Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CANNOT INSTALL ANY VIRUS PROTECTION AND SYSTEM RESTORE IS NOT WORKING


  • Please log in to reply
14 replies to this topic

#1 cryss962

cryss962

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 25 February 2014 - 05:52 PM

  I originally had Microsoft Security Essentials for 6 months now.  I had it programed to scan everyday.  All of a sudden everything is removed from icon task bar (I'm sure if that is what it is called)  and I can no longer access those programs even from the start menu which included MSE.  My system restore will not respond.  I keep getting this pop up:  loadmoney.txt - notepad.  I have tried safe mode with networking and I still cannot download anything except Dr. Web's Cure it.  What are my options?  I am running Windows XP  with service pack 3. 

 

I have recently found that Spyhunter4 was able to download and detected 327 problems, which included some antivirus blocking rules.  If I purchase their product will they be able to fix the issues I am having.  I don't want to purchase a product that I am not sure whether that will fix the problem.

 

Well, spyhunter gives me the option to pay with paypal, but when I select paypal there is an error and I don't think that it would be safe to give my creditcard in formation right now.

 

Also I have problems deleting Files or Folders.  It says Acess denied, make sure the disk is not full or write protected and that the file is not currently protected.


Edited by cryss962, 25 February 2014 - 06:04 PM.


BC AdBot (Login to Remove)

 


#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,809 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 25 February 2014 - 06:43 PM

G'day cryss962,

I would steer clear of spyhunter 4...it is distributed by enigma software which has a poor rating according to WOT.....it rates the site as misleading and unethical and spammy.

 

Run the following for me and see what we can do..... if you are unable to download any of these tools please let me know.

 

 

 

Download  MiniToolBox MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files

 

Please Close Firefox before using this tool
 
Click Go and copy / paste the result (Result.txt).

 

 

Download TDSSKiller and save it to your desktop.

  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

 

Please Download  AdwCleaner
* Close all open programs and internet browsers.
* Double click on adwcleaner.exe to run the tool.
* Click on the Scan button.
* When the scan has finished click on the
Clean button.
* NOTE : Your computer will be
rebooted automatically. A text file will open after the restart.
* Please post the contents of that logfile with your next reply.
* You can find the logfile at C:\AdwCleaner.txt as well.
Once I OK the log, please click the Uninstall button to fully remove all items

 

 

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

 

This next scan will take a long time....2 hours + is not unusual

 

Hold down Control and click on this link to open ESET OnlineScan in a new window.

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#3 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 PM

Posted 25 February 2014 - 06:51 PM

Download and make a full scan with Dr.Web Cure it.Choose option about objects to be checked Remove all found threats.

Ashampoo_Snap_2014.02.26_01h38m36s_001_.

 

After that download portable Superantispyware - http://www.superantispyware.com/

Make a complete scan and do the same as previous.Do not pay anything!

 

Do also what Condobloke advises you.


Edited by Alex&Vanko, 25 February 2014 - 06:53 PM.


#4 cryss962

cryss962
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 26 February 2014 - 10:54 AM

Ok here are all the log files in the order you asked.  The only one I dont have is Eset.  I clicked the link and selected start.  It showed a blue screen with the little red x in the top left corner. That is all I could get it to do.   I tried the next link for the smartinstaller.  When I tried to save I got Access denied, make sure disk is not full or copy writed or being used.  When I tried to just go ahead and run, it downloads and verifies and then nothing.

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Crystal (administrator) on 26-02-2014 at 08:38:22
Running from "C:\Documents and Settings\Crystal\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)

# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

popd
# End of interface IP configuration

 

Windows IP Configuration

 

        Host Name . . . . . . . . . . . . : owner-d1905f8ab

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : att.net

 

Ethernet adapter Local Area Connection:

 

        Connection-specific DNS Suffix  . : att.net

        Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

        Physical Address. . . . . . . . . : 00-13-72-DF-35-03

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.66

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.254

        DHCP Server . . . . . . . . . . . : 192.168.1.254

        DNS Servers . . . . . . . . . . . : 192.168.1.254

        Lease Obtained. . . . . . . . . . : Wednesday, February 26, 2014 8:29:40 AM

        Lease Expires . . . . . . . . . . : Thursday, February 27, 2014 8:29:40 AM

Server:  dsldevice.att.net
Address:  192.168.1.254

Name:    google.com
Addresses:  74.125.227.162, 74.125.227.163, 74.125.227.167, 74.125.227.164
   74.125.227.166, 74.125.227.168, 74.125.227.165, 74.125.227.174, 74.125.227.160
   74.125.227.161, 74.125.227.169

 

Pinging google.com [74.125.227.238] with 32 bytes of data:

 

Reply from 74.125.227.238: bytes=32 time=32ms TTL=51

Reply from 74.125.227.238: bytes=32 time=32ms TTL=51

 

Ping statistics for 74.125.227.238:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 32ms, Maximum = 32ms, Average = 32ms

Server:  dsldevice.att.net
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  206.190.36.45, 98.139.183.24, 98.138.253.109

 

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:

 

Reply from 98.138.253.109: bytes=32 time=81ms TTL=46

Reply from 98.138.253.109: bytes=32 time=178ms TTL=46

 

Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 81ms, Maximum = 178ms, Average = 129ms

 

Pinging 127.0.0.1 with 32 bytes of data:

 

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 72 df 35 03 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.66   20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
      192.168.1.0    255.255.255.0     192.168.1.66    192.168.1.66   20
     192.168.1.66  255.255.255.255        127.0.0.1       127.0.0.1   20
    192.168.1.255  255.255.255.255     192.168.1.66    192.168.1.66   20
        224.0.0.0        240.0.0.0     192.168.1.66    192.168.1.66   20
  255.255.255.255  255.255.255.255     192.168.1.66    192.168.1.66   1
Default Gateway:     192.168.1.254
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/25/2014 11:28:01 AM) (Source: Application Error) (User: )
Description: Faulting application rkill.com, version 2.6.5.0, faulting module rkill.com, version 2.6.5.0, fault address 0x00061025.
Processing media-specific event for [rkill.com!ws!]

Error: (02/25/2014 10:56:13 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23562, fault address 0x003bda63.
Processing media-specific event for [iexplore.exe!ws!]

Error: (02/25/2014 10:32:53 AM) (Source: Application Error) (User: )
Description: Faulting application rkill.com, version 2.6.5.0, faulting module rkill.com, version 2.6.5.0, fault address 0x00061025.
Processing media-specific event for [rkill.com!ws!]

Error: (02/24/2014 05:23:24 PM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x80070656
Description:.  0x80070656. Error opening installation log file. Verify that the specified log file location exists and that you can write to it.

Error: (02/24/2014 05:18:51 PM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x80070656
Description:.  0x80070656. Error opening installation log file. Verify that the specified log file location exists and that you can write to it.

Error: (02/24/2014 05:18:28 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.4.304.00x80070656common client setup outcomesetresultdatapoints0security essentialsNILNILNIL

Error: (02/24/2014 05:18:27 PM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x80070656
Description:.  0x80070656. Error opening installation log file. Verify that the specified log file location exists and that you can write to it.

Error: (02/24/2014 05:18:26 PM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x8004FF03
Description:.  0x8004FF03.

Error: (02/24/2014 05:14:09 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.4.304.00x80070656morrobootstraper__cinstallflow__internalrun - geteppuninstallactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL

Error: (02/24/2014 04:47:56 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.4.304.00x80070656common client setup outcomesetresultdatapoints0security essentialsNILNILNIL

System errors:
=============
Error: (02/25/2014 05:03:10 PM) (Source: Service Control Manager) (User: )
Description: The SpyHunter 4 Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/25/2014 03:38:30 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/25/2014 03:28:05 PM) (Source: DCOM) (User: OWNER-D1905F8AB)
Description: DCOM got error "%%1084" attempting to start the service BITS with arguments ""
in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (02/25/2014 03:22:50 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
MpFilter

Error: (02/25/2014 03:21:46 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/25/2014 01:45:13 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (02/25/2014 01:00:27 PM) (Source: Service Control Manager) (User: )
Description: The Computer Backup (JustCloud) service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/25/2014 11:55:22 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%5

Error: (02/25/2014 11:53:50 AM) (Source: Service Control Manager) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/25/2014 11:26:28 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%5

Microsoft Office Sessions:
=========================
Error: (02/25/2014 11:28:01 AM) (Source: Application Error)(User: )
Description: rkill.com2.6.5.0rkill.com2.6.5.000061025

Error: (02/25/2014 10:56:13 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702mshtml.dll8.0.6001.23562003bda63

Error: (02/25/2014 10:32:53 AM) (Source: Application Error)(User: )
Description: rkill.com2.6.5.0rkill.com2.6.5.000061025

Error: (02/24/2014 05:23:24 PM) (Source: Microsoft Security Client Setup)(User: )
Description: HRESULT:0x80070656
Description:.  0x80070656. Error opening installation log file. Verify that the specified log file location exists and that you can write to it.

Error: (02/24/2014 05:18:51 PM) (Source: Microsoft Security Client Setup)(User: )
Description: HRESULT:0x80070656
Description:.  0x80070656. Error opening installation log file. Verify that the specified log file location exists and that you can write to it.

Error: (02/24/2014 05:18:28 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientsetup.exe4.4.304.00x80070656common client setup outcomesetresultdatapoints0security essentialsNILNILNIL

Error: (02/24/2014 05:18:27 PM) (Source: Microsoft Security Client Setup)(User: )
Description: HRESULT:0x80070656
Description:.  0x80070656. Error opening installation log file. Verify that the specified log file location exists and that you can write to it.

Error: (02/24/2014 05:18:26 PM) (Source: Microsoft Security Client Setup)(User: )
Description: HRESULT:0x8004FF03
Description:.  0x8004FF03.

Error: (02/24/2014 05:14:09 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientsetup.exe4.4.304.00x80070656morrobootstraper__cinstallflow__internalrun - geteppuninstallactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL

Error: (02/24/2014 04:47:56 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientsetup.exe4.4.304.00x80070656common client setup outcomesetresultdatapoints0security essentialsNILNILNIL

=========================== Installed Programs ============================

1Click DVD Copy 5.9.8.5
7-Zip 9.20
7-Zip 9.20 (Version: 9.20.00.0)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.70)
Adobe Flash Player 12 Plugin (Version: 12.0.0.70)
Adobe Reader 8.1.0 (Version: 8.1.0)
Apple Application Support (Version: 3.0)
Apple Mobile Device Support (Version: 7.1.0.32)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.11)
DVD43 Plug-in v1.0.0.6
Easy Dental 2010 (Version: 2010.0.60.4 i1)
Epson Event Manager (Version: 2.40.0001)
Epson FAX Utility (Version: 1.10.00)
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 630 Series Printer Uninstall
EpsonNet Print (Version: 2.4i)
EpsonNet Setup 3.3 (Version: 3.3b)
Free Opener (Version: 1.4)
Google Chrome (Version: 33.0.1750.117)
Google Update Helper (Version: 1.3.22.5)
Guru Limited Edition (Version: 3.0.0.11)
Guru Limited Edition Server (Version: 3.0.0.11)
Intel® Graphics Media Accelerator Driver
Intel® Network Connections Drivers
iTunes (Version: 11.1.4.62)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 14.0.8117.416)
JustCloud  (Version: )
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft VC++9.0 redistributables (Version: 1.00.0000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Office Depot PC Support Agent (Version: 64.0.5.4)
QuickTime (Version: 7.74.80.86)
SavingsBull (Version: 1.0.0.0)
SavingsBullFilter (Version: 1.0.0.0)
Segoe UI (Version: 14.0.4327.805)
The Weather Channel App (Version: 1.00.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
WebFldrs XP (Version: 9.50.7523)
Windows Cleaner (Version: 1.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
WordPerfect Office 12 (Version: 12.01)
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 3062.07 MB
Available physical RAM: 2128.52 MB
Total Pagefile: 4948 MB
Available Pagefile: 4009.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.94 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:145.71 GB) (Free:126.11 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-D1905F8AB

Administrator            Crystal                  Guest                   
HelpAssistant            SUPPORT_388945a0        

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

 

 

08:42:37.0703 0x01e8  TDSS rootkit removing tool 3.0.0.23 Feb 10 2014 23:32:41
08:42:41.0343 0x01e8  ============================================================
08:42:41.0343 0x01e8  Current date / time: 2014/02/26 08:42:41.0343
08:42:41.0343 0x01e8  SystemInfo:
08:42:41.0343 0x01e8 
08:42:41.0343 0x01e8  OS Version: 5.1.2600 ServicePack: 3.0
08:42:41.0343 0x01e8  Product type: Workstation
08:42:41.0343 0x01e8  ComputerName: OWNER-D1905F8AB
08:42:41.0343 0x01e8  UserName: Crystal
08:42:41.0343 0x01e8  Windows directory: C:\WINDOWS
08:42:41.0343 0x01e8  System windows directory: C:\WINDOWS
08:42:41.0343 0x01e8  Processor architecture: Intel x86
08:42:41.0343 0x01e8  Number of processors: 2
08:42:41.0343 0x01e8  Page size: 0x1000
08:42:41.0343 0x01e8  Boot type: Normal boot
08:42:41.0343 0x01e8  ============================================================
08:42:42.0890 0x01e8  KLMD registered as C:\WINDOWS\system32\drivers\79248469.sys
08:42:42.0953 0x01e8  System UUID: {0917D5B8-6ACA-3F99-104A-0A7788624A28}
08:42:43.0593 0x01e8  Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:42:43.0593 0x01e8  ============================================================
08:42:43.0593 0x01e8  \Device\Harddisk0\DR0:
08:42:43.0593 0x01e8  MBR partitions:
08:42:43.0593 0x01e8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1236AA0D
08:42:43.0593 0x01e8  ============================================================
08:42:43.0656 0x01e8  C: <-> \Device\Harddisk0\DR0\Partition1
08:42:43.0671 0x01e8  ============================================================
08:42:43.0671 0x01e8  Initialize success
08:42:43.0687 0x01e8  ============================================================
08:42:45.0562 0x05e0  ============================================================
08:42:45.0562 0x05e0  Scan started
08:42:45.0562 0x05e0  Mode: Manual;
08:42:45.0562 0x05e0  ============================================================
08:42:45.0562 0x05e0  KSN ping started
08:42:48.0187 0x05e0  KSN ping finished: true
08:42:48.0937 0x05e0  ================ Scan system memory ========================
08:42:48.0937 0x05e0  System memory - ok
08:42:48.0937 0x05e0  ================ Scan services =============================
08:42:49.0000 0x05e0  Abiosdsk - ok
08:42:49.0015 0x05e0  abp480n5 - ok
08:42:49.0078 0x05e0  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:42:49.0078 0x05e0  ACPI - ok
08:42:49.0281 0x05e0  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
08:42:49.0281 0x05e0  ACPIEC - ok
08:42:49.0359 0x05e0  [ F7AB315A4D400CA876381D1E188A2E20, B6019C2E9B6801BB23C530C66D080F47330F48ADB0DD2813D50BE1408865BD91 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:42:49.0375 0x05e0  AdobeFlashPlayerUpdateSvc - ok
08:42:49.0390 0x05e0  adpu160m - ok
08:42:49.0421 0x05e0  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
08:42:49.0421 0x05e0  aec - ok
08:42:49.0484 0x05e0  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
08:42:49.0484 0x05e0  AFD - ok
08:42:49.0484 0x05e0  Aha154x - ok
08:42:49.0500 0x05e0  aic78u2 - ok
08:42:49.0500 0x05e0  aic78xx - ok
08:42:49.0546 0x05e0  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
08:42:49.0546 0x05e0  Alerter - ok
08:42:49.0578 0x05e0  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
08:42:49.0593 0x05e0  ALG - ok
08:42:49.0593 0x05e0  AliIde - ok
08:42:49.0609 0x05e0  amsint - ok
08:42:49.0734 0x05e0  [ F518545E5B7623AD49ABE7F8776EFA46, CD39B6EC0D80C6DB857F34D4AC5C31085271B51B8851A56FEFC052B20B7CC40C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:42:49.0750 0x05e0  Apple Mobile Device - ok
08:42:49.0781 0x05e0  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
08:42:49.0796 0x05e0  AppMgmt - ok
08:42:49.0796 0x05e0  asc - ok
08:42:49.0812 0x05e0  asc3350p - ok
08:42:49.0812 0x05e0  asc3550 - ok
08:42:49.0906 0x05e0  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:42:49.0906 0x05e0  aspnet_state - ok
08:42:49.0921 0x05e0  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:42:49.0921 0x05e0  AsyncMac - ok
08:42:49.0968 0x05e0  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
08:42:49.0968 0x05e0  atapi - ok
08:42:49.0984 0x05e0  Atdisk - ok
08:42:49.0984 0x05e0  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:42:50.0000 0x05e0  Atmarpc - ok
08:42:50.0046 0x05e0  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
08:42:50.0046 0x05e0  AudioSrv - ok
08:42:50.0093 0x05e0  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
08:42:50.0093 0x05e0  audstub - ok
08:42:50.0140 0x05e0  [ 15ACA2AD17ACECA4814F249783E63AD3, AB8E74A5B8FC2FD04BA2B495610A8BE76408E9362A447D7069D5AAB8F3512F33 ] avgtp           C:\WINDOWS\system32\drivers\avgtpx86.sys
08:42:50.0140 0x05e0  avgtp - ok
08:42:50.0187 0x05e0  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
08:42:50.0187 0x05e0  Beep - ok
08:42:50.0234 0x05e0  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
08:42:50.0250 0x05e0  BITS - ok
08:42:50.0359 0x05e0  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:42:50.0375 0x05e0  Bonjour Service - ok
08:42:50.0421 0x05e0  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
08:42:50.0421 0x05e0  Browser - ok
08:42:50.0453 0x05e0  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
08:42:50.0453 0x05e0  cbidf2k - ok
08:42:50.0453 0x05e0  cd20xrnt - ok
08:42:50.0484 0x05e0  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
08:42:50.0484 0x05e0  Cdaudio - ok
08:42:50.0515 0x05e0  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
08:42:50.0531 0x05e0  Cdfs - ok
08:42:50.0562 0x05e0  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:42:50.0562 0x05e0  Cdrom - ok
08:42:50.0578 0x05e0  Changer - ok
08:42:50.0609 0x05e0  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
08:42:50.0609 0x05e0  CiSvc - ok
08:42:50.0609 0x05e0  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
08:42:50.0609 0x05e0  ClipSrv - ok
08:42:50.0656 0x05e0  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:42:50.0656 0x05e0  clr_optimization_v2.0.50727_32 - ok
08:42:50.0734 0x05e0  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:42:50.0765 0x05e0  clr_optimization_v4.0.30319_32 - ok
08:42:50.0765 0x05e0  CmdIde - ok
08:42:50.0781 0x05e0  COMSysApp - ok
08:42:50.0796 0x05e0  CouponXplorer_5zService - ok
08:42:50.0812 0x05e0  Cpqarray - ok
08:42:50.0859 0x05e0  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
08:42:50.0859 0x05e0  CryptSvc - ok
08:42:50.0859 0x05e0  dac2w2k - ok
08:42:50.0875 0x05e0  dac960nt - ok
08:42:50.0921 0x05e0  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
08:42:50.0953 0x05e0  DcomLaunch - ok
08:42:50.0984 0x05e0  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
08:42:50.0984 0x05e0  Dhcp - ok
08:42:51.0000 0x05e0  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
08:42:51.0000 0x05e0  Disk - ok
08:42:51.0000 0x05e0  dmadmin - ok
08:42:51.0078 0x05e0  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
08:42:51.0109 0x05e0  dmboot - ok
08:42:51.0125 0x05e0  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
08:42:51.0125 0x05e0  dmio - ok
08:42:51.0156 0x05e0  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
08:42:51.0156 0x05e0  dmload - ok
08:42:51.0203 0x05e0  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
08:42:51.0203 0x05e0  dmserver - ok
08:42:51.0250 0x05e0  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
08:42:51.0250 0x05e0  DMusic - ok
08:42:51.0296 0x05e0  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
08:42:51.0296 0x05e0  Dnscache - ok
08:42:51.0343 0x05e0  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
08:42:51.0359 0x05e0  Dot3svc - ok
08:42:51.0359 0x05e0  dpti2o - ok
08:42:51.0375 0x05e0  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
08:42:51.0375 0x05e0  drmkaud - ok
08:42:51.0421 0x05e0  [ AC9CF17EE2AE003C98EB4F5336C38058, 40618641B6B2DD71A8C284EB25AF81CA219A82AE7AA91C4BB2B4A3D44A2B3BBF ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
08:42:51.0421 0x05e0  E100B - ok
08:42:51.0468 0x05e0  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
08:42:51.0468 0x05e0  EapHost - ok
08:42:51.0546 0x05e0  [ ABDD5AD016AFFD34AD40E944CE94BF59, 61089124CD8FEA31142CD4D3C47224A6310B9BE7B7FA974956D9EDDAD4381503 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
08:42:51.0546 0x05e0  EpsonBidirectionalService - ok
08:42:51.0562 0x05e0  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
08:42:51.0562 0x05e0  ERSvc - ok
08:42:51.0609 0x05e0  esgiguard - ok
08:42:51.0656 0x05e0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
08:42:51.0656 0x05e0  Eventlog - ok
08:42:51.0718 0x05e0  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
08:42:51.0734 0x05e0  EventSystem - ok
08:42:51.0781 0x05e0  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
08:42:51.0781 0x05e0  Fastfat - ok
08:42:51.0828 0x05e0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:42:51.0828 0x05e0  FastUserSwitchingCompatibility - ok
08:42:51.0843 0x05e0  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
08:42:51.0843 0x05e0  Fdc - ok
08:42:51.0875 0x05e0  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
08:42:51.0875 0x05e0  Fips - ok
08:42:51.0890 0x05e0  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
08:42:51.0890 0x05e0  Flpydisk - ok
08:42:51.0953 0x05e0  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:42:51.0953 0x05e0  FltMgr - ok
08:42:52.0000 0x05e0  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:42:52.0000 0x05e0  FontCache3.0.0.0 - ok
08:42:52.0015 0x05e0  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:42:52.0015 0x05e0  Fs_Rec - ok
08:42:52.0031 0x05e0  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:42:52.0031 0x05e0  Ftdisk - ok
08:42:52.0062 0x05e0  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:42:52.0062 0x05e0  GEARAspiWDM - ok
08:42:52.0078 0x05e0  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:42:52.0078 0x05e0  Gpc - ok
08:42:52.0156 0x05e0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
08:42:52.0156 0x05e0  gupdate - ok
08:42:52.0171 0x05e0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
08:42:52.0171 0x05e0  gupdatem - ok
08:42:52.0218 0x05e0  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:42:52.0234 0x05e0  HDAudBus - ok
08:42:52.0296 0x05e0  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:42:52.0296 0x05e0  helpsvc - ok
08:42:52.0328 0x05e0  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
08:42:52.0328 0x05e0  HidServ - ok
08:42:52.0343 0x05e0  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:42:52.0343 0x05e0  hidusb - ok
08:42:52.0390 0x05e0  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
08:42:52.0390 0x05e0  hkmsvc - ok
08:42:52.0390 0x05e0  hpn - ok
08:42:52.0437 0x05e0  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
08:42:52.0453 0x05e0  HTTP - ok
08:42:52.0468 0x05e0  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
08:42:52.0484 0x05e0  HTTPFilter - ok
08:42:52.0484 0x05e0  i2omgmt - ok
08:42:52.0500 0x05e0  i2omp - ok
08:42:52.0796 0x05e0  [ 48846B31BE5A4FA662CCFDE7A1BA86B9, BC653F3ADAD70E766484986F196D4045D2CC6D92E5D827907E734254EE489A33 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
08:42:53.0046 0x05e0  ialm - ok
08:42:53.0156 0x05e0  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:42:53.0203 0x05e0  idsvc - ok
08:42:53.0218 0x05e0  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
08:42:53.0218 0x05e0  Imapi - ok
08:42:53.0250 0x05e0  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
08:42:53.0265 0x05e0  ImapiService - ok
08:42:53.0281 0x05e0  ini910u - ok
08:42:53.0281 0x05e0  IntelIde - ok
08:42:53.0328 0x05e0  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:42:53.0328 0x05e0  intelppm - ok
08:42:53.0343 0x05e0  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:42:53.0343 0x05e0  Ip6Fw - ok
08:42:53.0375 0x05e0  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:42:53.0375 0x05e0  IpFilterDriver - ok
08:42:53.0390 0x05e0  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:42:53.0390 0x05e0  IpInIp - ok
08:42:53.0421 0x05e0  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:42:53.0421 0x05e0  IpNat - ok
08:42:53.0484 0x05e0  [ 9AE882A67F019CF30E8C9D7D60B05DDA, FB5D71F94529F37C8B45A5B4FBD15C66AECBFABB7E51C3B9BF63AEAFBE89F8BC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
08:42:53.0500 0x05e0  iPod Service - ok
08:42:53.0546 0x05e0  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:42:53.0546 0x05e0  IPSec - ok
08:42:53.0593 0x05e0  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
08:42:53.0593 0x05e0  IRENUM - ok
08:42:53.0640 0x05e0  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:42:53.0656 0x05e0  isapnp - ok
08:42:53.0734 0x05e0  [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
08:42:53.0750 0x05e0  JavaQuickStarterService - ok
08:42:53.0781 0x05e0  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:42:53.0796 0x05e0  Kbdclass - ok
08:42:53.0796 0x05e0  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:42:53.0796 0x05e0  kbdhid - ok
08:42:53.0812 0x05e0  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
08:42:53.0828 0x05e0  kmixer - ok
08:42:53.0843 0x05e0  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
08:42:53.0859 0x05e0  KSecDD - ok
08:42:53.0890 0x05e0  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
08:42:53.0906 0x05e0  LanmanServer - ok
08:42:53.0953 0x05e0  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:42:53.0968 0x05e0  lanmanworkstation - ok
08:42:53.0984 0x05e0  lbrtfdc - ok
08:42:54.0015 0x05e0  Level Quality Watcher - ok
08:42:54.0046 0x05e0  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
08:42:54.0046 0x05e0  LmHosts - ok
08:42:54.0078 0x05e0  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
08:42:54.0078 0x05e0  Messenger - ok
08:42:54.0125 0x05e0  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
08:42:54.0125 0x05e0  mnmdd - ok
08:42:54.0156 0x05e0  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
08:42:54.0171 0x05e0  mnmsrvc - ok
08:42:54.0187 0x05e0  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
08:42:54.0187 0x05e0  Modem - ok
08:42:54.0218 0x05e0  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:42:54.0218 0x05e0  Mouclass - ok
08:42:54.0250 0x05e0  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:42:54.0250 0x05e0  mouhid - ok
08:42:54.0281 0x05e0  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
08:42:54.0281 0x05e0  MountMgr - ok
08:42:54.0312 0x05e0  [ E77DC03DD3C8E5A388BF9EED2A28F3D1, ED0DAA975D1EC35CE036F02596218E15CC6A054167628D12A0A5AD91B841F422 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
08:42:54.0312 0x05e0  MpFilter - ok
08:42:54.0328 0x05e0  mraid35x - ok
08:42:54.0343 0x05e0  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:42:54.0343 0x05e0  MRxDAV - ok
08:42:54.0390 0x05e0  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:42:54.0421 0x05e0  MRxSmb - ok
08:42:54.0453 0x05e0  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
08:42:54.0468 0x05e0  MSDTC - ok
08:42:54.0500 0x05e0  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
08:42:54.0500 0x05e0  Msfs - ok
08:42:54.0515 0x05e0  MSIServer - ok
08:42:54.0546 0x05e0  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:42:54.0546 0x05e0  MSKSSRV - ok
08:42:54.0578 0x05e0  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:42:54.0578 0x05e0  MSPCLOCK - ok
08:42:54.0593 0x05e0  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
08:42:54.0609 0x05e0  MSPQM - ok
08:42:54.0640 0x05e0  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:42:54.0640 0x05e0  mssmbios - ok
08:42:54.0687 0x05e0  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
08:42:54.0687 0x05e0  Mup - ok
08:42:54.0734 0x05e0  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
08:42:54.0734 0x05e0  napagent - ok
08:42:54.0765 0x05e0  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
08:42:54.0781 0x05e0  NDIS - ok
08:42:54.0812 0x05e0  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:42:54.0812 0x05e0  NdisTapi - ok
08:42:54.0859 0x05e0  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:42:54.0859 0x05e0  Ndisuio - ok
08:42:54.0890 0x05e0  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:42:54.0890 0x05e0  NdisWan - ok
08:42:54.0937 0x05e0  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
08:42:54.0937 0x05e0  NDProxy - ok
08:42:54.0984 0x05e0  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
08:42:54.0984 0x05e0  NetBIOS - ok
08:42:55.0000 0x05e0  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
08:42:55.0015 0x05e0  NetBT - ok
08:42:55.0046 0x05e0  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
08:42:55.0046 0x05e0  NetDDE - ok
08:42:55.0078 0x05e0  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
08:42:55.0078 0x05e0  NetDDEdsdm - ok
08:42:55.0125 0x05e0  [ A4ABB21D13528D1BA3ABF484B2DF24FE, 2DC5CFB023D990FD5680859660108EA80FB320A882C5B4BBAA3A061D7C870F46 ] netfilter       C:\WINDOWS\system32\drivers\netfilter.sys
08:42:55.0125 0x05e0  netfilter - ok
08:42:55.0156 0x05e0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
08:42:55.0156 0x05e0  Netlogon - ok
08:42:55.0203 0x05e0  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
08:42:55.0203 0x05e0  Netman - ok
08:42:55.0250 0x05e0  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:42:55.0250 0x05e0  NetTcpPortSharing - ok
08:42:55.0281 0x05e0  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
08:42:55.0296 0x05e0  Nla - ok
08:42:55.0312 0x05e0  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
08:42:55.0312 0x05e0  Npfs - ok
08:42:55.0359 0x05e0  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
08:42:55.0375 0x05e0  Ntfs - ok
08:42:55.0390 0x05e0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
08:42:55.0390 0x05e0  NtLmSsp - ok
08:42:55.0437 0x05e0  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
08:42:55.0453 0x05e0  NtmsSvc - ok
08:42:55.0484 0x05e0  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
08:42:55.0484 0x05e0  Null - ok
08:42:55.0515 0x05e0  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:42:55.0515 0x05e0  NwlnkFlt - ok
08:42:55.0531 0x05e0  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:42:55.0531 0x05e0  NwlnkFwd - ok
08:42:55.0640 0x05e0  [ B9A3D8408623849FAB46B7B0826C1623, EA88329884585935CA94997A2EAA050DA116951BC04E16D1661E2CBE5E6743C7 ] Office Depot PC Support Agent C:\Program Files\Office Depot PC Support Agent\esService.exe
08:42:55.0687 0x05e0  Office Depot PC Support Agent - ok
08:42:55.0703 0x05e0  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
08:42:55.0718 0x05e0  Parport - ok
08:42:55.0734 0x05e0  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
08:42:55.0734 0x05e0  PartMgr - ok
08:42:55.0750 0x05e0  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
08:42:55.0765 0x05e0  ParVdm - ok
08:42:55.0781 0x05e0  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
08:42:55.0781 0x05e0  PCI - ok
08:42:55.0796 0x05e0  PCIDump - ok
08:42:55.0796 0x05e0  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
08:42:55.0796 0x05e0  PCIIde - ok
08:42:55.0843 0x05e0  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
08:42:55.0843 0x05e0  Pcmcia - ok
08:42:55.0890 0x05e0  [ 5B6C11DE7E839C05248CED8825470FEF, DB57DFD02C18461B1B383DF759730FFEE9C7FA8577E1679FD4740A590303EE79 ] pcouffin        C:\WINDOWS\system32\Drivers\pcouffin.sys
08:42:55.0890 0x05e0  pcouffin - ok
08:42:55.0906 0x05e0  PDCOMP - ok
08:42:55.0906 0x05e0  PDFRAME - ok
08:42:55.0937 0x05e0  PDRELI - ok
08:42:55.0937 0x05e0  PDRFRAME - ok
08:42:55.0953 0x05e0  perc2 - ok
08:42:55.0968 0x05e0  perc2hib - ok
08:42:56.0031 0x05e0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
08:42:56.0031 0x05e0  PlugPlay - ok
08:42:56.0046 0x05e0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
08:42:56.0046 0x05e0  PolicyAgent - ok
08:42:56.0062 0x05e0  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:42:56.0062 0x05e0  PptpMiniport - ok
08:42:56.0078 0x05e0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:42:56.0078 0x05e0  ProtectedStorage - ok
08:42:56.0093 0x05e0  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
08:42:56.0093 0x05e0  PSched - ok
08:42:56.0109 0x05e0  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:42:56.0109 0x05e0  Ptilink - ok
08:42:56.0125 0x05e0  ql1080 - ok
08:42:56.0140 0x05e0  Ql10wnt - ok
08:42:56.0140 0x05e0  ql12160 - ok
08:42:56.0156 0x05e0  ql1240 - ok
08:42:56.0171 0x05e0  ql1280 - ok
08:42:56.0187 0x05e0  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:42:56.0187 0x05e0  RasAcd - ok
08:42:56.0218 0x05e0  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
08:42:56.0234 0x05e0  RasAuto - ok
08:42:56.0250 0x05e0  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:42:56.0250 0x05e0  Rasl2tp - ok
08:42:56.0281 0x05e0  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
08:42:56.0296 0x05e0  RasMan - ok
08:42:56.0296 0x05e0  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:42:56.0312 0x05e0  RasPppoe - ok
08:42:56.0312 0x05e0  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
08:42:56.0312 0x05e0  Raspti - ok
08:42:56.0343 0x05e0  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:42:56.0343 0x05e0  Rdbss - ok
08:42:56.0359 0x05e0  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:42:56.0359 0x05e0  RDPCDD - ok
08:42:56.0406 0x05e0  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:42:56.0406 0x05e0  rdpdr - ok
08:42:56.0468 0x05e0  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
08:42:56.0468 0x05e0  RDPWD - ok
08:42:56.0515 0x05e0  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
08:42:56.0515 0x05e0  RDSessMgr - ok
08:42:56.0546 0x05e0  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
08:42:56.0546 0x05e0  redbook - ok
08:42:56.0593 0x05e0  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
08:42:56.0593 0x05e0  RemoteAccess - ok
08:42:56.0625 0x05e0  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
08:42:56.0625 0x05e0  RemoteRegistry - ok
08:42:56.0656 0x05e0  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
08:42:56.0656 0x05e0  RpcLocator - ok
08:42:56.0703 0x05e0  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
08:42:56.0718 0x05e0  RpcSs - ok
08:42:56.0781 0x05e0  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
08:42:56.0796 0x05e0  RSVP - ok
08:42:56.0843 0x05e0  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
08:42:56.0843 0x05e0  SamSs - ok
08:42:56.0968 0x05e0  [ F72E6D5A25BBD0A04E982361C88461E7, 748D03A77F42A5C4411746D32AFA55CB2D64D66DA32F5A54B87A5F45A5F05931 ] SavingsbullFilterService c:\Program Files\SavingsBullFilter\SavingsbullFilterService.exe
08:42:56.0968 0x05e0  SavingsbullFilterService - ok
08:42:57.0000 0x05e0  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
08:42:57.0000 0x05e0  SCardSvr - ok
08:42:57.0062 0x05e0  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
08:42:57.0078 0x05e0  Schedule - ok
08:42:57.0109 0x05e0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:42:57.0109 0x05e0  Secdrv - ok
08:42:57.0187 0x05e0  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
08:42:57.0187 0x05e0  seclogon - ok
08:42:57.0203 0x05e0  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
08:42:57.0203 0x05e0  SENS - ok
08:42:57.0234 0x05e0  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
08:42:57.0234 0x05e0  Serial - ok
08:42:57.0312 0x05e0  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
08:42:57.0312 0x05e0  Sfloppy - ok
08:42:57.0343 0x05e0  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
08:42:57.0375 0x05e0  SharedAccess - ok
08:42:57.0390 0x05e0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:42:57.0390 0x05e0  ShellHWDetection - ok
08:42:57.0406 0x05e0  Simbad - ok
08:42:57.0421 0x05e0  Sparrow - ok
08:42:57.0468 0x05e0  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
08:42:57.0468 0x05e0  splitter - ok
08:42:57.0515 0x05e0  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
08:42:57.0515 0x05e0  Spooler - ok
08:42:57.0562 0x05e0  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
08:42:57.0578 0x05e0  sr - ok
08:42:57.0593 0x05e0  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
08:42:57.0609 0x05e0  srservice - ok
08:42:57.0656 0x05e0  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
08:42:57.0671 0x05e0  Srv - ok
08:42:57.0718 0x05e0  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
08:42:57.0734 0x05e0  SSDPSRV - ok
08:42:57.0781 0x05e0  [ F843301BDADB2728822C83413EF5F132, C36CB4E972671C9C7FABFEEDD20FD1E239AFAF69AD88586A32B9B2C1FA2A2FDF ] ssmirrdr        C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys
08:42:57.0781 0x05e0  ssmirrdr - ok
08:42:57.0875 0x05e0  [ 8990440E4B2A7CA5A56A1833B03741FD, 55FE82DAE2D15D02AB12777045E2A3FE71560E53ECF1B1C03C25A603D5D90EBB ] STHDA           C:\WINDOWS\system32\drivers\sthda.sys
08:42:57.0906 0x05e0  STHDA - ok
08:42:57.0968 0x05e0  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
08:42:57.0984 0x05e0  stisvc - ok
08:42:58.0000 0x05e0  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
08:42:58.0000 0x05e0  swenum - ok
08:42:58.0046 0x05e0  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
08:42:58.0046 0x05e0  swmidi - ok
08:42:58.0062 0x05e0  SwPrv - ok
08:42:58.0078 0x05e0  symc810 - ok
08:42:58.0078 0x05e0  symc8xx - ok
08:42:58.0093 0x05e0  sym_hi - ok
08:42:58.0109 0x05e0  sym_u3 - ok
08:42:58.0125 0x05e0  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
08:42:58.0140 0x05e0  sysaudio - ok
08:42:58.0171 0x05e0  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
08:42:58.0187 0x05e0  SysmonLog - ok
08:42:58.0234 0x05e0  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
08:42:58.0250 0x05e0  TapiSrv - ok
08:42:58.0296 0x05e0  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:42:58.0328 0x05e0  Tcpip - ok
08:42:58.0359 0x05e0  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
08:42:58.0359 0x05e0  TDPIPE - ok
08:42:58.0375 0x05e0  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
08:42:58.0375 0x05e0  TDTCP - ok
08:42:58.0406 0x05e0  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
08:42:58.0406 0x05e0  TermDD - ok
08:42:58.0437 0x05e0  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
08:42:58.0453 0x05e0  TermService - ok
08:42:58.0468 0x05e0  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
08:42:58.0468 0x05e0  Themes - ok
08:42:58.0515 0x05e0  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
08:42:58.0515 0x05e0  TlntSvr - ok
08:42:58.0515 0x05e0  TosIde - ok
08:42:58.0546 0x05e0  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
08:42:58.0562 0x05e0  TrkWks - ok
08:42:58.0593 0x05e0  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
08:42:58.0593 0x05e0  Udfs - ok
08:42:58.0609 0x05e0  ultra - ok
08:42:58.0671 0x05e0  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
08:42:58.0687 0x05e0  Update - ok
08:42:58.0734 0x05e0  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
08:42:58.0734 0x05e0  upnphost - ok
08:42:58.0765 0x05e0  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
08:42:58.0765 0x05e0  UPS - ok
08:42:58.0812 0x05e0  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
08:42:58.0812 0x05e0  USBAAPL - ok
08:42:58.0859 0x05e0  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:42:58.0859 0x05e0  usbccgp - ok
08:42:58.0906 0x05e0  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:42:58.0906 0x05e0  usbehci - ok
08:42:58.0921 0x05e0  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:42:58.0921 0x05e0  usbhub - ok
08:42:58.0953 0x05e0  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:42:58.0953 0x05e0  usbscan - ok
08:42:59.0015 0x05e0  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:42:59.0015 0x05e0  USBSTOR - ok
08:42:59.0062 0x05e0  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:42:59.0062 0x05e0  usbuhci - ok
08:42:59.0078 0x05e0  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
08:42:59.0078 0x05e0  VgaSave - ok
08:42:59.0093 0x05e0  ViaIde - ok
08:42:59.0125 0x05e0  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
08:42:59.0140 0x05e0  VolSnap - ok
08:42:59.0187 0x05e0  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
08:42:59.0187 0x05e0  VSS - ok
08:42:59.0250 0x05e0  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
08:42:59.0265 0x05e0  W32Time - ok
08:42:59.0281 0x05e0  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:42:59.0281 0x05e0  Wanarp - ok
08:42:59.0296 0x05e0  WDICA - ok
08:42:59.0312 0x05e0  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
08:42:59.0312 0x05e0  wdmaud - ok
08:42:59.0328 0x05e0  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
08:42:59.0328 0x05e0  WebClient - ok
08:42:59.0421 0x05e0  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
08:42:59.0421 0x05e0  winmgmt - ok
08:42:59.0468 0x05e0  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
08:42:59.0468 0x05e0  WmdmPmSN - ok
08:42:59.0515 0x05e0  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
08:42:59.0562 0x05e0  Wmi - ok
08:42:59.0625 0x05e0  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:42:59.0625 0x05e0  WmiApSrv - ok
08:42:59.0703 0x05e0  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:42:59.0734 0x05e0  WPFFontCache_v0400 - ok
08:42:59.0796 0x05e0  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
08:42:59.0812 0x05e0  wscsvc - ok
08:42:59.0843 0x05e0  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
08:42:59.0859 0x05e0  wuauserv - ok
08:42:59.0890 0x05e0  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
08:42:59.0921 0x05e0  WZCSVC - ok
08:42:59.0953 0x05e0  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
08:42:59.0968 0x05e0  xmlprov - ok
08:43:00.0062 0x05e0  [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
08:43:00.0093 0x05e0  YahooAUService - ok
08:43:00.0109 0x05e0  ================ Scan global ===============================
08:43:00.0125 0x05e0  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
08:43:00.0187 0x05e0  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
08:43:00.0218 0x05e0  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
08:43:00.0250 0x05e0  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
08:43:00.0250 0x05e0  [ Global ] - ok
08:43:00.0265 0x05e0  ================ Scan MBR ==================================
08:43:00.0281 0x05e0  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
08:43:00.0484 0x05e0  \Device\Harddisk0\DR0 - ok
08:43:00.0500 0x05e0  ================ Scan VBR ==================================
08:43:00.0500 0x05e0  [ BC27023834F6B28E13FA26E63360FA25 ] \Device\Harddisk0\DR0\Partition1
08:43:00.0531 0x05e0  \Device\Harddisk0\DR0\Partition1 - ok
08:43:00.0531 0x05e0  Waiting for KSN requests completion. In queue: 160
08:43:01.0531 0x05e0  Waiting for KSN requests completion. In queue: 160
08:43:02.0531 0x05e0  Waiting for KSN requests completion. In queue: 160
08:43:03.0578 0x05e0  AV detected via SS1: AVG AntiVirus 2014, 2014.0, enabled, updated
08:43:03.0578 0x05e0  AV detected via SS1: Microsoft Security Essentials, 4.4.0304.0, enabled, updated
08:43:03.0593 0x05e0  Win FW state via NFM: enabled
08:43:06.0109 0x05e0  ============================================================
08:43:06.0109 0x05e0  Scan finished
08:43:06.0109 0x05e0  ============================================================
08:43:06.0125 0x016c  Detected object count: 0
08:43:06.0125 0x016c  Actual detected object count: 0
08:47:01.0250 0x014c  Deinitialize success
 

 

# AdwCleaner v3.019 - Report created 26/02/2014 at 08:48:34
# Updated 17/02/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Crystal - OWNER-D1905F8AB
# Running from : C:\Documents and Settings\Crystal\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Level Quality Watcher

***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Crystal\Desktop\JustCloud.lnk
File Found : C:\Documents and Settings\Crystal\Start Menu\Programs\Startup\JustCloud.lnk
File Found : C:\END
File Found : C:\WINDOWS\Tasks\paretologic registration3.job
File Found : C:\WINDOWS\Tasks\paretologic update version3.job
Folder Found : C:\Documents and Settings\Crystal\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found C:\DOCUME~1\Crystal\LOCALS~1\Temp\AirInstaller
Folder Found C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
Folder Found C:\Documents and Settings\All Users\Application Data\Conduit
Folder Found C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Found C:\Documents and Settings\Crystal\Application Data\AVG SafeGuard toolbar
Folder Found C:\Documents and Settings\Crystal\Application Data\CouponXplorer_5z
Folder Found C:\Documents and Settings\Crystal\Application Data\DriverCure
Folder Found C:\Documents and Settings\Crystal\Application Data\ParetoLogic
Folder Found C:\Documents and Settings\Crystal\Local Settings\Application Data\AVG SafeGuard toolbar
Folder Found C:\Documents and Settings\Crystal\Local Settings\Application Data\Conduit
Folder Found C:\Documents and Settings\Crystal\Local Settings\Application Data\iac
Folder Found C:\Documents and Settings\Crystal\My Documents\PC Health Kit
Folder Found C:\Documents and Settings\Crystal\Start Menu\Programs\ParetoLogic
Folder Found C:\Program Files\AVG SafeGuard toolbar
Folder Found C:\Program Files\Common Files\AVG Secure Search
Folder Found C:\Program Files\Common Files\ParetoLogic
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\CouponXplorer_5z
Folder Found C:\Program Files\Level Quality Watcher
Folder Found C:\Program Files\ParetoLogic

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9B138BF3-1D40-4E7E-84BB-2975198AD938}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\SmartBar
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3153924
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\ParetoLogic
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9B138BF3-1D40-4E7E-84BB-2975198AD938}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

*************************

AdwCleaner[R0].txt - [10477 octets] - [26/02/2014 08:48:34]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10538 octets] ##########

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by Crystal on Wed 02/26/2014 at  8:57:00.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&search
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3153924
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{09B1BCB5-201B-4D74-A830-E22F876F0E74}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{5a1d0d31-749c-4186-a295-4106e6e7b26a}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0297a026-3011-46d3-ad62-bb9a7612aea7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{0297a026-3011-46d3-ad62-bb9a7612aea7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d69ed06-0171-4379-9528-08df51092727}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7d69ed06-0171-4379-9528-08df51092727}

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/26/2014 at  9:03:19.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 



#5 cryss962

cryss962
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 26 February 2014 - 11:42 AM

Alex&Vanko,  I did what you said with Dr. Web Cure it.  Although there wasnt an option to remove/delet, Just to Cure, Move, or Quarintine.  I chose to Cure but still it said that it was moved.  Also, I was not able to download SuperAntiSpyware due to :  Access Denied, the disk is full, copy writed or currently being used.



#6 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,809 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 26 February 2014 - 03:02 PM

Please run AdwCleaner again, and this time select CLEAN.

 

Then....

 

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool,  If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by the infection when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that RKill can terminate the Infection that we are attempting to get rid of. So, please try running RKill until the malware is no longer running. You will then be able to proceed with the rest of the guide. Do not reboot your computer after running RKill as the malware programs will start again.


rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

 

 

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from  http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

 


Edited by Condobloke, 26 February 2014 - 03:04 PM.

Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#7 cryss962

cryss962
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 26 February 2014 - 03:26 PM

I tried both Rkils, and even in such a way as to repeatedly open both alternately  severel times.  Each time I receive this error:  Terminates malware processes so that you can run your n has encountered a problem and needs to close.  We are sorry for the inconvenience. 

 

Also, each time Rkill stopped it was trying to search for Missing Digital Signitures.

 

I do have malwarebytes saved to my desktop, but I am still unable to run it.


Edited by cryss962, 26 February 2014 - 03:36 PM.


#8 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,809 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 26 February 2014 - 04:39 PM

Please try to run rkill in SAFE MODE ::

 

  1. Restart your computer.
  2. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
  3. Select the option for Safe Mode using the arrow keys.
  4. Then press enter on your keyboard to boot into Safe Mode.
  5. Do whatever tasks you require and when you are done reboot to boot back into normal mode.

After rkill has run, STAY in safe mode and run MalwareBytes.

This is not as effective as running in normal mode , but hopefully will break the deadlock we have here.


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#9 cryss962

cryss962
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 26 February 2014 - 04:50 PM

No luck in safe mode, still the same response

#10 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,809 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 26 February 2014 - 05:24 PM

RKill Download Link Download Now @BleepingComputer

 

RKill Download Link Download Now iExplore.exe

 

RKill Download Link Download Now Rkill.com

 

Try each of these download links in Safe Mode please

 

Did you rerun AdwCleaner ??


Edited by Condobloke, 26 February 2014 - 05:29 PM.

Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#11 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,809 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 26 February 2014 - 08:13 PM

Also...according to TDSS   ::08:43:03.0578 0x05e0  AV detected via SS1: AVG AntiVirus 2014, 2014.0, enabled, updated
08:43:03.0578 0x05e0  AV detected via SS1: Microsoft Security Essentials, 4.4.0304.0, enabled, updated

 

You only need 1 AV operating....more can cause problems.

I would uninstall BOTH of them and then reinstall 1.

 

http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2014_4116.exe

 

MSE......go to add/remove programs and uninstall it there

If you have any problems with the uninstallation, go here :

To fix this problem automatically, click the Fix it button or link. Then click Run In the File Download dialog box, and follow the steps in the Fix it wizard.
FixItButton1.jpg

 

Free AV programs

 

http://www.avira.com/en/download/product/avira-free-antivirus

 

http://www.avgfree.com.au/download_avg_anti-virus_free_edition.cfm

 

http://www.microsoft.com/en-au/download/details.aspx?id=5201

 

 


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#12 cryss962

cryss962
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 27 February 2014 - 10:19 AM

Yes, I did run adware cleaner again and even in safemode but it is not detecting anything to clean,  but I chose to clean anyway and I was still unable to run rkill.   I tried all three of those links in both normal and safemode and no luck. 
 
AVG has been uninstalled ever since I installed MSE.  I uninstalled MSE the same day I started having the trouble because it shut down and wouldnt open back up so I thought maybe I could uninstall and reinstall but that didnt work either.  I still can't reinstall MSE. 
 
I have tried every link in your last posts, in normal and safe mode, and I am not able to download anything.
 
Why would TDSS  be showing these AV as enable if they have been uninstalled.  I can't find them in programs either.

I did some search on the System Configuration Utility under Startup, I found some programs labeled C:NTKernal\nt32.exe, So I did a search about those programs and found this forum:

http://www.bleepingcomputer.com/forums/t/522351/persistant-trojan-infection-seems-to-be-related-to-load32exe/

This forum relates alot to whats happening with my computer. When I tried to Disable those programs from start up, they just keep reloading anyway. I was able to finally get Malwarebytes program on my desktop but when trying to run it, it says that the program is not accessible.

Edited by cryss962, 27 February 2014 - 12:49 PM.


#13 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,809 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 27 February 2014 - 02:33 PM

Time for the experts to intervene here ::

 

As you are badly infected, please follow the instructions in the Preparation Guide  starting at Step #6.
 
When you have created the necessary logs, start a new topic  HERE 
 
..... and post the required logs to your new topic .  (You will also find this link at Step 7 in the Preparation Guide).   The Malware Response Team Experts from the Virus, Trojan, Spyware, and Malware Removal Logs forum will attend to your topic from thereon.
(Windows 8.1 Users will not be able to create DDS Logs)

=> Continue if you cannot finish any step -

         Please Use Copy / Paste for your responses, and Do Not Attach them unless your helper requests this.

 After doing this, please reply back in this thread with a link to the new topic so we can close this one.

Above All...DO NOT add any replies to your topic....Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

 If Help Bot responds to your topic, please follow his Step #1 so the team will be notified.


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#14 cryss962

cryss962
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 28 February 2014 - 11:46 AM

Here is the new topic:

 

www.bleepingcomputer.com/forums/t/526013/315load32exe-virus/

 

Thanks for your help.



#15 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,809 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:25 PM

Posted 28 February 2014 - 05:49 PM

My Pleasure !       typed-text-smiling-smiley-emoticon.gif

 

I note that Gringo has responded to your post in the Malware removal area.......you could not be in better hands.

 

Regards,

 

 


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users