-Win32 Adapter V9 = Local Area Connection 13 (Media disconnected)
JMicron PCI Express Gigabit Ethernet Adapter = Local Area Connection 8 (Media disconnected)
TAP-Win32 Adapter V9 = Local Area Connection 11 (Media disconnected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection 8"
 
set address name="Local Area Connection 8" source=dhcp 
set dns name="Local Area Connection 8" source=dhcp register=PRIMARY
set wins name="Local Area Connection 8" source=dhcp
 
# Interface IP Configuration for "Wireless Network Connection"
 
set address name="Wireless Network Connection" source=dhcp 
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp
 
# Interface IP Configuration for "Local Area Connection 11"
 
set address name="Local Area Connection 11" source=dhcp 
set dns name="Local Area Connection 11" source=static addr=192.168.10.200 register=PRIMARY
set wins name="Local Area Connection 11" source=dhcp
 
# Interface IP Configuration for "Local Area Connection 13"
 
set address name="Local Area Connection 13" source=dhcp 
set dns name="Local Area Connection 13" source=static addr=192.168.10.200 register=PRIMARY
set wins name="Local Area Connection 13" source=static addr=192.168.10.200
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : home-pc
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Hybrid
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
 
 
Ethernet adapter Local Area Connection 8:
 
 
 
        Media State . . . . . . . . . . . : Media disconnected
 
        Description . . . . . . . . . . . : JMicron PCI Express Gigabit Ethernet Adapter
 
        Physical Address. . . . . . . . . : 20-CF-30-6A-B3-46
 
 
 
Ethernet adapter Wireless Network Connection:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
 
        Physical Address. . . . . . . . . : 48-5D-60-37-CA-18
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 10.0.0.9
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 10.0.0.138
 
        DHCP Server . . . . . . . . . . . : 10.0.0.138
 
        DNS Servers . . . . . . . . . . . : 10.0.0.138
 
        Lease Obtained. . . . . . . . . . : Thursday, January 09, 2014 8:47:32 PM
 
        Lease Expires . . . . . . . . . . : Thursday, January 09, 2014 9:47:32 PM
 
 
 
Ethernet adapter Local Area Connection 11:
 
 
 
        Media State . . . . . . . . . . . : Media disconnected
 
        Description . . . . . . . . . . . : TAP-Win32 Adapter V9 #2
 
        Physical Address. . . . . . . . . : 00-FF-5C-6B-26-80
 
 
 
Ethernet adapter Local Area Connection 13:
 
 
 
        Media State . . . . . . . . . . . : Media disconnected
 
        Description . . . . . . . . . . . : TAP-Win32 Adapter V9
 
        Physical Address. . . . . . . . . : 00-FF-7B-42-65-0B
 
Server:  UnKnown
Address:  10.0.0.138
 
Name:    google.com
Addresses:  212.179.180.91, 212.179.180.90, 212.179.180.123, 212.179.180.121
 212.179.180.95, 212.179.180.117, 212.179.180.101, 212.179.180.106, 212.179.180.80
 212.179.180.112, 212.179.180.102, 212.179.180.88, 212.179.180.84, 212.179.180.110
 212.179.180.113, 212.179.180.99
 
 
 
Pinging google.com [212.179.180.99] with 32 bytes of data:
 
 
 
Reply from 212.179.180.99: bytes=32 time=17ms TTL=59
 
Reply from 212.179.180.99: bytes=32 time=24ms TTL=59
 
 
 
Ping statistics for 212.179.180.99:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 17ms, Maximum = 24ms, Average = 20ms
 
Server:  UnKnown
Address:  10.0.0.138
 
Name:    yahoo.com
Addresses:  206.190.36.45, 98.138.253.109, 98.139.183.24
 
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
 
 
 
Reply from 98.139.183.24: bytes=32 time=226ms TTL=48
 
Reply from 98.139.183.24: bytes=32 time=193ms TTL=48
 
 
 
Ping statistics for 98.139.183.24:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 193ms, Maximum = 226ms, Average = 209ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...20 cf 30 6a b3 46 ...... JMicron PCI Express Gigabit Ethernet Adapter - מיני-יציאה של מתזמן מנות
0x3 ...48 5d 60 37 ca 18 ...... Atheros AR9285 Wireless Network Adapter - מיני-יציאה של מתזמן מנות
0x4 ...00 ff 5c 6b 26 80 ...... TAP-Win32 Adapter V9 #2 - מיני-יציאה של מתזמן מנות
0x5 ...00 ff 7b 42 65 0b ...... TAP-Win32 Adapter V9 - מיני-יציאה של מתזמן מנות
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.0.0.138        10.0.0.9  25
         10.0.0.0    255.255.255.0         10.0.0.9        10.0.0.9  25
         10.0.0.9  255.255.255.255        127.0.0.1       127.0.0.1  25
   10.255.255.255  255.255.255.255         10.0.0.9        10.0.0.9  25
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      169.254.0.0      255.255.0.0         10.0.0.9        10.0.0.9  20
        224.0.0.0        240.0.0.0         10.0.0.9        10.0.0.9  25
  255.255.255.255  255.255.255.255         10.0.0.9               5  1
  255.255.255.255  255.255.255.255         10.0.0.9               2  1
  255.255.255.255  255.255.255.255         10.0.0.9        10.0.0.9  1
  255.255.255.255  255.255.255.255         10.0.0.9               4  1
Default Gateway:        10.0.0.138
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/08/2014 11:25:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2894125
 
Error: (01/08/2014 11:25:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2894125
 
Error: (01/08/2014 11:25:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/08/2014 10:37:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1953
 
Error: (01/08/2014 10:37:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1953
 
Error: (01/08/2014 10:37:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/07/2014 02:40:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8157
 
Error: (01/07/2014 02:40:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8157
 
Error: (01/07/2014 02:40:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/07/2014 02:40:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6204
 
 
System errors:
=============
Error: (01/09/2014 08:47:45 PM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
%%1058
 
Error: (01/09/2014 08:47:36 PM) (Source: 0) (User: )
Description: \Device\ACPIEC
 
Error: (01/09/2014 10:32:18 AM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
%%1058
 
Error: (01/09/2014 10:29:44 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 10.0.0.9 on the
Network Card with network address 485D6037CA18.
 
Error: (01/08/2014 10:39:46 AM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 485D6037CA18.  The following error
occurred: 
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
 
Error: (01/08/2014 10:39:43 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 10.0.0.7 on the
Network Card with network address 485D6037CA18.
 
Error: (01/07/2014 04:12:15 PM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
%%1058
 
Error: (01/07/2014 04:12:09 PM) (Source: 0) (User: )
Description: \Device\ACPIEC
 
Error: (01/07/2014 03:35:38 PM) (Source: Service Control Manager) (User: )
Description: The Parallel port driver service failed to start due to the following error: 
%%1058
 
Error: (01/07/2014 03:35:30 PM) (Source: 0) (User: )
Description: \Device\ACPIEC
 
 
Microsoft Office Sessions:
=========================
Error: (10/31/2012 11:48:30 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 188 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (07/23/2012 05:38:43 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3542 seconds with 420 seconds of active time.  This session ended with a crash.
 
 
=========================== Installed Programs ============================
 
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
AteraVPN
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (Version: 1.0.0.37)
ATK Package (Version: 1.0.0001)
avast! Premier (Version: 9.0.2011)
Avira Free Antivirus (Version: 12.1.9.2500)
Bezeq-ADSL
Bonjour (Version: 2.0.2.0)
Choice Guard (Version: 1.2.87.0)
Citrix Online Launcher (Version: 1.0.141)
Conexant HD Audio (Version: 3.73.0.0)
Google Chrome (Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.22.3)
GoToMeeting 5.8.0.1189 (Version: 5.8.0.1189)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Intel® Graphics Media Accelerator Driver
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.5189)
Intel® PROSet/Wireless WiMAX Software (Version: 2.00.0011)
JMicron Ethernet Adapter NDIS Driver (Version: 5.0.11.10)
JMicron Flash Media Controller Driver (Version: 1.0.33.2)
Juniper Networks Host Checker (Version: 7.1.0.20169)
Juniper Networks Secure Application Manager (Version: 7.1.0.20169)
Juniper Networks, Inc. Setup Client (Version: 7.4.1.32327)
Juniper Networks, Inc. Setup Client Activex Control (Version: 2.1.1.1)
Juniper Terminal Services Client (Version: 7.2.0.22807)
K-Lite Codec Pack 5.4.4 (Full) (Version: 5.4.4)
McAfee Security Scan Plus (Version: 3.8.130.10)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (Hebrew) 2007 (Version: 12.0.4518.1016)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (Hebrew) 2007 (Version: 12.0.4518.1016)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (Hebrew) 2007 (Version: 12.0.4518.1016)
Microsoft Office InfoPath MUI (Hebrew) 2007 (Version: 12.0.4518.1016)
Microsoft Office OneNote MUI (Hebrew) 2007 (Version: 12.0.4518.1016)
Microsoft Office Outlook MUI (Hebrew) 2007 (Version: 12.0.4518.1016)
Microsoft Office PowerPoint MUI (Hebrew) 2007 (Version: 12.0.4518.1016)
Microsoft Office Proof (Arabic) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Hebrew) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Russian) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (Hebrew) 2007 (Version: 12.0.4518.1016)
Microsoft Office Publisher MUI (Hebrew) 2007 (Version: 12.0.4518.1016)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (Hebrew) 2007 (Version: 12.0.4518.1016)
Microsoft Office Word MUI (Hebrew) 2007 (Version: 12.0.4518.1016)
Microsoft Software Update for Web Folders  (Hebrew) 12 (Version: 12.0.4518.1016)
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WinUsb 1.0
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Mozilla Firefox 26.0 (x86 he) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 14.0.1468.721)
MyFreeCodec
Nero 8 Micro 8.1.1.3 (Version: 8.1.1.3)
Nokia Connectivity Cable Driver (Version: 7.1.78.0)
Nokia Suite (Version: 3.5.34.0)
PC Connectivity Solution (Version: 12.0.32.0)
Platform (Version: 1.34)
Prism Video File Converter
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.16.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5859)
Samsung Kies (Version: 2.5.1.12123_2)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.18.0)
Segoe UI (Version: 14.0.4327.805)
Skype Click to Call (Version: 5.11.9874)
Skype™ 6.11 (Version: 6.11.102)
SWF Opener (Version: 1.3)
Switch Sound File Converter
Total Commander (Remove or Repair)
USB2.0 UVC VGA WebCam (Version: 1.00.0000)
VIA Platform Device Manager (Version: 1.34)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8064.0206)
Windows Live Essentials (Version: 14.0.8064.206)
Windows Live Messenger (Version: 14.0.8064.0206)
Windows XP Service Pack 3 (Version: 20080413.144513)
WinRAR archiver
חבילת התקני Windows. - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
כלי ההעלאה של Windows Live (Version: 14.0.8014.1029)
מסייע הכניסה של Windows Live (Version: 5.000.818.5)
עדכון אבטחה עבור Windows Internet Explorer 7 (KB956390)‎ (Version: 1)
עדכון אבטחה עבור Windows Internet Explorer 7 (KB961260)‎ (Version: 1)
עדכון אבטחה עבור Windows Media Player‏ (KB952069)
עדכון אבטחה עבור Windows Media Player 11‏ (KB936782)
עדכון אבטחה עבור Windows Media Player 11‏ (KB954154)
עדכון אבטחה עבור Windows XP (KB923789)‎
עדכון אבטחה עבור Windows XP (KB938464-v2)‎ (Version: 2)
עדכון אבטחה עבור Windows XP‏ (KB941569)
עדכון אבטחה עבור Windows XP (KB946648)‎ (Version: 1)
עדכון אבטחה עבור Windows XP (KB950760)‎ (Version: 1)
עדכון אבטחה עבור Windows XP (KB950762)‎ (Version: 1)
עדכון אבטחה עבור Windows XP (KB950974)‎ (Version: 1)
עדכון אבטחה עבור Windows XP (KB951066)‎ (Version: 1)
עדכון אבטחה עבור Windows XP (KB951376-v2)‎ (Version: 2)
עדכון אבטחה עבור Windows XP (KB951698)‎ (Version: 1)
עדכון אבטחה עבור Windows XP (KB951748)‎ (Version: 1)
עדכון אבטחה עבור Windows XP (KB952954)‎ (Version: 1)
עדכון אבטחה עבור Windows XP (KB954459)‎ (Version: 1)
עדכון אבטחה עבור Windows XP (KB954600)‎ (Version: 1)
עדכון אבטחה עבור Windows XP (KB955069)‎ (Version: 1)
עדכון אבטחה עבור Windows XP (KB956802)‎ (Version: 1)
עדכון אבטחה עבור Windows XP (KB956803)‎ (Version: 1)
עדכון אבטחה עבור Windows XP (KB956841)‎ (Version: 1)
עדכון אבטחה עבור Windows XP (KB957097)‎ (Version: 1)
עדכון אבטחה עבור Windows XP (KB958644)‎ (Version: 1)
עדכון אבטחה עבור Windows XP (KB958687)‎ (Version: 1)
עדכון אבטחה עבור Windows XP (KB958690)‎ (Version: 1)
עדכון אבטחה עבור Windows XP (KB960225)‎ (Version: 1)
עדכון אבטחה עבור Windows XP (KB960715)‎ (Version: 1)
עדכון עבור Windows XP (KB951978)‎ (Version: 1)
עדכון עבור Windows XP (KB955839)‎ (Version: 1)
עדכון עבור Windows XP (KB967715)‎ (Version: 1)
עדכון קריטי עבור Windows Media Player 11‏ (KB959772)
תיקון חם עבור Windows Media Player 11‏ (KB939683)
תיקון חם עבור Windows XP (KB952287)‎ (Version: 1)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 47%
Total physical RAM: 1900.49 MB
Available physical RAM: 996.96 MB
Total Pagefile: 3794.04 MB
Available Pagefile: 2840.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.35 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:154.32 GB) (Free:123.86 GB) NTFS
2 Drive d: () (Fixed) (Total:143.77 GB) (Free:143.69 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\HOME-PC
 
Administrator            ASPNET                   Guest                    
HelpAssistant            MASHA                    SUPPORT_388945a0         
xp                       
 
 
**** End of log ****
 
21:01:05.0781 0x0d4c  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
21:01:11.0578 0x0d4c  ============================================================
21:01:11.0578 0x0d4c  Current date / time: 2014/01/09 21:01:11.0578
21:01:11.0578 0x0d4c  SystemInfo:
21:01:11.0578 0x0d4c  
21:01:11.0578 0x0d4c  OS Version: 5.1.2600 ServicePack: 3.0
21:01:11.0578 0x0d4c  Product type: Workstation
21:01:11.0578 0x0d4c  ComputerName: HOME-PC
21:01:11.0578 0x0d4c  UserName: xp
21:01:11.0578 0x0d4c  Windows directory: C:\WINDOWS
21:01:11.0578 0x0d4c  System windows directory: C:\WINDOWS
21:01:11.0578 0x0d4c  Processor architecture: Intel x86
21:01:11.0578 0x0d4c  Number of processors: 4
21:01:11.0578 0x0d4c  Page size: 0x1000
21:01:11.0578 0x0d4c  Boot type: Normal boot
21:01:11.0578 0x0d4c  ============================================================
21:01:14.0406 0x0d4c  KLMD registered as C:\WINDOWS\system32\drivers\76972398.sys
21:01:14.0609 0x0d4c  System UUID: {7BC47DE1-55F2-6B7A-25C6-70832F44693C}
21:01:15.0250 0x0d4c  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:01:15.0250 0x0d4c  ============================================================
21:01:15.0250 0x0d4c  \Device\Harddisk0\DR0:
21:01:15.0250 0x0d4c  MBR partitions:
21:01:15.0250 0x0d4c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x134A3132
21:01:15.0281 0x0d4c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x134A31B0, BlocksNum 0x11F8A511
21:01:15.0281 0x0d4c  ============================================================
21:01:15.0328 0x0d4c  C: <-> \Device\Harddisk0\DR0\Partition1
21:01:15.0359 0x0d4c  D: <-> \Device\Harddisk0\DR0\Partition2
21:01:15.0375 0x0d4c  ============================================================
21:01:15.0375 0x0d4c  Initialize success
21:01:15.0375 0x0d4c  ============================================================
21:01:21.0875 0x0c6c  ============================================================
21:01:21.0875 0x0c6c  Scan started
21:01:21.0875 0x0c6c  Mode: Manual; 
21:01:21.0875 0x0c6c  ============================================================
21:01:21.0875 0x0c6c  KSN ping started
21:01:45.0968 0x0c6c  KSN ping finished: true
21:01:46.0312 0x0c6c  ================ Scan system memory ========================
21:01:46.0312 0x0c6c  System memory - ok
21:01:46.0312 0x0c6c  ================ Scan services =============================
21:01:46.0375 0x0c6c  Abiosdsk - ok
21:01:46.0375 0x0c6c  abp480n5 - ok
21:01:46.0437 0x0c6c  [ 26A773E6C500277C5A817FAB68CD0BB9, 5E984208FF301D30BC0196F74EF85AAE8EA1F0546C5BDD39992854C6AD982857 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:01:46.0437 0x0c6c  ACPI - ok
21:01:46.0500 0x0c6c  [ EA755AA1A97ED90D446E1A43AE3FB619, C370D81D16AB5917B397C262D110A6D82BEE203EBAF28C3D387A03804526BFA9 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:01:46.0500 0x0c6c  ACPIEC - ok
21:01:46.0578 0x0c6c  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:01:46.0593 0x0c6c  AdobeFlashPlayerUpdateSvc - ok
21:01:46.0609 0x0c6c  adpu160m - ok
21:01:46.0625 0x0c6c  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
21:01:46.0625 0x0c6c  aec - ok
21:01:46.0687 0x0c6c  [ 7E775010EF291DA96AD17CA4B17137D7, E2B746D5839715432FA073378149545D51C8BEFF8621411E0FF184DE8AA83414 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
21:01:46.0687 0x0c6c  AFD - ok
21:01:46.0687 0x0c6c  Aha154x - ok
21:01:46.0703 0x0c6c  aic78u2 - ok
21:01:46.0703 0x0c6c  aic78xx - ok
21:01:46.0734 0x0c6c  [ 66BBA71D7A3590DE33FE211CCFCCA10C, 4D1F25A8801E4DD90CE0277DBC69162C375A85A266F9EE31CEBCCDA57348C0E8 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
21:01:46.0750 0x0c6c  Alerter - ok
21:01:46.0765 0x0c6c  [ 20923FF57F894CE9217C683A7EFCBE77, 5A8ACA29490F7CCF754793E39B0A4574BB8927B0F96861C36C55137A915E88C8 ] ALG             C:\WINDOWS\System32\alg.exe
21:01:46.0765 0x0c6c  ALG - ok
21:01:46.0781 0x0c6c  AliIde - ok
21:01:46.0859 0x0c6c  [ F6AF59D6EEE5E1C304F7F73706AD11D8, F5D39EF40CDB5102A84C8594CFC54DDBD5060E193E6D07421A9003D2ABC63E30 ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
21:01:46.0953 0x0c6c  Ambfilt - ok
21:01:46.0953 0x0c6c  amsint - ok
21:01:47.0078 0x0c6c  [ 0A1CC583E8147004E4AD4625D7FBF88C, A2AC717F5F0ACA59FC14CD99EA8AB9DF183AFEB810A5B8332FC770DF93EE7E92 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:01:47.0093 0x0c6c  AntiVirSchedulerService - ok
21:01:47.0140 0x0c6c  [ C9A36EF935ACED86AEDF93E97E606911, BC53AFDAA685083F377F912F41821043C034C7AE88ADA19D2D9AAA26953F31B8 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:01:47.0140 0x0c6c  AntiVirService - ok
21:01:47.0187 0x0c6c  [ A92E8B7EBA548071D4CFA38E363E367F, 476D7FE859E0EC6071BE504802C752A10F34AC645180DD53B1E165D843874D3D ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
21:01:47.0203 0x0c6c  AppMgmt - ok
21:01:47.0296 0x0c6c  [ D4E1BFC2B1DDA9272E8144DECA080C3A, 3617AFFB2A7DD75BA083E6E12F542045FF3559641E7CD60133F4DCFFAB5F54FD ] AR5416          C:\WINDOWS\system32\DRIVERS\athw.sys
21:01:47.0359 0x0c6c  AR5416 - ok
21:01:47.0375 0x0c6c  asc - ok
21:01:47.0375 0x0c6c  asc3350p - ok
21:01:47.0375 0x0c6c  asc3550 - ok
21:01:47.0437 0x0c6c  [ B9FDFA552EBA5B4BF377F7CCEC9B8BC7, AF7541A34F34457662A054D0372E80D2FAA7E7DA75C8EE46AAFE95F923F1A152 ] ASMMAP          C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys
21:01:47.0437 0x0c6c  ASMMAP - ok
21:01:47.0468 0x0c6c  [ 05A56C3156E1B6CC7BBD8E1D54D491F2, 524F9D08FB4EBBEE63D25D7A9037FB4797B2ABB2C09AA7E477CB0108D6AFB1CF ] ASNDIS5         C:\PROGRA~1\ASUS\ATKPAC~1\ATKHOT~1\ASNDIS5.SYS
21:01:47.0484 0x0c6c  ASNDIS5 - ok
21:01:47.0593 0x0c6c  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:01:47.0640 0x0c6c  aspnet_state - ok
21:01:47.0687 0x0c6c  [ 0EEFB7741B46099FE1AA124F57BEEE41, 2497D2514C81362E92190CAB66ABA1C19AA321BD71FA9C61665F583B6570A81A ] aswKbd          C:\WINDOWS\system32\drivers\aswKbd.sys
21:01:47.0687 0x0c6c  aswKbd - ok
21:01:47.0734 0x0c6c  [ 6F1505608202BBD179095A6A150D103F, 0102548296B89A7036B55D13BE54A44F11C4C98E9B8F8E02C58138D47AF5951E ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
21:01:47.0734 0x0c6c  aswMonFlt - ok
21:01:47.0765 0x0c6c  [ 7B948E3657BEA62E437BC46CA6EF6012, D518FEB29DBCC1406FFFAF7F618A4475B0A469D4C2714313859D7AD402283A5C ] aswNdis         C:\WINDOWS\system32\DRIVERS\aswNdis.sys
21:01:47.0765 0x0c6c  aswNdis - ok
21:01:47.0781 0x0c6c  [ 764E639C0BFCCFD0F84E2CE3FF5951BE, BA45F226457D75A691A34976FA51C2634F963CBA36A21BBB3B3554CA2266D5AA ] aswNdis2        C:\WINDOWS\system32\drivers\aswNdis2.sys
21:01:47.0781 0x0c6c  aswNdis2 - ok
21:01:47.0812 0x0c6c  [ B269C41DF93EFF71DF0986BD982D1C46, 78EBDA9D17B0003694748F2BBDFFD31AA02011E5ECAC781B0E62B3F8EC2A02F7 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr.sys
21:01:47.0812 0x0c6c  aswRdr - ok
21:01:47.0843 0x0c6c  [ F385467DF95D0A73775CB3B076B8B969, D427A5F4FB4D1DAB04AFC29E7EC510844F907ABBA053538995E65747BAD37422 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
21:01:47.0843 0x0c6c  aswRvrt - ok
21:01:47.0890 0x0c6c  [ 0F639D0526820BA7872C963813E0EB8D, 2F0B04F09531AF34AF9B9C9746494D963EA58DEF96AB9FDDD86CF31EDB9E19CD ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
21:01:47.0921 0x0c6c  aswSnx - ok
21:01:47.0968 0x0c6c  [ 7BA7543EA7936A7ADA615F6DE7C95494, E28EF95A2C05A8303AF8464CCD664821B4B0441D9E30A98BACB53D4C3EE771CE ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
21:01:47.0984 0x0c6c  aswSP - ok
21:01:48.0000 0x0c6c  [ 875D2B1054F2ECD8F575D6CBE78DD7BA, D5F9C1F3A5FB248741AEE3764C44A1261358174D77DD2836917D1A97BFCF0146 ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
21:01:48.0000 0x0c6c  aswTdi - ok
21:01:48.0015 0x0c6c  [ 1B0662514A68C3A42E60D240C5ABEF28, 71301759C135895C72CAED297A669BA58B3F73E0B7E46DB981F6559D5D5E2B89 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
21:01:48.0015 0x0c6c  aswVmm - ok
21:01:48.0078 0x0c6c  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:01:48.0078 0x0c6c  AsyncMac - ok
21:01:48.0093 0x0c6c  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
21:01:48.0093 0x0c6c  atapi - ok
21:01:48.0093 0x0c6c  Atdisk - ok
21:01:48.0140 0x0c6c  [ 63F1212FFE13E62CA1E8D8EE19ABD9A7, A552CAF830CD1D01C077EDDEC95832F5826631D2DFA8747E0E393E32ACED2A57 ] ATKGFNEXSrv     C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
21:01:48.0156 0x0c6c  ATKGFNEXSrv - ok
21:01:48.0187 0x0c6c  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:01:48.0187 0x0c6c  Atmarpc - ok
21:01:48.0234 0x0c6c  [ C7AB88BA43DEF89BD353811169AB4FE3, 05201AC0339EF1EEE3FCBC02D9961C3E9F31AE857D58A5422E2210981BB7BBA6 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
21:01:48.0234 0x0c6c  AudioSrv - ok
21:01:48.0281 0x0c6c  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
21:01:48.0281 0x0c6c  audstub - ok
21:01:48.0343 0x0c6c  [ D74884939D53612FD84AC82C59CCFE27, 07BFB34A3748E018C0A674A6253A03FFA522B31AE1942E84B3CC4DDDED9C16A9 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:01:48.0359 0x0c6c  avast! Antivirus - ok
21:01:48.0390 0x0c6c  [ 1247D6B0F35AA93774CFBFD73203D857, 96C953BC223BB17DDBACB131693920AF53A9BF36155266EDFE61FC060A14D4B7 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
21:01:48.0406 0x0c6c  avast! Firewall - ok
21:01:48.0453 0x0c6c  [ D5541F0AFB767E85FC412FC609D96A74, 9F37FF6317C25D751FD31C65489D42D6E8DEDFCA1F412F111EF66B12F63ACF9F ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
21:01:48.0453 0x0c6c  avgntflt - ok
21:01:48.0515 0x0c6c  [ 7D967A682D4694DF7FA57D63A2DB01FE, 3F98C1F1A4DAD9BA1B32B75E83B0C8D374D8F803EC1D00E64746492FA7552A58 ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
21:01:48.0515 0x0c6c  avipbb - ok
21:01:48.0562 0x0c6c  [ 271CFD1A989209B1964E24D969552BF7, 05D2D3DFD9A10B0DFB6DAC324C42C0DD615E90E55796EA0152419DE3ED99B063 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
21:01:48.0562 0x0c6c  avkmgr - ok
21:01:48.0625 0x0c6c  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
21:01:48.0625 0x0c6c  Beep - ok
21:01:48.0687 0x0c6c  [ E8367773660B9BEA240A124C1D7F3484, D41E16BDE9C81C3383820A16C6FCE504F29097FBFA8330C3FC3A9D817236BF55 ] BITS            C:\WINDOWS\system32\qmgr.dll
21:01:48.0828 0x0c6c  BITS - ok
21:01:48.0968 0x0c6c  [ 5AB58C337AC65837FE404462AD6265AB, F7E145F5D8DB1017D5B7B9D5380100F170FE5CC2050B5F7346A521B7B72D2166 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:01:48.0984 0x0c6c  Bonjour Service - ok
21:01:49.0031 0x0c6c  [ E741A4F3DB7BCA910284A6086381830A, 615D0677250B8F8D0701671EE050199C69F0770F4301BFBCBD8A50479BF34677 ] bpenum          C:\WINDOWS\system32\DRIVERS\bpenum.sys
21:01:49.0046 0x0c6c  bpenum - ok
21:01:49.0093 0x0c6c  [ AF0B00E0550C266CB1FB797C280350B0, F5656F838390178D396325C56F9417E6CD5C8E6EC6A5E649366AFAC30574B775 ] Browser         C:\WINDOWS\System32\browser.dll
21:01:49.0109 0x0c6c  Browser - ok
21:01:49.0109 0x0c6c  btaudio - ok
21:01:49.0109 0x0c6c  BTDriver - ok
21:01:49.0125 0x0c6c  BTWDNDIS - ok
21:01:49.0125 0x0c6c  BTWUSB - ok
21:01:49.0156 0x0c6c  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
21:01:49.0156 0x0c6c  cbidf2k - ok
21:01:49.0187 0x0c6c  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:01:49.0187 0x0c6c  CCDECODE - ok
21:01:49.0187 0x0c6c  cd20xrnt - ok
21:01:49.0234 0x0c6c  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
21:01:49.0234 0x0c6c  Cdaudio - ok
21:01:49.0281 0x0c6c  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
21:01:49.0281 0x0c6c  Cdfs - ok
21:01:49.0296 0x0c6c  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:01:49.0296 0x0c6c  Cdrom - ok
21:01:49.0312 0x0c6c  Changer - ok
21:01:49.0343 0x0c6c  [ BDF639BEE30F63E13202CC502E6B2C8A, 7FDA816B2BF47CD44F2E55072BD9C2F12534697DFD557C5D48AD808151EEC4C6 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
21:01:49.0343 0x0c6c  CiSvc - ok
21:01:49.0359 0x0c6c  [ 70EEEA0B82B162D20C38D80869284A5A, E3FA9963F647B47A36AB4C7E864D034F5E3242D17BB9BC9413D02E34D8E2D065 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
21:01:49.0359 0x0c6c  ClipSrv - ok
21:01:49.0437 0x0c6c  [ 3C4D595E7F9B747325AEF28B4ADCAAE5, 4A283F3E2E659DA996EC16BC8181E9F521BDFDFCF246D0E432D65D2672AC9629 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:01:49.0500 0x0c6c  clr_optimization_v2.0.50727_32 - ok
21:01:49.0562 0x0c6c  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:01:49.0640 0x0c6c  clr_optimization_v4.0.30319_32 - ok
21:01:49.0671 0x0c6c  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:01:49.0671 0x0c6c  CmBatt - ok
21:01:49.0671 0x0c6c  CmdIde - ok
21:01:49.0781 0x0c6c  [ 334D941767361656E3E67B47EC933E7A, 62516D14AE66047CF1A43731E481AA8EF1381C5C772FA58E8D63F46B4C3B51A4 ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDAU32.sys
21:01:49.0890 0x0c6c  CnxtHdAudService - ok
21:01:49.0921 0x0c6c  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:01:49.0937 0x0c6c  Compbatt - ok
21:01:49.0937 0x0c6c  COMSysApp - ok
21:01:49.0937 0x0c6c  Cpqarray - ok
21:01:49.0984 0x0c6c  [ EF329F898FE62AB647F62A94EA89964E, ED582C77C6F2C9361D8113DD9B74F5803221884316F7FA4D2788FA5584054A03 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
21:01:50.0000 0x0c6c  CryptSvc - ok
21:01:50.0000 0x0c6c  dac2w2k - ok
21:01:50.0000 0x0c6c  dac960nt - ok
21:01:50.0062 0x0c6c  [ AC27D2EEC997D3C0BED36935AFCD59E4, BBC45792CFD3A19D4B8B6C426FC6D6F8FD3DA9977C2B560CB6CC2567513593DB ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
21:01:50.0093 0x0c6c  DcomLaunch - ok
21:01:50.0125 0x0c6c  [ 6216FD7FD227DE454238A702B218CEC7, 5699FDD253754AE274B8624A41CBE778D74383E95D5167785A48A51AAD67FC70 ] dgderdrv        C:\WINDOWS\system32\drivers\dgderdrv.sys
21:01:50.0125 0x0c6c  dgderdrv - ok
21:01:50.0156 0x0c6c  [ 6CC6C4B9D7B906A151AA094CA087B9F0, 5D06DC2FCAF86C256792D541D5581AF5AFEDA247814E07C6017BEE92284CAA56 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
21:01:50.0171 0x0c6c  dg_ssudbus - ok
21:01:50.0203 0x0c6c  [ 9B1ABA1F15F97AFAAD54597B8801C3C5, 5669F3D54C3E02544E9CBFCFA23636BABDEE4545E519A9E5E53D908F1FF00DE3 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
21:01:50.0218 0x0c6c  Dhcp - ok
21:01:50.0265 0x0c6c  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
21:01:50.0265 0x0c6c  Disk - ok
21:01:50.0265 0x0c6c  dmadmin - ok
21:01:50.0359 0x0c6c  [ 5425C8C19E70D1A3CA14D044D437CE2A, 6D79418A85BA7491686D6E9A8C3A3DCE379F666B2794FE7909C8D507AA541FA5 ] DMAgent         C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
21:01:50.0375 0x0c6c  DMAgent - ok
21:01:50.0453 0x0c6c  [ 759A1336055E6B614B2462D0F45D6278, 2ADA959421CC516C8DCC9DD6726295A506F334B846391CAFFCA7F1ACA0C11252 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
21:01:50.0484 0x0c6c  dmboot - ok
21:01:50.0515 0x0c6c  [ 8CA1A6932D84B2C23D5D488D23D3B01D, 7E26A8DD561B1DFAD47EA0C614C07A1AE72E30C8B2B81C7D04B2E677AD3AD409 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
21:01:50.0531 0x0c6c  dmio - ok
21:01:50.0546 0x0c6c  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
21:01:50.0546 0x0c6c  dmload - ok
21:01:50.0578 0x0c6c  [ 5583A600AB718485E91B0A503157141E, B37F672FFAD259202C61F056E1AC87C1110EDCE72958D9CD4F7A5F81C5E05B7A ] dmserver        C:\WINDOWS\System32\dmserver.dll
21:01:50.0593 0x0c6c  dmserver - ok
21:01:50.0609 0x0c6c  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
21:01:50.0609 0x0c6c  DMusic - ok
21:01:50.0656 0x0c6c  [ 50F638BD27A9803008A3E13025AA04E4, E3AD97E4F395B722848A92322E555FC29D830F6C8F63E32916FFF3D04C1DFA15 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
21:01:50.0671 0x0c6c  Dnscache - ok
21:01:50.0718 0x0c6c  [ CFBDAA2546E9E828B370014191311CDB, EA0862FDF2F5F5B43FC8C50F481A261C3CCBAB1DAF3F0EC8C95463A4A3F70D4D ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
21:01:50.0734 0x0c6c  Dot3svc - ok
21:01:50.0734 0x0c6c  dpti2o - ok
21:01:50.0750 0x0c6c  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
21:01:50.0750 0x0c6c  drmkaud - ok
21:01:50.0812 0x0c6c  [ 19898FF0D88EECCCDF56F2F49557E457, BE880694D7DCF80DEE596BDAE53A9D54F8D40F875B060415DAFEC87F9E754BC0 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
21:01:50.0828 0x0c6c  EapHost - ok
21:01:50.0843 0x0c6c  [ CD69DB1378EBCA466A06FF63FE611165, 5500C5A8E325AB076ACE3630B5A23DC8CDFBD83B6D545F58551FD3FFE9924D6F ] ERSvc           C:\WINDOWS\System32\ersvc.dll
21:01:50.0859 0x0c6c  ERSvc - ok
21:01:50.0906 0x0c6c  [ 4D0992F28F97B4B104D97BF044C522F7, 8B612F93CC1D5108FE058EC74A26839953A6C3CA41791F90AE584A2D142C0C2F ] Eventlog        C:\WINDOWS\system32\services.exe
21:01:50.0937 0x0c6c  Eventlog - ok
21:01:50.0984 0x0c6c  [ 51BACCDDDFC6D6C6DF18C6A1C23E3D36, 185B5BEE0B33115EFC228BF1F90019FD72CF6B682369D7AF5BFE4121F8465F28 ] EventSystem     C:\WINDOWS\system32\es.dll
21:01:51.0015 0x0c6c  EventSystem - ok
21:01:51.0046 0x0c6c  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
21:01:51.0046 0x0c6c  Fastfat - ok
21:01:51.0093 0x0c6c  [ F8A9790BA13D88D2F512DEFAD9CA298D, 0004128C0C147B9CE8600D57F1FB024A0CDABA164F0928CB16B89CBCA7AC33B0 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:01:51.0125 0x0c6c  FastUserSwitchingCompatibility - ok
21:01:51.0140 0x0c6c  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
21:01:51.0140 0x0c6c  Fdc - ok
21:01:51.0187 0x0c6c  [ 11BB3067883475F2ECBB77C01181E2D5, 8752EEBFD69C3F4796763BA9169EA1850BC451D7D52ED978D2964DEEDE80B0E0 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
21:01:51.0187 0x0c6c  Fips - ok
21:01:51.0187 0x0c6c  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:01:51.0187 0x0c6c  Flpydisk - ok
21:01:51.0203 0x0c6c  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
21:01:51.0218 0x0c6c  FltMgr - ok
21:01:51.0265 0x0c6c  [ DDEE99DC54EFA20BD5A442CD733C4462, 941D6C5D91F6419198F1A53BF7D33AA2D9118CEAC028B6ED8E5308751810B9B5 ] FsUsbExDisk     C:\WINDOWS\system32\FsUsbExDisk.SYS
21:01:51.0281 0x0c6c  FsUsbExDisk - ok
21:01:51.0343 0x0c6c  [ 0796C1E47ADB9825269E64B9DAB4E741, A9E476278428824FAE8B63B2B2CAC683EABD28E5B514925F6379593CB6CAB968 ] FsUsbExService  C:\WINDOWS\system32\FsUsbExService.Exe
21:01:51.0359 0x0c6c  FsUsbExService - ok
21:01:51.0421 0x0c6c  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:01:51.0421 0x0c6c  Fs_Rec - ok
21:01:51.0468 0x0c6c  [ EDF3126968525A17DE8B382AEC99CDCC, 7BAB4703B6BA2E0D74FB8829AC5409750D2D152390B2A0AB819218055EC49423 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:01:51.0468 0x0c6c  Ftdisk - ok
21:01:51.0468 0x0c6c  gdrv - ok
21:01:51.0531 0x0c6c  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:01:51.0531 0x0c6c  Gpc - ok
21:01:51.0640 0x0c6c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
21:01:51.0656 0x0c6c  gupdate - ok
21:01:51.0656 0x0c6c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:01:51.0671 0x0c6c  gupdatem - ok
21:01:51.0718 0x0c6c  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:01:51.0718 0x0c6c  HDAudBus - ok
21:01:51.0843 0x0c6c  [ F0C533D0A00C4291B324D3E5EDD7BA3B, 66B10DA32437A4A97EEF522C16EC382E80790FA0E2ACFA449522D33B9E4E83B2 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:01:51.0843 0x0c6c  helpsvc - ok
21:01:51.0875 0x0c6c  [ 405858A5E86D7C4A554605F571640062, FB84625613E2E2CA9F79802E6D2E76710727FCB5BDDA137B80105CCC0432735B ] HidServ         C:\WINDOWS\System32\hidserv.dll
21:01:51.0875 0x0c6c  HidServ - ok
21:01:51.0906 0x0c6c  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:01:51.0921 0x0c6c  HidUsb - ok
21:01:51.0968 0x0c6c  [ 94C17F4C36A06945CC245C8392D060EA, D2030B385ACE9365E4305F36D700DDCE5CBBB200E37A50CB65D60CDC67DD459E ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
21:01:51.0984 0x0c6c  hkmsvc - ok
21:01:51.0984 0x0c6c  hpn - ok
21:01:52.0031 0x0c6c  [ F6AACF5BCE2893E0C1754AFEB672E5C9, 62A7A70515B5570A649DC30A3A122B1302F6839A63927C8B29EBE04ABA654892 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
21:01:52.0031 0x0c6c  HTTP - ok
21:01:52.0046 0x0c6c  [ F53C9ED88A7496C96A54F84ED5ED1B64, FD8584145DFD283FC0423B4D136B342B8ED6D7B64C7462B2DF2E220835B6C0BA ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
21:01:52.0062 0x0c6c  HTTPFilter - ok
21:01:52.0062 0x0c6c  i2omgmt - ok
21:01:52.0062 0x0c6c  i2omp - ok
21:01:52.0109 0x0c6c  [ 97EEF4179F7EC9138254C944BB0E1EF8, AB061FB47630027D459800BB867A50162C1D92DFB0866D521CB39A24EAA1A0DD ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:01:52.0125 0x0c6c  i8042prt - ok
21:01:52.0234 0x0c6c  [ 46F152F801A5FFD275441371014AE094, 7DB2B407CE1F88A0D6B515AF6ABB7164985D12C3ECC948352D07972952619833 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:01:52.0343 0x0c6c  ialm - ok
21:01:52.0343 0x0c6c  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
21:01:52.0343 0x0c6c  Imapi - ok
21:01:52.0421 0x0c6c  [ AF6FE1EA2C9C4ADED73DFBCE677B0880, 2FEA89154A40AF9E0D103972E3B95E2F504D778D9D2213A44F92A94E2B12A3A8 ] ImapiService    C:\WINDOWS\system32\imapi.exe
21:01:52.0421 0x0c6c  ImapiService - ok
21:01:52.0421 0x0c6c  [ 2DB41BA61D5E44D0667CF126D35DCF34, AFD9EE3167C8BA0B547DBA8D559401F49EC4ACEBFF2BFE7598A0BC61491C45F8 ] Impcd           C:\WINDOWS\system32\DRIVERS\Impcd.sys
21:01:52.0437 0x0c6c  Impcd - ok
21:01:52.0437 0x0c6c  ini910u - ok
21:01:52.0640 0x0c6c  [ 0CACDCBBC8E6F11E2865C47BFC509848, DD415DD9564BB1E99DA0DBE084CBF321DD55784F3ECC160521BFB4E06AC44523 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:01:52.0828 0x0c6c  IntcAzAudAddService - ok
21:01:52.0875 0x0c6c  [ 3978E27C330F6CDA7106BE5D408C4A1D, 1B7CA62A5AE002206ABA1DB40D780BE4C2D3EE84306888B61E9C8341F8D0BAE8 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
21:01:52.0875 0x0c6c  IntcDAud - ok
21:01:52.0890 0x0c6c  IntelIde - ok
21:01:52.0890 0x0c6c  [ F2FCD248738A7F5FB2857341832591A6, E37D59FD3D641EC97B4F7646E86D6C803F39AD8E5F94580E1F9A402B30445E71 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:01:52.0890 0x0c6c  intelppm - ok
21:01:52.0937 0x0c6c  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
21:01:52.0937 0x0c6c  Ip6Fw - ok
21:01:52.0968 0x0c6c  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:01:52.0984 0x0c6c  IpFilterDriver - ok
21:01:53.0000 0x0c6c  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:01:53.0000 0x0c6c  IpInIp - ok
21:01:53.0062 0x0c6c  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:01:53.0062 0x0c6c  IpNat - ok
21:01:53.0109 0x0c6c  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:01:53.0109 0x0c6c  IPSec - ok
21:01:53.0140 0x0c6c  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
21:01:53.0140 0x0c6c  IRENUM - ok
21:01:53.0171 0x0c6c  [ E058A0E262C184F4D47A7677291AC81E, CC6897E19370287AF22E8AD4BA26D043683C7911FD404E7CB2CBA5372A376949 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:01:53.0171 0x0c6c  isapnp - ok
21:01:53.0218 0x0c6c  [ 2254A5E78C55FD8F68F9676590468531, DCB4A270C1B23C2CF2DF546F7A57E708E36CE46A40DA07BDBE50226B91D74927 ] JMCR            C:\WINDOWS\system32\DRIVERS\jmcr.sys
21:01:53.0234 0x0c6c  JMCR - ok
21:01:53.0250 0x0c6c  [ 93C30F053F7D67A1AF974A4C5113BD7D, 3FB5EFB6B197695E40793DA0867A4E99B4A9E1E097C028314AA90945556827A9 ] JME             C:\WINDOWS\system32\DRIVERS\JME.sys
21:01:53.0250 0x0c6c  JME - ok
21:01:53.0250 0x0c6c  [ E05FD8A6F54F4FD6F628B48C0CCEE2A4, D38C6224732382BAE0FC5A855B25B9FBD07D2F2A819D5B3ABAA7342F08739887 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:01:53.0265 0x0c6c  Kbdclass - ok
21:01:53.0296 0x0c6c  [ 9C5F0CB2A0FD3180AB17B5D3566F5033, A4D59B968EE6AD70ECC00EC2E5EA6143E889A3FD5BDEA0BF2DD03763CDFC41F2 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:01:53.0296 0x0c6c  kbdhid - ok
21:01:53.0359 0x0c6c  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
21:01:53.0359 0x0c6c  kmixer - ok
21:01:53.0359 0x0c6c  [ 1705745D900DABF2D89F90EBADDC7517, FE90589415BDB3BA482D3EBE1A87A7BF1429791E8F18BCB66BF8874631CC8B2C ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
21:01:53.0375 0x0c6c  KSecDD - ok
21:01:53.0406 0x0c6c  [ 96478FE91C5A37C673EBE3DA87C1A115, F49122A734FF4E4197713EEE3370801D170129805EDCE84B47C934606466E8D3 ] L1c             C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
21:01:53.0406 0x0c6c  L1c - ok
21:01:53.0437 0x0c6c  [ 101457D884E3DD4636BAEFB9B7E7D3F3, 92C3110892963F26814ECE19CD118671D7C6E08936636E48BDF0666AA4D091D7 ] L1e             C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
21:01:53.0437 0x0c6c  L1e - ok
21:01:53.0468 0x0c6c  [ AC99E99758A3452E7680D6657DBFD6B9, 7839E7F97BB7F3D3705D5673FF28C0DDAB941DEA56384AE3D12AAEBDC0365821 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
21:01:53.0484 0x0c6c  lanmanserver - ok
21:01:53.0515 0x0c6c  [ 8470FD6C76C841395900E07F72EF3EC3, 89D054B77518D19618BBF1B0EF2297EBB8F9EE44654F99F5371EF67335B77244 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:01:53.0531 0x0c6c  lanmanworkstation - ok
21:01:53.0531 0x0c6c  lbrtfdc - ok
21:01:53.0578 0x0c6c  [ B04F7B1F2E84D8C58250600A7F2426DE, 20733236C9A7687595A8BEA23284EA2B5B00FFC7C8408BE9FC60041FFD4E7A2B ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
21:01:53.0593 0x0c6c  LmHosts - ok
21:01:53.0703 0x0c6c  [ E4DFBE4C4A9C2BD87C1430F445F3E3CB, 34A0295D0AC37537B010FEC4534535D92AA4C30900DC37444C992C15F86D3AA4 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
21:01:53.0718 0x0c6c  McComponentHostService - ok
21:01:53.0812 0x0c6c  [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
21:01:53.0843 0x0c6c  MDM - ok
21:01:53.0875 0x0c6c  [ 51A8673170676956EB445503AF5E6F39, 75E28BA2118169B0B224CC5CEDF4CEBF5754B56ECB0BBD93B3E5B9D8020F70F2 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
21:01:53.0890 0x0c6c  Messenger - ok
21:01:53.0968 0x0c6c  [ FAFE367D032ED82E9332B4C741A20216, 7B123766E360570E0FCB211835B7910D6A1806C25A06BCA9227AB9E993376CA8 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:01:53.0984 0x0c6c  Microsoft Office Groove Audit Service - ok
21:01:54.0031 0x0c6c  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
21:01:54.0031 0x0c6c  mnmdd - ok
21:01:54.0078 0x0c6c  [ 524357459B21A4ACB6F192F9C2C6A5BF, A2309686E9E32B34CD37DEA8BFD37D75EB0C6F566E32A223B52F239C353FF784 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
21:01:54.0093 0x0c6c  mnmsrvc - ok
21:01:54.0109 0x0c6c  [ C8088F5CEAE5784A8B4ADDD9355EF247, D268E95E36F19D9BFDE689226F1A4775555795BBD2D1FC5F6986BE6B3B6CC026 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
21:01:54.0125 0x0c6c  Modem - ok
21:01:54.0156 0x0c6c  [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5, 2AC3875B2E7D9B0692253A9867B940CF214DE03574808B42C3702843BC1D5696 ] monfilt         C:\WINDOWS\system32\drivers\monfilt.sys
21:01:54.0250 0x0c6c  monfilt - ok
21:01:54.0265 0x0c6c  [ 57C0574C8B9A26092EC301F88861919C, 805434BD5A64CD456D139393D2D89107F5AF4D51D0F0F1618C8A9A0140AB132E ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:01:54.0281 0x0c6c  Mouclass - ok
21:01:54.0281 0x0c6c  [ 67D4FCCCF487A1D4277AB31151E33D42, 209CBCD7193214382CC9E860AFB0D186B6608D576FA3C1CC1BFE499CE0B4111B ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:01:54.0281 0x0c6c  mouhid - ok
21:01:54.0296 0x0c6c  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
21:01:54.0296 0x0c6c  MountMgr - ok
21:01:54.0359 0x0c6c  [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:01:54.0359 0x0c6c  MozillaMaintenance - ok
21:01:54.0375 0x0c6c  mraid35x - ok
21:01:54.0375 0x0c6c  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:01:54.0375 0x0c6c  MRxDAV - ok
21:01:54.0453 0x0c6c  [ 60AE98742484E7AB80C3C1450E708148, EDA62550BFB9EBB0FBE88CB55BB13C8F2636C620E52D691C7BEF13357F68C7DC ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:01:54.0468 0x0c6c  MRxSmb - ok
21:01:54.0515 0x0c6c  [ D39EABF2D29FB80DD1F477F358218E5D, 63D6D897EBC5F2A9D73E57ABB5FE7C2113DC7E62261A17553AC7398F116719B0 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
21:01:54.0531 0x0c6c  MSDTC - ok
21:01:54.0531 0x0c6c  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
21:01:54.0531 0x0c6c  Msfs - ok
21:01:54.0531 0x0c6c  MSIServer - ok
21:01:54.0546 0x0c6c  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:01:54.0546 0x0c6c  MSKSSRV - ok
21:01:54.0562 0x0c6c  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:01:54.0562 0x0c6c  MSPCLOCK - ok
21:01:54.0562 0x0c6c  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
21:01:54.0562 0x0c6c  MSPQM - ok
21:01:54.0593 0x0c6c  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:01:54.0593 0x0c6c  mssmbios - ok
21:01:54.0640 0x0c6c  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
21:01:54.0640 0x0c6c  MSTEE - ok
21:01:54.0671 0x0c6c  [ 1C0F480B7C6136DDB5FB909995AF014A, 13F6315E266A67E4F30C02E7CCE95AA0DC02CC18A5FE752C38FBB18E252789C4 ] MTsensor        C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
21:01:54.0671 0x0c6c  MTsensor - ok
21:01:54.0703 0x0c6c  [ 2F625D11385B1A94360BFC70AAEFDEE1, 23E4974120233CF1A7BEE48977706A0A55418699379D1450502ABEB24191AC80 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
21:01:54.0703 0x0c6c  Mup - ok
21:01:54.0718 0x0c6c  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:01:54.0734 0x0c6c  NABTSFEC - ok
21:01:54.0765 0x0c6c  [ 92FF1A7CF55EBF74D389AA6EFDC122FA, 00E14DDA25A10087C764EB38812EB3CBE9B90E03EB7C8CE6C868BA22C622C36B ] napagent        C:\WINDOWS\System32\qagentrt.dll
21:01:54.0812 0x0c6c  napagent - ok
21:01:54.0843 0x0c6c  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
21:01:54.0843 0x0c6c  NDIS - ok
21:01:54.0875 0x0c6c  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:01:54.0875 0x0c6c  NdisIP - ok
21:01:54.0906 0x0c6c  [ 1AB3D00C991AB086E69DB84B6C0ED78F, 1F881FCCF5557C44C078D99CA2DD38D635413D6212DBEDC06A428EDAC7F8B04E ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:01:54.0906 0x0c6c  NdisTapi - ok
21:01:54.0921 0x0c6c  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:01:54.0921 0x0c6c  Ndisuio - ok
21:01:54.0937 0x0c6c  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:01:54.0937 0x0c6c  NdisWan - ok
21:01:54.0953 0x0c6c  [ 6215023940CFD3702B46ABC304E1D45A, C767F3A349B365F6E7566C0738E2F62D8FFF8CB4457347E3614BD403BC6CADCB ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
21:01:54.0953 0x0c6c  NDProxy - ok
21:01:55.0046 0x0c6c  [ C1A897612A59FB9945D39838DE3B4A03, C35D0DC2C13C8BAB541554BD2EF547C7715C064217F12C81B817B430CAC64879 ] NEOFLTR_710_20169 C:\WINDOWS\system32\Drivers\NEOFLTR_710_20169.SYS
21:01:55.0046 0x0c6c  NEOFLTR_710_20169 - ok
21:01:55.0078 0x0c6c  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
21:01:55.0078 0x0c6c  NetBIOS - ok
21:01:55.0093 0x0c6c  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
21:01:55.0093 0x0c6c  NetBT - ok
21:01:55.0140 0x0c6c  [ D649FF470800BD2A34C6AAC051514211, DF112CA5B790160316709C9BF3108A43B43B01E795DFF31554AA3731ECD57A18 ] NetDDE          C:\WINDOWS\system32\netdde.exe
21:01:55.0156 0x0c6c  NetDDE - ok
21:01:55.0156 0x0c6c  [ D649FF470800BD2A34C6AAC051514211, DF112CA5B790160316709C9BF3108A43B43B01E795DFF31554AA3731ECD57A18 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
21:01:55.0171 0x0c6c  NetDDEdsdm - ok
21:01:55.0203 0x0c6c  [ 673640E09DD7B7125ED82210B7DC311A, CDF723E19A7D12DC6F12F14AAEBBF2E77CB429143E743A165757745F7A2FFABB ] Netlogon        C:\WINDOWS\system32\lsass.exe
21:01:55.0218 0x0c6c  Netlogon - ok
21:01:55.0234 0x0c6c  [ 0BFA2A7D8200F5638AB8091FE12F54D6, 236D0029D482503EF5045E3EC7796CBCCC8E817D12A92C04703A9CB84A1C01C2 ] Netman          C:\WINDOWS\System32\netman.dll
21:01:55.0250 0x0c6c  Netman - ok
21:01:55.0328 0x0c6c  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:01:55.0359 0x0c6c  NetTcpPortSharing - ok
21:01:55.0390 0x0c6c  [ C1682818C34E63159553FA4FBB4A45B7, 732B3D5E66ACDDEC96E49F9E15F342C99554A7005ACF8BCD643762C4C7FE6EF5 ] Nla             C:\WINDOWS\System32\mswsock.dll
21:01:55.0406 0x0c6c  Nla - ok
21:01:55.0437 0x0c6c  [ F6C40E0A565EE3CE5AEEB325E10054F2, 30C8BA41B1C235ECB2C7F29CD76C8F41B8D705BE7DD44F66666C28275EA56BAC ] nmwcd           C:\WINDOWS\system32\drivers\ccdcmb.sys
21:01:55.0437 0x0c6c  nmwcd - ok
21:01:55.0468 0x0c6c  [ 2A394E9E1FA3565E4B2FEA470FFE4D6B, 879BE61C4256C9B855AA269C241A0D24E9ECE3CA0F3AFFB2E11D9340C0428D31 ] nmwcdc          C:\WINDOWS\system32\drivers\ccdcmbo.sys
21:01:55.0468 0x0c6c  nmwcdc - ok
21:01:55.0500 0x0c6c  [ 99B224F8026CB534724AA3C408561E45, BBBA3F6BF90674014432BA034563E0EA0E16BE150A75D410B4532C4F79B9180A ] nmwcdnsu        C:\WINDOWS\system32\drivers\nmwcdnsu.sys
21:01:55.0515 0x0c6c  nmwcdnsu - ok
21:01:55.0531 0x0c6c  [ D23257682D349A5E2E4507ED33DECC16, 9884BD3191DEDE2B53F3AFBC9DC214990C04BEB4ABADA87D0EE526416A8A90DC ] nmwcdnsuc       C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
21:01:55.0531 0x0c6c  nmwcdnsuc - ok
21:01:55.0562 0x0c6c  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
21:01:55.0562 0x0c6c  Npfs - ok
21:01:55.0593 0x0c6c  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
21:01:55.0625 0x0c6c  Ntfs - ok
21:01:55.0640 0x0c6c  [ 673640E09DD7B7125ED82210B7DC311A, CDF723E19A7D12DC6F12F14AAEBBF2E77CB429143E743A165757745F7A2FFABB ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
21:01:55.0640 0x0c6c  NtLmSsp - ok
21:01:55.0703 0x0c6c  [ 98FE9C7F4E219606AC0171E0A3477DDF, 393BBD173647EF1E23E13DD3D2AB1BDE64063683EFC8D128285A88A2AFE04CC2 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
21:01:55.0734 0x0c6c  NtmsSvc - ok
21:01:55.0781 0x0c6c  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
21:01:55.0781 0x0c6c  Null - ok
21:01:55.0796 0x0c6c  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:01:55.0796 0x0c6c  NwlnkFlt - ok
21:01:55.0828 0x0c6c  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:01:55.0828 0x0c6c  NwlnkFwd - ok
21:01:55.0937 0x0c6c  [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:01:55.0968 0x0c6c  odserv - ok
21:01:56.0015 0x0c6c  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:01:56.0031 0x0c6c  ose - ok
21:01:56.0078 0x0c6c  [ BD549622B39DA6EF5BA31CB01B2179D3, 0AB57C0A21A5F2778086F01154805B4830DA0B4B0BC5E9C46ADC8A0636D2EC19 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
21:01:56.0078 0x0c6c  Parport - ok
21:01:56.0093 0x0c6c  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
21:01:56.0093 0x0c6c  PartMgr - ok
21:01:56.0125 0x0c6c  [ AD8F8E81709E222076678A501BD6D1E1, 399D73252928D2A624F7240141A8C99841E6E2CA3F954DC776577E7D3078CD9F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
21:01:56.0125 0x0c6c  ParVdm - ok
21:01:56.0156 0x0c6c  [ F451DCACBAA67F3307305EBD4A39EA07, C4435BF4C2D16F3DC0B35732BE3602FFA28DB0A5BC5576F45E0D32E5F4CD2DEA ] pccsmcfd        C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:01:56.0171 0x0c6c  pccsmcfd - ok
21:01:56.0187 0x0c6c  [ 40F8158057494D56D22038E4536C5395, FD60EA52E1D813565050669D6D6525B097B543C560D40A17E0DC2866F49B7105 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
21:01:56.0187 0x0c6c  PCI - ok
21:01:56.0187 0x0c6c  PCIDump - ok
21:01:56.0187 0x0c6c  [ 6683C158D30DED5DBFD5733CE066BE9A, 163AD07215BA3B67043DC04D37AE583FC0B9BF6547B1639DFEBECA80247ABBD2 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
21:01:56.0187 0x0c6c  PCIIde - ok
21:01:56.0218 0x0c6c  [ 5F8C49E11D221E6A9C7F016758BD9C92, 7BB52E30FAF675A51695AE464B82C555F0CD18FF8D8726D8FF0D5B23ADF2042B ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
21:01:56.0218 0x0c6c  Pcmcia - ok
21:01:56.0218 0x0c6c  PDCOMP - ok
21:01:56.0218 0x0c6c  PDFRAME - ok
21:01:56.0234 0x0c6c  PDRELI - ok
21:01:56.0234 0x0c6c  PDRFRAME - ok
21:01:56.0234 0x0c6c  perc2 - ok
21:01:56.0250 0x0c6c  perc2hib - ok
21:01:56.0281 0x0c6c  [ 4D0992F28F97B4B104D97BF044C522F7, 8B612F93CC1D5108FE058EC74A26839953A6C3CA41791F90AE584A2D142C0C2F ] PlugPlay        C:\WINDOWS\system32\services.exe
21:01:56.0281 0x0c6c  PlugPlay - ok
21:01:56.0296 0x0c6c  [ 673640E09DD7B7125ED82210B7DC311A, CDF723E19A7D12DC6F12F14AAEBBF2E77CB429143E743A165757745F7A2FFABB ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
21:01:56.0296 0x0c6c  PolicyAgent - ok
21:01:56.0312 0x0c6c  [ F6D6AD1197DA407400B8E7E2D0467B6D, 5790245B4BF3C6A78C05A9A56A25426D072068044126C262F6385A1651D89C40 ] PPPoEWin        C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS
21:01:56.0312 0x0c6c  PPPoEWin - ok
21:01:56.0328 0x0c6c  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:01:56.0328 0x0c6c  PptpMiniport - ok
21:01:56.0328 0x0c6c  [ 673640E09DD7B7125ED82210B7DC311A, CDF723E19A7D12DC6F12F14AAEBBF2E77CB429143E743A165757745F7A2FFABB ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:01:56.0343 0x0c6c  ProtectedStorage - ok
21:01:56.0343 0x0c6c  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
21:01:56.0343 0x0c6c  PSched - ok
21:01:56.0375 0x0c6c  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:01:56.0375 0x0c6c  Ptilink - ok
21:01:56.0406 0x0c6c  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:01:56.0406 0x0c6c  PxHelp20 - ok
21:01:56.0406 0x0c6c  ql1080 - ok
21:01:56.0421 0x0c6c  Ql10wnt - ok
21:01:56.0421 0x0c6c  ql12160 - ok
21:01:56.0421 0x0c6c  ql1240 - ok
21:01:56.0421 0x0c6c  ql1280 - ok
21:01:56.0453 0x0c6c  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:01:56.0453 0x0c6c  RasAcd - ok
21:01:56.0484 0x0c6c  [ EE0FF070C9BE8CE69A0C427B2A998151, 5A66C7BE5E79DC9C79FFD8D44892E770EBAD70483D8F4C80287E15E05B872DE3 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
21:01:56.0500 0x0c6c  RasAuto - ok
21:01:56.0515 0x0c6c  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:01:56.0515 0x0c6c  Rasl2tp - ok
21:01:56.0546 0x0c6c  [ 770F255AEA316CBC06F2A5F10C1D3E19, 1F08E9062B3443CA5D1CCAB134255C291F9FA5EBE8B6B9B4EA1C31CE203AB0D7 ] RasMan          C:\WINDOWS\System32\rasmans.dll
21:01:56.0578 0x0c6c  RasMan - ok
21:01:56.0578 0x0c6c  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:01:56.0578 0x0c6c  RasPppoe - ok
21:01:56.0609 0x0c6c  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
21:01:56.0609 0x0c6c  Raspti - ok
21:01:56.0640 0x0c6c  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:01:56.0640 0x0c6c  Rdbss - ok
21:01:56.0640 0x0c6c  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:01:56.0640 0x0c6c  RDPCDD - ok
21:01:56.0687 0x0c6c  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:01:56.0703 0x0c6c  rdpdr - ok
21:01:56.0734 0x0c6c  [ 6728E45B66F93C08F11DE2E316FC70DD, EA63ECD4F84CAE08BD2BF843C48AF505B1B9D7B61349A63536C9C6FEBEF23452 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
21:01:56.0734 0x0c6c  RDPWD - ok
21:01:56.0750 0x0c6c  [ EEA3EB65C6CC7B1932CD1326DD77CF32, B33CBDAA30E0A41B7726FDACF0E25D4C611876EE24BB08AE602536A3567D90AE ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
21:01:56.0765 0x0c6c  RDSessMgr - ok
21:01:56.0796 0x0c6c  [ 62D088CFDF90670DC22CDF236424E9AB, 552135715311A7C2D4C02D681D6D079D6AF7A3739D8514BCEF37827BD1B3C99F ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
21:01:56.0796 0x0c6c  redbook - ok
21:01:56.0843 0x0c6c  [ 2B0854E8AACF8C70CC288D0A06FFAC39, 6E8509038D0109D7032ADD328AE31885FDB4C0025A0703CF259A8D4C42C74F3A ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
21:01:56.0859 0x0c6c  RemoteAccess - ok
21:01:56.0890 0x0c6c  [ 6F2EB2735D6BB1157223A825D3CD073C, 826E3C7445E5B65CD3413AA2D953A1EF45AFF18ED2BE83839BA0A376D6574183 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
21:01:56.0906 0x0c6c  RemoteRegistry - ok
21:01:56.0937 0x0c6c  [ 2815AC43F71870138432BE578D1651B2, 5E9700BCFD7EDD4C1314878822CE3ED1587A0561C0FE0CDFFF6FC7519F2C1F99 ] RpcLocator      C:\WINDOWS\system32\locator.exe
21:01:56.0953 0x0c6c  RpcLocator - ok
21:01:56.0984 0x0c6c  [ AC27D2EEC997D3C0BED36935AFCD59E4, BBC45792CFD3A19D4B8B6C426FC6D6F8FD3DA9977C2B560CB6CC2567513593DB ] RpcSs           C:\WINDOWS\system32\rpcss.dll
21:01:57.0000 0x0c6c  RpcSs - ok
21:01:57.0046 0x0c6c  [ A34A16450B67DB5FAEF942E7ED39363F, 4022B08570B4536843C7CDE22FB395891BC3D75C28D318A3A307902CF69B77FF ] RSVP            C:\WINDOWS\system32\rsvp.exe
21:01:57.0062 0x0c6c  RSVP - ok
21:01:57.0093 0x0c6c  [ 89619EF503F949FAE09252A8B883EE11, D410C0BE5E930CABE5523FBE071814500AE9C7B29054DFE98B14904A4A221423 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:01:57.0093 0x0c6c  RTLE8023xp - ok
21:01:57.0109 0x0c6c  [ 673640E09DD7B7125ED82210B7DC311A, CDF723E19A7D12DC6F12F14AAEBBF2E77CB429143E743A165757745F7A2FFABB ] SamSs           C:\WINDOWS\system32\lsass.exe
21:01:57.0125 0x0c6c  SamSs - ok
21:01:57.0156 0x0c6c  [ 3E3DF8DB36A4BE490DECE480292EA21D, FDA1627B9F7FA74C2E58DB1F225A4E437E0EC139D8F3C0D437A174B28FF5D025 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
21:01:57.0171 0x0c6c  SCardSvr - ok
21:01:57.0218 0x0c6c  [ AF4A0671D5D99C1FEC74E6DA7A3E8126, 39E63B2399BA1B3EC777ECD7BFF42CE8DBCA5A2EA85998CED4A3EBE0A87F4D6C ] Schedule        C:\WINDOWS\system32\schedsvc.dll
21:01:57.0234 0x0c6c  Schedule - ok
21:01:57.0296 0x0c6c  [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:01:57.0296 0x0c6c  sdbus - ok
21:01:57.0312 0x0c6c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:01:57.0312 0x0c6c  Secdrv - ok
21:01:57.0359 0x0c6c  [ 4E0528FD3DA357DF77A8F2BBB20E64AE, ACF59B1DFC5584D13CC7DC821F8A0DFD480CA642B04316EA03F2419B9DC0FA32 ] seclogon        C:\WINDOWS\System32\seclogon.dll
21:01:57.0359 0x0c6c  seclogon - ok
21:01:57.0375 0x0c6c  [ 744E4A9DC5693884112A755490836927, 61009580732278D07514BFCE6ED7FF6ADB2EFA4D467AC46238FA74739818DE8A ] SENS            C:\WINDOWS\system32\sens.dll
21:01:57.0375 0x0c6c  SENS - ok
21:01:57.0406 0x0c6c  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
21:01:57.0406 0x0c6c  serenum - ok
21:01:57.0421 0x0c6c  [ C4E811DE8388C98EB5701A6DD2B14B33, 860187AA033DB20D1AF9E9808126341077363DBEB328A92AB16816093814A19E ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
21:01:57.0421 0x0c6c  Serial - ok
21:01:57.0546 0x0c6c  [ E90CE237E99C5D26CB3872318A7799D0, 7C8597E2ED04DE4F2A5BF6C78709A5BCA1FC0428D978001B45059863243BAD3E ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:01:57.0640 0x0c6c  ServiceLayer - ok
21:01:57.0671 0x0c6c  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
21:01:57.0671 0x0c6c  Sfloppy - ok
21:01:57.0718 0x0c6c  [ 1837E06FF5D0F553C883A4BE6162D967, 89BD5FC953900EC5EFCF5A4D5EEA450F3B60729515FEAB245192C17EE02C84DA ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
21:01:57.0734 0x0c6c  SharedAccess - ok
21:01:57.0750 0x0c6c  [ F8A9790BA13D88D2F512DEFAD9CA298D, 0004128C0C147B9CE8600D57F1FB024A0CDABA164F0928CB16B89CBCA7AC33B0 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:01:57.0765 0x0c6c  ShellHWDetection - ok
21:01:57.0765 0x0c6c  Simbad - ok
21:01:57.0843 0x0c6c  [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
21:01:57.0843 0x0c6c  SkypeUpdate - ok
21:01:57.0890 0x0c6c  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:01:57.0890 0x0c6c  SLIP - ok
21:01:57.0890 0x0c6c  Sparrow - ok
21:01:57.0937 0x0c6c  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
21:01:57.0937 0x0c6c  splitter - ok
21:01:57.0984 0x0c6c  [ D078046C45862AF349778C67A224B66B, 2113C3C22100F02073BD4D5372E09D0A7FAC6BC300F0103039101A1E6DD928A1 ] Spooler         C:\WINDOWS\system32\spoolsv.exe
21:01:58.0000 0x0c6c  Spooler - ok
21:01:58.0031 0x0c6c  [ EC70007BAB7C42CCD340A068F87873A6, 9EC1D26E4287D7E3898B324B7DE6BDCA0D9FE4ADBA5A70DC9A1E8CEBA8F5752D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
21:01:58.0031 0x0c6c  sr - ok
21:01:58.0046 0x0c6c  [ 48E4C5D80462811166B4F3A6476F8F8E, B4A3C21C59CB08AAC440C0E8CF6B8BC7F0991E1828E55219E0705DB11BAE2A23 ] srservice       C:\WINDOWS\system32\srsvc.dll
21:01:58.0093 0x0c6c  srservice - ok
21:01:58.0125 0x0c6c  [ 3BB03F2BA89D2BE417206C373D2AF17C, 2EFD14332E133E71B09A0E00BF40CD9BC6850E976F05313B94B7E76780CDDF3D ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
21:01:58.0140 0x0c6c  Srv - ok
21:01:58.0171 0x0c6c  [ 139F0EE0FE18D03C1F5884B5D8985CFD, 870FD651FE21C3BE1F0E021542287C89450F8920C161A2BD37FA6663633A92E8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
21:01:58.0187 0x0c6c  SSDPSRV - ok
21:01:58.0234 0x0c6c  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
21:01:58.0234 0x0c6c  ssmdrv - ok
21:01:58.0281 0x0c6c  [ 359FEE084F1173FFFFD7F9CCBD43D47F, 197EE7267D0565E426368868233C35F6FD29A0432D75630F8365336E061318D7 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
21:01:58.0296 0x0c6c  ssudmdm - ok
21:01:58.0343 0x0c6c  [ 43DF089C841679A1B79BA10DD2592DDA, 483BA4D4A3248756C14F5D0D8C85DE03CFC2DB78A663CD3F919F8A5CE562B35F ] stisvc          C:\WINDOWS\system32\wiaservc.dll
21:01:58.0375 0x0c6c  stisvc - ok
21:01:58.0421 0x0c6c  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:01:58.0421 0x0c6c  streamip - ok
21:01:58.0468 0x0c6c  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
21:01:58.0468 0x0c6c  swenum - ok
21:01:58.0484 0x0c6c  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
21:01:58.0484 0x0c6c  swmidi - ok
21:01:58.0484 0x0c6c  SwPrv - ok
21:01:58.0484 0x0c6c  symc810 - ok
21:01:58.0500 0x0c6c  symc8xx - ok
21:01:58.0500 0x0c6c  sym_hi - ok
21:01:58.0500 0x0c6c  sym_u3 - ok
21:01:58.0546 0x0c6c  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
21:01:58.0546 0x0c6c  sysaudio - ok
21:01:58.0578 0x0c6c  [ 44CAFBF38C82AE81087C360FED78E5C8, 916B31B888A503B561ADC8E2EEFCC3C51469A028B3EA55FD3E0CF0BA2223DBED ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
21:01:58.0593 0x0c6c  SysmonLog - ok
21:01:58.0640 0x0c6c  [ 5C7C939BBD03784FE58C80578D065CC9, 69620ED28E0BF8C466B22760B4476E2A9119BB1C532C9E9BB1A7BCA91A8BB54A ] tap0901         C:\WINDOWS\system32\DRIVERS\tap0901.sys
21:01:58.0640 0x0c6c  tap0901 - ok
21:01:58.0656 0x0c6c  [ 8C7BAA64774ED2B018A4B6290E1D3F1C, 8B6D381F4D4DC7B92DA7C9C7832F74307C457D13E0281697BBAAE3AC1E43AD3F ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
21:01:58.0687 0x0c6c  TapiSrv - ok
21:01:58.0765 0x0c6c  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:01:58.0781 0x0c6c  Tcpip - ok
21:01:58.0812 0x0c6c  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
21:01:58.0812 0x0c6c  TDPIPE - ok
21:01:58.0843 0x0c6c  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
21:01:58.0843 0x0c6c  TDTCP - ok
21:01:58.0859 0x0c6c  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
21:01:58.0859 0x0c6c  TermDD - ok
21:01:58.0921 0x0c6c  [ C112B5B8C597D3B69665BA2CAAAC2EC2, 97F4D99CC70CE06B2D077C5D4FCAF7535ECC0ADF93CA7C2AC58225A48FB54C76 ] TermService     C:\WINDOWS\System32\termsrv.dll
21:01:58.0953 0x0c6c  TermService - ok
21:01:58.0968 0x0c6c  [ F8A9790BA13D88D2F512DEFAD9CA298D, 0004128C0C147B9CE8600D57F1FB024A0CDABA164F0928CB16B89CBCA7AC33B0 ] Themes          C:\WINDOWS\System32\shsvcs.dll
21:01:58.0968 0x0c6c  Themes - ok
21:01:59.0015 0x0c6c  [ 3746C7754F1D1545C78CCC818A6A5B80, 976449CA4BE3A175242819583B5D291713E014DF7F82A2A7E7A139566513098A ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
21:01:59.0031 0x0c6c  TlntSvr - ok
21:01:59.0046 0x0c6c  TosIde - ok
21:01:59.0078 0x0c6c  [ E5359ABA1CB023238A94658F36E2FC73, 5AABC824556B1F1DDF9C47F7E2B52FEF7C19C66092718AAF2AE4A85FA09221B3 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
21:01:59.0093 0x0c6c  TrkWks - ok
21:01:59.0125 0x0c6c  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
21:01:59.0125 0x0c6c  Udfs - ok
21:01:59.0140 0x0c6c  ultra - ok
21:01:59.0187 0x0c6c  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
21:01:59.0203 0x0c6c  Update - ok
21:01:59.0218 0x0c6c  [ ADAEB2D4C77CC7B5EA50736CC4406116, BC4A4CE4912BEC7E1B63FA201CD18F8E934DC98F1A5DF98079CBAC05B8095665 ] upnphost        C:\WINDOWS\System32\upnphost.dll
21:01:59.0250 0x0c6c  upnphost - ok
21:01:59.0281 0x0c6c  [ 47F5F9D837D80FFD5882A14DB9DA0A67, 3B32E69B77E21CF98ED6E97B231B9633BE39D74328152EDFA7656FB16E3FF93A ] upperdev        C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
21:01:59.0281 0x0c6c  upperdev - ok
21:01:59.0296 0x0c6c  [ 2D89CBD093E49C7BD85C561689CAFFC6, F1567F431BDA85C4BF6D63C0DAFB21139E56303A87E14863B26025947BFA952B ] UPS             C:\WINDOWS\System32\ups.exe
21:01:59.0312 0x0c6c  UPS - ok
21:01:59.0343 0x0c6c  [ E919708DB44ED8543A7C017953148330, 226D032912D396117213FC29CD0BB5A8B2F872DD91D92F254F2F1FE392481B61 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
21:01:59.0343 0x0c6c  usbaudio - ok
21:01:59.0375 0x0c6c  [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:01:59.0375 0x0c6c  usbccgp - ok
21:01:59.0421 0x0c6c  [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:01:59.0421 0x0c6c  usbehci - ok
21:01:59.0437 0x0c6c  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:01:59.0453 0x0c6c  usbhub - ok
21:01:59.0468 0x0c6c  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:01:59.0468 0x0c6c  usbprint - ok
21:01:59.0515 0x0c6c  [ A0B8CF9DEB1184FBDD20784A58FA75D4, D8AFD45BD9CF7B02F2554AA6085194DE82893AF794EDF479BC9B9E9C1758DC75 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:01:59.0515 0x0c6c  usbscan - ok
21:01:59.0546 0x0c6c  [ 1C888B000C2F9492F4B15B5B6B84873E, 40698DFA5CD7BCFAFC14A2227FBF58CAD44D95C4E48B4B81160A6BCC33A8C3E3 ] usbser          C:\WINDOWS\system32\drivers\usbser.sys
21:01:59.0546 0x0c6c  usbser - ok
21:01:59.0562 0x0c6c  [ E44F0D17BE0908B58DCC99CCB99C6C32, 6C5E62A688CD3A299FBE2C8CD87F2A860340CDE4616348D83C6FB3DDB561E6C9 ] UsbserFilt      C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
21:01:59.0562 0x0c6c  UsbserFilt - ok
21:01:59.0578 0x0c6c  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:01:59.0578 0x0c6c  USBSTOR - ok
21:01:59.0578 0x0c6c  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:01:59.0578 0x0c6c  usbuhci - ok
21:01:59.0609 0x0c6c  [ 63BBFCA7F390F4C49ED4B96BFB1633E0, AEB89CF43376709CDD715D844E8CBB8F2BE24D39795F45F7C84F21962F3A52AB ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
21:01:59.0609 0x0c6c  usbvideo - ok
21:01:59.0625 0x0c6c  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
21:01:59.0625 0x0c6c  VgaSave - ok
21:01:59.0718 0x0c6c  [ 29CC58050804DE6C3A900045EA2DD564, D179AC11302BB1F8B1385082C51E3970F4F9C9AFE018CE62A9782C5A826C30E7 ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
21:01:59.0765 0x0c6c  VIAHdAudAddService - ok
21:01:59.0781 0x0c6c  ViaIde - ok
21:01:59.0812 0x0c6c  [ 77C942F961ECA976CA12B12E36F3505A, 5E5F0E144511B496064F5AF023AE74D7B5B8BE480438C998ECDE812EB0DD004B ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
21:01:59.0812 0x0c6c  VolSnap - ok
21:01:59.0859 0x0c6c  [ 2F4E4BD86DD97FF6B9C92FA883E732C5, 7A5D9268A864EC5C449679A81FA01793ECD44B4BAD78C06DF1F085439F13C2C3 ] VSS             C:\WINDOWS\System32\vssvc.exe
21:01:59.0890 0x0c6c  VSS - ok
21:01:59.0937 0x0c6c  [ D9E7E7054A3D90805C527FD84FB5545E, D6293DA2E4A4588E65BE93F1AD727963514F389A6179F1280561AECAFA626494 ] W32Time         C:\WINDOWS\system32\w32time.dll
21:01:59.0953 0x0c6c  W32Time - ok
21:01:59.0953 0x0c6c  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:01:59.0968 0x0c6c  Wanarp - ok
21:02:00.0031 0x0c6c  [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
21:02:00.0046 0x0c6c  Wdf01000 - ok
21:02:00.0046 0x0c6c  WDICA - ok
21:02:00.0062 0x0c6c  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
21:02:00.0062 0x0c6c  wdmaud - ok
21:02:00.0125 0x0c6c  [ 4BEBF8CF9433C0FC87667E8B5899EA7B, EE91DC2F28AA567B15E6A6C05C540E61D5D90EBE21D1EC1DC54259F9A1C1D704 ] WebClient       C:\WINDOWS\System32\webclnt.dll
21:02:00.0140 0x0c6c  WebClient - ok
21:02:00.0187 0x0c6c  [ A1AB1C7CAF035663D3CE902C33A7CA04, B7691659972E9C8E8B7CAB873D8B0C5A871505DBAEF044A795CB9032835B12F4 ] WiMAXAppSrv     C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
21:02:00.0234 0x0c6c  WiMAXAppSrv - ok
21:02:00.0328 0x0c6c  [ F8A4D63F979D767181F21B360C273AB4, 56C001AB08007B524FA661E7639C0D18BE39FEDAB9C5A3D5C3B5D730C4DBD0A2 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
21:02:00.0343 0x0c6c  winmgmt - ok
21:02:00.0390 0x0c6c  [ FD600B032E741EB6AAB509FC630F7C42, 2AF671D0648A5C2D2C4A7D0FDE803F07CC079CF1FA4E237DB912A8C77D9EC1F6 ] WinUSB          C:\WINDOWS\system32\DRIVERS\WinUSB.sys
21:02:00.0406 0x0c6c  WinUSB - ok
21:02:00.0421 0x0c6c  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
21:02:00.0437 0x0c6c  WmdmPmSN - ok
21:02:00.0484 0x0c6c  [ B58F6671909A61B0E9F176912CD72429, 78D2C9B5864264F54480D7211069326B58C44C518AC54EFFC7FC3CE3A5CE9219 ] Wmi             C:\WINDOWS\System32\advapi32.dll
21:02:00.0515 0x0c6c  Wmi - ok
21:02:00.0562 0x0c6c  [ 3B0AFD6574570759A89BFB593C727F20, 135DFF37DB5B9DF8D024BDF2D987E143C52A27F0F0BF85D446D0D5D045D89F0E ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:02:00.0578 0x0c6c  WmiApSrv - ok
21:02:00.0656 0x0c6c  [ 43B0AEB977439D1639EB95F60029769C, 7A283E6159BF4A1BDCCEABFB0DFA2E9862E0BD590EBDCBE747B99360E28885B2 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
21:02:00.0765 0x0c6c  WMPNetworkSvc - ok
21:02:00.0781 0x0c6c  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:02:00.0781 0x0c6c  WpdUsb - ok
21:02:00.0859 0x0c6c  [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:02:00.0906 0x0c6c  WPFFontCache_v0400 - ok
21:02:00.0921 0x0c6c  wrnxtlda - ok
21:02:00.0968 0x0c6c  [ E56C0F16541332EC8331C49A36BAF88B, 46372F9FB1F5FC0E736C3A040129A753CE187641714EE0BA3935D59403FD05CC ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
21:02:00.0984 0x0c6c  wscsvc - ok
21:02:01.0000 0x0c6c  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:02:01.0000 0x0c6c  WSTCODEC - ok
21:02:01.0015 0x0c6c  [ 134D66B32EF1F498F65CBF1468B75F94, F89813842BD19F419DFEA172FC321E945007D93B7B697C5F52645367931C130C ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
21:02:01.0031 0x0c6c  wuauserv - ok
21:02:01.0078 0x0c6c  [ EAA6324F51214D2F6718977EC9CE0DEF, B9DE1521395E09233FE519873702979C3EAF65FEC4B94B12A46CECB16C488543 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:02:01.0078 0x0c6c  WudfPf - ok
21:02:01.0109 0x0c6c  [ F91FF1E51FCA30B3C3981DB7D5924252, D7052B58F22638CA8B59C6FD7408D6D6DD1C33910912CACC05C133472CE0DDCE ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:02:01.0109 0x0c6c  WudfRd - ok
21:02:01.0140 0x0c6c  [ DDEE3682FE97037C45F4D7AB467CB8B6, D5A8F07AF4EDD9D7E17FEC6222D187E2981C177A479511E407756E0E5CB8D387 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
21:02:01.0156 0x0c6c  WudfSvc - ok
21:02:01.0203 0x0c6c  [ ADE5FED2CD7849B4E7B6FCEC7C2E67A1, A4CEF6087772447D5671801AC99DA8C43BEAB5F3DF0A409635CBFD01E5F70715 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
21:02:01.0234 0x0c6c  WZCSVC - ok
21:02:01.0281 0x0c6c  [ 0B5C34EDC41B523FB013292FA7F82FD3, 8BB191D098C23FE6C5CA65C6327B7A5F5D4B90D135E6328425B26847EFD8CB15 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
21:02:01.0312 0x0c6c  xmlprov - ok
21:02:01.0328 0x0c6c  ================ Scan global ===============================
21:02:01.0359 0x0c6c  [ 6289B70602254DA7FC99E636A3DE071F, 28BE1FF7DC16819774BC2B96D364B19A0151A31D947E64CA2E8463C458ADC52C ] C:\WINDOWS\system32\basesrv.dll
21:02:01.0437 0x0c6c  [ FBE0EEDC734858E3E4411E760453A532, 59203F16B00874B6A66AB4C6ED56D19AA0DF536B5A98D513EDF6982463EB0E52 ] C:\WINDOWS\system32\winsrv.dll
21:02:01.0484 0x0c6c  [ FBE0EEDC734858E3E4411E760453A532, 59203F16B00874B6A66AB4C6ED56D19AA0DF536B5A98D513EDF6982463EB0E52 ] C:\WINDOWS\system32\winsrv.dll
21:02:01.0531 0x0c6c  [ 4D0992F28F97B4B104D97BF044C522F7, 8B612F93CC1D5108FE058EC74A26839953A6C3CA41791F90AE584A2D142C0C2F ] C:\WINDOWS\system32\services.exe
21:02:01.0531 0x0c6c  [ Global ] - ok
21:02:01.0531 0x0c6c  ================ Scan MBR ==================================
21:02:01.0562 0x0c6c  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:02:01.0828 0x0c6c  \Device\Harddisk0\DR0 - ok
21:02:01.0828 0x0c6c  ================ Scan VBR ==================================
21:02:01.0828 0x0c6c  [ 025C085183D91963FAE89837AFB67107 ] \Device\Harddisk0\DR0\Partition1
21:02:01.0828 0x0c6c  \Device\Harddisk0\DR0\Partition1 - ok
21:02:01.0859 0x0c6c  [ DDA5B7513B28AFE08D5C74728A625EE4 ] \Device\Harddisk0\DR0\Partition2
21:02:01.0859 0x0c6c  \Device\Harddisk0\DR0\Partition2 - ok
21:02:01.0859 0x0c6c  Waiting for KSN requests completion. In queue: 200
21:02:02.0859 0x0c6c  Waiting for KSN requests completion. In queue: 200
21:02:03.0859 0x0c6c  Waiting for KSN requests completion. In queue: 200
21:02:04.0859 0x0c6c  Waiting for KSN requests completion. In queue: 200
21:02:05.0859 0x0c6c  Waiting for KSN requests completion. In queue: 200
21:02:06.0875 0x0c6c  AV detected via SS1: Avira Desktop, 12.3.0.15, enabled, updated
21:02:06.0875 0x0c6c  AV detected via SS1: avast! Antivirus, 5.0.150996955, enabled, updated
21:02:06.0875 0x0c6c  FW detected via SS1: avast! Antivirus, 5.0.150996955, enabled
21:02:19.0828 0x0c6c  ============================================================
21:02:19.0828 0x0c6c  Scan finished
21:02:19.0828 0x0c6c  ============================================================
21:02:19.0828 0x0c84  Detected object count: 0
21:02:19.0828 0x0c84  Actual detected object count: 0
21:03:01.0953 0x0a5c  Deinitialize success
 
# AdwCleaner v3.016 - Report created 09/01/2014 at 21:24:57
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : xp - HOME-PC
# Running from : C:\Documents and Settings\xp\שולחן העבודה\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\myfree codec
Folder Deleted : C:\Program Files\myfree codec
Folder Deleted : C:\Program Files\NCH Software
Folder Deleted : C:\Documents and Settings\xp\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\xp\Application Data\NCH Software
Folder Deleted : C:\Documents and Settings\xp\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\xp\Application Data\Mozilla\Firefox\Profiles\x2cwr4um.default\Conduit
Folder Deleted : C:\Documents and Settings\xp\Application Data\Mozilla\Firefox\Profiles\x2cwr4um.default\ConduitEngine
Folder Deleted : C:\Documents and Settings\xp\Application Data\Mozilla\Firefox\Profiles\x2cwr4um.default\Extensions\engine@conduit.com
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
File Deleted : C:\Documents and Settings\xp\Application Data\Mozilla\Firefox\Profiles\x2cwr4um.default\searchplugins\Conduit.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1572363
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1679336
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2989088
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v26.0 (he)
 
[ File : C:\Documents and Settings\xp\Application Data\Mozilla\Firefox\Profiles\x2cwr4um.default\prefs.js ]
 
Line Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1572363&SearchSource=13");
Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "ooVoo Video Chat Customized Web Search");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2989088/CT2989088", "\"146daf36bbd924d4c0890359cd73270d1\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct1572363/CT1572363", "\"6a15474337582d6c2d7e4d393569efa81\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1380822/1376481/IL", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/IL", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1572363", "\"1307879586\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2989088", "\"1317047160\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct1572363", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "wVmmvqqOMqrv5xct1cJIHg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=he-il", "U8JCypmZBd1hduFI/7nEiw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=he-il", "28D/n53m9betFL47ciry2A==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=he-il", "5rgjwWjWV9Zp3Cut3ZCrnQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "K4Vqu91uAzWURlxJRdXJOg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=he-il", "sPEZOPtZ9RLRl3p4huFrkw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"d229fa25f6c9cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.5.1", "\"801a319dd78ccc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.5.1", "\"80ee9485875dcc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"801a319dd78ccc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1572363", "\"88ab3d189479970c76432224e585cea4\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2989088", "\"88ab3d189479970c76432224e585cea4\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1572363&octid=CT1572363", "\"1313478187\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2989088&octid=CT2989088", "\"146daf36bbd924d4c0890359cd73270d1\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct1572363&octid=CT1572363", "\"6a15474337582d6c2d7e4d393569efa81\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "\"802b1fef4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif", "\"802b1fef4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "\"802b1fef4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "\"802b1fef4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\"802b1fef4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"fa4380e73819351f6e9d753acaf55ed9\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=he-il", "\"015711b2a6b0612cdf64b7f5d08671f4\"");
Line Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Line Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\xp\\Application Data\\Mozilla\\Firefox\\Profiles\\x2cwr4um.default\\conduitCommon\\modules\\3.5.0.12");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://facebook.conduitapps.com/v3.2.4/gadget.html?mode=2", "357x237");
Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://facebook.conduitapps.com/v3.2.4/gadget.html?mode=2", "409x453");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2989088");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{e3e7c520-7571-4107-b480-83b6e41d42dd}");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "nana10");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "");
Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Aug 22 2011 03:32:29 GMT+0300");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri May 11 2012 17:29:08 GMT+0300");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri May 11 2012 17:28:58 GMT+0300");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "839774ec-83d0-4bec-832d-3e68ad4f4335");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "d9bdb026-75e6-4c1d-a231-d54c32b5c30f");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1572363");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Mar 20 2012 19:18:40 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Mar 24 2012 10:05:13 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "4e2a1b37-d673-4662-8592-22ab52bde047");
Line Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue May 08 2012 19:15:12 GMT+0300");
Line Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu Mar 22 2012 23:47:22 GMT+0200");
Line Deleted : user_pref("ConduitEngine.FirstServerDate", "08/22/2011 03");
Line Deleted : user_pref("ConduitEngine.FirstTime", true);
Line Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", false);
Line Deleted : user_pref("ConduitEngine.Initialize", true);
Line Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Deleted : user_pref("ConduitEngine.InstalledDate", "Mon Aug 22 2011 03:32:30 GMT+0300");
Line Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Line Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Mar 24 2012 10:05:13 GMT+0200");
Line Deleted : user_pref("ConduitEngine.LastLogin_3.3.5.1", "Sat Mar 24 2012 17:17:34 GMT+0200");
Line Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Mar 24 2012 10:05:13 GMT+0200");
Line Deleted : user_pref("ConduitEngine.UserID", "UN49052673046452044");
Line Deleted : user_pref("ConduitEngine.engineLocale", "he");
Line Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Mar 24 2012 10:05:13 GMT+0200");
Line Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Mar 24 2012 10:05:13 GMT+0200");
Line Deleted : user_pref("ConduitEngine.initDone", true);
Line Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Line Deleted : user_pref("browser.search.defaultenginename", "ooVoo Video Chat Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "ooVoo Video Chat Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "ooVoo Video Chat Customized Web Search");
Line Deleted : user_pref("extensions.enabledItems", "{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.11.0.9874,engine@conduit.com:3.3.5.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28");
 
[ File : C:\Documents and Settings\MASHA\Application Data\Mozilla\Firefox\Profiles\r0lzebdz.default\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Documents and Settings\xp\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\MASHA\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [16767 octets] - [09/01/2014 21:23:51]
AdwCleaner[S0].txt - [17027 octets] - [09/01/2014 21:24:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17088 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by xp on Thu 01/09/2014 at 21:39:49.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ammyy"
 
 
 
~~~ FireFox
 
Emptied folder: C:\Documents and Settings\xp\Application Data\mozilla\firefox\profiles\x2cwr4um.default\minidumps [4 files]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/09/2014 at 21:44:04.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
C:\Documents and Settings\MASHA\Local Settings\Temp\ApnIC.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Documents and Settings\MASHA\Local Settings\Temp\ApnToolbarInstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Documents and Settings\MASHA\Local Settings\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Documents and Settings\MASHA\Local Settings\Temp\tbNan0.dll a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\Documents and Settings\MASHA\My Documents\Downloads\cnet2_GOMPLAYERENSETUP_EXE.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\MASHA\My Documents\Downloads\GOMPLAYERENSETUP.EXE a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Documents and Settings\xp\Local Settings\Application Data\Google\Chrome\User Data\Default\File System\000\t\00\00000000 Win32/AdWare.1ClickDownload.AQ application cleaned by deleting - quarantined
C:\Documents and Settings\xp\Local Settings\Application Data\Nana10\ldrtbNan0.dll a variant of Win32/Toolbar.Conduit.P application cleaned by deleting - quarantined
C:\Documents and Settings\xp\Local Settings\Application Data\Nana10\tbNan0.dll a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\Documents and Settings\xp\Local Settings\Application Data\Nana10\tbNana.dll a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\Documents and Settings\xp\Local Settings\Temp\+0Gz8Nf9.exe.part multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\xp\Local Settings\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Documents and Settings\xp\Local Settings\Temp\CT2989088.exe a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\Documents and Settings\xp\Local Settings\Temp\k2ml6uC3.exe.part Win32/AdWare.1ClickDownload.AQ application cleaned by deleting - quarantined
C:\Documents and Settings\xp\Local Settings\Temp\lcuskx2u.exe.part multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\xp\Local Settings\Temp\rY44sDFV.exe.part Win32/AdWare.1ClickDownload.AQ application cleaned by deleting - quarantined
C:\Documents and Settings\xp\Local Settings\Temp\tbnif2.dll a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\Documents and Settings\xp\Local Settings\Temp\tbooVo.dll a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\Documents and Settings\xp\Local Settings\Temp\Xb+FGBqI.exe.part Win32/AdWare.1ClickDownload.AQ application cleaned by deleting - quarantined
C:\Documents and Settings\xp\Local Settings\Temp\is-CM02E.tmp\is-67IC4nanatoolbar.exe a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\Documents and Settings\xp\Local Settings\Temp\is-KV53L.tmp\is-IBAULnanatoolbar.exe a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\Documents and Settings\xp\Local Settings\Temp\is-NREVA.tmp\is-2FG9Vnanatoolbar.exe a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\Documents and Settings\xp\My Documents\Downloads\FlvPlayer (1).exe a variant of Win32/OutBrowse.D application cleaned by deleting - quarantined
C:\Documents and Settings\xp\My Documents\Downloads\FlvPlayer.exe a variant of Win32/OutBrowse.D application cleaned by deleting - quarantined
C:\Documents and Settings\xp\My Documents\Downloads\yet_another_cleaner.exe a variant of Win32/ELEX.Q application cleaned by deleting - quarantined
C:\Documents and Settings\xp\My Documents\??????\iLividSetup_A-r429-t-bf.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Documents and Settings\xp\????? ??????\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
C:\Program Files\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting (after the next restart) - quarantined
C:\WINDOWS\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
 


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:15 AM

Posted 09 January 2014 - 05:10 PM

Hi, looks free of Kryptic... I see you have 2 antivirus' running.

avast! Premier (Version: 9.0.2011)

Avira Free Antivirus (Version: 12.1.9.2500)
one should be uninstalled as they will cause slowness and other conflicting issues. reboot after removal.

I'll assume you are Israeli or Jewish and that's why you have those windows updates.

How is it running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 mashmash

mashmash
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 09 January 2014 - 05:24 PM

Hi, I still see the 2 entries in the registry at: HKCU\Software\Microsoft\CurrentVersion\Run.

 

The first entry is jave, data: wscript.exe //B "C:\Documents and Settings\xp\jave.vbs"

The second entry is supportt, data: wscript.exe //B "C:\Documents and Settings\xp\support.vbs"



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:15 AM

Posted 09 January 2014 - 08:51 PM

Is java misspelled or is it jave?


Let's try to get a second opinion on those files. Try to submit it to one of the following online services that analyzes suspicious files:In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 mashmash

mashmash
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 10 January 2014 - 12:19 AM

It is jave.vbs, and not java misspelled.

 

Where do I find the files?

 

The locations specified in the registry do not contain them.



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:15 PM

Posted 10 January 2014 - 12:43 AM

http://www.bleepingcomputer.com/forums/t/519615/kryptikt/#entry3250309
@ boopme -

 

quietman7 and Quads discussed jave.vbs, and Kryptik.t at the above link.

 

Regards -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users