Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

explorer.exe virus


  • Please log in to reply
11 replies to this topic

#1 budz78

budz78

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 04 February 2014 - 10:09 PM

I seem to have the explorer.exe virus. My computer was running slowly so I ran the task manager to see if I could find the problem. I had 5 explorer.exe running with the largest running 500mb or greater of course this robbed my memory. What are my steps in resolving this issue? Thanks 

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:42 AM

Posted 04 February 2014 - 10:38 PM

Hello budz

I moved this from XP to the Am I Infected forum so we can do some scans.


Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
.
.
.
ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    .
    .
    .
    .
    • Last run ESET.
      • Hold down Control and click on this link to open ESET OnlineScan in a new window.
      • Click the esetonlinebtn.png button.
      • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetsmartinstaller_enu.png icon on your desktop.
      • Check "YES, I accept the Terms of Use."
      • Click the Start button.
      • Accept any security warnings from your browser.
      • Under scan settings, check "Scan Archives" and "Remove found threats"
      • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
      • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      • When the scan completes, click List Threats
      • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      • Click the Back button.
      • Click the Finish button.
      • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 budz78

budz78
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 05 February 2014 - 09:08 PM

Thanks for your response. Sorry it took awhile the ESETScan took about 8 hrs. Here is the results you wanted.

 

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Dad (administrator) on 05-02-2014 at 10:20:48
Running from "C:\Documents and Settings\Dad\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com

There are 15473 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : pain

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

        Physical Address. . . . . . . . . : 00-07-E9-51-17-DD

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.99

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.1

        DHCP Server . . . . . . . . . . . : 192.168.1.1

        DNS Servers . . . . . . . . . . . : 192.168.1.1

        Lease Obtained. . . . . . . . . . : Wednesday, February 05, 2014 10:10:51 AM

        Lease Expires . . . . . . . . . . : Thursday, February 06, 2014 10:10:51 AM

Server:  my.router
Address:  192.168.1.1

Name:    google.com
Addresses:  74.125.225.46, 74.125.225.32, 74.125.225.33, 74.125.225.34
      74.125.225.35, 74.125.225.36, 74.125.225.37, 74.125.225.38, 74.125.225.39
      74.125.225.40, 74.125.225.41



Pinging google.com [74.125.225.36] with 32 bytes of data:



Reply from 74.125.225.36: bytes=32 time=29ms TTL=53

Reply from 74.125.225.36: bytes=32 time=28ms TTL=53



Ping statistics for 74.125.225.36:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 28ms, Maximum = 29ms, Average = 28ms

Server:  my.router
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.138.253.109, 98.139.183.24, 206.190.36.45



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=100ms TTL=44

Reply from 206.190.36.45: bytes=32 time=99ms TTL=44



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 99ms, Maximum = 100ms, Average = 99ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 07 e9 51 17 dd ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.99      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.1.0    255.255.255.0     192.168.1.99    192.168.1.99      20
     192.168.1.99  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.1.255  255.255.255.255     192.168.1.99    192.168.1.99      20
        224.0.0.0        240.0.0.0     192.168.1.99    192.168.1.99      20
  255.255.255.255  255.255.255.255     192.168.1.99    192.168.1.99      1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/17/2014 03:15:21 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x01e7c51e.
Processing media-specific event for [iexplore.exe!ws!]

Error: (07/21/2003 02:04:02 PM) (Source: Application Error) (User: )
Description: Faulting application texttwist2.exe, version 1.0.0.25, faulting module texttwist2.exe, version 1.0.0.25, fault address 0x00003bda.
Processing media-specific event for [texttwist2.exe!ws!]

Error: (10/16/2013 00:51:40 PM) (Source: Application Error) (User: )
Description: Faulting application downloadmanager.exe, version 1.0.0.1, faulting module downloadmanager.exe, version 1.0.0.1, fault address 0x00008df2.
Processing media-specific event for [downloadmanager.exe!ws!]

Error: (10/15/2013 10:48:46 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/02/2013 07:17:07 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module flash10k.ocx, version 10.1.85.3, fault address 0x003f788b.
Processing media-specific event for [iexplore.exe!ws!]

Error: (10/01/2013 11:26:31 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x059ec2c1.
Processing media-specific event for [iexplore.exe!ws!]

Error: (09/05/2013 08:06:16 PM) (Source: MsiInstaller) (User: PAIN)
Description: Product: Microsoft Office Word Viewer 2003 -- Error 1500. Another installation is in progress.  You must complete that installation before continuing this one.

Error: (09/05/2013 08:06:15 PM) (Source: MsiInstaller) (User: PAIN)
Description: Product: Microsoft Office Word Viewer 2003 -- Error 1500. Another installation is in progress.  You must complete that installation before continuing this one.

Error: (09/05/2013 08:06:14 PM) (Source: MsiInstaller) (User: PAIN)
Description: Product: Microsoft Office Word Viewer 2003 -- Error 1500. Another installation is in progress.  You must complete that installation before continuing this one.

Error: (09/05/2013 08:05:06 PM) (Source: MsiInstaller) (User: PAIN)
Description: Product: Microsoft Office Word Viewer 2003 -- Error 1500. Another installation is in progress.  You must complete that installation before continuing this one.


System errors:
=============
Error: (02/04/2014 00:11:55 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

Error: (02/04/2014 11:56:44 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (02/04/2014 11:51:48 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (02/04/2014 11:38:06 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (02/04/2014 11:27:15 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (02/04/2014 11:22:32 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (02/04/2014 11:07:01 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (02/04/2014 11:06:35 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (02/04/2014 11:03:32 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (02/04/2014 11:00:35 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0


Microsoft Office Sessions:
=========================
Error: (01/17/2014 03:15:21 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.001e7c51e

Error: (07/21/2003 02:04:02 PM) (Source: Application Error)(User: )
Description: texttwist2.exe1.0.0.25texttwist2.exe1.0.0.2500003bda

Error: (10/16/2013 00:51:40 PM) (Source: Application Error)(User: )
Description: downloadmanager.exe1.0.0.1downloadmanager.exe1.0.0.100008df2

Error: (10/15/2013 10:48:46 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/02/2013 07:17:07 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702flash10k.ocx10.1.85.3003f788b

Error: (10/01/2013 11:26:31 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.0059ec2c1

Error: (09/05/2013 08:06:16 PM) (Source: MsiInstaller)(User: PAIN)
Description: Product: Microsoft Office Word Viewer 2003 -- Error 1500. Another installation is in progress.  You must complete that installation before continuing this one.(NULL)(NULL)(NULL)

Error: (09/05/2013 08:06:15 PM) (Source: MsiInstaller)(User: PAIN)
Description: Product: Microsoft Office Word Viewer 2003 -- Error 1500. Another installation is in progress.  You must complete that installation before continuing this one.(NULL)(NULL)(NULL)

Error: (09/05/2013 08:06:14 PM) (Source: MsiInstaller)(User: PAIN)
Description: Product: Microsoft Office Word Viewer 2003 -- Error 1500. Another installation is in progress.  You must complete that installation before continuing this one.(NULL)(NULL)(NULL)

Error: (09/05/2013 08:05:06 PM) (Source: MsiInstaller)(User: PAIN)
Description: Product: Microsoft Office Word Viewer 2003 -- Error 1500. Another installation is in progress.  You must complete that installation before continuing this one.(NULL)(NULL)(NULL)


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 1.0.0)
AC3Filter 1.62b (Version: 1.62b)
Adobe Acrobat 7.0 Professional (Version: 7.1.0)
Adobe Acrobat 7.1.0 Professional (Version: 7.1.0)
Adobe Bridge 1.0 (Version: 001.000.004)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Flash Player 10 ActiveX (Version: 10.1.85.3)
Adobe Flash Player 11 Plugin (Version: 11.9.900.152)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Stock Photos 1.0 (Version: 001.000.000)
AIDA64 Extreme Edition v2.70 (Version: 2.70)
Aimersoft DVD Creator(Build 2.2.7.3)
AIO_Scan (Version: 82.0.203.000)
AnswerWorks 5.0 English Runtime (Version: 5.0.6)
Any Video Converter Professional 2.7.3
Any Video Converter Ultimate 4.5.7
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
AVG 2014 (Version: 14.0.3684)
AVG 2014 (Version: 14.0.4259)
AVG 2014 (Version: 2014.0.4259)
B57Inst (Version: 3.40)
Battlefield 2142
Beretta Px4 Storm  Screen Saver
Big Fish Games Client (Version: 1.2.5.17)
Binreader (Version: 1.0.0)
BitComet 1.07 (Version: 1.07)
BitPim 1.0.7.20090805 (Version: 1.0.7.20090805)
Broadcom Driver Installer (Version: 3.40)
BufferChm (Version: 82.0.173.000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Copy (Version: 82.0.188.000)
CP_AtenaShokunin1Config (Version: 53.0.13.000)
CP_CalendarTemplates1 (Version: 53.0.13.000)
CP_Package_Basic1 (Version: 53.0.13.000)
CP_Package_Variety1 (Version: 53.0.13.000)
CP_Package_Variety2 (Version: 53.0.13.000)
CP_Package_Variety3 (Version: 53.0.13.000)
CP_Panorama1Config (Version: 53.0.13.000)
CueTour (Version: 53.0.13.000)
CustomerResearchQFolder (Version: 1.00.0000)
dBpoweramp DSP Effects
dBpoweramp FLAC Codec (Version: Release 13.1 (FLAC 1.2.1))
dBpoweramp Music Converter
Dell ResourceCD
DesertCombat  0.7
DesertCombat Public Alpha  0.4J
Destinations (Version: 82.0.173.000)
DeviceFunctionQFolder (Version: 1.00.0000)
DivX Converter (Version: 7.1.0)
DivX Plus DirectShow Filters
DivX Setup (Version: 2.6.1.87)
DJ_AIO_ProductContext (Version: 82.0.203.000)
DJ_AIO_Software (Version: 82.0.203.000)
DJ_AIO_Software_min (Version: 82.0.203.000)
DocProc (Version: 5.2.0.0)
DocumentViewer (Version: 53.0.13.000)
DocumentViewerQFolder (Version: 1.00.0000)
Dream Chronicles 2
Dream Chronicles The Chosen Child
DVD Catalyst 4.1.5.2 (Version: 4.1.5.2)
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
F4100 (Version: 82.0.203.000)
F4100_Help (Version: 82.0.203.000)
FullDPAppQFolder (Version: 1.00.0000)
GameSpy Arcade
GameSpy Comrade (Version: 0.26.0.134)
Garmin BlueChart Americas 2008 (Version: 10.0.0.0)
Garmin BlueChart Americas v9.5 (Version: 9.5.0.0)
Garmin Inland Lakes v3 (Version: 3.0.0.0)
Garmin MapSource (Version: 6.15.11)
Garmin Trip and Waypoint Manager v5 (Version: 5.0.0.0)
Garmin USB Drivers (Version: 2.3.0.0)
GOM Player (Version: 2.1.39.5101)
Google SketchUp 8 (Version: 3.0.3117)
Grim Tales 2- The Legacy CE (Version: Final)
H&R Block Deluxe + Efile + State 2011 (Version: 11.05.7102)
H&R Block Deluxe + Efile + State 2012 (Version: 12.05.7801)
H&R Block Deluxe + Efile + State 2013 (Version: 13.05.5503)
H&R Block Pennsylvania 2011 (Version: 1.11.5401)
H&R Block Pennsylvania 2012 (Version: 1.12.3501)
H&R Block Pennsylvania 2013 (Version: 1.13.4201)
HandBrake 0.9.9.1 (Version: 0.9.9.1)
Hidden Expedition 5- The Uncharted Islands Collector's Edition (Version: 1.0)
HijackThis 2.0.2 (Version: 2.0.2)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Deskjet All-In-One Software 8.0 (Version: 8.0)
HP Document Viewer 5.3 (Version: 5.3)
HP Image Zone 5.3 (Version: 5.3)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP Photosmart Essential (Version: 1.12.0.46)
HP Software Update (Version: 3.0.5.001)
HP Solution Center 8.0 (Version: 8.0)
HP Update (Version: 4.000.005.006)
HPProductAssistant (Version: 82.0.173.000)
HPSSupply (Version: 2.1.3.0000)
InstantShareDevices (Version: 53.0.13.000)
Intel® PRO Network Adapters and Drivers
Intel® PROSet (Version: 6.05.2001)
InternetHelper3.1 Toolbar (Version: 6.15.0.27)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 33 (Version: 6.0.330)
JISHOP 5.3 (Version: 5.3)
LG USB Modem driver
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 82.0.174.000)
MathCast 0.9 (Version: 0.9)
Media Player Codec Pack 4.2.3 (Version: 4.2.3)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Access database engine 2010 (English) (Version: 14.0.4763.1000)
Microsoft English TTS Engine (Version: 2.0.1000.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage (Version: 10.0.2627.0)
Microsoft Private Folder 1.0 (Version: 1.0.1495)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MKVToolNix 6.0.0 (Version: 6.0.0)
MOVAVI VideoSuite 3.4 (Version: 3.4)
Move Networks Media Player for Internet Explorer
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MPEG2 Codec(libmpeg2/mad)
MSN
MSN Toolbar (Version: 3.0.988.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MyFreeCodec
Mystery Case Files - Dire Grove Collector's Edition (Version: 1.0)
Mystery Case Files 8 - Escape from Ravenhearst CE (Version: 1.0)
neroxml (Version: 1.0.0)
NVIDIA Drivers
Ogg Codecs 0.81.15562 (Version: 0.81.15562)
PanoStandAlone (Version: 53.0.13.000)
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PhotoGallery (Version: 53.0.13.000)
PowerDVD
PunkBuster for Battlefield Vietnam
Quick Movie Magic 1.0E
Quicken 2008 (Version: 17.1.3.7)
QuickTime (Version: 7.71.80.42)
RandMap (Version: 53.0.13.000)
Real Alternative 1.9.0 (Version: 1.9.0)
RealFlight G3 R/C Simulator
RealPlayer
Samsung Kies (Version: 2.6.1.13105_7)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.29.0)
SAPI Wrapper (Version: 1.0.0.0)
Scan (Version: 8.1.0.0)
ScannerCopy (Version: 5.2.0.0)
SkinsHP1 (Version: 53.0.13.000)
SolutionCenter (Version: 82.0.188.000)
Sonic_PrimoSDK (Version: 53.0.13.000)
Sound Blaster Audigy 2
Spybot - Search & Destroy (Version: 1.6.2)
Status (Version: 82.0.173.000)
Sudoku Up 2011 v5.0
Surface 3.The Soaring City CE Final (Version: Final)
TextTwist 2
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 82.0.188.000)
TTS Wrapper (Version: 1.0.0.0)
Tweak UI
TweakNow PowerPack 2011 SP1a (Version: 3.2.1)
Unload (Version: 5.0.0)
UnloadSupport (Version: 1.00.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB980302) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 2.0.5 (Version: 2.0.5)
WebFldrs XP (Version: 9.50.6513)
WebReg (Version: 82.0.173.000)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe (Version: 5.2.3790.1164)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
Zumas Revenge! - Adventure

========================= Memory info: ===================================

Percentage of memory in use: 94%
Total physical RAM: 1278.89 MB
Available physical RAM: 67.75 MB
Total Pagefile: 3052.82 MB
Available Pagefile: 1678.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1987.96 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:149.04 GB) (Free:10.84 GB) NTFS

========================= Users: ========================================

User accounts for \\PAIN

Administrator            ASPNET                   Buddy                    
Dad                      Guest                    HelpAssistant            
Mom                      SUPPORT_388945a0         


**** End of log ****

 

 

10:47:03.0750 0x01c8  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
10:47:41.0421 0x01c8  ============================================================
10:47:41.0421 0x01c8  Current date / time: 2014/02/05 10:47:41.0421
10:47:41.0421 0x01c8  SystemInfo:
10:47:41.0421 0x01c8  
10:47:41.0437 0x01c8  OS Version: 5.1.2600 ServicePack: 3.0
10:47:41.0437 0x01c8  Product type: Workstation
10:47:41.0437 0x01c8  ComputerName: PAIN
10:47:41.0437 0x01c8  UserName: Dad
10:47:41.0437 0x01c8  Windows directory: C:\WINDOWS
10:47:41.0437 0x01c8  System windows directory: C:\WINDOWS
10:47:41.0437 0x01c8  Processor architecture: Intel x86
10:47:41.0437 0x01c8  Number of processors: 1
10:47:41.0437 0x01c8  Page size: 0x1000
10:47:41.0437 0x01c8  Boot type: Normal boot
10:47:41.0437 0x01c8  ============================================================
10:48:23.0671 0x01c8  KLMD registered as C:\WINDOWS\system32\drivers\77475963.sys
10:48:39.0125 0x01c8  System UUID: {5B4C3747-9297-EB64-B50F-3AAAAE774BF1}
10:49:00.0515 0x01c8  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:49:00.0703 0x01c8  ============================================================
10:49:00.0703 0x01c8  \Device\Harddisk0\DR0:
10:49:00.0703 0x01c8  MBR partitions:
10:49:00.0703 0x01c8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
10:49:00.0703 0x01c8  ============================================================
10:49:00.0812 0x01c8  C: <-> \Device\Harddisk0\DR0\Partition1
10:49:01.0421 0x01c8  ============================================================
10:49:01.0421 0x01c8  Initialize success
10:49:01.0421 0x01c8  ============================================================
10:49:15.0375 0x0b5c  ============================================================
10:49:15.0375 0x0b5c  Scan started
10:49:15.0375 0x0b5c  Mode: Manual;
10:49:15.0375 0x0b5c  ============================================================
10:49:15.0375 0x0b5c  KSN ping started
10:49:27.0625 0x0b5c  KSN ping finished: true
10:49:35.0828 0x0b5c  ================ Scan system memory ========================
10:49:35.0843 0x0b5c  System memory - ok
10:49:35.0843 0x0b5c  ================ Scan services =============================
10:49:36.0890 0x0b5c  Abiosdsk - ok
10:49:36.0906 0x0b5c  abp480n5 - ok
10:49:37.0109 0x0b5c  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:49:37.0250 0x0b5c  ACPI - ok
10:49:39.0859 0x0b5c  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
10:49:40.0359 0x0b5c  ACPIEC - ok
10:49:40.0546 0x0b5c  [ C1EB9968EC89FBA5F3A264E2E57923AB, DEB0FC346C84FBF1192CC21D177BD1A8D86D552D5056BF95AE86B93C94124049 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
10:49:40.0859 0x0b5c  Adobe LM Service - ok
10:49:40.0875 0x0b5c  adpu160m - ok
10:49:41.0109 0x0b5c  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
10:49:41.0531 0x0b5c  aec - ok
10:49:41.0765 0x0b5c  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
10:49:42.0750 0x0b5c  AFD - ok
10:49:43.0171 0x0b5c  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
10:49:43.0203 0x0b5c  agp440 - ok
10:49:43.0203 0x0b5c  Aha154x - ok
10:49:43.0234 0x0b5c  aic78u2 - ok
10:49:43.0250 0x0b5c  aic78xx - ok
10:49:43.0343 0x0b5c  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
10:49:43.0375 0x0b5c  Alerter - ok
10:49:43.0390 0x0b5c  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
10:49:43.0421 0x0b5c  ALG - ok
10:49:43.0437 0x0b5c  AliIde - ok
10:49:43.0453 0x0b5c  amsint - ok
10:49:43.0515 0x0b5c  [ EFA78DCA6DE1B9E5DFA1834AD9DD6B20, A5664E091EFB1F69668372A83A6295002B11C2DA099D39B0851214AEA79921BF ] anvsnddrv       C:\WINDOWS\system32\drivers\anvsnddrv.sys
10:49:43.0609 0x0b5c  anvsnddrv - ok
10:49:43.0625 0x0b5c  AppMgmt - ok
10:49:43.0687 0x0b5c  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:49:43.0734 0x0b5c  Arp1394 - ok
10:49:43.0765 0x0b5c  asc - ok
10:49:43.0781 0x0b5c  asc3350p - ok
10:49:43.0796 0x0b5c  asc3550 - ok
10:49:44.0203 0x0b5c  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:49:44.0343 0x0b5c  aspnet_state - ok
10:49:44.0375 0x0b5c  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:49:44.0375 0x0b5c  AsyncMac - ok
10:49:44.0421 0x0b5c  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
10:49:44.0453 0x0b5c  atapi - ok
10:49:44.0468 0x0b5c  Atdisk - ok
10:49:44.0515 0x0b5c  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:49:44.0546 0x0b5c  Atmarpc - ok
10:49:44.0609 0x0b5c  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
10:49:44.0687 0x0b5c  AudioSrv - ok
10:49:44.0718 0x0b5c  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
10:49:44.0734 0x0b5c  audstub - ok
10:49:44.0828 0x0b5c  [ 9C7C45DE9E167F6268D32D6D10133F7D, 58005B49AE6D5CABB3ECEFF0D800F53D6E81A67B5EFE25E9374EC061FEC5601F ] Avgdiskx        C:\WINDOWS\system32\DRIVERS\avgdiskx.sys
10:49:44.0921 0x0b5c  Avgdiskx - ok
10:49:45.0000 0x0b5c  [ 8BE661C16FBF84A73BCEC84B6B4A9DB5, 7C93BB50B6EDDEAABB149045A52BDAE5DD9262DC87EEE537D766714E793292C5 ] Avgfwdx         C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
10:49:45.0140 0x0b5c  Avgfwdx - ok
10:49:45.0218 0x0b5c  [ 8BE661C16FBF84A73BCEC84B6B4A9DB5, 7C93BB50B6EDDEAABB149045A52BDAE5DD9262DC87EEE537D766714E793292C5 ] Avgfwfd         C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
10:49:45.0234 0x0b5c  Avgfwfd - ok
10:49:45.0765 0x0b5c  [ 1E68487EF81995767905DE628866215B, 2E2D0EAFFD10387871E7B5D7D401A3A2D9B3C998817E6D61D59494700DA72349 ] avgfws          C:\Program Files\AVG\AVG2014\avgfws.exe
10:49:46.0656 0x0b5c  avgfws - ok
10:49:48.0312 0x0b5c  [ F89B2DACE0FBE54CF65D12B7081C19C3, 64BBA5A29948ABFADB8865CE0D7D0259AB291B8DA04786AB351055D57B49D439 ] AVGIDSAgent     C:\Program Files\AVG\AVG2014\avgidsagent.exe
10:49:50.0390 0x0b5c  AVGIDSAgent - ok
10:49:50.0671 0x0b5c  [ C66B17D93F94622293608C2FB91C5806, 5BA6948A5328D73B1BAF6DACC7B2A842FD0072246DD416DE39F6993EAABC2997 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
10:49:50.0859 0x0b5c  AVGIDSDriver - ok
10:49:50.0968 0x0b5c  [ 0C70FAB4B08DC1FF6612AA3F352CFCA9, 6991B6A9E5063611C280968F758E6B0F431E19EB8539808531C6293A0F313C47 ] AVGIDSHX        C:\WINDOWS\system32\DRIVERS\avgidshx.sys
10:49:51.0187 0x0b5c  AVGIDSHX - ok
10:49:51.0218 0x0b5c  [ 4118A9D326A76D485713A36988102C3E, 10C494165258D091AB31533C37FA05C29013471D5B2D6BDA60F731715FA02248 ] AVGIDSShim      C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
10:49:51.0328 0x0b5c  AVGIDSShim - ok
10:49:51.0421 0x0b5c  [ 578ECC3D911897B2C5B760EDAF8ED6CA, 99CAACB349C8629D4BE6070BDBFB0BDB4A13ABFFF738F04D723D2AFE7EA58894 ] Avgldx86        C:\WINDOWS\system32\DRIVERS\avgldx86.sys
10:49:51.0484 0x0b5c  Avgldx86 - ok
10:49:51.0625 0x0b5c  [ BD1A440B9F126AFE52978A44952B0018, 83577249AACC3F0C655C27A471739113B2086BFC1FF15D0ED7E64B0215B739DB ] Avglogx         C:\WINDOWS\system32\DRIVERS\avglogx.sys
10:49:51.0718 0x0b5c  Avglogx - ok
10:49:51.0812 0x0b5c  [ 7DC192EC714342E7C020C7CF42E394D8, 09F4CFFD93067E62B09C550A7A0588E90CAD190E49E1B7082FC5A949AF389781 ] Avgmfx86        C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
10:49:51.0859 0x0b5c  Avgmfx86 - ok
10:49:51.0921 0x0b5c  [ E6322DF686CE1C59D7797FAEF0732454, 03534F19568B421F9BE9C99A7A5302D38FCABA26E95C49A492DA49E58A918B55 ] Avgrkx86        C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
10:49:52.0125 0x0b5c  Avgrkx86 - ok
10:49:52.0234 0x0b5c  [ E98603F9D1F412F38ADF2F76053F9E5A, 1CE4668E0202ADD8C4C3D7D883DC837F7888F5D6E3B6FEE8338E15A86FE6AC22 ] Avgtdix         C:\WINDOWS\system32\DRIVERS\avgtdix.sys
10:49:52.0359 0x0b5c  Avgtdix - ok
10:49:52.0578 0x0b5c  [ B747B6BB015E552F49C634BB19540F3D, 5000AD41BD101BC06D595484B6E58DEEBB962939ACF4B24DE515771D1C4AE3ED ] avgwd           C:\Program Files\AVG\AVG2014\avgwdsvc.exe
10:49:52.0734 0x0b5c  avgwd - ok
10:49:52.0812 0x0b5c  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
10:49:52.0906 0x0b5c  Beep - ok
10:49:53.0234 0x0b5c  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
10:49:53.0750 0x0b5c  BITS - ok
10:49:53.0843 0x0b5c  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
10:49:53.0890 0x0b5c  Browser - ok
10:49:53.0953 0x0b5c  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
10:49:54.0140 0x0b5c  cbidf2k - ok
10:49:54.0218 0x0b5c  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:49:54.0437 0x0b5c  CCDECODE - ok
10:49:54.0453 0x0b5c  cd20xrnt - ok
10:49:54.0562 0x0b5c  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
10:49:54.0578 0x0b5c  Cdaudio - ok
10:49:54.0656 0x0b5c  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
10:49:54.0734 0x0b5c  Cdfs - ok
10:49:54.0843 0x0b5c  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:49:54.0906 0x0b5c  Cdrom - ok
10:49:54.0937 0x0b5c  Changer - ok
10:49:55.0156 0x0b5c  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
10:49:55.0187 0x0b5c  CiSvc - ok
10:49:55.0328 0x0b5c  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
10:49:55.0359 0x0b5c  ClipSrv - ok
10:49:55.0656 0x0b5c  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:49:55.0796 0x0b5c  clr_optimization_v2.0.50727_32 - ok
10:49:55.0921 0x0b5c  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:49:56.0484 0x0b5c  clr_optimization_v4.0.30319_32 - ok
10:49:56.0500 0x0b5c  CmdIde - ok
10:49:56.0562 0x0b5c  [ FFA7915D9F157B1176717057957779D6, 457ED265C8E39BCCD9CFFAEA984588138C9AAB7E00096BD972C5C17B667F9249 ] COMMONFX.DLL    C:\WINDOWS\system32\COMMONFX.DLL
10:49:56.0640 0x0b5c  COMMONFX.DLL - ok
10:49:56.0656 0x0b5c  COMSysApp - ok
10:49:56.0671 0x0b5c  Cpqarray - ok
10:49:56.0687 0x0b5c  Creative Service for CDROM Access - ok
10:49:56.0796 0x0b5c  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
10:49:56.0890 0x0b5c  CryptSvc - ok
10:49:57.0140 0x0b5c  [ 6191A973461852A09D643609E1D5F7C6, 66D731C335B8A6CA225B8B5CCB4B89B1920928322E2483D4CAF2CF250606A917 ] CT20XUT.DLL     C:\WINDOWS\system32\CT20XUT.DLL
10:49:57.0296 0x0b5c  CT20XUT.DLL - ok
10:49:57.0375 0x0b5c  [ 4C638290979600AE2AE329D1608AD2EC, BC8CE3608E787347977558BAE9C9E345B67C37F54C3808544E55E64A1FD21212 ] ctac32k         C:\WINDOWS\system32\drivers\ctac32k.sys
10:49:57.0421 0x0b5c  ctac32k - ok
10:49:57.0625 0x0b5c  [ CF5662375781F741513C169CD4094100, C4C9E45BC67B2369467AA32074712BD106AADBA03B457D538D5D335A0B06CBCA ] ctaud2k         C:\WINDOWS\system32\drivers\ctaud2k.sys
10:49:57.0750 0x0b5c  ctaud2k - ok
10:49:57.0937 0x0b5c  [ 998FFACE7DFB702DB57D490D61EB6273, FB1C1C862F4D6AB07A9EFF8B98CCD754A56C846FFB24C9A0D5716602EC052E9A ] CTAUDFX.DLL     C:\WINDOWS\system32\CTAUDFX.DLL
10:49:58.0281 0x0b5c  CTAUDFX.DLL - ok
10:49:58.0406 0x0b5c  [ 437F2B31BA8B6B264D38B4FE6682FAEC, D71EBB8CBB85DCE85E6C94A51917845A89436AA4504A831A471001DBE014B2E7 ] ctdvda2k        C:\WINDOWS\system32\drivers\ctdvda2k.sys
10:49:58.0546 0x0b5c  ctdvda2k - ok
10:49:58.0609 0x0b5c  [ 6A57F82009563AEE8826F117E1D3C72C, C1D8E5AF7571B01C039B431862F5937F1315996D8039F48780E856F7640A99D1 ] CTEAPSFX.DLL    C:\WINDOWS\system32\CTEAPSFX.DLL
10:49:58.0734 0x0b5c  CTEAPSFX.DLL - ok
10:49:58.0812 0x0b5c  [ C8AC1FFAEADD655193D7B1811A572D8D, 708A16A6A642F5A21FDFA478964B4D428ACA329CBE6308BAB3759B5C058955E2 ] CTEDSPFX.DLL    C:\WINDOWS\system32\CTEDSPFX.DLL
10:49:58.0921 0x0b5c  CTEDSPFX.DLL - ok
10:49:58.0968 0x0b5c  [ 44495D9DAF675257D00B25B041EE6667, 23123D90B9C6E42FE3871D0F417A413BC5515543B9F380D158D523806E29401B ] CTEDSPIO.DLL    C:\WINDOWS\system32\CTEDSPIO.DLL
10:49:59.0109 0x0b5c  CTEDSPIO.DLL - ok
10:49:59.0187 0x0b5c  [ 8E90B1762CB42E2FC76DAC9210C83C66, 3F9FABCC92F10234D86E75B5FBC97096FF5EF49694B20B8A425F063C03368F86 ] CTEDSPSY.DLL    C:\WINDOWS\system32\CTEDSPSY.DLL
10:49:59.0328 0x0b5c  CTEDSPSY.DLL - ok
10:49:59.0421 0x0b5c  [ D3FBD9983325435B06795F29CB57ED3D, 61649EC01E15F9D3A91428FB4150C5441F9C568A04C3389F1E7A2F4217B938C0 ] CTERFXFX.DLL    C:\WINDOWS\system32\CTERFXFX.DLL
10:49:59.0468 0x0b5c  CTERFXFX.DLL - ok
10:49:59.0796 0x0b5c  [ 2C48E9D8CA703964463F27AE341115B7, 7EB81214200A4ED6BFAFC7F1CC70353F136BEF8CA55953EF554C73FD78357885 ] CTEXFIFX.DLL    C:\WINDOWS\system32\CTEXFIFX.DLL
10:50:00.0203 0x0b5c  CTEXFIFX.DLL - ok
10:50:00.0296 0x0b5c  [ F7657C598E7C29C6683C1E4A8DD68884, 84EA9946F00141A839C42FE19DB9B3A589433E472D26D6126D084B7F217B2642 ] CTHWIUT.DLL     C:\WINDOWS\system32\CTHWIUT.DLL
10:50:00.0328 0x0b5c  CTHWIUT.DLL - ok
10:50:00.0406 0x0b5c  [ 678849D1AF0750F68DBDC185252D5926, 7AB63ABD009C8156319FBBF167CF2CE056BFB8FA3FF020EB7A1091AE7AA30ABD ] ctprxy2k        C:\WINDOWS\system32\drivers\ctprxy2k.sys
10:50:00.0421 0x0b5c  ctprxy2k - ok
10:50:00.0593 0x0b5c  [ D77B981EC2F619D622C8573FE44DFA70, 4EF5C6F2D7553D2C75C93C37C49D847C19D5A1E65726E1EFB514851920FD0E45 ] CTSBLFX.DLL     C:\WINDOWS\system32\CTSBLFX.DLL
10:50:00.0765 0x0b5c  CTSBLFX.DLL - ok
10:50:00.0812 0x0b5c  [ 3A076EBFBBBD6879A78863944980DA32, 1D81A21BBBEC653D71D5BFF5FCDA5F21910BD65230EBCE1EAECD6E3D162CAE07 ] ctsfm2k         C:\WINDOWS\system32\drivers\ctsfm2k.sys
10:50:00.0890 0x0b5c  ctsfm2k - ok
10:50:00.0906 0x0b5c  dac2w2k - ok
10:50:00.0921 0x0b5c  dac960nt - ok
10:50:01.0343 0x0b5c  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
10:50:01.0546 0x0b5c  DcomLaunch - ok
10:50:01.0671 0x0b5c  [ D720E872772D004E304FCE0CE54E1F8A, CEEC6D27A5DBE6522C2BC5467BA9A24D12F8119CA4EFBC42B0EB1A1939AEEC09 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
10:50:01.0796 0x0b5c  dg_ssudbus - ok
10:50:01.0890 0x0b5c  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
10:50:02.0000 0x0b5c  Dhcp - ok
10:50:02.0203 0x0b5c  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
10:50:02.0328 0x0b5c  Disk - ok
10:50:02.0328 0x0b5c  dmadmin - ok
10:50:02.0468 0x0b5c  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
10:50:02.0593 0x0b5c  dmboot - ok
10:50:02.0703 0x0b5c  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
10:50:02.0890 0x0b5c  dmio - ok
10:50:02.0968 0x0b5c  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
10:50:03.0000 0x0b5c  dmload - ok
10:50:03.0062 0x0b5c  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
10:50:03.0109 0x0b5c  dmserver - ok
10:50:03.0171 0x0b5c  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
10:50:03.0343 0x0b5c  DMusic - ok
10:50:03.0468 0x0b5c  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
10:50:03.0546 0x0b5c  Dnscache - ok
10:50:03.0656 0x0b5c  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
10:50:03.0765 0x0b5c  Dot3svc - ok
10:50:03.0812 0x0b5c  dpti2o - ok
10:50:03.0812 0x0b5c  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
10:50:03.0843 0x0b5c  drmkaud - ok
10:50:03.0937 0x0b5c  [ 98B46B331404A951CABAD8B4877E1276, DC683271BFF3BCC40D656E8190A4BA25E76B5876FE3C22C66ED789068C7017A7 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
10:50:04.0093 0x0b5c  E100B - ok
10:50:04.0140 0x0b5c  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
10:50:04.0359 0x0b5c  EapHost - ok
10:50:04.0484 0x0b5c  [ F7511CF63EF82F7227C03028A3ABADB5, BAADCAD8CD9B541A44A4F96B29A2DF5CF22434FDFC92EDC3F31ED7C852E693A8 ] emupia          C:\WINDOWS\system32\drivers\emupia2k.sys
10:50:04.0562 0x0b5c  emupia - ok
10:50:04.0656 0x0b5c  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
10:50:04.0734 0x0b5c  ERSvc - ok
10:50:05.0171 0x0b5c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
10:50:05.0343 0x0b5c  Eventlog - ok
10:50:05.0656 0x0b5c  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\System32\es.dll
10:50:06.0125 0x0b5c  EventSystem - ok
10:50:06.0250 0x0b5c  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
10:50:06.0609 0x0b5c  Fastfat - ok
10:50:06.0812 0x0b5c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:50:06.0953 0x0b5c  FastUserSwitchingCompatibility - ok
10:50:07.0015 0x0b5c  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
10:50:07.0109 0x0b5c  Fdc - ok
10:50:07.0156 0x0b5c  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
10:50:07.0187 0x0b5c  Fips - ok
10:50:07.0234 0x0b5c  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:50:07.0375 0x0b5c  Flpydisk - ok
10:50:07.0593 0x0b5c  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
10:50:07.0718 0x0b5c  FltMgr - ok
10:50:07.0906 0x0b5c  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:50:07.0953 0x0b5c  FontCache3.0.0.0 - ok
10:50:08.0000 0x0b5c  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:50:08.0046 0x0b5c  Fs_Rec - ok
10:50:08.0140 0x0b5c  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:50:08.0203 0x0b5c  Ftdisk - ok
10:50:08.0312 0x0b5c  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:50:08.0375 0x0b5c  Gpc - ok
10:50:08.0703 0x0b5c  [ F24DD43ADC784177B28984043BC022AB, BB0E8A1A7834646D49FEF22D41DD1D5AF97D97A0A52E53FB424E372CD54F0E93 ] ha10kx2k        C:\WINDOWS\system32\drivers\ha10kx2k.sys
10:50:08.0890 0x0b5c  ha10kx2k - ok
10:50:08.0953 0x0b5c  [ FF65C807EA641FF7310A61BE4DEC6479, 6DDED796F194BA4F656FD2D431B2298A957D4DC139825E4FA64A0A22920AD32E ] hap16v2k        C:\WINDOWS\system32\drivers\hap16v2k.sys
10:50:09.0015 0x0b5c  hap16v2k - ok
10:50:09.0109 0x0b5c  [ A595B88AD16D8B5693DDF08113CAF30E, B46ECF3C26065374593C87A3CE305FACEB5B5B4B0F994C7895F25332703E8FC2 ] hap17v2k        C:\WINDOWS\system32\drivers\hap17v2k.sys
10:50:09.0171 0x0b5c  hap17v2k - ok
10:50:09.0281 0x0b5c  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:50:09.0390 0x0b5c  helpsvc - ok
10:50:09.0453 0x0b5c  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
10:50:09.0531 0x0b5c  HidServ - ok
10:50:09.0562 0x0b5c  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:50:09.0703 0x0b5c  hidusb - ok
10:50:09.0765 0x0b5c  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
10:50:09.0875 0x0b5c  hkmsvc - ok
10:50:09.0875 0x0b5c  hpn - ok
10:50:10.0171 0x0b5c  [ CC8A7D8A8DC9F357B57796583CF8B85F, 3B00CFBB57F54A2B0900397C219F771AA529DA584F2CDAFD06274D329DD4FE2B ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:50:13.0078 0x0b5c  hpqcxs08 - ok
10:50:13.0187 0x0b5c  [ 4C2CA71CAAFD2CF1A673FC8DBFD219C4, BA272FA56A9D9DE969B7330588A248BF16316BF48F0653CF09BDE09C2C937FE3 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:50:13.0515 0x0b5c  hpqddsvc - ok
10:50:13.0625 0x0b5c  [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:50:13.0796 0x0b5c  HPZid412 - ok
10:50:13.0843 0x0b5c  [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:50:13.0968 0x0b5c  HPZipr12 - ok
10:50:14.0140 0x0b5c  [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:50:14.0218 0x0b5c  HPZius12 - ok
10:50:14.0593 0x0b5c  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
10:50:14.0765 0x0b5c  HTTP - ok
10:50:14.0812 0x0b5c  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
10:50:15.0078 0x0b5c  HTTPFilter - ok
10:50:15.0093 0x0b5c  i2omgmt - ok
10:50:15.0125 0x0b5c  i2omp - ok
10:50:15.0156 0x0b5c  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:50:15.0187 0x0b5c  i8042prt - ok
10:50:15.0296 0x0b5c  [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
10:50:15.0546 0x0b5c  IDriverT - ok
10:50:15.0921 0x0b5c  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:50:16.0828 0x0b5c  idsvc - ok
10:50:16.0890 0x0b5c  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
10:50:16.0921 0x0b5c  Imapi - ok
10:50:17.0125 0x0b5c  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
10:50:17.0203 0x0b5c  ImapiService - ok
10:50:17.0250 0x0b5c  ini910u - ok
10:50:17.0265 0x0b5c  IntelIde - ok
10:50:17.0359 0x0b5c  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:50:17.0437 0x0b5c  intelppm - ok
10:50:17.0531 0x0b5c  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
10:50:17.0593 0x0b5c  ip6fw - ok
10:50:17.0687 0x0b5c  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:50:17.0843 0x0b5c  IpFilterDriver - ok
10:50:17.0906 0x0b5c  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:50:17.0937 0x0b5c  IpInIp - ok
10:50:18.0109 0x0b5c  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:50:18.0218 0x0b5c  IpNat - ok
10:50:18.0296 0x0b5c  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:50:18.0406 0x0b5c  IPSec - ok
10:50:18.0437 0x0b5c  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
10:50:18.0546 0x0b5c  IRENUM - ok
10:50:18.0593 0x0b5c  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:50:18.0656 0x0b5c  isapnp - ok
10:50:18.0875 0x0b5c  [ DE5D05FD449798EF88CC34AD4B1E7F85, 7F7CFEBC96DF267FA90B953A369C3F23BFE2793324DD1DB943EAC19EBFA58373 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
10:50:19.0187 0x0b5c  JavaQuickStarterService - ok
10:50:19.0218 0x0b5c  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:50:19.0265 0x0b5c  Kbdclass - ok
10:50:19.0375 0x0b5c  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
10:50:19.0562 0x0b5c  kmixer - ok
10:50:19.0640 0x0b5c  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
10:50:19.0750 0x0b5c  KSecDD - ok
10:50:19.0843 0x0b5c  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
10:50:19.0906 0x0b5c  lanmanserver - ok
10:50:20.0078 0x0b5c  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:50:20.0156 0x0b5c  lanmanworkstation - ok
10:50:20.0171 0x0b5c  lbrtfdc - ok
10:50:20.0250 0x0b5c  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
10:50:20.0750 0x0b5c  LmHosts - ok
10:50:20.0796 0x0b5c  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
10:50:21.0437 0x0b5c  Messenger - ok
10:50:21.0484 0x0b5c  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
10:50:21.0625 0x0b5c  mnmdd - ok
10:50:21.0671 0x0b5c  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
10:50:21.0734 0x0b5c  mnmsrvc - ok
10:50:21.0937 0x0b5c  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
10:50:23.0125 0x0b5c  Modem - ok
10:50:23.0171 0x0b5c  motandroidusb - ok
10:50:23.0250 0x0b5c  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:50:23.0359 0x0b5c  Mouclass - ok
10:50:23.0531 0x0b5c  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:50:23.0578 0x0b5c  mouhid - ok
10:50:23.0640 0x0b5c  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
10:50:23.0687 0x0b5c  MountMgr - ok
10:50:23.0828 0x0b5c  [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:50:23.0890 0x0b5c  MozillaMaintenance - ok
10:50:23.0906 0x0b5c  mraid35x - ok
10:50:24.0093 0x0b5c  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:50:24.0156 0x0b5c  MRxDAV - ok
10:50:24.0406 0x0b5c  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:50:24.0593 0x0b5c  MRxSmb - ok
10:50:24.0656 0x0b5c  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
10:50:24.0687 0x0b5c  MSDTC - ok
10:50:24.0718 0x0b5c  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
10:50:24.0734 0x0b5c  Msfs - ok
10:50:24.0750 0x0b5c  MSIServer - ok
10:50:24.0781 0x0b5c  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:50:24.0796 0x0b5c  MSKSSRV - ok
10:50:24.0812 0x0b5c  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:50:24.0828 0x0b5c  MSPCLOCK - ok
10:50:24.0859 0x0b5c  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
10:50:24.0875 0x0b5c  MSPQM - ok
10:50:24.0906 0x0b5c  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:50:25.0140 0x0b5c  mssmbios - ok
10:50:25.0218 0x0b5c  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
10:50:25.0328 0x0b5c  MSTEE - ok
10:50:25.0468 0x0b5c  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
10:50:25.0515 0x0b5c  Mup - ok
10:50:25.0578 0x0b5c  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:50:25.0656 0x0b5c  NABTSFEC - ok
10:50:25.0828 0x0b5c  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
10:50:25.0953 0x0b5c  napagent - ok
10:50:26.0234 0x0b5c  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
10:50:26.0312 0x0b5c  NDIS - ok
10:50:26.0390 0x0b5c  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:50:26.0515 0x0b5c  NdisIP - ok
10:50:26.0562 0x0b5c  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:50:26.0625 0x0b5c  NdisTapi - ok
10:50:26.0640 0x0b5c  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:50:26.0656 0x0b5c  Ndisuio - ok
10:50:26.0734 0x0b5c  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:50:26.0921 0x0b5c  NdisWan - ok
10:50:27.0593 0x0b5c  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
10:50:27.0640 0x0b5c  NDProxy - ok
10:50:27.0718 0x0b5c  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3, 29ACA9D8A5426333F75858D9D3960A4DCDDA4ACC986B3E9E37D255E4FAECDB7C ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
10:50:27.0843 0x0b5c  Net Driver HPZ12 - ok
10:50:27.0875 0x0b5c  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
10:50:27.0906 0x0b5c  NetBIOS - ok
10:50:28.0078 0x0b5c  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
10:50:28.0140 0x0b5c  NetBT - ok
10:50:28.0234 0x0b5c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
10:50:28.0375 0x0b5c  NetDDE - ok
10:50:28.0468 0x0b5c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
10:50:28.0515 0x0b5c  NetDDEdsdm - ok
10:50:28.0578 0x0b5c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
10:50:28.0609 0x0b5c  Netlogon - ok
10:50:28.0734 0x0b5c  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
10:50:28.0875 0x0b5c  Netman - ok
10:50:29.0171 0x0b5c  [ 737351F39FEF765234037770ABDD72BD, 12928F0B9230BFCCA9848217DC3470E302CD28006092A5C02EEE446BCDFFDC0C ] NetSvc          C:\Program Files\Intel\NCS\Sync\NetSvc.exe
10:50:29.0265 0x0b5c  NetSvc - ok
10:50:29.0375 0x0b5c  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:50:29.0578 0x0b5c  NetTcpPortSharing - ok
10:50:29.0640 0x0b5c  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:50:29.0671 0x0b5c  NIC1394 - ok
10:50:29.0796 0x0b5c  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
10:50:29.0921 0x0b5c  Nla - ok
10:50:30.0781 0x0b5c  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
10:50:30.0812 0x0b5c  Npfs - ok
10:50:31.0250 0x0b5c  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
10:50:31.0625 0x0b5c  Ntfs - ok
10:50:31.0640 0x0b5c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
10:50:31.0671 0x0b5c  NtLmSsp - ok
10:50:31.0859 0x0b5c  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
10:50:32.0640 0x0b5c  NtmsSvc - ok
10:50:32.0671 0x0b5c  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
10:50:32.0796 0x0b5c  Null - ok
10:50:35.0796 0x0b5c  [ 9F4384AA43548DDD438F7B7825D11699, D1C774881D8156C03FDEE2AC141A47A8457E2001003018D0653FE5309367B06C ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
10:50:39.0968 0x0b5c  nv - ok
10:50:40.0312 0x0b5c  [ 0C41C4ACFE00D826DB479C40C1D9EDC8, D701B94B92EC3226F7FEC0BCA4F03CAC69A760DA3965E121950D56E7E255F7C6 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
10:50:40.0750 0x0b5c  NVSvc - ok
10:50:40.0828 0x0b5c  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:50:40.0921 0x0b5c  NwlnkFlt - ok
10:50:40.0968 0x0b5c  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:50:41.0015 0x0b5c  NwlnkFwd - ok
10:50:41.0234 0x0b5c  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:50:41.0500 0x0b5c  ohci1394 - ok
10:50:41.0593 0x0b5c  [ CEC7E2C6C1FA00C7AB2F5434F848AE51, 399CF962689652F6B3906F40D20EE7BBDA856CD56031A65C5A1E8718016FCE90 ] OMCI            C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
10:50:41.0640 0x0b5c  OMCI - ok
10:50:41.0984 0x0b5c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:50:42.0250 0x0b5c  ose - ok
10:50:42.0421 0x0b5c  [ F0184FE6069BE1541A3D18C02A73D161, A2A169AF703FAE3E85E5458176C0B06F62167996E6F4444EA71E3995ED01F422 ] ossrv           C:\WINDOWS\system32\drivers\ctoss2k.sys
10:50:42.0671 0x0b5c  ossrv - ok
10:50:42.0734 0x0b5c  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
10:50:42.0875 0x0b5c  Parport - ok
10:50:42.0968 0x0b5c  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
10:50:43.0187 0x0b5c  PartMgr - ok
10:50:43.0343 0x0b5c  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
10:50:43.0421 0x0b5c  ParVdm - ok
10:50:43.0453 0x0b5c  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
10:50:43.0531 0x0b5c  PCI - ok
10:50:43.0531 0x0b5c  PCIDump - ok
10:50:43.0609 0x0b5c  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
10:50:43.0656 0x0b5c  PCIIde - ok
10:50:43.0703 0x0b5c  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
10:50:43.0812 0x0b5c  Pcmcia - ok
10:50:43.0906 0x0b5c  PDCOMP - ok
10:50:43.0921 0x0b5c  PDFRAME - ok
10:50:43.0953 0x0b5c  PDRELI - ok
10:50:43.0984 0x0b5c  PDRFRAME - ok
10:50:44.0031 0x0b5c  perc2 - ok
10:50:44.0078 0x0b5c  perc2hib - ok
10:50:44.0312 0x0b5c  [ C8A2D6FF660AC601B7BB9A9B16A5C25E, BBF97622AB15943F614AE3901860DE4B1380D5878FCC6EAA2384B4C9432C0B4B ] PfModNT         C:\WINDOWS\System32\drivers\PfModNT.sys
10:50:44.0406 0x0b5c  PfModNT - ok
10:50:44.0468 0x0b5c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
10:50:44.0640 0x0b5c  PlugPlay - ok
10:50:44.0812 0x0b5c  [ 79834AA2FBF9FE81EEBB229024F6F7FC, 4E243765C11AE9B5D003C3220B8AA0C4671B2627221D2323F80189CA3A307FEF ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
10:50:44.0859 0x0b5c  Pml Driver HPZ12 - ok
10:50:45.0046 0x0b5c  [ 205E1B699FD3F2F9B036EEA2EC30C620, 9D5C8009BC3F6F76438FC82C3DAAA3E9CC87F74CDE841A0ADD9EF00E98DB6890 ] PnkBstrA        C:\WINDOWS\system32\PnkBstrA.exe
10:50:45.0500 0x0b5c  PnkBstrA - ok
10:50:45.0546 0x0b5c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
10:50:45.0890 0x0b5c  PolicyAgent - ok
10:50:45.0968 0x0b5c  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:50:46.0062 0x0b5c  PptpMiniport - ok
10:50:46.0265 0x0b5c  [ A32BEBAF723557681BFC6BD93E98BD26, 35039BA72A29F87B2CA37DCDE4EFDAABBDEAD8CE3EB8652ACC665994118145A6 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
10:50:46.0312 0x0b5c  Processor - ok
10:50:46.0359 0x0b5c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:50:46.0484 0x0b5c  ProtectedStorage - ok
10:50:46.0875 0x0b5c  [ 6395877BE921DF88F7AC298F5A7EC1BE, 1EE3F01D2687D2B24707EF89F6CE3F57BED6394AD47826A1400DB8C8FE02D6A3 ] Prvflder        C:\WINDOWS\system32\DRIVERS\prvflder.sys
10:50:47.0031 0x0b5c  Prvflder - ok
10:50:47.0234 0x0b5c  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
10:50:47.0359 0x0b5c  PSched - ok
10:50:47.0421 0x0b5c  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:50:47.0484 0x0b5c  Ptilink - ok
10:50:47.0546 0x0b5c  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20        C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
10:50:47.0625 0x0b5c  PxHelp20 - ok
10:50:47.0640 0x0b5c  ql1080 - ok
10:50:47.0656 0x0b5c  Ql10wnt - ok
10:50:47.0687 0x0b5c  ql12160 - ok
10:50:47.0703 0x0b5c  ql1240 - ok
10:50:47.0750 0x0b5c  ql1280 - ok
10:50:47.0765 0x0b5c  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:50:47.0843 0x0b5c  RasAcd - ok
10:50:47.0890 0x0b5c  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
10:50:48.0000 0x0b5c  RasAuto - ok
10:50:48.0062 0x0b5c  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:50:48.0156 0x0b5c  Rasl2tp - ok
10:50:48.0343 0x0b5c  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
10:50:48.0484 0x0b5c  RasMan - ok
10:50:48.0562 0x0b5c  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:50:48.0609 0x0b5c  RasPppoe - ok
10:50:48.0625 0x0b5c  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
10:50:48.0671 0x0b5c  Raspti - ok
10:50:48.0750 0x0b5c  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:50:48.0921 0x0b5c  Rdbss - ok
10:50:48.0953 0x0b5c  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:50:49.0031 0x0b5c  RDPCDD - ok
10:50:49.0328 0x0b5c  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
10:50:49.0625 0x0b5c  RDPWD - ok
10:50:49.0734 0x0b5c  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
10:50:49.0875 0x0b5c  RDSessMgr - ok
10:50:49.0937 0x0b5c  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
10:50:49.0968 0x0b5c  redbook - ok
10:50:50.0062 0x0b5c  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
10:50:50.0359 0x0b5c  RemoteAccess - ok
10:50:50.0484 0x0b5c  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\System32\locator.exe
10:50:50.0562 0x0b5c  RpcLocator - ok
10:50:50.0781 0x0b5c  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
10:50:51.0015 0x0b5c  RpcSs - ok
10:50:51.0140 0x0b5c  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\System32\rsvp.exe
10:50:51.0296 0x0b5c  RSVP - ok
10:50:51.0343 0x0b5c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
10:50:51.0515 0x0b5c  SamSs - ok
10:50:51.0593 0x0b5c  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
10:50:51.0656 0x0b5c  SCardSvr - ok
10:50:51.0765 0x0b5c  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
10:50:51.0921 0x0b5c  Schedule - ok
10:50:52.0406 0x0b5c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:50:52.0484 0x0b5c  Secdrv - ok
10:50:52.0546 0x0b5c  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
10:50:52.0640 0x0b5c  seclogon - ok
10:50:52.0687 0x0b5c  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
10:50:52.0781 0x0b5c  SENS - ok
10:50:52.0796 0x0b5c  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
10:50:52.0937 0x0b5c  serenum - ok
10:50:52.0984 0x0b5c  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
10:50:53.0000 0x0b5c  Serial - ok
10:50:53.0093 0x0b5c  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
10:50:53.0171 0x0b5c  Sfloppy - ok
10:50:53.0453 0x0b5c  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
10:50:53.0703 0x0b5c  SharedAccess - ok
10:50:53.0812 0x0b5c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:50:53.0953 0x0b5c  ShellHWDetection - ok
10:50:53.0968 0x0b5c  Simbad - ok
10:50:54.0031 0x0b5c  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:50:54.0062 0x0b5c  SLIP - ok
10:50:54.0093 0x0b5c  Sparrow - ok
10:50:54.0140 0x0b5c  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
10:50:54.0171 0x0b5c  splitter - ok
10:50:54.0265 0x0b5c  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
10:50:54.0468 0x0b5c  Spooler - ok
10:50:54.0531 0x0b5c  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
10:50:54.0609 0x0b5c  sr - ok
10:50:54.0750 0x0b5c  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\System32\srsvc.dll
10:50:54.0921 0x0b5c  srservice - ok
10:50:55.0078 0x0b5c  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
10:50:55.0234 0x0b5c  Srv - ok
10:50:55.0312 0x0b5c  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
10:50:55.0421 0x0b5c  SSDPSRV - ok
10:50:55.0578 0x0b5c  [ A1CC726323FB41FFD29F436A77237E41, 8D76C546EA0185F17F5058B4040DC94E0737C5C005320970E6F7F888429D94B5 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
10:50:55.0734 0x0b5c  ssudmdm - ok
10:50:55.0796 0x0b5c  [ A9573045BAA16EAB9B1085205B82F1ED, 6A4D68BCD4968C17451EB1C4AB420FFA844D089845520D222BC4A2BD14583C56 ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
10:50:55.0890 0x0b5c  StillCam - ok
10:50:56.0171 0x0b5c  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
10:50:56.0609 0x0b5c  stisvc - ok
10:50:56.0640 0x0b5c  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:50:56.0875 0x0b5c  streamip - ok
10:50:57.0718 0x0b5c  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
10:50:59.0093 0x0b5c  swenum - ok
10:50:59.0250 0x0b5c  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
10:50:59.0312 0x0b5c  swmidi - ok
10:50:59.0328 0x0b5c  SwPrv - ok
10:50:59.0343 0x0b5c  symc810 - ok
10:50:59.0359 0x0b5c  symc8xx - ok
10:50:59.0375 0x0b5c  sym_hi - ok
10:50:59.0390 0x0b5c  sym_u3 - ok
10:50:59.0421 0x0b5c  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
10:50:59.0484 0x0b5c  sysaudio - ok
10:50:59.0562 0x0b5c  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
10:50:59.0687 0x0b5c  SysmonLog - ok
10:50:59.0796 0x0b5c  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
10:51:00.0015 0x0b5c  TapiSrv - ok
10:51:00.0156 0x0b5c  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:51:00.0250 0x0b5c  Tcpip - ok
10:51:00.0312 0x0b5c  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
10:51:00.0343 0x0b5c  TDPIPE - ok
10:51:00.0453 0x0b5c  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
10:51:00.0500 0x0b5c  TDTCP - ok
10:51:00.0546 0x0b5c  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
10:51:00.0593 0x0b5c  TermDD - ok
10:51:00.0765 0x0b5c  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
10:51:00.0890 0x0b5c  TermService - ok
10:51:00.0968 0x0b5c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
10:51:01.0000 0x0b5c  Themes - ok
10:51:01.0015 0x0b5c  TosIde - ok
10:51:01.0093 0x0b5c  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
10:51:01.0203 0x0b5c  TrkWks - ok
10:51:01.0281 0x0b5c  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
10:51:01.0328 0x0b5c  Udfs - ok
10:51:01.0437 0x0b5c  ultra - ok
10:51:01.0640 0x0b5c  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
10:51:01.0796 0x0b5c  Update - ok
10:51:01.0890 0x0b5c  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
10:51:02.0000 0x0b5c  upnphost - ok
10:51:02.0078 0x0b5c  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
10:51:02.0171 0x0b5c  UPS - ok
10:51:02.0250 0x0b5c  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
10:51:02.0453 0x0b5c  usbaudio - ok
10:51:02.0546 0x0b5c  [ D9F3BB7C292F194F3B053CE295754EB8, D594DF6E9758BA6F43B2D31ABCA2B6BA214A8EB60486E4463F13CBCC2AFFB020 ] usbbus          C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
10:51:02.0656 0x0b5c  usbbus - ok
10:51:02.0750 0x0b5c  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:51:02.0937 0x0b5c  usbccgp - ok
10:51:03.0015 0x0b5c  [ C4F77DA649F99FAD116EA585376FC164, D0A820F1E562E0EDFB35609DEDEB04D735355028E32878B514205BCC9ED195A0 ] UsbDiag         C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
10:51:03.0046 0x0b5c  UsbDiag - ok
10:51:03.0140 0x0b5c  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:51:03.0312 0x0b5c  usbehci - ok
10:51:03.0421 0x0b5c  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:51:03.0546 0x0b5c  usbhub - ok
10:51:03.0671 0x0b5c  [ C0613CE45E617BC671DE8EBB1B30D175, A6FBACFD13F671FDD8C948E2443D3437B4969493E0E1FC441DE24984147CDE74 ] USBModem        C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
10:51:03.0781 0x0b5c  USBModem - ok
10:51:03.0843 0x0b5c  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:51:03.0984 0x0b5c  usbprint - ok
10:51:04.0031 0x0b5c  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:51:04.0250 0x0b5c  usbscan - ok
10:51:04.0406 0x0b5c  [ 1A07FFEF61431F492AB8CCF77FD242B2, F54217E719DC4B1BD890EE50C4F27596C03A4336A3AE8B727D95A4CA14E5CA80 ] UsbService      C:\Program Files\ASUS\Printer Utilities\UsbService.exe
10:51:04.0578 0x0b5c  UsbService - ok
10:51:04.0625 0x0b5c  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:51:04.0687 0x0b5c  USBSTOR - ok
10:51:04.0718 0x0b5c  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:51:04.0765 0x0b5c  usbuhci - ok
10:51:04.0906 0x0b5c  [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
10:51:05.0000 0x0b5c  usbvideo - ok
10:51:05.0062 0x0b5c  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
10:51:05.0078 0x0b5c  VgaSave - ok
10:51:05.0093 0x0b5c  ViaIde - ok
10:51:05.0125 0x0b5c  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
10:51:05.0187 0x0b5c  VolSnap - ok
10:51:05.0296 0x0b5c  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
10:51:05.0703 0x0b5c  VSS - ok
10:51:05.0828 0x0b5c  [ C21DBD71AA028B3D213460F88D43BBFD, 949449850EACB79662710443812318EB81D07EB429BF6D48D0B570F50505D0B0 ] vuhub           C:\WINDOWS\system32\DRIVERS\vuhub.sys
10:51:06.0125 0x0b5c  vuhub - ok
10:51:06.0296 0x0b5c  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
10:51:06.0671 0x0b5c  W32Time - ok
10:51:06.0718 0x0b5c  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:51:06.0765 0x0b5c  Wanarp - ok
10:51:07.0015 0x0b5c  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC, 06FC132E0E256B9A4E4DDD05D3AF4D75E40C750ECCF94A76251B104C65CFFCDF ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
10:51:07.0250 0x0b5c  Wdf01000 - ok
10:51:07.0296 0x0b5c  WDICA - ok
10:51:07.0343 0x0b5c  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
10:51:07.0453 0x0b5c  wdmaud - ok
10:51:07.0531 0x0b5c  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
10:51:07.0640 0x0b5c  WebClient - ok
10:51:07.0812 0x0b5c  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
10:51:07.0968 0x0b5c  winmgmt - ok
10:51:08.0109 0x0b5c  [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
10:51:08.0171 0x0b5c  WmdmPmSN - ok
10:51:08.0234 0x0b5c  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
10:51:08.0296 0x0b5c  WmiApSrv - ok
10:51:08.0812 0x0b5c  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
10:51:09.0171 0x0b5c  WMPNetworkSvc - ok
10:51:09.0265 0x0b5c  [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
10:51:09.0296 0x0b5c  WpdUsb - ok
10:51:09.0734 0x0b5c  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:51:10.0156 0x0b5c  WPFFontCache_v0400 - ok
10:51:10.0218 0x0b5c  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
10:51:10.0531 0x0b5c  wscsvc - ok
10:51:10.0609 0x0b5c  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:51:10.0671 0x0b5c  WSTCODEC - ok
10:51:10.0750 0x0b5c  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
10:51:10.0937 0x0b5c  wuauserv - ok
10:51:11.0031 0x0b5c  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:51:11.0234 0x0b5c  WudfPf - ok
10:51:11.0312 0x0b5c  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:51:11.0343 0x0b5c  WudfRd - ok
10:51:11.0546 0x0b5c  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
10:51:11.0625 0x0b5c  WudfSvc - ok
10:51:11.0843 0x0b5c  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
10:51:12.0218 0x0b5c  WZCSVC - ok
10:51:12.0468 0x0b5c  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
10:51:12.0796 0x0b5c  xmlprov - ok
10:51:12.0859 0x0b5c  ================ Scan global ===============================
10:51:13.0156 0x0b5c  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
10:51:13.0343 0x0b5c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
10:51:13.0796 0x0b5c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
10:51:13.0921 0x0b5c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
10:51:13.0968 0x0b5c  [ Global ] - ok
10:51:13.0968 0x0b5c  ================ Scan MBR ==================================
10:51:14.0000 0x0b5c  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:51:15.0187 0x0b5c  \Device\Harddisk0\DR0 - ok
10:51:15.0187 0x0b5c  ================ Scan VBR ==================================
10:51:15.0218 0x0b5c  [ F6AC368563F8103ABFAB1934B1082F11 ] \Device\Harddisk0\DR0\Partition1
10:51:15.0265 0x0b5c  \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
10:51:15.0265 0x0b5c  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
10:51:17.0968 0x0b5c  Waiting for KSN requests completion. In queue: 108
10:51:19.0000 0x0b5c  Waiting for KSN requests completion. In queue: 108
10:51:20.0015 0x0b5c  Waiting for KSN requests completion. In queue: 92
10:51:26.0625 0x0b5c  AV detected via SS1: AVG Internet Security 2014, 2014.0, enabled, updated
10:51:26.0781 0x0b5c  FW detected via SS1: AVG Internet Security 2014, 2014.0, enabled
10:51:29.0843 0x0b5c  ============================================================
10:51:29.0906 0x0b5c  Scan finished
10:51:29.0906 0x0b5c  ============================================================
10:51:30.0000 0x0e10  Detected object count: 1
10:51:30.0000 0x0e10  Actual detected object count: 1
10:51:41.0046 0x0e10  \Device\Harddisk0\DR0\Partition1 - copied to quarantine
10:51:41.0109 0x0e10  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
10:51:41.0203 0x0e10  \Device\Harddisk0\DR0\Partition1 - ok
10:51:41.0203 0x0e10  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
10:51:45.0515 0x0e10  KLMD registered as C:\WINDOWS\system32\drivers\42426974.sys
10:53:06.0046 0x11f0  Deinitialize success
 

# AdwCleaner v3.018 - Report created 05/02/2014 at 11:15:51
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Dad - PAIN
# Running from : C:\Documents and Settings\Dad\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\myfree codec
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\File Type Helper
Folder Deleted : C:\Program Files\goforfiles
Folder Deleted : C:\Program Files\internethelper3.1
Folder Deleted : C:\Program Files\myfree codec
Folder Deleted : C:\Program Files\Searchprotect
Folder Deleted : C:\Program Files\Common Files\Umbrella
Folder Deleted : C:\Documents and Settings\LocalService\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Documents and Settings\NetworkService\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Documents and Settings\Dad\Local Settings\Application Data\internethelper3.1
Folder Deleted : C:\Documents and Settings\Dad\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Documents and Settings\Dad\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\Dad\Application Data\goforfiles
Folder Deleted : C:\Documents and Settings\Dad\Application Data\iWin
Folder Deleted : C:\Documents and Settings\Mom\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Documents and Settings\Mom\Application Data\iWin
Folder Deleted : C:\Documents and Settings\Buddy\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Documents and Settings\Buddy\Application Data\iWin
Folder Deleted : C:\Documents and Settings\Administrator\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\v7wp6yps.default\Smartbar
Folder Deleted : C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\v7wp6yps.default\ValueApps
Folder Deleted : C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\v7wp6yps.default\CT3289663
Folder Deleted : C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\v7wp6yps.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
File Deleted : C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\v7wp6yps.default\Extensions\addon@defaulttab.com.xpi
File Deleted : C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\v7wp6yps.default\Extensions\webbooster@iminent.com.xpi
File Deleted : C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\v7wp6yps.default\searchplugins\search.xml
File Deleted : C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\v7wp6yps.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [extension@FastFreeConverter.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466596660}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CE3A05E8-680E-4A3A-A256-AC417E7A1A64}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E14179F8-8214-413A-B6B1-415D1F13D949}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\InternetHelper3.1
Key Deleted : HKCU\Software\AppDataLow\Software\lyricsparty
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Fast Free Converter
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Uniblue\SpeedUpMyPC
Key Deleted : HKLM\Software\InternetHelper3.1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper3.1 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InternetHelper3.1 Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\v7wp6yps.default\prefs.js ]

Line Deleted : user_pref("CT3289663.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3289663.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3289663.1000234.TWC_TMP_city", "CLEVELAND");
Line Deleted : user_pref("CT3289663.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3289663.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT3289663.1000234.TWC_locId", "USOH0195");
Line Deleted : user_pref("CT3289663.1000234.TWC_location", "Cleveland, OH");
Line Deleted : user_pref("CT3289663.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3289663.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3289663.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3289663.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.FirstTime", "true");
Line Deleted : user_pref("CT3289663.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3289663.UserID", "UN39105945361841498");
Line Deleted : user_pref("CT3289663.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3289663.countryCode", "US");
Line Deleted : user_pref("CT3289663.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3289663.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3289663.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3289663.fixUrls", true);
Line Deleted : user_pref("CT3289663.fullUserID", "UN39105945361841498.IN.20130806075305");
Line Deleted : user_pref("CT3289663.homepageuserchanged", true);
Line Deleted : user_pref("CT3289663.installType", "Unknown");
Line Deleted : user_pref("CT3289663.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3289663.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3289663.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3289663.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3289663&octid=CT3289663&SearchSource=15&CUI=UN39105945361841498&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3289663.lastVersion", "10.23.0.822");
Line Deleted : user_pref("CT3289663.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Line Deleted : user_pref("CT3289663.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3289663.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://InternetHelper31.OurToolb[...]
Line Deleted : user_pref("CT3289663.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3289663.search.searchAppId", "130067724014616498");
Line Deleted : user_pref("CT3289663.search.searchCount", "0");
Line Deleted : user_pref("CT3289663.searchFromAddressBarEnabledByUser", "false");
Line Deleted : user_pref("CT3289663.searchInNewTabEnabledByUser", "false");
Line Deleted : user_pref("CT3289663.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3289663.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT3289663.searchUserMode", "2");
Line Deleted : user_pref("CT3289663.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3289663\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://InternetHelper31.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"InternetHelper3.1 \"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_services_Configuration_lastUpdate", "1391533934454");
Line Deleted : user_pref("CT3289663.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1375892904833");
Line Deleted : user_pref("CT3289663.serviceLayer_services_appsMetadata_lastUpdate", "1375892904853");
Line Deleted : user_pref("CT3289663.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1375892904984");
Line Deleted : user_pref("CT3289663.serviceLayer_services_login_10.16.9.506_lastUpdate", "1377547947900");
Line Deleted : user_pref("CT3289663.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378738932124");
Line Deleted : user_pref("CT3289663.serviceLayer_services_login_10.20.0.513_lastUpdate", "1379957909945");
Line Deleted : user_pref("CT3289663.serviceLayer_services_login_10.20.1.508_lastUpdate", "1382279487286");
Line Deleted : user_pref("CT3289663.serviceLayer_services_login_10.21.1.507_lastUpdate", "1384184535587");
Line Deleted : user_pref("CT3289663.serviceLayer_services_login_10.22.2.530_lastUpdate", "1384368512001");
Line Deleted : user_pref("CT3289663.serviceLayer_services_login_10.22.3.518_lastUpdate", "1384980137366");
Line Deleted : user_pref("CT3289663.serviceLayer_services_login_10.22.5.510_lastUpdate", "1386692456277");
Line Deleted : user_pref("CT3289663.serviceLayer_services_login_10.23.0.822_lastUpdate", "1391616642385");
Line Deleted : user_pref("CT3289663.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1375892905177");
Line Deleted : user_pref("CT3289663.serviceLayer_services_searchAPI_lastUpdate", "1391533934451");
Line Deleted : user_pref("CT3289663.serviceLayer_services_serviceMap_lastUpdate", "1391533934448");
Line Deleted : user_pref("CT3289663.serviceLayer_services_setupAPI_lastUpdate", "1375892903565");
Line Deleted : user_pref("CT3289663.serviceLayer_services_toolbarContextMenu_lastUpdate", "1375892904882");
Line Deleted : user_pref("CT3289663.serviceLayer_services_toolbarSettings_lastUpdate", "1391613147240");
Line Deleted : user_pref("CT3289663.serviceLayer_services_translation_lastUpdate", "1391533934449");
Line Deleted : user_pref("CT3289663.settingsINI", true);
Line Deleted : user_pref("CT3289663.showToolbarPermission", "false");
Line Deleted : user_pref("CT3289663.smartbar.CTID", "CT3289663");
Line Deleted : user_pref("CT3289663.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3289663.smartbar.isHidden", true);
Line Deleted : user_pref("CT3289663.smartbar.toolbarName", "InternetHelper3.1 ");
Line Deleted : user_pref("CT3289663.toolbarBornServerTime", "6-8-2013");
Line Deleted : user_pref("CT3289663.toolbarCurrentServerTime", "5-2-2014");
Line Deleted : user_pref("CT3289663.toolbarLoginClientTime", "Wed Aug 07 2013 12:26:24 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3289663_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1391616631658,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("extensions.crossrider.bic", "143e47f8527e4c2b977f6f1c1f01af0e");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.machineId", "V2J/5Y23CCUJ6VBV1VB+9CNUEWQWWFBJSJ1ZXRWNP/0IOD8Y4N7DIMIKUDT7NEGO8IMFYVHZJ3SZJBSVRN/RUG");
Line Deleted : user_pref("valueApps.CT3289663.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT3289663.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3289663.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Deleted : user_pref("valueApps.CT3289663.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3289663.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3289663.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3289663.mam_gk_userBornDate", "4E2F41");
Line Deleted : user_pref("valueApps.CT3289663.mam_gk_userBornDate.storedInFile", false);

[ File : C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\gtlc09yg.default\prefs.js ]


[ File : C:\Documents and Settings\Buddy\Application Data\Mozilla\Firefox\Profiles\bvojfa69.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [17261 octets] - [05/02/2014 11:13:49]
AdwCleaner[S0].txt - [16919 octets] - [05/02/2014 11:15:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16980 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Microsoft Windows XP x86
Ran by Dad on Wed 02/05/2014 at 11:55:48.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CAAF5A3A-7648-40D1-9E67-D2318C95FDF7}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Dad\Application Data\big fish games"
Successfully deleted: [Folder] "C:\Documents and Settings\Dad\Local Settings\Application Data\cre"



~~~ FireFox

Emptied folder: C:\Documents and Settings\Dad\Application Data\mozilla\firefox\profiles\v7wp6yps.default\minidumps [4 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/05/2014 at 12:09:28.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

C:\AdwCleaner\Quarantine\C\Documents and Settings\Dad\Local Settings\Application Data\internethelper3.1\hk64tbInte.dll.vir    Win64/Toolbar.Conduit.A potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Dad\Local Settings\Application Data\internethelper3.1\hktbInte.dll.vir    Win32/Toolbar.Conduit.W potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Dad\Local Settings\Application Data\internethelper3.1\ldrtbInte.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Dad\Local Settings\Application Data\internethelper3.1\tbInte.dll.vir    a variant of Win32/Toolbar.Conduit.B potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\goforfiles\uninstall.exe.vir    a variant of Win32/ExpressFiles.B potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\internethelper3.1\hk64tbInte.dll.vir    Win64/Toolbar.Conduit.A potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\internethelper3.1\hktbInte.dll.vir    Win32/Toolbar.Conduit.W potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\internethelper3.1\InternetHelper3.1ToolbarHelper.exe.vir    Win32/Toolbar.Conduit.V potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\internethelper3.1\ldrtbInte.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\internethelper3.1\tbInte.dll.vir    a variant of Win32/Toolbar.Conduit.B potentially unwanted application    deleted - quarantined
C:\Documents and Settings\All Users\Documents\Games\Words With Friends 6.3.2 full Edition.apk    a variant of Android/Plankton.I trojan    deleted - quarantined
C:\Documents and Settings\All Users\Documents\Games\Reflexorator\Keygen For Reflexive Games.exe    a variant of Win32/Keygen.BG potentially unsafe application    deleted - quarantined
C:\Documents and Settings\All Users\Documents\Games\Shadow Wolf-Curse of the Full Moon\Register KeyGen + Tutorial.rar    a variant of Win32/Keygen.DU potentially unsafe application    deleted - quarantined
C:\Documents and Settings\Dad\Local Settings\Application Data\lnwbstri.exe    a variant of Win32/Kryptik.BUJM trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Dad\Local Settings\Application Data\vorairet.exe    Win32/TrojanDownloader.Zortob.F trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Dad\My Documents\media.player.codec.pack.v4.2.3.setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
C:\Documents and Settings\Dad\My Documents\Computer Tools\Spyware Doctor 5.5.0.178 - Final UPDATED\Patch.exe    a variant of Win32/HackTool.Patcher.AF potentially unsafe application    deleted - quarantined
C:\Program Files\Mobogenie\Mobogenie.7z    Win32/NextLive.A potentially unwanted application    deleted - quarantined
C:\Program Files\Mobogenie\nengine.dll    Win32/NextLive.A potentially unwanted application    deleted - quarantined
C:\Program Files\Trend Micro\HijackThis\backups\backup-20130806-130507-632.dll    Win32/Toolbar.Conduit.W potentially unwanted application    deleted - quarantined
C:\RECYCLER\S-1-5-21-1454471165-1563985344-725345543-1004\Dc111.zip    a variant of Win32/Kryptik.BUAE trojan    deleted - quarantined
C:\RECYCLER\S-1-5-21-1454471165-1563985344-725345543-1004\Dc113.zip    a variant of Win32/Kryptik.BUAE trojan    deleted - quarantined
C:\WINDOWS\system32\drivers\mchInjDrv.sys    Win32/MCH potentially unsafe application    deleted - quarantined
 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:42 AM

Posted 05 February 2014 - 10:07 PM

Hello things should be a lot better now.

A few things to deal with. as malware has altered them.

If you haven't you need to reboot to complete the malware removal above.


Reset Internet Explorer settings


These are outdated and can be exploited by malware. Remove them in Control ael / Uninstall.
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 33 (Version: 6.0.330)

Reboot again.

If you want to install the latest version ... but I doubt that you need Java.
Go HERE and install Windows Offline (32-bit)



The Cidox infection allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.



How is it now??

Edited by boopme, 05 February 2014 - 10:28 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 budz78

budz78
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 06 February 2014 - 08:15 AM

That seems to have done it. The 'ol computer might still have a little life left in it. Is the Cidox virus I still should be concerned about? I do have personal info on this computer, I will change all my banking passwords. Once again Thank You



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:42 AM

Posted 06 February 2014 - 10:57 AM

Yes Cidox is the troublemaker.
About Cidox
http://www.securelist.com/en/blog/517/Cybercriminals_switch_from_MBR_to_NTFS

Lets run one more tool please.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions
  • for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 budz78

budz78
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 06 February 2014 - 05:45 PM

Here is the Mlwarebytes results. I also have a question. My AVG keeps finding a 'PSW Generic 12' virus, it keeps deleting it but it seem to come back after awhile. Should I be concerned? Thanks

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.06.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Dad :: PAIN [administrator]

2/6/2014 12:08:49 PM
mbam-log-2014-02-06 (12-08-49).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 470593
Time elapsed: 5 hour(s), 26 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\Dad\My Documents\Sudoku Up 2011 5.0 Incl Keygen [vokeon]\Sudoku Up 2011 5.0 [vokeon].rar (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dad\My Documents\Sudoku Up 2011 5.0 Incl Keygen [vokeon]\Sudoku Up 2011 5.0 [vokeon]\THETA\NFOviewer.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B155A9EC-F7E0-46B6-A716-59B666E69A31}\RP2057\A0208314.exe (PUP.Optional.GoForFiles.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B155A9EC-F7E0-46B6-A716-59B666E69A31}\RP2057\A0208317.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B155A9EC-F7E0-46B6-A716-59B666E69A31}\RP2057\A0208411.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

(end)



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:42 AM

Posted 06 February 2014 - 08:55 PM

Hi appears you infected yourself by using a keygen, That's the trade off free stuff while we steal your info.
 
Looks clean now except for what's in your System Volume Information, these are your restore points.
 
 
 

Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can re-infect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup
  • to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links:
  • Create a New Restore Point in Vista
  • Create a New Restore Point in Windows 7 (alternate method)
  • Disk Cleanup in Vista
  • Disk Cleanup in Windows 7
  • ◾Reboot and see how it is.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 budz78

budz78
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 08 February 2014 - 08:30 AM

I seems to be a lot better now. I'm having problems running disk cleanup it seems to run about 3hrs. and not get anywhere on the progress bar. But I can live with that. Still running slow but a lot faster, it takes quit awhile to boot up. Could my hard drive be slowing down (getting older)? It seems to be running quite a bit with no programs open.

Edited by budz78, 08 February 2014 - 05:09 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:42 AM

Posted 10 February 2014 - 09:01 PM

Ask about the slower startup and possibl disk failure in XP as they have other diagnostics to use.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 budz78

budz78
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 11 February 2014 - 04:32 PM

It seeme to have worked out mostly everything. I'll let it go as is this is better than I expected. Once again Thank - You and thanks for your time



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:42 AM

Posted 11 February 2014 - 05:10 PM

OK, you're welcome!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users