Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help, please!!Computer goes slow and freezes on and off constantly


  • This topic is locked This topic is locked
21 replies to this topic

#1 kittysfriend

kittysfriend

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:minnesota
  • Local time:06:06 PM

Posted 07 May 2012 - 08:40 PM

we ran: Security check, superantispyware, malwarebytes, GMER as well.Please help! Computer started to run very slowly, constantly freezes for few minutes then runs a little better but after 5 or 10 min freezes again and continue this cycle ovre and overand sometimes the webpages close unexpectedly.It didn't improved much after running the programs stated above.Here are the logs that were produced:


Attach.txt file.zip (1.68K)
Number of downloads: 0 I did a DDS scan and a GMER scan. here are the logs, below:

DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Mike Flaherty at 10:51:43 on 2012-05-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.141 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Freecorder\FLVSrvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\HP Photo Creations\MessageCheck.exe
C:\Users\Mike Flaherty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRQITFIU\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Facetheme: {27a220b7-bb43-4faf-b27b-f803d18eea28} - C:\Program Files (x86)\Object\bho_project.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Toolbar BHO: {c6549209-1ff1-4a5c-a815-981f64f34b19} - C:\PROGRA~2\VIDEOS~2\bar\1.bin\1ebar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: VideoScavenger: {acf7da4c-eeb2-484a-a3a1-303d4054d50c} - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {D4F1C433-F9C3-49F2-8645-37DBECA19E90} - No File
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube Download - C:\Users\Mike Flaherty\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: pandora.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{896487C6-66F0-4A66-88D6-8886E11C62A7} : DhcpNameServer = 192.168.1.1
BHO-X64: Facetheme: {27a220b7-bb43-4faf-b27b-f803d18eea28} - C:\Program Files (x86)\Object\bho_project.dll
BHO-X64: BHO Project - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Toolbar BHO: {c6549209-1ff1-4a5c-a815-981f64f34b19} - C:\PROGRA~2\VIDEOS~2\bar\1.bin\1ebar.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: VideoScavenger: {acf7da4c-eeb2-484a-a3a1-303d4054d50c} - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebar.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {D4F1C433-F9C3-49F2-8645-37DBECA19E90} - No File
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-05-01 21:58:17 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-01 21:58:17 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-21 12:48:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-06 23:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-15 16:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 16:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-15 12:09:40 1576448 ----a-w- C:\Windows\System32\VSFilter.dll
2012-02-15 12:08:52 1288192 ----a-w- C:\Windows\SysWow64\VSFilter.dll
2012-02-13 22:26:46 4207616 ----a-w- C:\Windows\System32\ffdshow.ax
2012-02-13 22:26:30 3350528 ----a-w- C:\Windows\SysWow64\ffdshow.ax
2012-02-13 22:26:08 4491776 ----a-w- C:\Windows\System32\ffmpeg.dll
2012-02-13 22:24:56 4407808 ----a-w- C:\Windows\SysWow64\ffmpeg.dll
2012-02-12 14:21:02 553984 ----a-w- C:\Windows\System32\LAVSplitter.ax
2012-02-12 14:21:00 717312 ----a-w- C:\Windows\System32\LAVVideo.ax
2012-02-12 14:20:56 246272 ----a-w- C:\Windows\System32\LAVAudio.ax
2012-02-12 14:20:54 202240 ----a-w- C:\Windows\System32\libbluray.dll
2012-02-12 14:20:46 461824 ----a-w- C:\Windows\SysWow64\LAVSplitter.ax
2012-02-12 14:20:42 562176 ----a-w- C:\Windows\SysWow64\LAVVideo.ax
2012-02-12 14:20:38 215040 ----a-w- C:\Windows\SysWow64\LAVAudio.ax
2012-02-12 14:20:36 172032 ----a-w- C:\Windows\SysWow64\libbluray.dll
2012-02-12 12:35:38 6600253 ----a-w- C:\Windows\System32\avcodec-lav-53.dll
2012-02-12 12:35:38 386864 ----a-w- C:\Windows\System32\swscale-lav-2.dll
2012-02-12 12:35:38 209331 ----a-w- C:\Windows\System32\avutil-lav-51.dll
2012-02-12 12:35:38 126340 ----a-w- C:\Windows\System32\avfilter-lav-2.dll
2012-02-12 12:35:38 1023331 ----a-w- C:\Windows\System32\avformat-lav-53.dll
2012-02-12 12:33:30 360729 ----a-w- C:\Windows\SysWow64\swscale-lav-2.dll
2012-02-12 12:33:30 203818 ----a-w- C:\Windows\SysWow64\avutil-lav-51.dll
2012-02-12 12:33:30 1143059 ----a-w- C:\Windows\SysWow64\avformat-lav-53.dll
2012-02-12 12:33:28 6414616 ----a-w- C:\Windows\SysWow64\avcodec-lav-53.dll
2012-02-12 12:33:28 138774 ----a-w- C:\Windows\SysWow64\avfilter-lav-2.dll
2012-02-12 12:17:06 181760 ----a-w- C:\Windows\System32\IntelQuickSyncDecoder.dll
2012-02-12 12:16:48 147456 ----a-w- C:\Windows\SysWow64\IntelQuickSyncDecoder.dll
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-08 22:55:46 474624 ----a-w- C:\Windows\System32\ff_kernelDeint.dll
2012-02-08 22:55:30 92160 ----a-w- C:\Windows\System32\ff_vfw.dll
2012-02-08 22:54:58 631296 ----a-w- C:\Windows\System32\TomsMoComp_ff.dll
2012-02-08 22:54:28 183808 ----a-w- C:\Windows\System32\ff_unrar.dll
2012-02-08 22:54:28 114688 ----a-w- C:\Windows\System32\ff_wmv9.dll
2012-02-08 22:54:26 359424 ----a-w- C:\Windows\System32\ff_libfaad2.dll
2012-02-08 22:54:26 156672 ----a-w- C:\Windows\System32\ff_libmad.dll
2012-02-08 22:54:24 1532928 ----a-w- C:\Windows\System32\ff_samplerate.dll
2012-02-08 22:54:24 116224 ----a-w- C:\Windows\System32\ff_liba52.dll
2012-02-08 22:54:22 222720 ----a-w- C:\Windows\System32\ff_libdts.dll
2012-02-08 22:54:20 190464 ----a-w- C:\Windows\System32\libmpeg2_ff.dll
2012-02-08 22:53:06 79360 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-02-08 22:52:02 260608 ----a-w- C:\Windows\SysWow64\TomsMoComp_ff.dll
2012-02-08 22:51:54 99840 ----a-w- C:\Windows\SysWow64\ff_wmv9.dll
2012-02-08 22:51:54 158720 ----a-w- C:\Windows\SysWow64\ff_unrar.dll
2012-02-08 22:51:52 1525248 ----a-w- C:\Windows\SysWow64\ff_samplerate.dll
2012-02-08 22:51:52 146944 ----a-w- C:\Windows\SysWow64\ff_libmad.dll
2012-02-08 22:51:50 212480 ----a-w- C:\Windows\SysWow64\ff_libdts.dll
2012-02-08 22:51:50 115200 ----a-w- C:\Windows\SysWow64\ff_liba52.dll
2012-02-08 22:51:48 328704 ----a-w- C:\Windows\SysWow64\ff_libfaad2.dll
2012-02-08 22:51:48 137728 ----a-w- C:\Windows\SysWow64\libmpeg2_ff.dll

Attach.txt is attached Attach.txt file.zip (1.68K)
Number of downloads: 0



GMER Log is attached ark.txt (3.73K)
Number of downloads: 1

Can anyone help me? more advice is happily welcome

Thanks!

BC AdBot (Login to Remove)

 


m

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 08 May 2012 - 11:41 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kittysfriend

kittysfriend
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:minnesota
  • Local time:06:06 PM

Posted 08 May 2012 - 01:07 PM

Thank You for replying ! Here is the security check log... meanwhile i will be working on the next step.



Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.6
Spybot - Search & Destroy
Java™ 6 Update 22
Java™ 6 Update 31
Java version out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 08 May 2012 - 01:07 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kittysfriend

kittysfriend
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:minnesota
  • Local time:06:06 PM

Posted 08 May 2012 - 07:44 PM

Log from ComboFix:

ComboFix 12-05-08.02 - Mike Flaherty 05/08/2012 14:09:37.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.2152 [GMT -5:00]
Running from: c:\users\Mike Flaherty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Object
c:\program files (x86)\Object\bho_project.dll
c:\program files (x86)\Object\chromeaddon\._included.js
c:\program files (x86)\Object\chromeaddon\included.js
c:\program files (x86)\Object\config.ini
c:\program files (x86)\Object\facetheme-apl_uninstall.exe
C:\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))
.
.
2012-05-08 19:29 . 2012-05-08 19:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-08 18:06 . 2012-05-08 18:06 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB75AEEB-227E-4BCE-95B0-1E0A53C6A1AE}\offreg.dll
2012-05-08 16:13 . 2012-04-18 08:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB75AEEB-227E-4BCE-95B0-1E0A53C6A1AE}\mpengine.dll
2012-05-08 02:03 . 2012-05-08 02:03 -------- d-----w- c:\users\Mike Flaherty\AppData\Roaming\U3
2012-05-03 19:36 . 2012-05-03 19:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-03 19:36 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-03 17:10 . 2012-05-03 17:10 -------- d-----w- c:\users\Mike Flaherty\AppData\Roaming\SUPERAntiSpyware.com
2012-05-03 17:08 . 2012-05-03 17:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-03 17:08 . 2012-05-03 17:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-02 19:01 . 2012-05-03 19:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-02 19:01 . 2012-05-02 19:20 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-02 18:52 . 2012-05-02 18:52 -------- d-----w- c:\program files (x86)\Yontoo
2012-05-02 18:52 . 2012-05-02 18:52 -------- d-----w- c:\programdata\Tarma Installer
2012-05-02 17:46 . 2010-01-10 23:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2012-05-02 17:46 . 2012-05-02 17:46 -------- d-----w- c:\program files (x86)\SpywareBlaster
2012-05-01 21:58 . 2012-05-01 21:58 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-30 00:24 . 2012-04-30 00:24 -------- d-----w- c:\users\Mcx1-MIKEFLAHERTY-HP
2012-04-29 23:20 . 2012-05-01 20:55 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-04-19 02:41 . 2012-04-26 17:16 -------- d-----w- c:\users\Mike Flaherty\Tracing
2012-04-11 23:23 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 23:23 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 23:23 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 23:22 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 23:22 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 23:22 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 23:22 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 23:22 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 23:22 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 23:22 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 15:07 . 2012-04-11 20:09 -------- d-----w- c:\users\Mike Flaherty\AppData\Roaming\DVDVideoSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-01 21:58 . 2011-11-10 12:24 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 12:48 . 2012-01-09 02:27 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-06 23:15 . 2011-11-10 04:27 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-11-10 04:27 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-11-10 04:27 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-11-10 04:27 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-11-10 04:27 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-04-05 20:05 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2011-11-10 04:27 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-11-10 04:27 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-11-10 04:27 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 15:18 . 2011-11-10 05:04 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 11:47 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 11:47 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 11:47 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 11:47 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 12:09 . 2012-02-15 12:09 1576448 ----a-w- c:\windows\system32\VSFilter.dll
2012-02-15 12:08 . 2012-02-15 12:08 1288192 ----a-w- c:\windows\SysWow64\VSFilter.dll
2012-02-13 22:26 . 2012-02-13 22:26 4207616 ----a-w- c:\windows\system32\ffdshow.ax
2012-02-13 22:26 . 2012-02-13 22:26 3350528 ----a-w- c:\windows\SysWow64\ffdshow.ax
2012-02-13 22:26 . 2012-02-13 22:26 4491776 ----a-w- c:\windows\system32\ffmpeg.dll
2012-02-13 22:24 . 2012-02-13 22:24 4407808 ----a-w- c:\windows\SysWow64\ffmpeg.dll
2012-02-12 14:21 . 2012-02-12 14:21 553984 ----a-w- c:\windows\system32\LAVSplitter.ax
2012-02-12 14:21 . 2012-02-12 14:21 717312 ----a-w- c:\windows\system32\LAVVideo.ax
2012-02-12 14:20 . 2012-02-12 14:20 246272 ----a-w- c:\windows\system32\LAVAudio.ax
2012-02-12 14:20 . 2012-02-12 14:20 202240 ----a-w- c:\windows\system32\libbluray.dll
2012-02-12 14:20 . 2012-02-12 14:20 461824 ----a-w- c:\windows\SysWow64\LAVSplitter.ax
2012-02-12 14:20 . 2012-02-12 14:20 562176 ----a-w- c:\windows\SysWow64\LAVVideo.ax
2012-02-12 14:20 . 2012-02-12 14:20 215040 ----a-w- c:\windows\SysWow64\LAVAudio.ax
2012-02-12 14:20 . 2012-02-12 14:20 172032 ----a-w- c:\windows\SysWow64\libbluray.dll
2012-02-12 12:35 . 2012-02-12 12:35 6600253 ----a-w- c:\windows\system32\avcodec-lav-53.dll
2012-02-12 12:35 . 2012-02-12 12:35 386864 ----a-w- c:\windows\system32\swscale-lav-2.dll
2012-02-12 12:35 . 2012-02-12 12:35 209331 ----a-w- c:\windows\system32\avutil-lav-51.dll
2012-02-12 12:35 . 2012-02-12 12:35 126340 ----a-w- c:\windows\system32\avfilter-lav-2.dll
2012-02-12 12:35 . 2012-02-12 12:35 1023331 ----a-w- c:\windows\system32\avformat-lav-53.dll
2012-02-12 12:33 . 2012-02-12 12:33 360729 ----a-w- c:\windows\SysWow64\swscale-lav-2.dll
2012-02-12 12:33 . 2012-02-12 12:33 203818 ----a-w- c:\windows\SysWow64\avutil-lav-51.dll
2012-02-12 12:33 . 2012-02-12 12:33 1143059 ----a-w- c:\windows\SysWow64\avformat-lav-53.dll
2012-02-12 12:33 . 2012-02-12 12:33 6414616 ----a-w- c:\windows\SysWow64\avcodec-lav-53.dll
2012-02-12 12:33 . 2012-02-12 12:33 138774 ----a-w- c:\windows\SysWow64\avfilter-lav-2.dll
2012-02-12 12:17 . 2012-02-12 12:17 181760 ----a-w- c:\windows\system32\IntelQuickSyncDecoder.dll
2012-02-12 12:16 . 2012-02-12 12:16 147456 ----a-w- c:\windows\SysWow64\IntelQuickSyncDecoder.dll
2012-02-10 06:36 . 2012-03-14 11:54 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 11:54 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-08 22:55 . 2012-02-08 22:55 474624 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2012-02-08 22:55 . 2012-02-08 22:55 92160 ----a-w- c:\windows\system32\ff_vfw.dll
2012-02-08 22:54 . 2012-02-08 22:54 631296 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2012-02-08 22:54 . 2012-02-08 22:54 183808 ----a-w- c:\windows\system32\ff_unrar.dll
2012-02-08 22:54 . 2012-02-08 22:54 114688 ----a-w- c:\windows\system32\ff_wmv9.dll
2012-02-08 22:54 . 2012-02-08 22:54 359424 ----a-w- c:\windows\system32\ff_libfaad2.dll
2012-02-08 22:54 . 2012-02-08 22:54 156672 ----a-w- c:\windows\system32\ff_libmad.dll
2012-02-08 22:54 . 2012-02-08 22:54 1532928 ----a-w- c:\windows\system32\ff_samplerate.dll
2012-02-08 22:54 . 2012-02-08 22:54 116224 ----a-w- c:\windows\system32\ff_liba52.dll
2012-02-08 22:54 . 2012-02-08 22:54 222720 ----a-w- c:\windows\system32\ff_libdts.dll
2012-02-08 22:54 . 2012-02-08 22:54 190464 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2012-02-08 22:53 . 2012-02-08 22:53 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-02-08 22:52 . 2012-02-08 22:52 260608 ----a-w- c:\windows\SysWow64\TomsMoComp_ff.dll
2012-02-08 22:51 . 2012-02-08 22:51 99840 ----a-w- c:\windows\SysWow64\ff_wmv9.dll
2012-02-08 22:51 . 2012-02-08 22:51 158720 ----a-w- c:\windows\SysWow64\ff_unrar.dll
2012-02-08 22:51 . 2012-02-08 22:51 1525248 ----a-w- c:\windows\SysWow64\ff_samplerate.dll
2012-02-08 22:51 . 2012-02-08 22:51 146944 ----a-w- c:\windows\SysWow64\ff_libmad.dll
2012-02-08 22:51 . 2012-02-08 22:51 212480 ----a-w- c:\windows\SysWow64\ff_libdts.dll
2012-02-08 22:51 . 2012-02-08 22:51 115200 ----a-w- c:\windows\SysWow64\ff_liba52.dll
2012-02-08 22:51 . 2012-02-08 22:51 328704 ----a-w- c:\windows\SysWow64\ff_libfaad2.dll
2012-02-08 22:51 . 2012-02-08 22:51 137728 ----a-w- c:\windows\SysWow64\libmpeg2_ff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-03 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2011-11-10 4545024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 VideoScavenger_1eService;VideoScavengerService;c:\progra~2\VIDEOS~2\bar\1.bin\1ebarsvc.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 253088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 136176]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2010-03-23 960992]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2010-08-04 266240]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 21:58]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 21:56]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 21:56]
.
2012-05-08 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-12-22 17:24]
.
2012-05-08 c:\windows\Tasks\HPCeeScheduleForMike Flaherty.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-05-01 c:\windows\Tasks\HPCeeScheduleForMIKEFLAHERTY-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-05-08 c:\windows\Tasks\WpsUpdateTask_Mike Flaherty.job
- c:\program files (x86)\Kingsoft\Kingsoft Presentation\office6\wpsupdate.exe [2011-11-03 16:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Mike Flaherty\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
Trusted Zone: pandora.com\www
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{d4f1c433-f9c3-49f2-8645-37dbeca19e90} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-jswtrayutil - c:\program files (x86)\NETGEAR\WNA1100\jswtrayutil.exe
Toolbar-10 - (no file)
WebBrowser-{D4F1C433-F9C3-49F2-8645-37DBECA19E90} - (no file)
AddRemove-facetheme-apl - c:\program files (x86)\Object\facetheme-apl_uninstall.exe
AddRemove-ffdshow_is1 - c:\program files (x86)\Media Convert Master\codec\ffdshow\unins000.exe
AddRemove-QuicktimeAlt_is1 - c:\program files (x86)\Media Convert Master\codec\quicktime\unins000.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{ACF7DA4C-EEB2-484A-A3A1-303D4054D50C}"=hex:51,66,7a,6c,4c,1d,38,12,22,d9,e4,
a8,80,a0,24,0d,dc,b7,73,7d,45,0a,91,18
"{27A220B7-BB43-4FAF-B27B-F803D18EEA28}"=hex:51,66,7a,6c,4c,1d,38,12,d9,23,b1,
23,71,f5,c1,0a,cd,6d,bb,43,d4,d0,ae,3c
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
"{C6549209-1FF1-4A5C-A815-981F64F34B19}"=hex:51,66,7a,6c,4c,1d,38,12,67,91,47,
c2,c3,51,32,0f,d7,03,db,5f,61,ad,0f,0d
"{D047FE10-DFE2-45CF-9FBF-966B9E64920F}"=hex:51,66,7a,6c,4c,1d,38,12,7e,fd,54,
d4,d0,91,a1,00,e0,a9,d5,2b,9b,3a,d6,1b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:90,a0,d2,6b,9e,28,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-05-08 14:55:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-08 19:55
.
Pre-Run: 412,580,556,800 bytes free
Post-Run: 412,408,475,648 bytes free
.
- - End Of File - - 4B7C5FE940D09E20487E79B784B6121E

At first computer seemed to be running a lot better but after a while it went back to its old pattern of being slow and freezing up. What do you think is going on? Thanks I'll be waiting for your response and thanks again for your time.!

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 08 May 2012 - 08:06 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 kittysfriend

kittysfriend
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:minnesota
  • Local time:06:06 PM

Posted 09 May 2012 - 12:21 PM

Ran TDSSKiller...
11:47:35.0359 17668 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
11:47:37.0403 17668 ============================================================
11:47:37.0403 17668 Current date / time: 2012/05/09 11:47:37.0403
11:47:37.0403 17668 SystemInfo:
11:47:37.0403 17668
11:47:37.0403 17668 OS Version: 6.1.7601 ServicePack: 1.0
11:47:37.0403 17668 Product type: Workstation
11:47:37.0403 17668 ComputerName: MIKEFLAHERTY-HP
11:47:37.0403 17668 UserName: Mike Flaherty
11:47:37.0403 17668 Windows directory: C:\Windows
11:47:37.0403 17668 System windows directory: C:\Windows
11:47:37.0403 17668 Running under WOW64
11:47:37.0403 17668 Processor architecture: Intel x64
11:47:37.0403 17668 Number of processors: 2
11:47:37.0403 17668 Page size: 0x1000
11:47:37.0403 17668 Boot type: Normal boot
11:47:37.0403 17668 ============================================================
11:47:41.0521 17668 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:47:41.0771 17668 ============================================================
11:47:41.0771 17668 \Device\Harddisk0\DR0:
11:47:41.0802 17668 MBR partitions:
11:47:41.0802 17668 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:47:41.0802 17668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x388AF000
11:47:41.0802 17668 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x388E1800, BlocksNum 0x1AA4000
11:47:41.0802 17668 ============================================================
11:47:41.0974 17668 C: <-> \Device\Harddisk0\DR0\Partition1
11:47:42.0083 17668 D: <-> \Device\Harddisk0\DR0\Partition2
11:47:42.0317 17668 ============================================================
11:47:42.0317 17668 Initialize success
11:47:42.0317 17668 ============================================================
11:48:08.0072 17000 ============================================================
11:48:08.0104 17000 Scan started
11:48:08.0104 17000 Mode: Manual;
11:48:08.0104 17000 ============================================================
11:48:19.0726 17000 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
11:48:19.0726 17000 !SASCORE - ok
11:48:20.0178 17000 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:48:20.0194 17000 1394ohci - ok
11:48:20.0240 17000 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:48:20.0240 17000 ACPI - ok
11:48:20.0272 17000 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:48:20.0272 17000 AcpiPmi - ok
11:48:20.0428 17000 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:48:20.0428 17000 AdobeFlashPlayerUpdateSvc - ok
11:48:20.0646 17000 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:48:20.0677 17000 adp94xx - ok
11:48:20.0708 17000 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:48:20.0724 17000 adpahci - ok
11:48:20.0740 17000 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:48:20.0740 17000 adpu320 - ok
11:48:20.0771 17000 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:48:20.0771 17000 AeLookupSvc - ok
11:48:20.0818 17000 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:48:20.0833 17000 AFD - ok
11:48:20.0880 17000 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:48:20.0880 17000 agp440 - ok
11:48:20.0896 17000 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:48:20.0896 17000 ALG - ok
11:48:20.0927 17000 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:48:20.0927 17000 aliide - ok
11:48:20.0942 17000 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:48:20.0942 17000 amdide - ok
11:48:21.0036 17000 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:48:21.0036 17000 AmdK8 - ok
11:48:21.0067 17000 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:48:21.0067 17000 AmdPPM - ok
11:48:21.0098 17000 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:48:21.0114 17000 amdsata - ok
11:48:21.0317 17000 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:48:21.0317 17000 amdsbs - ok
11:48:21.0332 17000 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:48:21.0332 17000 amdxata - ok
11:48:21.0395 17000 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:48:21.0395 17000 AppID - ok
11:48:21.0410 17000 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:48:21.0410 17000 AppIDSvc - ok
11:48:21.0613 17000 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:48:21.0613 17000 Appinfo - ok
11:48:21.0863 17000 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:48:21.0894 17000 Apple Mobile Device - ok
11:48:21.0941 17000 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:48:21.0941 17000 arc - ok
11:48:21.0956 17000 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:48:21.0956 17000 arcsas - ok
11:48:21.0988 17000 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
11:48:22.0003 17000 aswFsBlk - ok
11:48:22.0034 17000 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
11:48:22.0034 17000 aswMonFlt - ok
11:48:22.0081 17000 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
11:48:22.0081 17000 aswRdr - ok
11:48:22.0144 17000 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
11:48:22.0144 17000 aswSnx - ok
11:48:22.0268 17000 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
11:48:22.0268 17000 aswSP - ok
11:48:22.0284 17000 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
11:48:22.0284 17000 aswTdi - ok
11:48:22.0346 17000 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:48:22.0346 17000 AsyncMac - ok
11:48:22.0409 17000 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:48:22.0409 17000 atapi - ok
11:48:22.0674 17000 athur (c24a645aedbdf5fa0a23f7581c6f9c63) C:\Windows\system32\DRIVERS\athurx.sys
11:48:22.0690 17000 athur - ok
11:48:22.0877 17000 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:48:22.0892 17000 AudioEndpointBuilder - ok
11:48:22.0892 17000 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:48:22.0908 17000 AudioSrv - ok
11:48:23.0048 17000 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:48:23.0048 17000 avast! Antivirus - ok
11:48:23.0189 17000 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:48:23.0220 17000 AxInstSV - ok
11:48:23.0392 17000 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:48:23.0407 17000 b06bdrv - ok
11:48:23.0563 17000 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:48:23.0563 17000 b57nd60a - ok
11:48:23.0610 17000 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:48:23.0626 17000 BDESVC - ok
11:48:23.0641 17000 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:48:23.0641 17000 Beep - ok
11:48:23.0719 17000 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:48:23.0719 17000 BFE - ok
11:48:23.0797 17000 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
11:48:23.0844 17000 BITS - ok
11:48:24.0000 17000 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:48:24.0016 17000 blbdrive - ok
11:48:24.0078 17000 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:48:24.0078 17000 bowser - ok
11:48:24.0109 17000 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:48:24.0109 17000 BrFiltLo - ok
11:48:24.0140 17000 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:48:24.0140 17000 BrFiltUp - ok
11:48:24.0172 17000 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:48:24.0172 17000 BridgeMP - ok
11:48:24.0203 17000 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:48:24.0203 17000 Browser - ok
11:48:24.0234 17000 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:48:24.0234 17000 Brserid - ok
11:48:24.0250 17000 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:48:24.0250 17000 BrSerWdm - ok
11:48:24.0250 17000 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:48:24.0250 17000 BrUsbMdm - ok
11:48:24.0265 17000 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:48:24.0281 17000 BrUsbSer - ok
11:48:24.0296 17000 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:48:24.0296 17000 BTHMODEM - ok
11:48:24.0328 17000 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:48:24.0328 17000 bthserv - ok
11:48:24.0343 17000 catchme - ok
11:48:24.0359 17000 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:48:24.0359 17000 cdfs - ok
11:48:24.0468 17000 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:48:24.0468 17000 cdrom - ok
11:48:24.0624 17000 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:48:24.0640 17000 CertPropSvc - ok
11:48:24.0655 17000 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:48:24.0655 17000 circlass - ok
11:48:24.0686 17000 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:48:24.0686 17000 CLFS - ok
11:48:24.0796 17000 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:48:24.0811 17000 clr_optimization_v2.0.50727_32 - ok
11:48:24.0858 17000 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:48:24.0874 17000 clr_optimization_v2.0.50727_64 - ok
11:48:25.0014 17000 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:48:25.0045 17000 clr_optimization_v4.0.30319_32 - ok
11:48:25.0076 17000 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:48:25.0076 17000 clr_optimization_v4.0.30319_64 - ok
11:48:25.0108 17000 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:48:25.0108 17000 CmBatt - ok
11:48:25.0139 17000 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:48:25.0139 17000 cmdide - ok
11:48:25.0170 17000 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:48:25.0170 17000 CNG - ok
11:48:25.0201 17000 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:48:25.0201 17000 Compbatt - ok
11:48:25.0232 17000 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:48:25.0248 17000 CompositeBus - ok
11:48:25.0248 17000 COMSysApp - ok
11:48:25.0264 17000 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:48:25.0264 17000 crcdisk - ok
11:48:25.0295 17000 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:48:25.0310 17000 CryptSvc - ok
11:48:25.0763 17000 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:48:25.0778 17000 cvhsvc - ok
11:48:25.0825 17000 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:48:25.0825 17000 DcomLaunch - ok
11:48:25.0888 17000 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:48:25.0903 17000 defragsvc - ok
11:48:26.0137 17000 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:48:26.0137 17000 DfsC - ok
11:48:26.0512 17000 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:48:26.0512 17000 Dhcp - ok
11:48:26.0558 17000 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:48:26.0558 17000 discache - ok
11:48:26.0605 17000 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:48:26.0605 17000 Disk - ok
11:48:26.0636 17000 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:48:26.0636 17000 Dnscache - ok
11:48:26.0714 17000 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:48:26.0730 17000 dot3svc - ok
11:48:26.0746 17000 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:48:26.0761 17000 DPS - ok
11:48:26.0777 17000 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:48:26.0792 17000 drmkaud - ok
11:48:26.0886 17000 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:48:26.0902 17000 DXGKrnl - ok
11:48:26.0933 17000 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:48:26.0933 17000 EapHost - ok
11:48:27.0276 17000 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:48:27.0307 17000 ebdrv - ok
11:48:27.0728 17000 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:48:27.0728 17000 EFS - ok
11:48:27.0916 17000 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:48:27.0931 17000 ehRecvr - ok
11:48:27.0947 17000 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:48:27.0962 17000 ehSched - ok
11:48:28.0103 17000 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:48:28.0103 17000 elxstor - ok
11:48:28.0134 17000 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:48:28.0134 17000 ErrDev - ok
11:48:28.0228 17000 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:48:28.0243 17000 EventSystem - ok
11:48:28.0259 17000 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:48:28.0259 17000 exfat - ok
11:48:28.0306 17000 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:48:28.0306 17000 fastfat - ok
11:48:28.0384 17000 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:48:28.0384 17000 Fax - ok
11:48:28.0415 17000 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:48:28.0415 17000 fdc - ok
11:48:28.0477 17000 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:48:28.0477 17000 fdPHost - ok
11:48:28.0493 17000 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:48:28.0493 17000 FDResPub - ok
11:48:28.0508 17000 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:48:28.0508 17000 FileInfo - ok
11:48:28.0540 17000 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:48:28.0540 17000 Filetrace - ok
11:48:28.0555 17000 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:48:28.0555 17000 flpydisk - ok
11:48:28.0586 17000 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:48:28.0602 17000 FltMgr - ok
11:48:28.0867 17000 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:48:28.0898 17000 FontCache - ok
11:48:29.0179 17000 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:48:29.0210 17000 FontCache3.0.0.0 - ok
11:48:29.0460 17000 ForceWare Intelligent Application Manager (IAM) (b60df5324d7ea0c8017f4c5331962d59) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
11:48:29.0507 17000 ForceWare Intelligent Application Manager (IAM) - ok
11:48:29.0616 17000 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:48:29.0616 17000 FsDepends - ok
11:48:29.0663 17000 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:48:29.0678 17000 Fs_Rec - ok
11:48:29.0741 17000 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:48:29.0741 17000 fvevol - ok
11:48:29.0772 17000 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:48:29.0772 17000 gagp30kx - ok
11:48:29.0850 17000 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:48:29.0866 17000 gpsvc - ok
11:48:30.0443 17000 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:48:30.0443 17000 gupdate - ok
11:48:30.0458 17000 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:48:30.0458 17000 gupdatem - ok
11:48:30.0490 17000 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:48:30.0490 17000 hcw85cir - ok
11:48:30.0536 17000 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:48:30.0536 17000 HdAudAddService - ok
11:48:30.0583 17000 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:48:30.0583 17000 HDAudBus - ok
11:48:30.0599 17000 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:48:30.0646 17000 HidBatt - ok
11:48:30.0692 17000 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:48:30.0708 17000 HidBth - ok
11:48:30.0724 17000 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:48:30.0739 17000 HidIr - ok
11:48:30.0802 17000 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:48:30.0802 17000 hidserv - ok
11:48:30.0864 17000 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
11:48:30.0864 17000 HidUsb - ok
11:48:30.0911 17000 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:48:30.0911 17000 hkmsvc - ok
11:48:31.0223 17000 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:48:31.0223 17000 HomeGroupListener - ok
11:48:31.0270 17000 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:48:31.0285 17000 HomeGroupProvider - ok
11:48:31.0550 17000 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:48:31.0566 17000 HP Support Assistant Service - ok
11:48:31.0675 17000 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
11:48:31.0706 17000 HPClientSvc - ok
11:48:31.0769 17000 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:48:31.0800 17000 HPDrvMntSvc.exe - ok
11:48:31.0894 17000 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
11:48:31.0894 17000 hpqwmiex - ok
11:48:32.0362 17000 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:48:32.0362 17000 HpSAMD - ok
11:48:32.0408 17000 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:48:32.0424 17000 HTTP - ok
11:48:32.0455 17000 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:48:32.0455 17000 hwpolicy - ok
11:48:32.0486 17000 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:48:32.0502 17000 i8042prt - ok
11:48:32.0549 17000 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:48:32.0549 17000 iaStorV - ok
11:48:32.0752 17000 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:48:32.0752 17000 idsvc - ok
11:48:32.0876 17000 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:48:32.0876 17000 iirsp - ok
11:48:32.0939 17000 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:48:32.0954 17000 IKEEXT - ok
11:48:33.0079 17000 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
11:48:33.0126 17000 IntcAzAudAddService - ok
11:48:33.0344 17000 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:48:33.0344 17000 intelide - ok
11:48:33.0407 17000 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:48:33.0407 17000 intelppm - ok
11:48:33.0422 17000 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:48:33.0438 17000 IPBusEnum - ok
11:48:33.0469 17000 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:48:33.0469 17000 IpFilterDriver - ok
11:48:33.0500 17000 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:48:33.0500 17000 iphlpsvc - ok
11:48:33.0532 17000 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:48:33.0547 17000 IPMIDRV - ok
11:48:33.0563 17000 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:48:33.0563 17000 IPNAT - ok
11:48:33.0594 17000 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:48:33.0594 17000 IRENUM - ok
11:48:33.0610 17000 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:48:33.0610 17000 isapnp - ok
11:48:33.0656 17000 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:48:33.0656 17000 iScsiPrt - ok
11:48:33.0953 17000 jswpsapi (cf9ba304b8047b9582d72d9bfef42eae) C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
11:48:33.0968 17000 jswpsapi - ok
11:48:33.0984 17000 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
11:48:33.0984 17000 JSWPSLWF - ok
11:48:34.0015 17000 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:48:34.0015 17000 kbdclass - ok
11:48:34.0062 17000 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:48:34.0062 17000 kbdhid - ok
11:48:34.0078 17000 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:48:34.0078 17000 KeyIso - ok
11:48:34.0093 17000 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:48:34.0093 17000 KSecDD - ok
11:48:34.0109 17000 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:48:34.0109 17000 KSecPkg - ok
11:48:34.0140 17000 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:48:34.0140 17000 ksthunk - ok
11:48:34.0171 17000 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:48:34.0187 17000 KtmRm - ok
11:48:34.0218 17000 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:48:34.0249 17000 LanmanServer - ok
11:48:34.0280 17000 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:48:34.0312 17000 LanmanWorkstation - ok
11:48:34.0499 17000 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
11:48:34.0514 17000 LightScribeService - ok
11:48:34.0639 17000 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:48:34.0655 17000 lltdio - ok
11:48:34.0733 17000 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:48:34.0733 17000 lltdsvc - ok
11:48:34.0748 17000 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:48:34.0764 17000 lmhosts - ok
11:48:34.0811 17000 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:48:34.0811 17000 LSI_FC - ok
11:48:34.0842 17000 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:48:34.0842 17000 LSI_SAS - ok
11:48:34.0873 17000 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:48:34.0873 17000 LSI_SAS2 - ok
11:48:34.0904 17000 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:48:34.0904 17000 LSI_SCSI - ok
11:48:34.0936 17000 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:48:34.0936 17000 luafv - ok
11:48:34.0982 17000 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
11:48:35.0014 17000 MBAMProtector - ok
11:48:35.0154 17000 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:48:35.0170 17000 MBAMService - ok
11:48:35.0216 17000 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:48:35.0216 17000 Mcx2Svc - ok
11:48:35.0232 17000 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:48:35.0232 17000 megasas - ok
11:48:35.0263 17000 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:48:35.0263 17000 MegaSR - ok
11:48:35.0294 17000 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:48:35.0294 17000 MMCSS - ok
11:48:35.0310 17000 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:48:35.0310 17000 Modem - ok
11:48:35.0357 17000 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:48:35.0372 17000 monitor - ok
11:48:35.0419 17000 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
11:48:35.0419 17000 mouclass - ok
11:48:35.0466 17000 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:48:35.0482 17000 mouhid - ok
11:48:35.0513 17000 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:48:35.0513 17000 mountmgr - ok
11:48:35.0528 17000 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:48:35.0528 17000 mpio - ok
11:48:35.0560 17000 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:48:35.0560 17000 mpsdrv - ok
11:48:35.0700 17000 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:48:35.0716 17000 MpsSvc - ok
11:48:35.0747 17000 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:48:35.0747 17000 MRxDAV - ok
11:48:35.0825 17000 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:48:35.0825 17000 mrxsmb - ok
11:48:35.0840 17000 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:48:35.0856 17000 mrxsmb10 - ok
11:48:35.0872 17000 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:48:35.0872 17000 mrxsmb20 - ok
11:48:35.0918 17000 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:48:35.0918 17000 msahci - ok
11:48:35.0934 17000 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:48:35.0934 17000 msdsm - ok
11:48:35.0965 17000 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:48:35.0965 17000 MSDTC - ok
11:48:36.0012 17000 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:48:36.0012 17000 Msfs - ok
11:48:36.0028 17000 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:48:36.0028 17000 mshidkmdf - ok
11:48:36.0059 17000 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:48:36.0074 17000 msisadrv - ok
11:48:36.0106 17000 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:48:36.0106 17000 MSiSCSI - ok
11:48:36.0121 17000 msiserver - ok
11:48:36.0137 17000 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:48:36.0137 17000 MSKSSRV - ok
11:48:36.0152 17000 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:48:36.0152 17000 MSPCLOCK - ok
11:48:36.0168 17000 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:48:36.0168 17000 MSPQM - ok
11:48:36.0246 17000 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:48:36.0246 17000 MsRPC - ok
11:48:36.0262 17000 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:48:36.0262 17000 mssmbios - ok
11:48:36.0277 17000 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:48:36.0277 17000 MSTEE - ok
11:48:36.0293 17000 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:48:36.0293 17000 MTConfig - ok
11:48:36.0308 17000 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:48:36.0324 17000 Mup - ok
11:48:36.0386 17000 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:48:36.0402 17000 napagent - ok
11:48:36.0433 17000 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:48:36.0449 17000 NativeWifiP - ok
11:48:36.0496 17000 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:48:36.0496 17000 NDIS - ok
11:48:36.0589 17000 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:48:36.0589 17000 NdisCap - ok
11:48:36.0652 17000 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:48:36.0652 17000 NdisTapi - ok
11:48:36.0683 17000 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:48:36.0683 17000 Ndisuio - ok
11:48:36.0714 17000 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:48:36.0730 17000 NdisWan - ok
11:48:36.0886 17000 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:48:36.0886 17000 NDProxy - ok
11:48:36.0901 17000 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:48:36.0901 17000 NetBIOS - ok
11:48:36.0964 17000 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:48:36.0964 17000 NetBT - ok
11:48:36.0995 17000 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:48:37.0010 17000 Netlogon - ok
11:48:37.0057 17000 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:48:37.0073 17000 Netman - ok
11:48:37.0104 17000 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:48:37.0104 17000 netprofm - ok
11:48:37.0182 17000 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:48:37.0182 17000 NetTcpPortSharing - ok
11:48:37.0229 17000 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:48:37.0229 17000 nfrd960 - ok
11:48:37.0588 17000 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:48:37.0619 17000 NlaSvc - ok
11:48:37.0681 17000 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:48:37.0681 17000 Npfs - ok
11:48:37.0775 17000 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:48:37.0790 17000 nsi - ok
11:48:37.0806 17000 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:48:37.0822 17000 nsiproxy - ok
11:48:37.0978 17000 nSvcIp (6324eef641c2b6d1b7ec423850b10f82) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
11:48:37.0978 17000 nSvcIp - ok
11:48:38.0165 17000 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:48:38.0180 17000 Ntfs - ok
11:48:38.0414 17000 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:48:38.0414 17000 Null - ok
11:48:41.0191 17000 nvlddmkm (c967514483fa30a0a352e70bb6414d1d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:48:41.0410 17000 nvlddmkm - ok
11:48:42.0392 17000 NVNET (bd25e03ead63ac3365f25175b4dbd56a) C:\Windows\system32\DRIVERS\nvmf6264.sys
11:48:42.0408 17000 NVNET - ok
11:48:42.0782 17000 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:48:42.0860 17000 nvraid - ok
11:48:43.0734 17000 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:48:43.0781 17000 nvstor - ok
11:48:44.0561 17000 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
11:48:44.0576 17000 nvstor64 - ok
11:48:44.0701 17000 nvsvc (e26706a65d97ef9188b1d7bfa23c96c2) C:\Windows\system32\nvvsvc.exe
11:48:44.0701 17000 nvsvc - ok
11:48:44.0795 17000 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:48:44.0795 17000 nv_agp - ok
11:48:44.0826 17000 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:48:44.0842 17000 ohci1394 - ok
11:48:44.0888 17000 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:48:44.0888 17000 ose - ok
11:48:45.0497 17000 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:48:45.0575 17000 osppsvc - ok
11:48:46.0090 17000 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:48:46.0090 17000 p2pimsvc - ok
11:48:46.0121 17000 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:48:46.0152 17000 p2psvc - ok
11:48:46.0589 17000 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:48:46.0589 17000 Parport - ok
11:48:46.0682 17000 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:48:46.0682 17000 partmgr - ok
11:48:46.0698 17000 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:48:46.0714 17000 PcaSvc - ok
11:48:46.0745 17000 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:48:46.0745 17000 pci - ok
11:48:46.0760 17000 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:48:46.0760 17000 pciide - ok
11:48:46.0792 17000 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:48:46.0792 17000 pcmcia - ok
11:48:46.0823 17000 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:48:46.0823 17000 pcw - ok
11:48:46.0870 17000 pdfcDispatcher - ok
11:48:46.0916 17000 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:48:46.0916 17000 PEAUTH - ok
11:48:47.0275 17000 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:48:47.0322 17000 PerfHost - ok
11:48:47.0400 17000 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:48:47.0416 17000 pla - ok
11:48:47.0462 17000 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:48:47.0478 17000 PlugPlay - ok
11:48:47.0509 17000 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:48:47.0525 17000 PNRPAutoReg - ok
11:48:47.0540 17000 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:48:47.0556 17000 PNRPsvc - ok
11:48:47.0665 17000 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:48:47.0665 17000 PolicyAgent - ok
11:48:47.0696 17000 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:48:47.0712 17000 Power - ok
11:48:47.0946 17000 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:48:47.0946 17000 PptpMiniport - ok
11:48:47.0977 17000 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:48:47.0977 17000 Processor - ok
11:48:48.0008 17000 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:48:48.0024 17000 ProfSvc - ok
11:48:48.0040 17000 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:48:48.0040 17000 ProtectedStorage - ok
11:48:48.0086 17000 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:48:48.0086 17000 Psched - ok
11:48:48.0164 17000 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:48:48.0180 17000 ql2300 - ok
11:48:48.0648 17000 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:48:48.0648 17000 ql40xx - ok
11:48:48.0929 17000 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:48:48.0929 17000 QWAVE - ok
11:48:48.0944 17000 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:48:48.0944 17000 QWAVEdrv - ok
11:48:48.0960 17000 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:48:48.0960 17000 RasAcd - ok
11:48:49.0007 17000 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:48:49.0007 17000 RasAgileVpn - ok
11:48:49.0038 17000 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:48:49.0038 17000 RasAuto - ok
11:48:49.0069 17000 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:48:49.0069 17000 Rasl2tp - ok
11:48:49.0147 17000 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:48:49.0147 17000 RasMan - ok
11:48:49.0163 17000 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:48:49.0178 17000 RasPppoe - ok
11:48:49.0178 17000 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:48:49.0194 17000 RasSstp - ok
11:48:49.0210 17000 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:48:49.0210 17000 rdbss - ok
11:48:49.0225 17000 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:48:49.0225 17000 rdpbus - ok
11:48:49.0241 17000 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:48:49.0241 17000 RDPCDD - ok
11:48:49.0272 17000 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:48:49.0272 17000 RDPENCDD - ok
11:48:49.0272 17000 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:48:49.0288 17000 RDPREFMP - ok
11:48:49.0334 17000 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:48:49.0334 17000 RDPWD - ok
11:48:49.0381 17000 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:48:49.0381 17000 rdyboost - ok
11:48:49.0412 17000 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:48:49.0412 17000 RemoteAccess - ok
11:48:49.0475 17000 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:48:49.0475 17000 RemoteRegistry - ok
11:48:49.0553 17000 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
11:48:49.0568 17000 RoxioNow Service - ok
11:48:49.0600 17000 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:48:49.0600 17000 RpcEptMapper - ok
11:48:49.0615 17000 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:48:49.0615 17000 RpcLocator - ok
11:48:49.0693 17000 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:48:49.0693 17000 RpcSs - ok
11:48:49.0787 17000 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:48:49.0787 17000 rspndr - ok
11:48:49.0990 17000 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:48:49.0990 17000 SamSs - ok
11:48:50.0099 17000 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
11:48:50.0099 17000 SASDIFSV - ok
11:48:50.0130 17000 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
11:48:50.0146 17000 SASKUTIL - ok
11:48:50.0177 17000 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:48:50.0177 17000 sbp2port - ok
11:48:50.0364 17000 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
11:48:50.0395 17000 SBSDWSCService - ok
11:48:50.0473 17000 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:48:50.0473 17000 SCardSvr - ok
11:48:50.0567 17000 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:48:50.0567 17000 scfilter - ok
11:48:50.0723 17000 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:48:50.0738 17000 Schedule - ok
11:48:50.0770 17000 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
11:48:50.0785 17000 SCMNdisP - ok
11:48:50.0816 17000 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:48:50.0816 17000 SCPolicySvc - ok
11:48:50.0832 17000 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:48:50.0848 17000 SDRSVC - ok
11:48:50.0894 17000 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:48:50.0894 17000 secdrv - ok
11:48:50.0910 17000 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:48:50.0910 17000 seclogon - ok
11:48:50.0957 17000 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:48:50.0957 17000 SENS - ok
11:48:50.0988 17000 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:48:50.0988 17000 SensrSvc - ok
11:48:51.0019 17000 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:48:51.0019 17000 Serenum - ok
11:48:51.0035 17000 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:48:51.0035 17000 Serial - ok
11:48:51.0066 17000 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:48:51.0066 17000 sermouse - ok
11:48:51.0097 17000 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:48:51.0128 17000 SessionEnv - ok
11:48:51.0144 17000 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:48:51.0144 17000 sffdisk - ok
11:48:51.0160 17000 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:48:51.0160 17000 sffp_mmc - ok
11:48:51.0160 17000 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:48:51.0160 17000 sffp_sd - ok
11:48:51.0191 17000 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:48:51.0191 17000 sfloppy - ok
11:48:51.0284 17000 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
11:48:51.0316 17000 Sftfs - ok
11:48:51.0503 17000 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
11:48:51.0550 17000 sftlist - ok
11:48:51.0565 17000 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:48:51.0581 17000 Sftplay - ok
11:48:51.0612 17000 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:48:51.0612 17000 Sftredir - ok
11:48:51.0628 17000 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
11:48:51.0628 17000 Sftvol - ok
11:48:51.0706 17000 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
11:48:51.0721 17000 sftvsa - ok
11:48:51.0752 17000 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:48:51.0752 17000 SharedAccess - ok
11:48:51.0955 17000 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:48:51.0971 17000 ShellHWDetection - ok
11:48:52.0111 17000 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:48:52.0127 17000 SiSRaid2 - ok
11:48:52.0142 17000 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:48:52.0142 17000 SiSRaid4 - ok
11:48:52.0174 17000 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:48:52.0174 17000 Smb - ok
11:48:52.0252 17000 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:48:52.0267 17000 SNMPTRAP - ok
11:48:52.0298 17000 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:48:52.0314 17000 spldr - ok
11:48:52.0361 17000 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:48:52.0361 17000 Spooler - ok
11:48:52.0532 17000 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:48:52.0564 17000 sppsvc - ok
11:48:52.0938 17000 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:48:52.0954 17000 sppuinotify - ok
11:48:53.0125 17000 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:48:53.0125 17000 srv - ok
11:48:53.0156 17000 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:48:53.0156 17000 srv2 - ok
11:48:53.0172 17000 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:48:53.0188 17000 srvnet - ok
11:48:53.0468 17000 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:48:53.0484 17000 SSDPSRV - ok
11:48:53.0500 17000 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:48:53.0500 17000 SstpSvc - ok
11:48:53.0531 17000 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:48:53.0531 17000 stexstor - ok
11:48:53.0562 17000 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
11:48:53.0578 17000 StillCam - ok
11:48:53.0656 17000 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:48:53.0671 17000 stisvc - ok
11:48:53.0702 17000 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:48:53.0718 17000 swenum - ok
11:48:53.0796 17000 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:48:53.0812 17000 swprv - ok
11:48:53.0921 17000 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:48:53.0936 17000 SysMain - ok
11:48:54.0794 17000 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:48:54.0794 17000 TabletInputService - ok
11:48:54.0826 17000 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:48:54.0826 17000 TapiSrv - ok
11:48:54.0872 17000 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:48:54.0888 17000 TBS - ok
11:48:55.0106 17000 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:48:55.0138 17000 Tcpip - ok
11:48:55.0496 17000 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:48:55.0512 17000 TCPIP6 - ok
11:48:55.0590 17000 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:48:55.0590 17000 tcpipreg - ok
11:48:55.0652 17000 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:48:55.0652 17000 TDPIPE - ok
11:48:55.0699 17000 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:48:55.0715 17000 TDTCP - ok
11:48:55.0762 17000 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:48:55.0762 17000 tdx - ok
11:48:55.0793 17000 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:48:55.0808 17000 TermDD - ok
11:48:55.0871 17000 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:48:55.0871 17000 TermService - ok
11:48:55.0902 17000 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:48:55.0902 17000 Themes - ok
11:48:55.0949 17000 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:48:55.0949 17000 THREADORDER - ok
11:48:55.0964 17000 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:48:55.0980 17000 TrkWks - ok
11:48:56.0136 17000 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:48:56.0136 17000 TrustedInstaller - ok
11:48:56.0167 17000 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:48:56.0167 17000 tssecsrv - ok
11:48:56.0214 17000 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:48:56.0214 17000 TsUsbFlt - ok
11:48:56.0261 17000 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:48:56.0292 17000 tunnel - ok
11:48:56.0339 17000 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:48:56.0339 17000 uagp35 - ok
11:48:56.0417 17000 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:48:56.0417 17000 udfs - ok
11:48:56.0479 17000 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:48:56.0479 17000 UI0Detect - ok
11:48:56.0526 17000 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:48:56.0526 17000 uliagpkx - ok
11:48:56.0557 17000 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:48:56.0557 17000 umbus - ok
11:48:56.0557 17000 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:48:56.0557 17000 UmPass - ok
11:48:56.0620 17000 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:48:56.0620 17000 upnphost - ok
11:48:56.0666 17000 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
11:48:56.0698 17000 USBAAPL64 - ok
11:48:56.0713 17000 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:48:56.0713 17000 usbccgp - ok
11:48:56.0822 17000 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:48:56.0822 17000 usbcir - ok
11:48:56.0947 17000 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:48:56.0947 17000 usbehci - ok
11:48:56.0978 17000 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:48:56.0978 17000 usbhub - ok
11:48:56.0994 17000 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
11:48:57.0010 17000 usbohci - ok
11:48:57.0041 17000 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:48:57.0041 17000 usbprint - ok
11:48:57.0072 17000 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:48:57.0072 17000 usbscan - ok
11:48:57.0134 17000 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:48:57.0134 17000 USBSTOR - ok
11:48:57.0166 17000 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:48:57.0166 17000 usbuhci - ok
11:48:57.0181 17000 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:48:57.0197 17000 UxSms - ok
11:48:57.0212 17000 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:48:57.0228 17000 VaultSvc - ok
11:48:57.0322 17000 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:48:57.0322 17000 vdrvroot - ok
11:48:57.0384 17000 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:48:57.0400 17000 vds - ok
11:48:57.0415 17000 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:48:57.0415 17000 vga - ok
11:48:57.0431 17000 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:48:57.0446 17000 VgaSave - ok
11:48:57.0493 17000 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:48:57.0493 17000 vhdmp - ok
11:48:57.0509 17000 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:48:57.0509 17000 viaide - ok
11:48:57.0571 17000 VideoScavenger_1eService - ok
11:48:57.0587 17000 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:48:57.0587 17000 volmgr - ok
11:48:57.0634 17000 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:48:57.0634 17000 volmgrx - ok
11:48:57.0946 17000 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:48:57.0946 17000 volsnap - ok
11:48:58.0024 17000 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:48:58.0024 17000 vsmraid - ok
11:48:58.0164 17000 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:48:58.0180 17000 VSS - ok
11:48:58.0632 17000 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:48:58.0648 17000 vwifibus - ok
11:48:58.0741 17000 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:48:58.0757 17000 vwififlt - ok
11:48:58.0850 17000 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:48:58.0850 17000 W32Time - ok
11:48:58.0882 17000 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:48:58.0882 17000 WacomPen - ok
11:48:58.0975 17000 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:48:58.0991 17000 WANARP - ok
11:48:58.0991 17000 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:48:58.0991 17000 Wanarpv6 - ok
11:48:59.0069 17000 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:48:59.0100 17000 WatAdminSvc - ok
11:48:59.0240 17000 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:48:59.0272 17000 wbengine - ok
11:48:59.0396 17000 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:48:59.0412 17000 WbioSrvc - ok
11:48:59.0443 17000 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:48:59.0459 17000 wcncsvc - ok
11:48:59.0459 17000 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:48:59.0474 17000 WcsPlugInService - ok
11:48:59.0662 17000 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:48:59.0662 17000 Wd - ok
11:48:59.0708 17000 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:48:59.0724 17000 Wdf01000 - ok
11:48:59.0755 17000 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:48:59.0771 17000 WdiServiceHost - ok
11:48:59.0786 17000 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:48:59.0786 17000 WdiSystemHost - ok
11:49:00.0005 17000 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:49:00.0005 17000 WebClient - ok
11:49:00.0036 17000 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:49:00.0036 17000 Wecsvc - ok
11:49:00.0052 17000 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:49:00.0052 17000 wercplsupport - ok
11:49:00.0083 17000 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:49:00.0083 17000 WerSvc - ok
11:49:00.0254 17000 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:49:00.0270 17000 WfpLwf - ok
11:49:00.0286 17000 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:49:00.0286 17000 WIMMount - ok
11:49:00.0317 17000 WinDefend - ok
11:49:00.0317 17000 WinHttpAutoProxySvc - ok
11:49:00.0442 17000 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:49:00.0457 17000 Winmgmt - ok
11:49:00.0644 17000 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:49:00.0691 17000 WinRM - ok
11:49:01.0081 17000 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:49:01.0128 17000 WinUsb - ok
11:49:01.0190 17000 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:49:01.0206 17000 Wlansvc - ok
11:49:01.0237 17000 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:49:01.0237 17000 WmiAcpi - ok
11:49:01.0409 17000 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:49:01.0409 17000 wmiApSrv - ok
11:49:01.0487 17000 WMPNetworkSvc - ok
11:49:01.0596 17000 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:49:01.0643 17000 WPCSvc - ok
11:49:01.0830 17000 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:49:01.0846 17000 WPDBusEnum - ok
11:49:01.0877 17000 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:49:01.0877 17000 ws2ifsl - ok
11:49:01.0908 17000 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:49:01.0908 17000 wscsvc - ok
11:49:01.0908 17000 WSearch - ok
11:49:01.0986 17000 WSWNA1100 (35a20217c4d06d1d36a3addfd8ce58c2) C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
11:49:02.0002 17000 WSWNA1100 - ok
11:49:02.0095 17000 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:49:02.0142 17000 wuauserv - ok
11:49:02.0766 17000 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:49:02.0782 17000 WudfPf - ok
11:49:02.0813 17000 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:49:02.0813 17000 WUDFRd - ok
11:49:02.0875 17000 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:49:02.0875 17000 wudfsvc - ok
11:49:02.0906 17000 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:49:02.0922 17000 WwanSvc - ok
11:49:03.0062 17000 MBR (0x1B8) (1f691ff5b785d6413bc581cc9565f0d8) \Device\Harddisk0\DR0
11:49:03.0593 17000 \Device\Harddisk0\DR0 - ok
11:49:03.0593 17000 Boot (0x1200) (b84a99d1ff63b7156108962c9bedcba0) \Device\Harddisk0\DR0\Partition0
11:49:03.0593 17000 \Device\Harddisk0\DR0\Partition0 - ok
11:49:03.0608 17000 Boot (0x1200) (b549abfba84e1b05c3cc1f20db6083ad) \Device\Harddisk0\DR0\Partition1
11:49:03.0624 17000 \Device\Harddisk0\DR0\Partition1 - ok
11:49:03.0655 17000 Boot (0x1200) (424a8c952a050cd96b8c9574f245f654) \Device\Harddisk0\DR0\Partition2
11:49:03.0686 17000 \Device\Harddisk0\DR0\Partition2 - ok
11:49:03.0686 17000 ============================================================
11:49:03.0686 17000 Scan finished
11:49:03.0686 17000 ============================================================
11:49:03.0702 17412 Detected object count: 0
11:49:03.0702 17412 Actual detected object count: 0
Working on the next step...

#8 kittysfriend

kittysfriend
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:minnesota
  • Local time:06:06 PM

Posted 09 May 2012 - 01:03 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-09 12:41:36
-----------------------------
12:41:36.119 OS Version: Windows x64 6.1.7601 Service Pack 1
12:41:36.119 Number of processors: 2 586 0x602
12:41:36.119 ComputerName: MIKEFLAHERTY-HP UserName: Mike Flaherty
12:41:40.129 Initialize success
12:41:46.213 AVAST engine defs: 12050900
12:42:39.611 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
12:42:39.611 Disk 0 Vendor: SAMSUNG_ 1AJ1 Size: 476940MB BusType: 3
12:42:39.689 Disk 0 MBR read successfully
12:42:39.689 Disk 0 MBR scan
12:42:39.814 Disk 0 unknown MBR code
12:42:39.845 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:42:40.033 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 463198 MB offset 206848
12:42:40.079 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13640 MB offset 948836352
12:42:40.142 Disk 0 scanning C:\Windows\system32\drivers
12:42:52.029 Service scanning
12:43:11.326 Modules scanning
12:43:11.342 Disk 0 trace - called modules:
12:43:11.357 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
12:43:11.919 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80032b9060]
12:43:11.919 3 CLASSPNP.SYS[fffff8800196643f] -> nt!IofCallDriver -> [0xfffffa8002ccd3d0]
12:43:11.919 5 ACPI.sys[fffff88000e2d7a1] -> nt!IofCallDriver -> \Device\00000060[0xfffffa8003072770]
12:43:12.278 AVAST engine scan C:\Windows
12:43:14.743 AVAST engine scan C:\Windows\system32
12:45:54.955 AVAST engine scan C:\Windows\system32\drivers
12:46:04.237 AVAST engine scan C:\Users\Mike Flaherty
12:49:46.537 AVAST engine scan C:\ProgramData
12:51:20.995 Scan finished successfully
13:01:34.823 Disk 0 MBR has been saved successfully to "C:\Users\Mike Flaherty\Desktop\MBR.dat"
13:01:34.839 The log file has been saved successfully to "C:\Users\Mike Flaherty\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 09 May 2012 - 01:06 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Yontoo
c:\program files (x86)\Freecorder

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 kittysfriend

kittysfriend
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:minnesota
  • Local time:06:06 PM

Posted 10 May 2012 - 06:25 PM

Here is the log:


ComboFix 12-05-08.02 - Mike Flaherty 05/09/2012 20:51:37.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.180 [GMT -5:00]
Running from: c:\users\Mike Flaherty\Desktop\ComboFix.exe
Command switches used :: c:\users\Mike Flaherty\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Freecorder
c:\program files (x86)\Freecorder\Applian_Audio_Plugin.dll
c:\program files (x86)\Freecorder\audgopher.dll
c:\program files (x86)\Freecorder\audhook.dll
c:\program files (x86)\Freecorder\FCAudio.exe
c:\program files (x86)\Freecorder\FCConv.exe
c:\program files (x86)\Freecorder\FCSettings.exe
c:\program files (x86)\Freecorder\FCVideo.exe
c:\program files (x86)\Freecorder\ffmpeg.exe
c:\program files (x86)\Freecorder\FLVPlayer.exe
c:\program files (x86)\Freecorder\FLVSrvc.exe
c:\program files (x86)\Freecorder\lame_enc.dll
c:\program files (x86)\Freecorder\lua5.1.dll
c:\program files (x86)\Freecorder\sdl.dll
c:\program files (x86)\Freecorder\uninstall.exe
c:\program files (x86)\Freecorder\Uninstall\IRIMG1.JPG
c:\program files (x86)\Freecorder\Uninstall\IRIMG2.JPG
c:\program files (x86)\Freecorder\Uninstall\uninstallFC5.dat
c:\program files (x86)\Freecorder\Uninstall\uninstallFC5.xml
c:\program files (x86)\Freecorder\VistaAudioLib.dll
c:\program files (x86)\Freecorder\YouTube_Download_Wizard.xpi
c:\program files (x86)\Yontoo
c:\program files (x86)\Yontoo\YontooIEClient.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-10 02:17 . 2012-05-10 02:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-08 18:06 . 2012-05-08 18:06 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB75AEEB-227E-4BCE-95B0-1E0A53C6A1AE}\offreg.dll
2012-05-08 16:13 . 2012-04-18 08:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB75AEEB-227E-4BCE-95B0-1E0A53C6A1AE}\mpengine.dll
2012-05-08 02:03 . 2012-05-08 02:03 -------- d-----w- c:\users\Mike Flaherty\AppData\Roaming\U3
2012-05-03 19:36 . 2012-05-03 19:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-03 19:36 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-03 17:10 . 2012-05-03 17:10 -------- d-----w- c:\users\Mike Flaherty\AppData\Roaming\SUPERAntiSpyware.com
2012-05-03 17:08 . 2012-05-03 17:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-03 17:08 . 2012-05-03 17:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-02 19:01 . 2012-05-03 19:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-02 19:01 . 2012-05-02 19:20 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-02 18:52 . 2012-05-02 18:52 -------- d-----w- c:\programdata\Tarma Installer
2012-05-02 17:46 . 2010-01-10 23:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2012-05-02 17:46 . 2012-05-02 17:46 -------- d-----w- c:\program files (x86)\SpywareBlaster
2012-05-01 21:58 . 2012-05-01 21:58 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-30 00:24 . 2012-04-30 00:24 -------- d-----w- c:\users\Mcx1-MIKEFLAHERTY-HP
2012-04-29 23:20 . 2012-05-01 20:55 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-04-19 02:41 . 2012-04-26 17:16 -------- d-----w- c:\users\Mike Flaherty\Tracing
2012-04-11 23:23 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 23:23 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 23:23 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 23:22 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 23:22 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 23:22 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 23:22 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 23:22 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 23:22 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 23:22 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 15:07 . 2012-04-11 20:09 -------- d-----w- c:\users\Mike Flaherty\AppData\Roaming\DVDVideoSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-01 21:58 . 2011-11-10 12:24 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 12:48 . 2012-01-09 02:27 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-06 23:15 . 2011-11-10 04:27 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-11-10 04:27 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-11-10 04:27 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-11-10 04:27 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-11-10 04:27 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-04-05 20:05 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2011-11-10 04:27 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-11-10 04:27 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-11-10 04:27 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 15:18 . 2011-11-10 05:04 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 11:47 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 11:47 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 11:47 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 11:47 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 12:09 . 2012-02-15 12:09 1576448 ----a-w- c:\windows\system32\VSFilter.dll
2012-02-15 12:08 . 2012-02-15 12:08 1288192 ----a-w- c:\windows\SysWow64\VSFilter.dll
2012-02-13 22:26 . 2012-02-13 22:26 4207616 ----a-w- c:\windows\system32\ffdshow.ax
2012-02-13 22:26 . 2012-02-13 22:26 3350528 ----a-w- c:\windows\SysWow64\ffdshow.ax
2012-02-13 22:26 . 2012-02-13 22:26 4491776 ----a-w- c:\windows\system32\ffmpeg.dll
2012-02-13 22:24 . 2012-02-13 22:24 4407808 ----a-w- c:\windows\SysWow64\ffmpeg.dll
2012-02-12 14:21 . 2012-02-12 14:21 553984 ----a-w- c:\windows\system32\LAVSplitter.ax
2012-02-12 14:21 . 2012-02-12 14:21 717312 ----a-w- c:\windows\system32\LAVVideo.ax
2012-02-12 14:20 . 2012-02-12 14:20 246272 ----a-w- c:\windows\system32\LAVAudio.ax
2012-02-12 14:20 . 2012-02-12 14:20 202240 ----a-w- c:\windows\system32\libbluray.dll
2012-02-12 14:20 . 2012-02-12 14:20 461824 ----a-w- c:\windows\SysWow64\LAVSplitter.ax
2012-02-12 14:20 . 2012-02-12 14:20 562176 ----a-w- c:\windows\SysWow64\LAVVideo.ax
2012-02-12 14:20 . 2012-02-12 14:20 215040 ----a-w- c:\windows\SysWow64\LAVAudio.ax
2012-02-12 14:20 . 2012-02-12 14:20 172032 ----a-w- c:\windows\SysWow64\libbluray.dll
2012-02-12 12:35 . 2012-02-12 12:35 6600253 ----a-w- c:\windows\system32\avcodec-lav-53.dll
2012-02-12 12:35 . 2012-02-12 12:35 386864 ----a-w- c:\windows\system32\swscale-lav-2.dll
2012-02-12 12:35 . 2012-02-12 12:35 209331 ----a-w- c:\windows\system32\avutil-lav-51.dll
2012-02-12 12:35 . 2012-02-12 12:35 126340 ----a-w- c:\windows\system32\avfilter-lav-2.dll
2012-02-12 12:35 . 2012-02-12 12:35 1023331 ----a-w- c:\windows\system32\avformat-lav-53.dll
2012-02-12 12:33 . 2012-02-12 12:33 360729 ----a-w- c:\windows\SysWow64\swscale-lav-2.dll
2012-02-12 12:33 . 2012-02-12 12:33 203818 ----a-w- c:\windows\SysWow64\avutil-lav-51.dll
2012-02-12 12:33 . 2012-02-12 12:33 1143059 ----a-w- c:\windows\SysWow64\avformat-lav-53.dll
2012-02-12 12:33 . 2012-02-12 12:33 6414616 ----a-w- c:\windows\SysWow64\avcodec-lav-53.dll
2012-02-12 12:33 . 2012-02-12 12:33 138774 ----a-w- c:\windows\SysWow64\avfilter-lav-2.dll
2012-02-12 12:17 . 2012-02-12 12:17 181760 ----a-w- c:\windows\system32\IntelQuickSyncDecoder.dll
2012-02-12 12:16 . 2012-02-12 12:16 147456 ----a-w- c:\windows\SysWow64\IntelQuickSyncDecoder.dll
2012-02-10 06:36 . 2012-03-14 11:54 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 11:54 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-08_19.35.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-08 19:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-10 02:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-10 02:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-08 19:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-08 19:34 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-10 02:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-14 03:35 . 2012-05-09 20:59 57356 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-09 20:59 44660 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-14 05:16 . 2012-05-09 20:59 15018 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1845553030-3031872880-4008053321-1000_UserData.bin
- 2011-04-13 23:30 . 2012-05-08 17:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-13 23:30 . 2012-05-09 20:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-13 23:30 . 2012-05-09 20:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-13 23:30 . 2012-05-08 17:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-08 17:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-09 20:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-14 22:37 . 2012-05-08 01:51 3222 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-11-14 22:37 . 2012-05-10 02:19 3222 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-05-08 19:34 . 2012-05-08 19:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-09 20:57 . 2012-05-10 02:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-08 19:34 . 2012-05-08 19:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-09 20:57 . 2012-05-10 02:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-05-09 20:55 315868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-08 02:22 315868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-14 05:41 . 2012-05-09 20:55 9881712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1845553030-3031872880-4008053321-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-03 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2011-11-10 4545024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 VideoScavenger_1eService;VideoScavengerService;c:\progra~2\VIDEOS~2\bar\1.bin\1ebarsvc.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 253088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 136176]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2010-03-23 960992]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2010-08-04 266240]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 21:58]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 21:56]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 21:56]
.
2012-05-10 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-12-22 17:24]
.
2012-05-09 c:\windows\Tasks\HPCeeScheduleForMike Flaherty.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-05-01 c:\windows\Tasks\HPCeeScheduleForMIKEFLAHERTY-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-05-10 c:\windows\Tasks\WpsUpdateTask_Mike Flaherty.job
- c:\program files (x86)\Kingsoft\Kingsoft Presentation\office6\wpsupdate.exe [2011-11-03 16:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Mike Flaherty\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
Trusted Zone: pandora.com\www
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-Freecorder FLV Service - c:\program files (x86)\Freecorder\FLVSrvc.exe
AddRemove-Freecorder5.11 - c:\program files (x86)\Freecorder\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{ACF7DA4C-EEB2-484A-A3A1-303D4054D50C}"=hex:51,66,7a,6c,4c,1d,38,12,22,d9,e4,
a8,80,a0,24,0d,dc,b7,73,7d,45,0a,91,18
"{27A220B7-BB43-4FAF-B27B-F803D18EEA28}"=hex:51,66,7a,6c,4c,1d,38,12,d9,23,b1,
23,71,f5,c1,0a,cd,6d,bb,43,d4,d0,ae,3c
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
"{C6549209-1FF1-4A5C-A815-981F64F34B19}"=hex:51,66,7a,6c,4c,1d,38,12,67,91,47,
c2,c3,51,32,0f,d7,03,db,5f,61,ad,0f,0d
"{D047FE10-DFE2-45CF-9FBF-966B9E64920F}"=hex:51,66,7a,6c,4c,1d,38,12,7e,fd,54,
d4,d0,91,a1,00,e0,a9,d5,2b,9b,3a,d6,1b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:90,a0,d2,6b,9e,28,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-05-09 21:42:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-10 02:42
ComboFix2.txt 2012-05-08 19:55
.
Pre-Run: 412,203,921,408 bytes free
Post-Run: 412,170,321,920 bytes free
.
- - End Of File - - 4A82E6C8A8840CD383FD0ED8C9FD8FE1
Well, It seems a bit better but still slows down and freezes up after running the computer for 30 min or so. Do you think that this problem isn't malware related?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 10 May 2012 - 06:43 PM

Hello

Well, It seems a bit better but still slows down and freezes up after running the computer for 30 min or so

Probably not, is this a laptop or a desktop?



I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 kittysfriend

kittysfriend
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:minnesota
  • Local time:06:06 PM

Posted 11 May 2012 - 06:12 AM

Hello,here it is the report...This is a desktop.
Apple Application Support
Apple Software Update
avast! Free Antivirus
CyberLink DVD Suite Deluxe
D3DX10
DVD Menu Pack for HP MediaSmart Video
Facetheme
ffdshow [rev 2975] [2009-05-28]
Freecorder 5
GIMP 2.6.12-2
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.2.0
HP Customer Experience Enhancements
HP Deskjet 3050 J610 series Help
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MovieStore
HP Odometer
HP Photo Creations
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP Update
HPDiagnosticAlert
Hulu Desktop
IrfanView (remove only)
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 31
Kingsoft Presentation (8.1.0.3008)
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.61.0.1400
Media Go
Media Go Video Playback Engine 1.84.107.07010
Media Player Codec Pack 4.1.7
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR WNA1100 N150 Wireless USB Adapter
NVIDIA ForceWare Network Access Manager
OpenOffice.org 3.3
PDF Complete Special Edition
PhotoNow!
PlayReady PC Runtime x86
PlayStation®Network Downloader
PlayStation®Store
Power2Go
PowerDirector
PressReader
QuickTime Alternative 2.8.0
Realtek High Definition Audio Driver
Recovery Manager
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Spybot - Search & Destroy
SpywareBlaster 4.6
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VideoScavenger Toolbar

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 11 May 2012 - 07:35 AM

Hello


take off the side panel and check for dust also while the side is off blow a fan inside of it and see if it still slows down.



These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Freecorder 5
Java™ 6 Update 22
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 kittysfriend

kittysfriend
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:minnesota
  • Local time:06:06 PM

Posted 12 May 2012 - 10:00 AM

Thanks a lot for your help ! I will be working on it ASAP.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 12 May 2012 - 08:59 PM

look forward to hearing from you


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users