Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Father's computer is slowing down quite a bit nowadays


  • Please log in to reply
11 replies to this topic

#1 dslartoo

dslartoo

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 13 May 2014 - 08:25 PM

Hi folks,

 

Would like a bit of advice from you folks who spend considerably more time than I in looking at PCs and running malware/adware/spyware checks. 

 

My father's computer is coming up on six years old nowadays.  It's running Windows XP Home Edition, SP3, with a measly 2 GB of RAM because that's all the mainboard will support.  I've done my best to keep him safe by providing him with AVG Antivirus (and later on, Avast!  Antivirus, when AVG started getting too invasive), plus Malwarebytes Anti-Malware and Spybot Search and Destroy. 

 

Unfortunately, I live several states away from him, so I can't overlook his day-to-day usage, and periodically I hear that the PC is starting to run slowly or is slowing down.  I usually take a look when I visit, and wind up re-running Spybot and Malwarebytes since he hasn't run or updated them in quite some time, and fix whatever it is that I find that particular time.

 

This time it seems the PC is either reaching the end of its useful lifespan (understandable, with a 6-year old Win XP machine), or he really has picked up something I can't detect using the general tools.  The PC really does seem exceedingly slow these days, sometimes taking as long as 30 seconds just to open up a simple Word document on the desktop. 

 

What I've done to try and resolve:  run Defrag, cleared temp files, gotten rid of as many files and folders as he would allow me to, killed just about everything from starting up automatically at boot via Msconfig (all that's left is his video drivers, the antivirus program, a backup/sync process, and what appear to me to be standard Windows launch processes), rerun Spybot S&D and Malwarebytes, and cleaned the few things each has found (Spybot found four sets of relatively harmless tracking cookies, Malwarebytes found one PUP object and removed it).  This has speeded things up a little bit, but he still says it's a lot slower than it used to be.

 

I am wondering if anyone has the time to take a look at this PC and see what, if anything, can be turned up.  I will be glad to run any of the tools you folks mention and provide logfiles, but (having read the instructions) I won't simply start by posting ComboFix or Hijackthis logs. 

 

I'm also quite aware that this PC is a dinosaur by modern standards, and he may just be better off upgrading to something with more horsepower.  He's reluctant to do that, though, so I'm trying this as a last ditch effort.  :)

 

Any suggestions you folks have would be greatly appreciated.

 

Thanks!

Phil C.

 



BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:10 PM

Posted 14 May 2014 - 09:17 AM

Hello Phil can we get a look at these...


Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 dslartoo

dslartoo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 14 May 2014 - 05:20 PM

Hi boopme,

 

First off, many thanks for your offer to assist.  I know you're doing this in your free time and it's greatly appreciated. 

 

Here are the results.  Each one of the programs found something except for TDSSKiller.  Apparently this PC is worse off than I thought.  What's even worse is that he apparently never followed my directions to remove some of this stuff the LAST time this issue occurred back in 2012!

 

MiniToolbox Result.txt:
 
****************************************************************************
 
 
MiniToolBox by Farbar  Version: 23-01-2014
Ran by Harry (administrator) on 14-05-2014 at 11:58:19
Running from "C:\Documents and Settings\Harry\Desktop\Cleanup Utils"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
 
There are 15220 more lines starting with "127.0.0.1"
 
========================= IP Configuration: ================================
 
Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter = Wireless Network Connection (Connected)
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Media disconnected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
# Interface IP Configuration for "Wireless Network Connection"
 
set address name="Wireless Network Connection" source=dhcp 
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : harry-064a6bbf7
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Unknown
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Media State . . . . . . . . . . . : Media disconnected
 
        Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
 
        Physical Address. . . . . . . . . : 00-19-D1-33-92-AD
 
 
 
Ethernet adapter Wireless Network Connection:
 
 
 
        Connection-specific DNS Suffix  . : 
 
        Description . . . . . . . . . . . : Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
 
        Physical Address. . . . . . . . . : 00-1E-E5-DA-9A-DC
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.1.11
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.1.1
 
        DHCP Server . . . . . . . . . . . : 192.168.1.1
 
        DNS Servers . . . . . . . . . . . : 192.168.1.1
 
        Lease Obtained. . . . . . . . . . : Wednesday, May 14, 2014 10:58:13 AM
 
        Lease Expires . . . . . . . . . . : Thursday, May 15, 2014 10:58:13 AM
 
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  74.125.193.138, 74.125.193.100, 74.125.193.113, 74.125.193.102
 74.125.193.101, 74.125.193.139
 
 
 
Pinging google.com [74.125.193.138] with 32 bytes of data:
 
 
 
Reply from 74.125.193.138: bytes=32 time=52ms TTL=43
 
Reply from 74.125.193.138: bytes=32 time=56ms TTL=43
 
 
 
Ping statistics for 74.125.193.138:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 52ms, Maximum = 56ms, Average = 54ms
 
1.1.168.192.in-addr.arpa
primary name server = localhost
responsible mail addr = nobody.invalid
serial  = 1
refresh = 600 (10 mins)
retry   = 1200 (20 mins)
expire  = 604800 (7 days)
default TTL = 10800 (3 hours)
Server:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.138.253.109, 98.139.183.24, 206.190.36.45
 
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
 
 
 
Reply from 98.138.253.109: bytes=32 time=83ms TTL=48
 
Reply from 98.138.253.109: bytes=32 time=83ms TTL=48
 
 
 
Ping statistics for 98.138.253.109:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 83ms, Maximum = 83ms, Average = 83ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 d1 33 92 ad ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
0x10004 ...00 1e e5 da 9a dc ...... Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.11  10
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      192.168.1.0    255.255.255.0     192.168.1.11    192.168.1.11  10
     192.168.1.11  255.255.255.255        127.0.0.1       127.0.0.1  10
    192.168.1.255  255.255.255.255     192.168.1.11    192.168.1.11  10
        224.0.0.0        240.0.0.0     192.168.1.11    192.168.1.11  10
  255.255.255.255  255.255.255.255     192.168.1.11               2  1
  255.255.255.255  255.255.255.255     192.168.1.11    192.168.1.11  1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
 
System errors:
=============
Error: (05/14/2014 00:03:13 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}
 
Error: (05/14/2014 00:03:08 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}
 
Error: (05/14/2014 00:03:03 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}
 
Error: (05/14/2014 00:02:57 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}
 
Error: (05/14/2014 00:02:52 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}
 
Error: (05/14/2014 00:02:47 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}
 
Error: (05/14/2014 00:02:42 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}
 
Error: (05/14/2014 00:02:36 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}
 
Error: (05/14/2014 00:02:31 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}
 
Error: (05/14/2014 00:02:26 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service MSIServer with arguments ""
in order to run the server:
{000C101C-0000-0000-C000-000000000046}
 
 
Microsoft Office Sessions:
=========================
 
=========================== Installed Programs ============================
 
32 Bit HP CIO Components Installer (Version: 7.1.8)
3600_Help (Version: 1.00.0000)
Adobe AIR (Version: 13.0.0.83)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)
Adobe Flash Player 13 Plugin (Version: 13.0.0.206)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
Allway Sync version 14.0.1
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
Apple Application Support (Version: 3.0.1)
Apple Mobile Device Support (Version: 7.1.1.3)
Apple Software Update (Version: 2.1.3.127)
ARKRAY Diabetes Data Management Software Version 1.16 (Version: 1.1.6)
ATI - Software Uninstall Utility (Version: 6.14.10.1022)
ATI Catalyst Control Center (Version: 2.010.0210.2338)
ATI Display Driver (Version: 8.593.100-100210a-095952E-ATI)
avast! Pro Antivirus (Version: 9.0.2018)
Avery Wizard 4.0 (Version: 4.0.4)
Bonjour (Version: 3.0.0.10)
BookSmart® 3.2.4 3.2.4
BPD_Scan (Version: 3.00.0000)
BPDSoftware (Version: 82.0.173.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 45.4.157.000)
Canon CanoScan LiDE 210 User Registration
Canon MP Navigator EX 4.0
Canon Solution Menu EX
CanoScan LiDE 210 Scanner Driver
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Full New (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Light (Version: 2010.0210.2339.42455)
Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2339.42455)
Catalyst Control Center HydraVision Full (Version: 2010.0210.2339.42455)
Catalyst Control Center Localization All (Version: 2010.0210.2339.42455)
CCC Help Chinese Standard (Version: 2010.0210.2338.42455)
CCC Help Chinese Traditional (Version: 2010.0210.2338.42455)
CCC Help Czech (Version: 2010.0210.2338.42455)
CCC Help Danish (Version: 2010.0210.2338.42455)
CCC Help Dutch (Version: 2010.0210.2338.42455)
CCC Help English (Version: 2010.0210.2338.42455)
CCC Help Finnish (Version: 2010.0210.2338.42455)
CCC Help French (Version: 2010.0210.2338.42455)
CCC Help German (Version: 2010.0210.2338.42455)
CCC Help Greek (Version: 2010.0210.2338.42455)
CCC Help Hungarian (Version: 2010.0210.2338.42455)
CCC Help Italian (Version: 2010.0210.2338.42455)
CCC Help Japanese (Version: 2010.0210.2338.42455)
CCC Help Korean (Version: 2010.0210.2338.42455)
CCC Help Norwegian (Version: 2010.0210.2338.42455)
CCC Help Polish (Version: 2010.0210.2338.42455)
CCC Help Portuguese (Version: 2010.0210.2338.42455)
CCC Help Russian (Version: 2010.0210.2338.42455)
CCC Help Spanish (Version: 2010.0210.2338.42455)
CCC Help Swedish (Version: 2010.0210.2338.42455)
CCC Help Thai (Version: 2010.0210.2338.42455)
CCC Help Turkish (Version: 2010.0210.2338.42455)
ccc-core-preinstall (Version: 2010.0210.2339.42455)
ccc-core-static (Version: 2010.0210.2339.42455)
ccc-utility (Version: 2010.0210.2339.42455)
Cisco WebEx Meetings
ComcastUsageMeter (Version: 1.5)
Copy (Version: 45.4.157.000)
CP_AtenaShokunin1Config (Version: 45.4.131.000)
cp_dwShrek2Albums1 (Version: 45.4.157.000)
cp_dwShrek2Cards1 (Version: 45.4.157.000)
CreativeProjects (Version: 45.4.157.000)
CreativeProjectsTemplates (Version: 45.4.157.000)
CueTour (Version: 45.4.157.000)
Destinations (Version: 45.4.157.000)
Director (Version: 45.4.157.000)
DocProc (Version: 4.5.0.0)
DocumentViewer (Version: 45.4.157.000)
Dropbox (Version: 2.6.24)
Elevated Installer (Version: 2.1.13)
EZ Vinyl/Tape Converter 7.4 by MixMeister
Garmin Express (Version: 2.1.13)
Garmin Express Tray (Version: 2.1.13)
Garmin Update Service (Version: 2.1.13)
Garmin USB Drivers (Version: 2.3.1.0)
Garmin WebUpdater (Version: 2.5.6)
GIMP 2.6.12-2 (Version: 2.6.12)
Google Chrome (Version: 34.0.1847.131)
Google Drive (Version: 1.15.6556.8063)
Google Earth Plug-in (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.24.7)
HP Image Zone 4.7 (Version: 4.7)
HP Officejet J3600 Series (Version: 1.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPSystemDiagnostics (Version: 1.6.0.0)
ImgBurn (Version: 2.5.7.0)
InstantShare (Version: 45.4.157.000)
iTunes (Version: 11.1.5.5)
J3600 (Version: 50.0.165.000)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 7 Update 4 (Version: 7.0.40)
JavaFX 2.1.0 (Version: 2.1.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MasterCook 14 (Version: 14.00.20)
MasterCook Deluxe 8 (Version: 8.00.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 28.0 (x86 en-US) (Version: 28.0)
Mozilla Maintenance Service (Version: 24.5.0)
Mozilla Thunderbird 24.5.0 (x86 en-US) (Version: 24.5.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA nStant Media (Version: 1.00.0000)
OpenOffice.org 3.4 (Version: 3.4.9590)
PanoStandAlone (Version: 45.4.157.000)
PCI SoftV92 Modem
PhotoGallery (Version: 45.4.157.000)
ProductContext (Version: 50.0.165.000)
QFolder (Version: 1.00.0000)
QuickTime 7 (Version: 7.75.80.95)
RabbitTV (Version: 1.0.0.8)
Realtek High Definition Audio Driver
Scan (Version: 8.1.0.0)
ScannerCopy (Version: 4.5.0.0)
Skins (Version: 2010.0210.2339.42455)
SkinsHP1 (Version: 45.4.157.000)
Spell Checker For OE 2.1
Spybot - Search & Destroy (Version: 1.6.2)
The Print Shop® 6.0 Deluxe
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 45.4.157.000)
TurboTax 2012 (Version: 2012.0)
TurboTax 2012 wgaiper (Version: 012.000.1298)
TurboTax 2012 WinPerFedFormset (Version: 012.000.1925)
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0433)
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0179)
TurboTax 2012 wrapper (Version: 012.000.0127)
TurboTax 2013 (Version: 2013.0)
TurboTax 2013 wgaiper (Version: 013.000.1300)
TurboTax 2013 WinPerFedFormset (Version: 013.000.1986)
TurboTax 2013 WinPerReleaseEngine (Version: 013.000.0492)
TurboTax 2013 WinPerTaxSupport (Version: 013.000.0168)
TurboTax 2013 wrapper (Version: 013.000.0135)
TurboTax Audit Support Center 3.0
Unload (Version: 4.5.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 8 (KB2362765) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2808679) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB2934207) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
USB Cable (Driver Removal)
Walgreens PictureMover (Version: 3.5.0.27)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 45.4.157.000)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Detect
 
========================= Memory info: ===================================
 
Percentage of memory in use: 51%
Total physical RAM: 1917.91 MB
Available physical RAM: 925.31 MB
Total Pagefile: 15205.46 MB
Available Pagefile: 14171.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.39 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:149.05 GB) (Free:55.83 GB) NTFS
4 Drive e: (STORAGE) (Fixed) (Total:149.05 GB) (Free:105.48 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\HARRY-064A6BBF7
 
Administrator            ASPNET                   Guest                    
Harry                    HelpAssistant            SUPPORT_388945a0         
 
 
**** End of log ****
 
****************************************************************************
 
TDSSKiller logfile below:
 
****************************************************************************
 
 
12:05:42.0546 0x0f38  TDSS rootkit removing tool 3.0.0.34 Apr 29 2014 18:20:10
12:05:48.0593 0x0f38  ============================================================
12:05:48.0593 0x0f38  Current date / time: 2014/05/14 12:05:48.0593
12:05:48.0593 0x0f38  SystemInfo:
12:05:48.0593 0x0f38  
12:05:48.0593 0x0f38  OS Version: 5.1.2600 ServicePack: 3.0
12:05:48.0593 0x0f38  Product type: Workstation
12:05:48.0593 0x0f38  ComputerName: HARRY-064A6BBF7
12:05:48.0593 0x0f38  UserName: Harry
12:05:48.0593 0x0f38  Windows directory: C:\WINDOWS
12:05:48.0593 0x0f38  System windows directory: C:\WINDOWS
12:05:48.0593 0x0f38  Processor architecture: Intel x86
12:05:48.0593 0x0f38  Number of processors: 2
12:05:48.0593 0x0f38  Page size: 0x1000
12:05:48.0593 0x0f38  Boot type: Normal boot
12:05:48.0593 0x0f38  ============================================================
12:05:51.0125 0x0f38  KLMD registered as C:\WINDOWS\system32\drivers\49955645.sys
12:05:51.0328 0x0f38  System UUID: {1CC0F0C1-2959-1A46-77F0-F94C88204DE2}
12:05:52.0328 0x0f38  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:05:52.0359 0x0f38  Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:05:52.0359 0x0f38  ============================================================
12:05:52.0359 0x0f38  \Device\Harddisk0\DR0:
12:05:52.0359 0x0f38  MBR partitions:
12:05:52.0359 0x0f38  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
12:05:52.0359 0x0f38  \Device\Harddisk1\DR1:
12:05:52.0375 0x0f38  MBR partitions:
12:05:52.0375 0x0f38  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
12:05:52.0375 0x0f38  ============================================================
12:05:52.0406 0x0f38  C: <-> \Device\Harddisk0\DR0\Partition1
12:05:52.0468 0x0f38  E: <-> \Device\Harddisk1\DR1\Partition1
12:05:52.0468 0x0f38  ============================================================
12:05:52.0468 0x0f38  Initialize success
12:05:52.0468 0x0f38  ============================================================
12:05:57.0984 0x065c  ============================================================
12:05:57.0984 0x065c  Scan started
12:05:57.0984 0x065c  Mode: Manual; 
12:05:57.0984 0x065c  ============================================================
12:05:57.0984 0x065c  KSN ping started
12:06:00.0531 0x065c  KSN ping finished: true
12:06:01.0515 0x065c  ================ Scan system memory ========================
12:06:01.0531 0x065c  System memory - ok
12:06:01.0531 0x065c  ================ Scan services =============================
12:06:01.0625 0x065c  Abiosdsk - ok
12:06:01.0640 0x065c  abp480n5 - ok
12:06:01.0718 0x065c  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:06:01.0734 0x065c  ACPI - ok
12:06:01.0906 0x065c  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
12:06:01.0906 0x065c  ACPIEC - ok
12:06:02.0046 0x065c  [ 7C7E868E1D8096ED08D80FF7712BB9D8, EB4438F3CC377728173E018A763F0D0A8D5BBA4A289F554036D06B24030D2D62 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:06:02.0062 0x065c  AdobeFlashPlayerUpdateSvc - ok
12:06:02.0062 0x065c  adpu160m - ok
12:06:02.0140 0x065c  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
12:06:02.0140 0x065c  aec - ok
12:06:02.0218 0x065c  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
12:06:02.0218 0x065c  AFD - ok
12:06:02.0234 0x065c  Aha154x - ok
12:06:02.0250 0x065c  aic78u2 - ok
12:06:02.0250 0x065c  aic78xx - ok
12:06:02.0312 0x065c  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
12:06:02.0312 0x065c  Alerter - ok
12:06:02.0359 0x065c  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
12:06:02.0359 0x065c  ALG - ok
12:06:02.0359 0x065c  AliIde - ok
12:06:02.0390 0x065c  amsint - ok
12:06:02.0562 0x065c  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:06:02.0562 0x065c  Apple Mobile Device - ok
12:06:02.0578 0x065c  AppMgmt - ok
12:06:02.0578 0x065c  asc - ok
12:06:02.0593 0x065c  asc3350p - ok
12:06:02.0593 0x065c  asc3550 - ok
12:06:02.0781 0x065c  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:06:02.0781 0x065c  aspnet_state - ok
12:06:02.0828 0x065c  [ 4D6C6E0505A8E5A0656DCB223497D37C, 7F9457AF4B6E4FC6C4F77BD39DB5EB5520C44D22974B9781EA0F984D6830637C ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
12:06:02.0828 0x065c  aswHwid - ok
12:06:02.0890 0x065c  [ 903CAF22AEA9D84B0191FEA5F5D483A4, DF45DEC443C4EC2B48B77EAA444501EE3E88C0A366738328AA1E16218F26B007 ] aswKbd          C:\WINDOWS\system32\drivers\aswKbd.sys
12:06:02.0890 0x065c  aswKbd - ok
12:06:02.0953 0x065c  [ 1A2CC93BBD77C2D95A7567938D7D7239, DD082ACA011DA63CC1A69BAD8C42B9DA3A9975194D87B5584A39C91ED92341E3 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
12:06:02.0953 0x065c  aswMonFlt - ok
12:06:03.0000 0x065c  [ 46B3ABE51856A9F5B2ABBA0221F4C360, EAAE03D497BA03EAE5EC0D29ADD7FBCED7E744B45071A9CA706D3B78F24D2868 ] AswRdr          C:\WINDOWS\system32\drivers\aswRdr.sys
12:06:03.0000 0x065c  AswRdr - ok
12:06:03.0031 0x065c  [ 24B3BDA01DB3A704E33A5266C7B52DAF, FB2555504570E8FD6AA251BE9D05EDC2B73596EF830384130556EC64E518FE65 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
12:06:03.0031 0x065c  aswRvrt - ok
12:06:03.0093 0x065c  [ A148A36F871BFDBF80654D28D6B59FAE, BA7B127D2B64EF969D0C040589CB740E068DF7CE8B964B3CABB7511BCD389DC5 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
12:06:03.0125 0x065c  aswSnx - ok
12:06:03.0171 0x065c  [ EBD3B15E2E01EE94BA5262FAFC691A8E, F58A08B5467FCF527DC97E000496284584DFF890AAC3E19BC650FF160DD2EA79 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
12:06:03.0171 0x065c  aswSP - ok
12:06:03.0218 0x065c  [ AF01CD260A9EF60B09029C9F5EF99040, C74A94598DC8DBD3AB13E43A60ED12698A121332446867FC3B75745626E0B7CB ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
12:06:03.0234 0x065c  aswTdi - ok
12:06:03.0250 0x065c  [ B2D7EE52633CA8831DDAFCA81C2D46C3, 017C6C376520380F29AF465F1464C3652D421C4B873B7AC2647498F356032361 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
12:06:03.0250 0x065c  aswVmm - ok
12:06:03.0281 0x065c  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:06:03.0296 0x065c  AsyncMac - ok
12:06:03.0296 0x065c  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
12:06:03.0296 0x065c  atapi - ok
12:06:03.0312 0x065c  Atdisk - ok
12:06:03.0421 0x065c  [ 471087B5E1E01CC82604E81EA14781D8, DA6AAFE65232AF3DA3D0D5F399730A1117B0DBBCB6AA2A9BD0D1ADA22A1198B8 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
12:06:03.0437 0x065c  Ati HotKey Poller - ok
12:06:03.0468 0x065c  [ B979BA0120B6DB757196A8E2E873FE3C, 4F4CCD1D07485A53CA3ECEB10E029102BBE9946A15C7B67840E64D352808A0CA ] ATI Smart       C:\WINDOWS\system32\ati2sgag.exe
12:06:03.0484 0x065c  ATI Smart - ok
12:06:03.0671 0x065c  [ C0B86ECB324E50F6BBD529F9D5C6B24B, 6B6E58CBDE1010FF13740DA91482E8A40D7B31CD808C16B524BE012C0EADB0D1 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:06:03.0750 0x065c  ati2mtag - ok
12:06:03.0812 0x065c  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:06:03.0828 0x065c  Atmarpc - ok
12:06:03.0875 0x065c  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
12:06:03.0875 0x065c  AudioSrv - ok
12:06:03.0937 0x065c  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
12:06:03.0937 0x065c  audstub - ok
12:06:04.0031 0x065c  [ 37D17AE2936867F88EB3C4CBCBC6B8A1, E1F4D288CE1E5482A5594C8F9EEDE1E8134466F5E0C7DA32D88985497CD8588B ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:06:04.0031 0x065c  avast! Antivirus - ok
12:06:04.0109 0x065c  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:06:04.0109 0x065c  Beep - ok
12:06:04.0187 0x065c  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
12:06:04.0203 0x065c  BITS - ok
12:06:04.0359 0x065c  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:06:04.0375 0x065c  Bonjour Service - ok
12:06:04.0437 0x065c  BotkindSyncService - ok
12:06:04.0546 0x065c  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
12:06:04.0562 0x065c  Browser - ok
12:06:04.0609 0x065c  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
12:06:04.0609 0x065c  cbidf2k - ok
12:06:04.0656 0x065c  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:06:04.0656 0x065c  CCDECODE - ok
12:06:04.0671 0x065c  cd20xrnt - ok
12:06:04.0750 0x065c  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
12:06:04.0750 0x065c  Cdaudio - ok
12:06:04.0765 0x065c  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
12:06:04.0781 0x065c  Cdfs - ok
12:06:04.0859 0x065c  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:06:04.0875 0x065c  Cdrom - ok
12:06:04.0890 0x065c  Changer - ok
12:06:04.0953 0x065c  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
12:06:04.0953 0x065c  CiSvc - ok
12:06:04.0968 0x065c  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
12:06:04.0968 0x065c  ClipSrv - ok
12:06:05.0093 0x065c  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:06:05.0093 0x065c  clr_optimization_v2.0.50727_32 - ok
12:06:05.0156 0x065c  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:06:05.0171 0x065c  clr_optimization_v4.0.30319_32 - ok
12:06:05.0171 0x065c  CmdIde - ok
12:06:05.0187 0x065c  COMSysApp - ok
12:06:05.0203 0x065c  Cpqarray - ok
12:06:05.0406 0x065c  cpuz129 - ok
12:06:05.0468 0x065c  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
12:06:05.0468 0x065c  CryptSvc - ok
12:06:05.0484 0x065c  dac2w2k - ok
12:06:05.0500 0x065c  dac960nt - ok
12:06:05.0593 0x065c  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:06:05.0625 0x065c  DcomLaunch - ok
12:06:05.0703 0x065c  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
12:06:05.0703 0x065c  Dhcp - ok
12:06:05.0718 0x065c  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
12:06:05.0718 0x065c  Disk - ok
12:06:05.0734 0x065c  dmadmin - ok
12:06:05.0828 0x065c  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
12:06:05.0859 0x065c  dmboot - ok
12:06:05.0890 0x065c  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
12:06:05.0890 0x065c  dmio - ok
12:06:05.0937 0x065c  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
12:06:05.0937 0x065c  dmload - ok
12:06:05.0968 0x065c  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
12:06:05.0984 0x065c  dmserver - ok
12:06:06.0046 0x065c  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
12:06:06.0046 0x065c  DMusic - ok
12:06:06.0125 0x065c  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:06:06.0125 0x065c  Dnscache - ok
12:06:06.0171 0x065c  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
12:06:06.0187 0x065c  Dot3svc - ok
12:06:06.0203 0x065c  dpti2o - ok
12:06:06.0234 0x065c  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
12:06:06.0234 0x065c  drmkaud - ok
12:06:06.0281 0x065c  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
12:06:06.0281 0x065c  EapHost - ok
12:06:06.0312 0x065c  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
12:06:06.0312 0x065c  ERSvc - ok
12:06:06.0375 0x065c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
12:06:06.0390 0x065c  Eventlog - ok
12:06:06.0437 0x065c  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
12:06:06.0453 0x065c  EventSystem - ok
12:06:06.0515 0x065c  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
12:06:06.0531 0x065c  Fastfat - ok
12:06:06.0593 0x065c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:06:06.0625 0x065c  FastUserSwitchingCompatibility - ok
12:06:06.0640 0x065c  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
12:06:06.0640 0x065c  Fdc - ok
12:06:06.0656 0x065c  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
12:06:06.0656 0x065c  Fips - ok
12:06:06.0671 0x065c  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:06:06.0671 0x065c  Flpydisk - ok
12:06:06.0750 0x065c  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
12:06:06.0765 0x065c  FltMgr - ok
12:06:06.0890 0x065c  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:06:06.0890 0x065c  FontCache3.0.0.0 - ok
12:06:06.0906 0x065c  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:06:06.0921 0x065c  Fs_Rec - ok
12:06:06.0937 0x065c  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:06:06.0953 0x065c  Ftdisk - ok
12:06:07.0046 0x065c  [ 2973B4EB7BE10A0D491B2037DCAAE88F, 17219885FF89EFD3538C7D780179060E3255B1E0D7BA5DF01AEA737123C07B59 ] Garmin Core Update Service C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
12:06:07.0062 0x065c  Garmin Core Update Service - ok
12:06:07.0125 0x065c  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:06:07.0125 0x065c  GEARAspiWDM - ok
12:06:07.0187 0x065c  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:06:07.0187 0x065c  Gpc - ok
12:06:07.0234 0x065c  [ CEC45180029F1012054A41CEEEA9CEAB, FCE330FB9E4A9BA0BD1C31D94A5A73034175DB5FF4115009B3B3FFE327E31995 ] grmnusb         C:\WINDOWS\system32\drivers\grmnusb.sys
12:06:07.0250 0x065c  grmnusb - ok
12:06:07.0343 0x065c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:06:07.0343 0x065c  gupdate - ok
12:06:07.0359 0x065c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:06:07.0359 0x065c  gupdatem - ok
12:06:07.0406 0x065c  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:06:07.0406 0x065c  HDAudBus - ok
12:06:07.0515 0x065c  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:06:07.0515 0x065c  helpsvc - ok
12:06:07.0562 0x065c  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
12:06:07.0562 0x065c  HidServ - ok
12:06:07.0578 0x065c  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:06:07.0578 0x065c  HidUsb - ok
12:06:07.0625 0x065c  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
12:06:07.0625 0x065c  hkmsvc - ok
12:06:07.0640 0x065c  hpn - ok
12:06:07.0796 0x065c  [ AF81F7BA6A09119006FE041A2F2F3ECE, 3488569086A851CEC0946601C4287A7C83BE6CB82F0160F5817C873A3B16FAFA ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:06:07.0796 0x065c  hpqcxs08 - ok
12:06:07.0843 0x065c  [ 7244F63DB8EA883B3DC8E730C645D073, DB83BA959D06945CEF5CC41EDF6DBBBA5691A2F52BA1BF507B79E22A0EED7FF8 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:06:07.0843 0x065c  hpqddsvc - ok
12:06:07.0906 0x065c  [ D03D10F7DED688FECF50F8FBF1EA9B8A, C19A733571BA831E24EE45EDB730FFFDBA22638F138A32A794BEAB8D8B71D8DD ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:06:07.0906 0x065c  HPZid412 - ok
12:06:07.0921 0x065c  [ 89F41658929393487B6B7D13C8528CE3, 5D06A11225A83F3F33417148BE53654080C88BFA876FEB486A7E43410AC99F23 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:06:07.0921 0x065c  HPZipr12 - ok
12:06:08.0015 0x065c  [ ABCB05CCDBF03000354B9553820E39F8, 6361B5A57CDE23AC5E987ACECF3BEE7AD51134C6E5BF4F833E512C9BC4B86877 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:06:08.0015 0x065c  HPZius12 - ok
12:06:08.0093 0x065c  [ 6312DC46356DF3974E88AA51B69360DC, 99B9E296F2C87C48F4E00B90E49B3773D49D9BE345DA4DC87FFD71A27AFF5FAD ] HSFHWBS2        C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
12:06:08.0093 0x065c  HSFHWBS2 - ok
12:06:08.0140 0x065c  [ DAAB917EEC9849840A13353198D48CC5, C4BE182DE22E7E1D8C13B911D6BFD90AAC76BD794325462DBD017441FCB643AA ] HSF_DPV         C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
12:06:08.0156 0x065c  HSF_DPV - ok
12:06:08.0250 0x065c  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
12:06:08.0250 0x065c  HTTP - ok
12:06:08.0296 0x065c  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
12:06:08.0312 0x065c  HTTPFilter - ok
12:06:08.0312 0x065c  i2omgmt - ok
12:06:08.0328 0x065c  i2omp - ok
12:06:08.0375 0x065c  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:06:08.0375 0x065c  i8042prt - ok
12:06:08.0468 0x065c  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:06:08.0468 0x065c  IDriverT - ok
12:06:08.0546 0x065c  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:06:08.0578 0x065c  idsvc - ok
12:06:08.0609 0x065c  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
12:06:08.0609 0x065c  Imapi - ok
12:06:08.0671 0x065c  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
12:06:08.0687 0x065c  ImapiService - ok
12:06:08.0687 0x065c  ini910u - ok
12:06:08.0937 0x065c  [ A30685283F90AE02F1CD50972C6065E3, 4686EE2FA6D738665D1AFA410451D24E60F080BE3EA72DB06AA3941C43C1F3C1 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:06:09.0031 0x065c  IntcAzAudAddService - ok
12:06:09.0062 0x065c  IntelIde - ok
12:06:09.0125 0x065c  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:06:09.0140 0x065c  intelppm - ok
12:06:09.0281 0x065c  [ 0895CDD7F1542FFCC5BBB560EC78BC16, 383D9FFE7FB313EA201DE877F3D48B5116FFA261EDEF5D0D0FE79F14E9682D25 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
12:06:09.0296 0x065c  IntuitUpdateServiceV4 - ok
12:06:09.0328 0x065c  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
12:06:09.0328 0x065c  Ip6Fw - ok
12:06:09.0359 0x065c  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:06:09.0359 0x065c  IpFilterDriver - ok
12:06:09.0406 0x065c  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:06:09.0406 0x065c  IpInIp - ok
12:06:09.0468 0x065c  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:06:09.0500 0x065c  IpNat - ok
12:06:09.0593 0x065c  [ 463790AEF94D8EAB674631257F53252E, A02972457F45AD6816CB5F60DE4CD15D68256695FA0F3E4EAD6F9E36CBE54576 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:06:09.0609 0x065c  iPod Service - ok
12:06:09.0640 0x065c  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:06:09.0640 0x065c  IPSec - ok
12:06:09.0687 0x065c  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
12:06:09.0687 0x065c  IRENUM - ok
12:06:09.0750 0x065c  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:06:09.0750 0x065c  isapnp - ok
12:06:09.0765 0x065c  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:06:09.0781 0x065c  Kbdclass - ok
12:06:09.0812 0x065c  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:06:09.0812 0x065c  kbdhid - ok
12:06:09.0890 0x065c  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
12:06:09.0906 0x065c  kmixer - ok
12:06:09.0968 0x065c  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
12:06:09.0984 0x065c  KSecDD - ok
12:06:10.0046 0x065c  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
12:06:10.0062 0x065c  lanmanserver - ok
12:06:10.0140 0x065c  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:06:10.0171 0x065c  lanmanworkstation - ok
12:06:10.0187 0x065c  lbrtfdc - ok
12:06:10.0265 0x065c  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
12:06:10.0281 0x065c  LmHosts - ok
12:06:10.0343 0x065c  [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk         C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:06:10.0343 0x065c  mdmxsdk - ok
12:06:10.0390 0x065c  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
12:06:10.0390 0x065c  Messenger - ok
12:06:10.0484 0x065c  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:06:10.0484 0x065c  Microsoft Office Groove Audit Service - ok
12:06:10.0531 0x065c  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
12:06:10.0531 0x065c  mnmdd - ok
12:06:10.0593 0x065c  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
12:06:10.0593 0x065c  mnmsrvc - ok
12:06:10.0640 0x065c  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
12:06:10.0656 0x065c  Modem - ok
12:06:10.0718 0x065c  [ 1992E0D143B09653AB0F9C5E04B0FD65, 1431EC53A65F561C235A08F926C5348A6B21B06A08C075DE8172A88EE0AA634E ] MODEMCSA        C:\WINDOWS\system32\drivers\MODEMCSA.sys
12:06:10.0718 0x065c  MODEMCSA - ok
12:06:10.0734 0x065c  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:06:10.0734 0x065c  Mouclass - ok
12:06:10.0796 0x065c  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:06:10.0796 0x065c  mouhid - ok
12:06:10.0828 0x065c  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
12:06:10.0828 0x065c  MountMgr - ok
12:06:10.0890 0x065c  [ AEE4E9CC59CDEB55B1ECB0E596E796BE, 674F6F38D86D238AFD6223E03A862F8B43DD8499FBC2D4B7A04E510EC5EACF3B ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:06:10.0906 0x065c  MozillaMaintenance - ok
12:06:10.0953 0x065c  [ C0F8E0C2C3C0437CF37C6781896DC3EC, 12196EF5A94BD011B5D578E755B51424E3238437A028CC1EDFB53138C00D3339 ] MPE             C:\WINDOWS\system32\DRIVERS\MPE.sys
12:06:10.0953 0x065c  MPE - ok
12:06:10.0968 0x065c  mraid35x - ok
12:06:11.0015 0x065c  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:06:11.0031 0x065c  MRxDAV - ok
12:06:11.0093 0x065c  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:06:11.0109 0x065c  MRxSmb - ok
12:06:11.0187 0x065c  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
12:06:11.0187 0x065c  MSDTC - ok
12:06:11.0218 0x065c  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:06:11.0218 0x065c  Msfs - ok
12:06:11.0218 0x065c  MSIServer - ok
12:06:11.0281 0x065c  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:06:11.0281 0x065c  MSKSSRV - ok
12:06:11.0296 0x065c  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:06:11.0296 0x065c  MSPCLOCK - ok
12:06:11.0312 0x065c  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
12:06:11.0312 0x065c  MSPQM - ok
12:06:11.0359 0x065c  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:06:11.0359 0x065c  mssmbios - ok
12:06:11.0390 0x065c  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
12:06:11.0406 0x065c  MSTEE - ok
12:06:11.0453 0x065c  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
12:06:11.0468 0x065c  Mup - ok
12:06:11.0500 0x065c  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:06:11.0500 0x065c  NABTSFEC - ok
12:06:11.0546 0x065c  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
12:06:11.0562 0x065c  napagent - ok
12:06:11.0625 0x065c  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
12:06:11.0625 0x065c  NDIS - ok
12:06:11.0687 0x065c  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:06:11.0687 0x065c  NdisIP - ok
12:06:11.0734 0x065c  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:06:11.0734 0x065c  NdisTapi - ok
12:06:11.0765 0x065c  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:06:11.0765 0x065c  Ndisuio - ok
12:06:11.0781 0x065c  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:06:11.0781 0x065c  NdisWan - ok
12:06:11.0843 0x065c  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
12:06:11.0859 0x065c  NDProxy - ok
12:06:11.0921 0x065c  [ A081CB6FB9A12668F233EB5414BE3A0E, EE2A1311B51D1FEBAF79F45E568A927D8EA7704AFC8495AED2D26927566F61E3 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
12:06:11.0937 0x065c  Net Driver HPZ12 - ok
12:06:12.0000 0x065c  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
12:06:12.0000 0x065c  NetBIOS - ok
12:06:12.0031 0x065c  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
12:06:12.0046 0x065c  NetBT - ok
12:06:12.0078 0x065c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
12:06:12.0093 0x065c  NetDDE - ok
12:06:12.0109 0x065c  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
12:06:12.0125 0x065c  NetDDEdsdm - ok
12:06:12.0187 0x065c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:06:12.0187 0x065c  Netlogon - ok
12:06:12.0265 0x065c  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
12:06:12.0281 0x065c  Netman - ok
12:06:12.0343 0x065c  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:06:12.0343 0x065c  NetTcpPortSharing - ok
12:06:12.0421 0x065c  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
12:06:12.0453 0x065c  Nla - ok
12:06:12.0500 0x065c  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:06:12.0500 0x065c  Npfs - ok
12:06:12.0531 0x065c  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:06:12.0546 0x065c  Ntfs - ok
12:06:12.0562 0x065c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
12:06:12.0578 0x065c  NtLmSsp - ok
12:06:12.0640 0x065c  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
12:06:12.0656 0x065c  NtmsSvc - ok
12:06:12.0687 0x065c  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:06:12.0687 0x065c  Null - ok
12:06:12.0734 0x065c  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:06:12.0734 0x065c  NwlnkFlt - ok
12:06:12.0750 0x065c  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:06:12.0750 0x065c  NwlnkFwd - ok
12:06:12.0906 0x065c  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:06:12.0906 0x065c  odserv - ok
12:06:12.0968 0x065c  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:06:12.0968 0x065c  ose - ok
12:06:13.0015 0x065c  [ DC450992EBA6F914080C1F7FBEEED72C, A7B9CB59E10EB7C973E53BB70A8FE2CDD25FCC3CC499A0D311449F861223A447 ] PalmUSBD        C:\WINDOWS\system32\drivers\PalmUSBD.sys
12:06:13.0015 0x065c  PalmUSBD - ok
12:06:13.0078 0x065c  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
12:06:13.0078 0x065c  Parport - ok
12:06:13.0093 0x065c  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
12:06:13.0109 0x065c  PartMgr - ok
12:06:13.0140 0x065c  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
12:06:13.0140 0x065c  ParVdm - ok
12:06:13.0156 0x065c  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
12:06:13.0156 0x065c  PCI - ok
12:06:13.0171 0x065c  PCIDump - ok
12:06:13.0203 0x065c  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
12:06:13.0203 0x065c  PCIIde - ok
12:06:13.0265 0x065c  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
12:06:13.0265 0x065c  Pcmcia - ok
12:06:13.0281 0x065c  PDCOMP - ok
12:06:13.0281 0x065c  PDFRAME - ok
12:06:13.0296 0x065c  PDRELI - ok
12:06:13.0296 0x065c  PDRFRAME - ok
12:06:13.0312 0x065c  perc2 - ok
12:06:13.0312 0x065c  perc2hib - ok
12:06:13.0375 0x065c  [ DA86016F0672ADA925F589EDE715F185, 6D15AD035FBD68BEC8D9FED89D5FAC082589B194326A8C1C6EB73C471244A446 ] pfc             C:\WINDOWS\system32\drivers\pfc.sys
12:06:13.0375 0x065c  pfc - ok
12:06:13.0390 0x065c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
12:06:13.0406 0x065c  PlugPlay - ok
12:06:13.0421 0x065c  [ 65BC271F337637731D3C71455AE1F476, DAD32B61FE0147F8D2DA4C8F016920CD6BB2098F16E3CC2768009763E71DEFBC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
12:06:13.0437 0x065c  Pml Driver HPZ12 - ok
12:06:13.0437 0x065c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
12:06:13.0453 0x065c  PolicyAgent - ok
12:06:13.0515 0x065c  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:06:13.0515 0x065c  PptpMiniport - ok
12:06:13.0531 0x065c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:06:13.0531 0x065c  ProtectedStorage - ok
12:06:13.0546 0x065c  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
12:06:13.0546 0x065c  PSched - ok
12:06:13.0593 0x065c  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:06:13.0593 0x065c  Ptilink - ok
12:06:13.0593 0x065c  ql1080 - ok
12:06:13.0609 0x065c  Ql10wnt - ok
12:06:13.0609 0x065c  ql12160 - ok
12:06:13.0625 0x065c  ql1240 - ok
12:06:13.0625 0x065c  ql1280 - ok
12:06:13.0640 0x065c  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:06:13.0640 0x065c  RasAcd - ok
12:06:13.0687 0x065c  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
12:06:13.0703 0x065c  RasAuto - ok
12:06:13.0734 0x065c  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:06:13.0734 0x065c  Rasl2tp - ok
12:06:13.0796 0x065c  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:06:13.0812 0x065c  RasMan - ok
12:06:13.0812 0x065c  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:06:13.0812 0x065c  RasPppoe - ok
12:06:13.0828 0x065c  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
12:06:13.0828 0x065c  Raspti - ok
12:06:13.0859 0x065c  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:06:13.0875 0x065c  Rdbss - ok
12:06:13.0875 0x065c  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:06:13.0875 0x065c  RDPCDD - ok
12:06:13.0937 0x065c  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
12:06:13.0937 0x065c  RDPWD - ok
12:06:14.0000 0x065c  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
12:06:14.0015 0x065c  RDSessMgr - ok
12:06:14.0046 0x065c  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
12:06:14.0046 0x065c  redbook - ok
12:06:14.0078 0x065c  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:06:14.0093 0x065c  RemoteAccess - ok
12:06:14.0140 0x065c  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
12:06:14.0140 0x065c  RpcLocator - ok
12:06:14.0171 0x065c  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
12:06:14.0203 0x065c  RpcSs - ok
12:06:14.0250 0x065c  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
12:06:14.0265 0x065c  RSVP - ok
12:06:14.0343 0x065c  [ 96D2743297929D7AC095172EE54CE7E7, 2B420B9496AF79B9E2008B58BE74A60CC93DADF515468C8498AF769A54C8EC7B ] rt2870          C:\WINDOWS\system32\DRIVERS\rt2870.sys
12:06:14.0359 0x065c  rt2870 - ok
12:06:14.0421 0x065c  [ D05453B44F98F0E975A36081F4362BE5, 902775BB7B77DB51E166252858CDD7EC4E043C2DE2A01C52FD4E6D548D2801CE ] RTL8023xp       C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
12:06:14.0484 0x065c  RTL8023xp - ok
12:06:14.0531 0x065c  [ D507C1400284176573224903819FFDA3, DD0BDB2AB39A8A0A300B6D60FB6A7F5BA08C4DB8F59E0A784FB763EA8AD72AB2 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
12:06:14.0546 0x065c  rtl8139 - ok
12:06:14.0625 0x065c  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
12:06:14.0656 0x065c  SamSs - ok
12:06:14.0687 0x065c  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
12:06:14.0734 0x065c  SCardSvr - ok
12:06:14.0796 0x065c  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:06:14.0906 0x065c  Schedule - ok
12:06:14.0984 0x065c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:06:14.0984 0x065c  Secdrv - ok
12:06:15.0046 0x065c  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
12:06:15.0078 0x065c  seclogon - ok
12:06:15.0312 0x065c  [ CA9C2939BDFC5B77D73E3B07C8805C59, 25E3918F6A8C0CEEA82DD2CEECDCFA085FD503316AA748B7181D249B58BA99AA ] SecureUpdateSvc C:\Program Files\Secure Speed Dial\IE\SecureUpdate.exe
12:06:15.0390 0x065c  SecureUpdateSvc - ok
12:06:15.0437 0x065c  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
12:06:15.0468 0x065c  SENS - ok
12:06:15.0531 0x065c  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
12:06:15.0531 0x065c  serenum - ok
12:06:15.0546 0x065c  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
12:06:15.0562 0x065c  Serial - ok
12:06:15.0609 0x065c  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
12:06:15.0609 0x065c  Sfloppy - ok
12:06:15.0687 0x065c  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:06:15.0703 0x065c  SharedAccess - ok
12:06:15.0734 0x065c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:06:15.0750 0x065c  ShellHWDetection - ok
12:06:15.0843 0x065c  [ 227E56633D6423E1F7D869618AC8404F, 21AB5E3482CCC54BDAD55E14BB635A0704652052721E46652ABD3CC3527C03D4 ] Si3132r5        C:\WINDOWS\system32\drivers\Si3132r5.sys
12:06:15.0859 0x065c  Si3132r5 - ok
12:06:15.0859 0x065c  [ DBDEE2A96F2F616726817373516CB0BD, C55EAB288A8F2FBDEB50391501786FC84C15F143ECC0BE6B9DA2589585C25ECD ] SiFilter        C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
12:06:15.0859 0x065c  SiFilter - ok
12:06:15.0937 0x065c  [ 4BD319BF5A4A273AE776AFB9F1107D25, 0E0044DA51E36167D2EEC8A440DCF91FF3B196BFDAD820749B2CD2A5FDE48128 ] silabenm        C:\WINDOWS\system32\DRIVERS\silabenm.sys
12:06:15.0953 0x065c  silabenm - ok
12:06:16.0015 0x065c  [ 12C48D71CFD011D59FBA28027341CC12, 113C176CC4326B8D8D27E02BD93C16102CDC40CD73E8E63F2ECA99C2730273B2 ] silabser        C:\WINDOWS\system32\DRIVERS\silabser.sys
12:06:16.0015 0x065c  silabser - ok
12:06:16.0031 0x065c  Simbad - ok
12:06:16.0031 0x065c  [ 3E6B438E5CB674A1382B2955AA98F637, 7E9F67CC91BE06E0B5B2CC51B840BB23CECA189E78FD38AC3BC70BB3129BDB1B ] SiRemFil        C:\WINDOWS\system32\drivers\SiRemFil.sys
12:06:16.0046 0x065c  SiRemFil - ok
12:06:16.0078 0x065c  [ DBDEE2A96F2F616726817373516CB0BD, C55EAB288A8F2FBDEB50391501786FC84C15F143ECC0BE6B9DA2589585C25ECD ] SiWinAcc        C:\WINDOWS\system32\drivers\SiWinAcc.sys
12:06:16.0078 0x065c  SiWinAcc - ok
12:06:16.0125 0x065c  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:06:16.0125 0x065c  SLIP - ok
12:06:16.0156 0x065c  Sparrow - ok
12:06:16.0203 0x065c  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
12:06:16.0203 0x065c  splitter - ok
12:06:16.0265 0x065c  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
12:06:16.0281 0x065c  Spooler - ok
12:06:16.0343 0x065c  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
12:06:16.0359 0x065c  sr - ok
12:06:16.0421 0x065c  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
12:06:16.0453 0x065c  srservice - ok
12:06:16.0500 0x065c  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
12:06:16.0515 0x065c  Srv - ok
12:06:16.0562 0x065c  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:06:16.0578 0x065c  SSDPSRV - ok
12:06:16.0625 0x065c  [ F843301BDADB2728822C83413EF5F132, C36CB4E972671C9C7FABFEEDD20FD1E239AFAF69AD88586A32B9B2C1FA2A2FDF ] ssmirrdr        C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys
12:06:16.0625 0x065c  ssmirrdr - ok
12:06:16.0687 0x065c  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:06:16.0718 0x065c  stisvc - ok
12:06:16.0750 0x065c  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:06:16.0765 0x065c  streamip - ok
12:06:16.0796 0x065c  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:06:16.0812 0x065c  swenum - ok
12:06:16.0859 0x065c  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:06:16.0875 0x065c  swmidi - ok
12:06:16.0875 0x065c  SwPrv - ok
12:06:16.0890 0x065c  symc810 - ok
12:06:16.0906 0x065c  symc8xx - ok
12:06:16.0921 0x065c  sym_hi - ok
12:06:16.0937 0x065c  sym_u3 - ok
12:06:16.0968 0x065c  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:06:16.0984 0x065c  sysaudio - ok
12:06:17.0046 0x065c  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
12:06:17.0062 0x065c  SysmonLog - ok
12:06:17.0109 0x065c  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:06:17.0140 0x065c  TapiSrv - ok
12:06:17.0218 0x065c  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:06:17.0234 0x065c  Tcpip - ok
12:06:17.0281 0x065c  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:06:17.0281 0x065c  TDPIPE - ok
12:06:17.0296 0x065c  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
12:06:17.0296 0x065c  TDTCP - ok
12:06:17.0343 0x065c  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
12:06:17.0343 0x065c  TermDD - ok
12:06:17.0406 0x065c  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
12:06:17.0437 0x065c  TermService - ok
12:06:17.0484 0x065c  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
12:06:17.0500 0x065c  Themes - ok
12:06:17.0531 0x065c  TosIde - ok
12:06:17.0593 0x065c  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
12:06:17.0609 0x065c  TrkWks - ok
12:06:17.0656 0x065c  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
12:06:17.0656 0x065c  Udfs - ok
12:06:17.0671 0x065c  ultra - ok
12:06:17.0750 0x065c  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
12:06:17.0765 0x065c  Update - ok
12:06:17.0812 0x065c  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:06:17.0812 0x065c  upnphost - ok
12:06:17.0859 0x065c  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
12:06:17.0875 0x065c  UPS - ok
12:06:17.0875 0x065c  USB28xxBGA - ok
12:06:17.0890 0x065c  USB28xxOEM - ok
12:06:17.0937 0x065c  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
12:06:17.0953 0x065c  usbaudio - ok
12:06:18.0031 0x065c  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:06:18.0031 0x065c  usbccgp - ok
12:06:18.0078 0x065c  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:06:18.0093 0x065c  usbehci - ok
12:06:18.0156 0x065c  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:06:18.0156 0x065c  usbhub - ok
12:06:18.0171 0x065c  [ 0DAECCE65366EA32B162F85F07C6753B, 3C33AC2FC95E876933F2016CF0CDA2745491679728684DA8DF95A515CE4804BD ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:06:18.0171 0x065c  usbohci - ok
12:06:18.0250 0x065c  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:06:18.0250 0x065c  usbprint - ok
12:06:18.0281 0x065c  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:06:18.0281 0x065c  usbscan - ok
12:06:18.0343 0x065c  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:06:18.0343 0x065c  USBSTOR - ok
12:06:18.0375 0x065c  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
12:06:18.0375 0x065c  VgaSave - ok
12:06:18.0390 0x065c  ViaIde - ok
12:06:18.0406 0x065c  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
12:06:18.0406 0x065c  VolSnap - ok
12:06:18.0484 0x065c  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
12:06:18.0500 0x065c  VSS - ok
12:06:18.0531 0x065c  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
12:06:18.0546 0x065c  W32Time - ok
12:06:18.0578 0x065c  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:06:18.0593 0x065c  Wanarp - ok
12:06:18.0671 0x065c  [ D918617B46457B9AC28027722E30F647, 407284D3055DC11944D4EE7E4357E7CF9CAF8CA40CA50633AB6FD4A82CB7EEA6 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
12:06:18.0687 0x065c  Wdf01000 - ok
12:06:18.0687 0x065c  WDICA - ok
12:06:18.0734 0x065c  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
12:06:18.0734 0x065c  wdmaud - ok
12:06:18.0781 0x065c  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:06:18.0796 0x065c  WebClient - ok
12:06:18.0875 0x065c  [ BE3A842C2F2E87E7C840D36BCF13E8E0, D3E33A81402A45205FE01470BF326C99A900A0882B3B198D8C77CAD77824937E ] winachsf        C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:06:18.0890 0x065c  winachsf - ok
12:06:19.0031 0x065c  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
12:06:19.0046 0x065c  winmgmt - ok
12:06:19.0156 0x065c  [ 18F347402DA544A780949B8FDF83351B, D1AD972D438A51A4998FEF68670395DAE3353240AD2A17F35794287AF0826FFB ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
12:06:19.0187 0x065c  WinRM - ok
12:06:19.0250 0x065c  [ 051B1BDECD6DEE18C771B5D5EC7F044D, E9D4870C7E4E6119B274CF788D564BE9C48EA63790F5D6A2E987EB6DF7C93200 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
12:06:19.0250 0x065c  WmdmPmSN - ok
12:06:19.0312 0x065c  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:06:19.0312 0x065c  WmiApSrv - ok
12:06:19.0453 0x065c  [ 6BAB4DC65515A098505F8B3D01FB6FE5, 52AA14777920753A8AF76072216A266F5D0036F112F671E7104E1F4C04AE499E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
12:06:19.0468 0x065c  WMPNetworkSvc - ok
12:06:19.0703 0x065c  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:06:19.0734 0x065c  WPFFontCache_v0400 - ok
12:06:19.0828 0x065c  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
12:06:19.0906 0x065c  wscsvc - ok
12:06:19.0937 0x065c  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:06:19.0937 0x065c  WSTCODEC - ok
12:06:19.0953 0x065c  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
12:06:20.0000 0x065c  wuauserv - ok
12:06:20.0078 0x065c  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:06:20.0093 0x065c  WudfPf - ok
12:06:20.0109 0x065c  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:06:20.0125 0x065c  WudfRd - ok
12:06:20.0140 0x065c  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
12:06:20.0171 0x065c  WudfSvc - ok
12:06:20.0265 0x065c  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
12:06:20.0296 0x065c  WZCSVC - ok
12:06:20.0359 0x065c  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
12:06:20.0375 0x065c  xmlprov - ok
12:06:20.0406 0x065c  ================ Scan global ===============================
12:06:20.0437 0x065c  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
12:06:20.0500 0x065c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
12:06:20.0546 0x065c  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
12:06:20.0593 0x065c  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
12:06:20.0609 0x065c  [ Global ] - ok
12:06:20.0609 0x065c  ================ Scan MBR ==================================
12:06:20.0640 0x065c  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
12:06:20.0875 0x065c  \Device\Harddisk0\DR0 - ok
12:06:20.0890 0x065c  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
12:06:21.0343 0x065c  \Device\Harddisk1\DR1 - ok
12:06:21.0343 0x065c  ================ Scan VBR ==================================
12:06:21.0359 0x065c  [ 9370AEADAA6B1CC76BD07976FCA9E8E2 ] \Device\Harddisk0\DR0\Partition1
12:06:21.0406 0x065c  \Device\Harddisk0\DR0\Partition1 - ok
12:06:21.0406 0x065c  [ D42B500F27AD83B0377EA48150096728 ] \Device\Harddisk1\DR1\Partition1
12:06:21.0453 0x065c  \Device\Harddisk1\DR1\Partition1 - ok
12:06:21.0453 0x065c  Waiting for KSN requests completion. In queue: 209
12:06:22.0453 0x065c  Waiting for KSN requests completion. In queue: 209
12:06:23.0453 0x065c  Waiting for KSN requests completion. In queue: 209
12:06:24.0453 0x065c  Waiting for KSN requests completion. In queue: 209
12:06:25.0453 0x065c  Waiting for KSN requests completion. In queue: 209
12:06:26.0453 0x065c  Waiting for KSN requests completion. In queue: 209
12:06:27.0453 0x065c  Waiting for KSN requests completion. In queue: 209
12:06:28.0453 0x065c  Waiting for KSN requests completion. In queue: 209
12:06:29.0453 0x065c  Waiting for KSN requests completion. In queue: 209
12:06:30.0453 0x065c  Waiting for KSN requests completion. In queue: 209
12:06:31.0453 0x065c  Waiting for KSN requests completion. In queue: 209
12:06:32.0453 0x065c  Waiting for KSN requests completion. In queue: 209
12:06:33.0453 0x065c  Waiting for KSN requests completion. In queue: 209
12:06:34.0453 0x065c  Waiting for KSN requests completion. In queue: 209
12:06:35.0453 0x065c  Waiting for KSN requests completion. In queue: 209
12:06:36.0453 0x065c  Waiting for KSN requests completion. In queue: 209
12:06:37.0453 0x065c  Waiting for KSN requests completion. In queue: 209
12:06:38.0453 0x065c  Waiting for KSN requests completion. In queue: 209
12:06:39.0453 0x065c  Waiting for KSN requests completion. In queue: 209
12:06:40.0453 0x065c  Waiting for KSN requests completion. In queue: 209
12:06:41.0453 0x065c  Waiting for KSN requests completion. In queue: 209
12:06:42.0562 0x065c  AV detected via SS1: avast! Antivirus, 5.0.150996962, enabled, updated
12:06:42.0578 0x065c  Win FW state via NFM: enabled
12:06:46.0203 0x065c  ============================================================
12:06:46.0203 0x065c  Scan finished
12:06:46.0203 0x065c  ============================================================
12:06:46.0203 0x0930  Detected object count: 0
12:06:46.0203 0x0930  Actual detected object count: 0
 
****************************************************************************
 
ADWCleaner[S0].txt:
 
****************************************************************************
 
# AdwCleaner v3.208 - Report created 14/05/2014 at 12:16:28
# Updated 11/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Harry - HARRY-064A6BBF7
# Running from : C:\Documents and Settings\Harry\Desktop\Cleanup Utils\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : SecureUpdateSvc
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Secure Speed Dial
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Harry\Application Data\registry mechanic
Folder Deleted : C:\Documents and Settings\Harry\Application Data\Mozilla\Firefox\Profiles\6vxr87z5.default\Extensions\speeddial@instair.net
File Deleted : C:\Documents and Settings\Harry\Application Data\Mozilla\Firefox\Profiles\6vxr87z5.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67FA02C4-AB30-4E77-A640-78EE8EC8673B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48A789BF-F6D6-4930-9C8B-77855A63EDE1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\YahooPartnerToolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v28.0 (en-US)
 
[ File : C:\Documents and Settings\Harry\Application Data\Mozilla\Firefox\Profiles\6vxr87z5.default\prefs.js ]
 
Line Deleted : user_pref("dom.ipc.plugins.enabled.npmywebs.dll", false);
 
-\\ Google Chrome v
 
[ File : C:\Documents and Settings\Harry\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={919B4DB7-7795-45C1-BD9A-6CE169675F42}&mid=389b74a43ddb23ddef146d702ff4cade-0d3f9161106d40a8f23932b39e0268277e37b278&lang=en&ds=AVG&pr=fr&d=2012-09-26 23:06:56&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [3280 octets] - [14/05/2014 11:25:52]
AdwCleaner[R1].txt - [3340 octets] - [14/05/2014 12:10:05]
AdwCleaner[S0].txt - [3735 octets] - [14/05/2014 12:16:28]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3795 octets] ##########
 
******************************************************************
 
Junkware Removal Tool results:
 
 
******************************************************************
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Harry on Wed 05/14/2014 at 12:26:38.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\WINDOWS\Tasks\rmschedule.job
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files\regzooka"
 
 
 
~~~ FireFox
 
Emptied folder: C:\Documents and Settings\Harry\Application Data\mozilla\firefox\profiles\6vxr87z5.default\minidumps [24 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/14/2014 at 12:43:08.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
**********************************************************
 
ESET results:
 
**********************************************************
 
C:\Documents and Settings\Harry\My Documents\Downloads\asc-setup (1).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\Harry\My Documents\Downloads\asc-setup(2).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\Harry\My Documents\Downloads\asc-setup(3).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\Harry\My Documents\Downloads\asc-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\Harry\My Documents\Downloads\Avery Wizard 4.0.0.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted - quarantined
C:\Documents and Settings\Harry\My Documents\Downloads\defragsetup(1).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\Harry\My Documents\Downloads\defragsetup(2).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\Harry\My Documents\Downloads\defragsetup(3).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\Harry\My Documents\Downloads\defragsetup(4).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\Harry\My Documents\Downloads\defragsetup(5).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\Harry\My Documents\Downloads\defragsetup(6).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\Harry\My Documents\Downloads\defragsetup.exe Win32/ELEX.AH potentially unwanted application deleted - quarantined
C:\Documents and Settings\Harry\My Documents\Downloads\imf-setup(1).exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\Harry\My Documents\Downloads\imf-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Documents and Settings\Harry\My Documents\Downloads\mplayer_freely_d2320794.exe a variant of Win32/InstallIQ.A potentially unwanted application deleted - quarantined
C:\Documents and Settings\Harry\My Documents\Downloads\RegZooka.exe probably a variant of Win32/Adware.RegGenie application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.08.2012_16.56.25\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.08.2012_16.56.25\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.08.2012_16.56.25\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.08.2012_16.56.25\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.08.2012_16.56.25\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.PR trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\11.08.2012_16.56.25\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
 
**********************************************************
 
If you need anything else, please let me know. 
 
Thank you again for your assistance!
Phil C.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:10 PM

Posted 14 May 2014 - 07:34 PM

You're welcome Phil !!

In control Panel ...Add/Remove uninstall
Java™ 6 Update 29 (Version: 6.0.290)

Java™ 7 Update 4 (Version: 7.0.40)

JavaFX 2.1.0 (Version: 2.1.0)

Reboot

Now open MBAM, Malarebytes and update it (version 2.0()
Scan the machine post that log please

(Copy to clipboard for pasting into forum replies)
◾After the restart once you are back at your desktop, open MBAM once more.
◾Click on the History tab > Application Logs.
◾Double click on the scan log which shows the Date and time of the scan just performed.
◾Click 'Copy to Clipboard'
◾Paste the contents of the clipboard into your reply.
 
 
There were a couple rootkits removed that steal passwords and financial info. If banking is done on here call the bank and advise them to watch your accounts.
You need to change passwords regardless.
 
 
 
Lets go a bit further for rootkits.
Download RogueKiller from one of the following links and save it to your desktop:
  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", click the Delete button.
    • Copy and paste the report that opens into your next reply.
      • The log can also be found on your desktop labeled (RKreport[X]_D_xxdatexx_xtimex)
      • The highest number of [X], is the most recent Delete
Looks really good now tho'
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 dslartoo

dslartoo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 14 May 2014 - 10:11 PM

Hi boopme,

 

Again thanks very much for your assistance. Already seeing a noticeable speed increase (not surprising, with all the crap that's been removed already). 

 

Here are the results of the updated MBAM and RogueKiller scans:

 

Malwarebytes logfile:
 
 
***************************************************
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/14/2014
Scan Time: 10:29:36 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.05.14.11
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Harry
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 280593
Time Elapsed: 1 hr, 1 min, 57 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
************************************
 
RogueKiller logfile:
 
************************************
 
RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Harry [Admin rights]
Mode : Remove -- Date : 05/14/2014 23:06:02
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3160811AS +++++
--- User ---
[MBR] 57ca54e0d65dcded1453cbba5fd80542
[BSP] b25fc70a5a97ce17ab8da90df82816c4 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE)  +++++
--- User ---
[MBR] 084492ad5aa4a93b444b8c816c9e73cb
[BSP] 098668b892a3f57faf6c39d26ab3ad5d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 MB
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_05142014_230602.txt >>
RKreport[0]_S_05142014_225124.txt
 
 
 
****************************************
 
I shall await further instructions.  Again, thanks very much indeed for your help.   Let me know if you need me to do anything else. 
 
Phil C. 


#6 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:10:10 PM

Posted 14 May 2014 - 11:37 PM

I noticed this in your MiniToolBox installed programs

ComcastUsageMeter (Version: 1.5)

 

Is this something he uses? It can be uninstalled as it is not needed to monitor usage.

 

The same information can be found online.

 

It's in My Account/My Services/Xfinity Internet. (sign in as the primary Comcast user account (email address) holder.

Scroll down the page. Usage is under Internet Equipment.

 

It may or may not make any difference to the speed of the computer but it's worth a try. In any event, it really is an unnecessary program since the information is online.

 

If he does uninstall and later decides he wants it back it can be downloaded and reinstalled.

 

If he does want to uninstall it I suggest he first look at the usage online. There have been reports that the information is missing for some people and if he monitors usage make sure it's available in My Account.



#7 dslartoo

dslartoo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 15 May 2014 - 05:16 PM

Queen-Evie,

 

Thanks for the comment.  I've already removed the Usage Meter from startup under services through Msconfig AND deleted it from the Startup folder in his Windows start menu.  The program no longer runs automatically anymore and I've already suggested to him that he remove it completely.  He said it was mostly useless anyway. 

 

Thanks again,

 

Phil C.



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:10 PM

Posted 16 May 2014 - 12:59 PM

So, running well now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 dslartoo

dslartoo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 16 May 2014 - 02:02 PM

Hi boopme,

 

It's definitely doing much better than it was before.  I wondered if you had any other further instructions after the most recently posted set of logs.  All the crap still in his hosts file does make me wonder if there's anything else that needs to be gotten rid of  (I plan to remove that stuff from the file just in case). 

 

If you think everything else looks good, I bow to superior experience!   Again, thanks very much for your assistance and the spare time you took.

 

Regards,

Phil C. 



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:10 PM

Posted 16 May 2014 - 03:16 PM

All that crap is from SpyBot in the hosts file.

Either live with it or Uninstall SpyBot and reboot(I would) and keep updating Free MBAM or buy the license. MBAm is a far better tool. The free version should be Updated and run weekly.


Now...Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can re-infect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup
  • to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links:
  • Create a New Restore Point in Vista
  • Create a New Restore Point in Windows 7 (alternate method)
  • Disk Cleanup in Vista
  • Disk Cleanup in Windows 7
  • ◾Reboot and see how it is.
EDIT... Also check to see if it needs to be Defragmented.

Edited by boopme, 16 May 2014 - 03:20 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 dslartoo

dslartoo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 16 May 2014 - 04:17 PM

Good points.  I installed Spybot for him as a failsafe, but he doesn't use it regularly anyway (there were about two pages' worth of updates to it when I first opened it to begin the hunts).  I've removed it and also set a scheduled task for Malwarebytes to run weekly as well, since I can't trust him to run it regularly on his own.  :)

 

Created a final clean restore point for him and have deleted the rest.  I imagine this will take care of him for quite a while.  Now to have words with him about buying the premium version of MBAM so it will stay resident and he doesn't have to depend on the scheduled task.  And to have the conversation again about not opening files you don't recognize, no matter their source, and not installing fifty toolbars, no matter what they come bundled with, and so on.

 

Thanks again, very much, for all your help. If you're ever in the Austin area, look me up and I'll buy you a drink.  :)   Got a Paypal address for donations?

 

Phil C.



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:10 PM

Posted 16 May 2014 - 07:15 PM

You're welcome Phil.. Now I have to go to Houston, San Antonio and Austin... LOL

Thanks for the offer... I do not accept donations nor does BC.. But I will recommend, if you'd like to contribute to something that would be very much appreciated..
Make a donation to some people here that would appreciate it. They help or developed some of the tools we use here to clean computers or are ajust hard workers.

Click on a name below, say JSntgRvr, Now scroll down their post and you will see a PayPal link.

I am still adding to this list.

farbar
fireman4it
JSntgRvr
m0le
myrti
sempai
Thunder
SweetTech
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users