Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer extra slow


  • Please log in to reply
12 replies to this topic

#1 duenas77

duenas77

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston TX USA
  • Local time:08:32 PM

Posted 26 September 2012 - 05:31 PM

Laptop running Windows Vista wirelessly connected to my home network. Lately is very very slow. I don't know if it is my system, the wireless connection, or some programs running in the background but it is very slow. Can anybody guide me through checking for malware?

thanks

Martin

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 PM

Posted 26 September 2012 - 06:34 PM

Update and do a quick scan with Malwarebytes remove all that it finds and reboot.
http://www.filehippo.com/download_malwarebytes_anti_malware/download/ecf14848530d11a2f09a94b92a69fcfa/


Update do a quick scan with Superantispyware remove all this finds reboot.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE


Run a scan with Eset.
http://www.eset.com/us/online-scanner/
When the scan finish list found threats save to clipboard copy to notepad Post the log here.




Please download FarbarServiceScanner and run it on the computer with the issue.
http://download.bleepingcomputer.com/farbar/FSS.exe


Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Please download MINITOOLBOX and run it.
http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

Checkmark following boxes:


Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.



Download Adware Cleaner run it as admin Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Download Norman Malware Cleaner Run it Hit the Full Scan>>>>>>>>Let it finish>>>>>>>>Go to the quarantine Tab>>>>>>> Tick the Select All>>>>>Then the Delete>>>>>>Quit
http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe
A log will appear on your desktop post that here in your next reply.


REBoot after Norman.

Edited by InadequateInfirmity, 26 September 2012 - 07:09 PM.


#3 duenas77

duenas77
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston TX USA
  • Local time:08:32 PM

Posted 27 September 2012 - 05:54 PM

Thanks for your help. Seems like a bit of work. I have been working overtime. I'll have to try it on the weekend. Please don't close this topic.
Blessings
Martin

#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 PM

Posted 27 September 2012 - 06:10 PM

No problem we do not close topics here take your time and post when ready. :thumbup2:

#5 duenas77

duenas77
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston TX USA
  • Local time:08:32 PM

Posted 29 September 2012 - 08:00 AM

Thanks for your help
this is the eset scan

C:\Program Files\NCH FileBulldog Toolbar\UninstallToolbar.exe Win32/Somoto application cleaned by deleting - quarantined
C:\Program Files\Veoh Networks\VeohWebPlayer\qlipso-qlipso-silent-us.exe a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Users\Irma\AppData\Local\temp\nsc1376.tmp\Install.dll probably a variant of Win32/Adware.HotBar.E application cleaned by deleting - quarantined
C:\Users\Irma\AppData\LocalLow\RadioPI_4eEI\Installr\Cache\0005B653.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
C:\Users\Irma\AppData\LocalLow\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\UninstallToolbar.exe Win32/Somoto application cleaned by deleting - quarantined
C:\Users\Irma\Documents\mplayer_1193.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Users\Irma\Documents\para back up\fyzip-setup.exe Win32/DownloadAdmin.A.Gen application cleaned by deleting - quarantined
C:\Users\Irma\Documents\para back up\VirtualDJSetup.exe probably a variant of Win32/Adware.HotBar.K application cleaned by deleting - quarantined
C:\Users\Irma\Documents\para back up\Video Software\Setup_FreeConverter.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined


Here is the FarbarService Scanner log
Farbar Service Scanner Version: 19-09-2012
Ran by Irma (administrator) on 28-09-2012 at 20:42:14
Running from "C:\Users\Irma\Documents"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


Here is the adware cleaner log
# AdwCleaner v2.003 - Logfile created 09/28/2012 at 20:49:25
# Updated 23/09/2012 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : Irma - IRMA-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Irma\Documents\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Irma\AppData\Roaming\Mozilla\Firefox\Profiles\5wivdymi.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\QuestScan
Folder Deleted : C:\Program Files\Veoh_Web_Player
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\Users\Irma\AppData\Local\Conduit
Folder Deleted : C:\Users\Irma\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Irma\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Irma\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Irma\AppData\LocalLow\Veoh_Web_Player
Folder Deleted : C:\Users\Irma\AppData\Roaming\Mozilla\Firefox\Profiles\5wivdymi.default\Conduit
Folder Deleted : C:\Users\Irma\AppData\Roaming\Mozilla\Firefox\Profiles\5wivdymi.default\ConduitEngine
Folder Deleted : C:\Users\Irma\AppData\Roaming\Mozilla\Firefox\Profiles\5wivdymi.default\CT2653012
Folder Deleted : C:\Users\Irma\AppData\Roaming\Mozilla\Firefox\Profiles\5wivdymi.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
Folder Deleted : C:\Users\Irma\AppData\Roaming\Mozilla\Firefox\Profiles\5wivdymi.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
Folder Deleted : C:\Users\Irma\AppData\Roaming\Mozilla\Firefox\Profiles\5wivdymi.default\extensions\engine@conduit.com

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Veoh_Web_Player
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport2
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Veoh_Web_Player Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\SMTTB2009
Key Deleted : HKCU\Software\Somoto Toolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{377A3A00-330B-4EB7-9E63-8AFA23701EAF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\SMTTB2009.SMTTB2009.3
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2653012
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3014000
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SMTTB2009.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{09B182BD-8F6D-49CE-9977-D6508702F709}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36859B9D-5BF1-4CA1-B1CE-ED6B4E99C8D2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD90BF73-20F6-44EF-993D-BB920303BD2E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{377A3A00-330B-4EB7-9E63-8AFA23701EAF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Veoh_Web_Player Toolbar
Key Deleted : HKLM\Software\Veoh_Web_Player
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{338B4DFE-2E2C-4338-9E41-E176D497299E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CD90BF73-20F6-44EF-993D-BB920303BD2E}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.bigseekpro.com/nchfilebulldog/{9E728372-5BA0-42C8-899B-26C99C54CB74}?s_src=newtab --> hxxp://www.google.com

-\\ Mozilla Firefox v11.0 (en-US)

Profile name : default
File : C:\Users\Irma\AppData\Roaming\Mozilla\Firefox\Profiles\5wivdymi.default\prefs.js

Deleted : user_pref("CT2653012..clientLogIsEnabled", true);
Deleted : user_pref("CT2653012..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2653012..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2653012.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2653012.AppTrackingLastCheckTime", "Sat Jun 11 2011 06:53:15 GMT-0500 (Central Daylight[...]
Deleted : user_pref("CT2653012.CTID", "CT2653012");
Deleted : user_pref("CT2653012.CurrentServerDate", "11-6-2011");
Deleted : user_pref("CT2653012.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2653012.DialogsGetterLastCheckTime", "Tue Jun 07 2011 18:59:54 GMT-0500 (Central Daylig[...]
Deleted : user_pref("CT2653012.DownloadReferralCookieData", "");
Deleted : user_pref("CT2653012.FirstServerDate", "8-6-2011");
Deleted : user_pref("CT2653012.FirstTime", true);
Deleted : user_pref("CT2653012.FirstTimeFF3", true);
Deleted : user_pref("CT2653012.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2653012.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2653012.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2653012.HasUserGlobalKeys", true);
Deleted : user_pref("CT2653012.Initialize", true);
Deleted : user_pref("CT2653012.InitializeCommonPrefs", true);
Deleted : user_pref("CT2653012.InstallationAndCookieDataSentCount", 2);
Deleted : user_pref("CT2653012.InstallationId", "CT2653012_Veoh.exe");
Deleted : user_pref("CT2653012.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT2653012.InstalledDate", "Tue Jun 07 2011 18:59:55 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2653012.InvalidateCache", false);
Deleted : user_pref("CT2653012.IsGrouping", false);
Deleted : user_pref("CT2653012.IsMulticommunity", false);
Deleted : user_pref("CT2653012.IsOpenThankYouPage", false);
Deleted : user_pref("CT2653012.IsOpenUninstallPage", true);
Deleted : user_pref("CT2653012.LanguagePackLastCheckTime", "Sat Jun 11 2011 06:50:43 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("CT2653012.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2653012.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2653012.LastLogin_3.3.3.2", "Sat Jun 11 2011 06:50:42 GMT-0500 (Central Daylight Time)"[...]
Deleted : user_pref("CT2653012.LatestVersion", "3.3.3.2");
Deleted : user_pref("CT2653012.Locale", "en");
Deleted : user_pref("CT2653012.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2653012.MCDetectTooltipShow", false);
Deleted : user_pref("CT2653012.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2653012.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2653012.RadioIsPodcast", false);
Deleted : user_pref("CT2653012.RadioLastCheckTime", "Sat Jun 11 2011 06:50:43 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2653012.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2653012.RadioLastUpdateServer", "129438915777300000");
Deleted : user_pref("CT2653012.RadioMediaID", "21806912");
Deleted : user_pref("CT2653012.RadioMediaType", "Media Player");
Deleted : user_pref("CT2653012.RadioMenuSelectedID", "EBRadioMenu_CT265301221806912");
Deleted : user_pref("CT2653012.RadioStationName", "California%20Rock%20-%20Rock");
Deleted : user_pref("CT2653012.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
Deleted : user_pref("CT2653012.SavedHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CT2653012.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2653012.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT265[...]
Deleted : user_pref("CT2653012.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2653012.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2653012.SearchInNewTabLastCheckTime", "Sat Jun 11 2011 06:50:42 GMT-0500 (Central Dayli[...]
Deleted : user_pref("CT2653012.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2653012.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2653012.ServiceMapLastCheckTime", "Sat Jun 11 2011 06:50:42 GMT-0500 (Central Daylight [...]
Deleted : user_pref("CT2653012.SettingsLastCheckTime", "Sat Jun 11 2011 06:50:41 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2653012.SettingsLastUpdate", "1307440476");
Deleted : user_pref("CT2653012.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2653012.ThirdPartyComponentsLastCheck", "Tue Jun 07 2011 18:59:50 GMT-0500 (Central Day[...]
Deleted : user_pref("CT2653012.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT2653012.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2653012");
Deleted : user_pref("CT2653012.UserID", "UN96551492647576554");
Deleted : user_pref("CT2653012.alertChannelId", "1045667");
Deleted : user_pref("CT2653012.components.1000082", false);
Deleted : user_pref("CT2653012.components.129221945086194357", false);
Deleted : user_pref("CT2653012.components.129234227786178949", false);
Deleted : user_pref("CT2653012.components.129514968327663878", false);
Deleted : user_pref("CT2653012.components.129514973829994437", false);
Deleted : user_pref("CT2653012.components.129518362214439676", false);
Deleted : user_pref("CT2653012.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Deleted : user_pref("CT2653012.globalFirstTimeInfoLastCheckTime", "Sat Jun 11 2011 06:50:43 GMT-0500 (Central [...]
Deleted : user_pref("CT2653012.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2653012.myStuffEnabled", true);
Deleted : user_pref("CT2653012.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2653012.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2653012.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2653012.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2653012.oldAppsList", "129199665576502590,129199665576658841,129221945086194357,1292342[...]
Deleted : user_pref("CT2653012.testingCtid", "");
Deleted : user_pref("CT2653012.toolbarAppMetaDataLastCheckTime", "Sat Jun 11 2011 06:50:43 GMT-0500 (Central D[...]
Deleted : user_pref("CT2653012.toolbarContextMenuLastCheckTime", "Tue Jun 07 2011 18:59:58 GMT-0500 (Central D[...]
Deleted : user_pref("CT2653012.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1045667/1041378/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2653012", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2653012",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2653012/CT2653012[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2653012");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{cd90bf73-20f6-44ef-993d-bb920303bd2e}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "veoh_web_player");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2653012");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{cd90bf73-20f6-44ef-993d-bb920303bd2e}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "veoh_web_player");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.questscan.com/?tmp=nemo_resul[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2653012");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2653012");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Jun 07 2011 18:59:50 GMT-05[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Oct 26 2011 09:48:27 GMT-0500 (Centr[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Nov 25 2011 07:30:23 GMT-0600 (Central S[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "7762a254-1ae1-49ee-a33e-1516eb5ce66f");
Deleted : user_pref("CommunityToolbar.globalUserId", "394c4ad3-c777-4313-9143-41c2df1db6f4");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Mon Oct 03 2011 22:27:24 GMT-0500 (Central Dayl[...]
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Jun 11 2011 06:50:43 GMT-0500 (Central Da[...]
Deleted : user_pref("ConduitEngine.FirstServerDate", "06/08/2011 02");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Tue Jun 07 2011 18:59:53 GMT-0500 (Central Daylight Time)"[...]
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Jun 11 2011 06:50:44 GMT-0500 (Central Day[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Jun 11 2011 06:50:43 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Jun 11 2011 06:50:43 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("ConduitEngine.UserID", "UN12445983075424039");
Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Jun 11 2011 06:50:43 GMT-0500 (Centr[...]
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Jun 11 2011 06:50:44 GMT-0500 (Cent[...]
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("browser.search.defaultthis.engineName", "Veoh Web Player Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&Sea[...]
Deleted : user_pref("browser.search.selectedEngine", "Veoh Web Player Customized Web Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13");
Deleted : user_pref("keyword.URL", "hxxp://www.bigseekpro.com/search/toolbar/nchfilebulldog/{9E728372-5BA0-42C[...]
Deleted : user_pref("somoto.dnscatch", "hxxp://www.bigseekpro.com/search/toolbar/nchfilebulldog/{9E728372-5BA0[...]
Deleted : user_pref("somoto.old_homepage", "hxxp://search.conduit.com/?ctid=CT2653012&SearchSource=13");

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Irma\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.50.1074.0

File : C:\Users\Irma\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [24445 octets] - [28/09/2012 20:49:25]

########## EOF - C:\AdwCleaner[S1].txt - [24506 octets] ##########


And here is th norman log
Norman Malware Cleaner v2.05.06
Copyright © 1990 - 2012, Norman ASA.

Norman Scanner Engine Version: 6.08.06
nvcbin.def: Version: 6.08.00, Date: 2012/09/28 10:14:25, Variants: 18556826
nvcmacro.def: Version: 6.08.00, Date: 2011/12/19 04:20:35, Variants: 20465

Operating System: Windows Vista Service Pack 2

Switches: /iagree /nomt

Scan started: 2012/09/28 21:01:09

Running pre-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Scanning system for active rootkit activity...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Scanning running processes and process memory...

Number of objects found: 1868
Number of objects scanned: 1868
Number of objects not scanned: 0
Number of malicious memory objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 2m 1s

Scanning system for FakeAV...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Number of malicious files found: 0
Number of malicious files cleaned: 0
Scanning time: 0s

Running full scan...
C:\Boot\BCD: Error opening file for read: 0x00000020
C:\Boot\BCD.LOG: Error opening file for read: 0x00000020
C:\MGtools\hide.reg: File infected with Small.A
Delete file: C:\MGtools\hide.reg
Cleaning successful
C:\Program Files\Uninstall Information\ib_uninst_391\uninstall.exe: Potentially unwanted program (W32/InstallBrain.IVJ)
Delete file: C:\Program Files\Uninstall Information\ib_uninst_391\uninstall.exe
Cleaning successful
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-540510C2574935EA608A08101376642525DA41F6.bin.67: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-540510C2574935EA608A08101376642525DA41F6.bin.7E: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-540510C2574935EA608A08101376642525DA41F6.bin.80: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-540510C2574935EA608A08101376642525DA41F6.bin.87: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-540510C2574935EA608A08101376642525DA41F6.bin.A0: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-540510C2574935EA608A08101376642525DA41F6.bin.VE0: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-540510C2574935EA608A08101376642525DA41F6.bin.VE1: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-540510C2574935EA608A08101376642525DA41F6.bin.VE2: Error opening file for read: 0x00000020
C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-540510C2574935EA608A08101376642525DA41F6.bin.VF: Error opening file for read: 0x00000020
C:\Users\Irma\AppData\Local\Microsoft\Windows\UsrClass.dat: Error opening file for read: 0x00000020
C:\Users\Irma\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Error opening file for read: 0x00000020
C:\Users\Irma\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2: Error opening file for read: 0x00000020
C:\Users\Irma\ntuser.dat: Error opening file for read: 0x00000020
C:\Users\Irma\ntuser.dat.LOG1: Error opening file for read: 0x00000020
C:\Users\Irma\ntuser.dat.LOG2: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1: Error opening file for read: 0x00000020
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0: Error opening file for read: 0x00000020
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\edb.log: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb: Error opening file for read: 0x00000020
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb: Error opening file for read: 0x00000020
C:\Windows\System32\config\COMPONENTS: Error opening file for read: 0x00000020
C:\Windows\System32\config\COMPONENTS.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\COMPONENTS.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\DEFAULT: Error opening file for read: 0x00000020
C:\Windows\System32\config\DEFAULT.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\DEFAULT.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\COMPONENTS: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\DEFAULT: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SAM: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SECURITY: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SOFTWARE: Error opening file for read: 0x00000020
C:\Windows\System32\config\RegBack\SYSTEM: Error opening file for read: 0x00000020
C:\Windows\System32\config\SAM: Error opening file for read: 0x00000020
C:\Windows\System32\config\SAM.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SAM.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\SECURITY: Error opening file for read: 0x00000020
C:\Windows\System32\config\SECURITY.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SECURITY.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\SOFTWARE: Error opening file for read: 0x00000020
C:\Windows\System32\config\SOFTWARE.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SOFTWARE.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\config\SYSTEM: Error opening file for read: 0x00000020
C:\Windows\System32\config\SYSTEM.LOG1: Error opening file for read: 0x00000020
C:\Windows\System32\config\SYSTEM.LOG2: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl: Error opening file for read: 0x00000020
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl: Error opening file for read: 0x00000020

Number of files found: 117866
Number of archives unpacked: 4691
Number of objects found: 490231
Number of objects scanned: 490169
Number of objects not scanned: 62
Number of malicious objects found: 2
Number of malicious objects cleaned: 2
Number of malicious files found: 2
Number of malicious files cleaned: 2
Scanning time: 4h 47m 50s

Running post-scan cleanup routine...

Number of malicious objects found: 0
Number of malicious objects cleaned: 0
Scanning time: 0s

Results:
Total number of files found: 117866
Total number of archives unpacked: 4691
Total number of objects found: 492099
Total number of objects scanned: 492037
Total number of objects not scanned: 62
Total number of malicious objects found: 2
Total number of malicious objects cleaned: 2
Total number of malicious files found: 2
Total number of malicious files cleaned: 2
Total number of objects quarantined: 2
Total scanning time: 4h 49m 51s


Again thx for your help

#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 PM

Posted 29 September 2012 - 01:50 PM

Please download MINITOOLBOX and run it.
http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

Checkmark following boxes:


Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

Download tdss killer

http://support.kaspersky.com/downloads/utils/tdsskiller.exe



Right Click it Run as Admin . Click on Change parameters Select TDLFS file system

Hit the Scan button Post the LOG In your next reply

Do not change the default options on scan results



Run the program below as admin hit the scan button allow it to finish then hit the delete button.

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Download Rkill run it post the log.
http://www.bleepingcomputer.com/download/rkill/

Download the junkware removal tool save it to your desktop run it in safe mode post the log.
http://thisisudax.blogspot.com/2012/09/junkware-removal-tool-jrt-by-thisisu.html


Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe After the scan is finished then click on File>>>>>>>>>>>Save The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option. in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.

http://download.sysinternals.com/files/Autoruns.zip

#7 duenas77

duenas77
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston TX USA
  • Local time:08:32 PM

Posted 30 September 2012 - 10:48 AM

This is the minitoolbox result
MiniToolBox by Farbar Version: 23-07-2012
Ran by Irma (administrator) on 30-09-2012 at 08:38:36
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

802.11g Mini Card Wireless Adapter = Wireless Network Connection (Connected)
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=10.0.1.1
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
add address name="Local Area Connection" address=10.0.1.113


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Irma-LapTop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 802.11g Mini Card Wireless Adapter
Physical Address. . . . . . . . . : 00-19-DB-08-C6-69
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5d2d:cddc:ce3c:d8e5%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, September 29, 2012 7:49:03 AM
Lease Expires . . . . . . . . . . : Monday, October 01, 2012 7:49:03 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 218108883
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0D-80-D7-FA-00-03-0D-52-C0-51
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-03-0D-5A-14-22
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{160101C1-B6EE-4DF7-B0BB-EEC685FD5D75}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2AAF5B1D-C0E1-44D9-A9B0-13685C5AFC95}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:38dd:34e7:3f57:fefd(Preferred)
Link-local IPv6 Address . . . . . : fe80::38dd:34e7:3f57:fefd%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4002:c05::65
74.125.137.113
74.125.137.100
74.125.137.101
74.125.137.102
74.125.137.139
74.125.137.138



Pinging google.com [74.125.137.100] with 32 bytes of data:

Reply from 74.125.137.100: bytes=32 time=33ms TTL=48

Reply from 74.125.137.100: bytes=32 time=32ms TTL=48



Ping statistics for 74.125.137.100:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 32ms, Maximum = 33ms, Average = 32ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=199ms TTL=50

Reply from 98.139.183.24: bytes=32 time=82ms TTL=48



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 82ms, Maximum = 199ms, Average = 140ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 19 db 08 c6 69 ...... 802.11g Mini Card Wireless Adapter
8 ...00 03 0d 5a 14 22 ...... Realtek RTL8139/810x Family Fast Ethernet NIC
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.{160101C1-B6EE-4DF7-B0BB-EEC685FD5D75}
14 ...00 00 00 00 00 00 00 e0 isatap.{2AAF5B1D-C0E1-44D9-A9B0-13685C5AFC95}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 286
192.168.1.2 255.255.255.255 On-link 192.168.1.2 286
192.168.1.255 255.255.255.255 On-link 192.168.1.2 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 286
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.0.1.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:38dd:34e7:3f57:fefd/128
On-link
9 286 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::38dd:34e7:3f57:fefd/128
On-link
9 286 fe80::5d2d:cddc:ce3c:d8e5/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
9 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/28/2012 10:39:46 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16450 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: a2c
Start Time: 01cd98fab95793db
Termination Time: 77

Error: (09/28/2012 08:56:19 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16450 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: cf8
Start Time: 01cd98c58894867b
Termination Time: 121

Error: (08/16/2012 03:05:31 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\CONFIG.MSI\27AEB0B3.RBF> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/16/2012 03:05:01 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\CONFIG.MSI\27AEB0B1.RBS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/16/2012 03:05:01 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\CONFIG.MSI\27AEB0B1.RBS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/14/2012 10:21:54 AM) (Source: Application Error) (User: )
Description: Faulting application VeohWebPlayer.exe, version 1.3.9.1000, time stamp 0x4fce0418, faulting module QtCore4.dll, version 4.7.0.0, time stamp 0x4dff2959, exception code 0xc0000005, fault offset 0x00051ae6,
process id 0xe00, application start time 0xVeohWebPlayer.exe0.

Error: (07/06/2012 08:19:49 AM) (Source: Application Error) (User: )
Description: Faulting application vlc.exe, version 0.8.6.0, time stamp 0x47f2ba07, faulting module libvlc.dll, version 0.0.0.0, time stamp 0x47f2ba07, exception code 0xc0000005, fault offset 0x0001b82a,
process id 0x1ad8, application start time 0xvlc.exe0.

Error: (06/27/2012 05:09:27 AM) (Source: Application Hang) (User: )
Description: The program DivX Plus Player.exe version 10.3.3.10 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: ef0
Start Time: 01cd5447a48d7e80
Termination Time: 14

Error: (06/26/2012 08:04:25 PM) (Source: Application Error) (User: )
Description: Faulting application VeohWebPlayer.exe, version 1.3.9.1000, time stamp 0x4fce0418, faulting module QtCore4.dll, version 4.7.0.0, time stamp 0x4dff2959, exception code 0xc0000005, fault offset 0x00051ae6,
process id 0x5e0, application start time 0xVeohWebPlayer.exe0.

Error: (06/19/2012 01:57:34 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 19.0.1084.56 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 5b0
Start Time: 01cd4e4af59e2160
Termination Time: 1190


System errors:
=============
Error: (09/29/2012 07:48:21 AM) (Source: LSM) (User: )
Description: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.
.

Error: (09/28/2012 08:54:03 PM) (Source: LSM) (User: )
Description: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.
.

Error: (09/28/2012 06:52:23 PM) (Source: LSM) (User: )
Description: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.
.

Error: (09/28/2012 06:33:26 PM) (Source: LSM) (User: )
Description: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.
.

Error: (09/22/2012 00:06:13 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (09/22/2012 08:23:18 AM) (Source: LSM) (User: )
Description: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.
.

Error: (09/22/2012 03:20:51 AM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (09/12/2012 06:44:34 AM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (09/01/2012 02:10:13 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (08/17/2012 04:29:55 AM) (Source: LSM) (User: )
Description: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.
.


Microsoft Office Sessions:
=========================
Error: (01/14/2012 06:04:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3177 seconds with 600 seconds of active time. This session ended with a crash.


========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 2037.45 MB
Available physical RAM: 1297.43 MB
Total Pagefile: 4326.16 MB
Available Pagefile: 3405.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.46 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.76 GB) (Free:420.91 GB) NTFS

========================= Users: ========================================

User accounts for \\IRMA-LAPTOP

Administrator Guest Irma


**** End of log ****


I ran TDSS killer twice by mistake. I believe th second one was as admin. Here are the reports

The first one
08:41:51.0837 5696 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
08:41:52.0202 5696 ============================================================
08:41:52.0202 5696 Current date / time: 2012/09/30 08:41:52.0202
08:41:52.0202 5696 SystemInfo:
08:41:52.0202 5696
08:41:52.0202 5696 OS Version: 6.0.6002 ServicePack: 2.0
08:41:52.0202 5696 Product type: Workstation
08:41:52.0202 5696 ComputerName: IRMA-LAPTOP
08:41:52.0208 5696 UserName: Irma
08:41:52.0208 5696 Windows directory: C:\Windows
08:41:52.0208 5696 System windows directory: C:\Windows
08:41:52.0208 5696 Processor architecture: Intel x86
08:41:52.0209 5696 Number of processors: 1
08:41:52.0209 5696 Page size: 0x1000
08:41:52.0209 5696 Boot type: Normal boot
08:41:52.0209 5696 ============================================================
08:41:53.0905 5696 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:41:53.0907 5696 ============================================================
08:41:53.0908 5696 \Device\Harddisk0\DR0:
08:41:53.0908 5696 MBR partitions:
08:41:53.0908 5696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
08:41:53.0908 5696 ============================================================
08:41:53.0987 5696 C: <-> \Device\Harddisk0\DR0\Partition1
08:41:53.0987 5696 ============================================================
08:41:53.0987 5696 Initialize success
08:41:53.0987 5696 ============================================================
08:42:21.0243 3372 Deinitialize success



here's the second one as admin.
08:42:34.0103 3192 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
08:42:34.0408 3192 ============================================================
08:42:34.0408 3192 Current date / time: 2012/09/30 08:42:34.0408
08:42:34.0408 3192 SystemInfo:
08:42:34.0408 3192
08:42:34.0408 3192 OS Version: 6.0.6002 ServicePack: 2.0
08:42:34.0408 3192 Product type: Workstation
08:42:34.0408 3192 ComputerName: IRMA-LAPTOP
08:42:34.0409 3192 UserName: Irma
08:42:34.0409 3192 Windows directory: C:\Windows
08:42:34.0409 3192 System windows directory: C:\Windows
08:42:34.0409 3192 Processor architecture: Intel x86
08:42:34.0409 3192 Number of processors: 1
08:42:34.0409 3192 Page size: 0x1000
08:42:34.0409 3192 Boot type: Normal boot
08:42:34.0409 3192 ============================================================
08:42:35.0548 3192 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:42:35.0550 3192 ============================================================
08:42:35.0550 3192 \Device\Harddisk0\DR0:
08:42:35.0551 3192 MBR partitions:
08:42:35.0551 3192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
08:42:35.0551 3192 ============================================================
08:42:35.0579 3192 C: <-> \Device\Harddisk0\DR0\Partition1
08:42:35.0579 3192 ============================================================
08:42:35.0579 3192 Initialize success
08:42:35.0579 3192 ============================================================
08:43:38.0191 4220 ============================================================
08:43:38.0191 4220 Scan started
08:43:38.0191 4220 Mode: Manual; TDLFS;
08:43:38.0191 4220 ============================================================
08:43:39.0080 4220 ================ Scan system memory ========================
08:43:39.0080 4220 System memory - ok
08:43:39.0084 4220 ================ Scan services =============================
08:43:39.0159 4220 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
08:43:39.0163 4220 !SASCORE - ok
08:43:39.0358 4220 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
08:43:39.0364 4220 ACPI - ok
08:43:39.0500 4220 [ AF6481C648EA9A76569AACB73EAC286A ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
08:43:39.0528 4220 AcrSch2Svc - ok
08:43:39.0609 4220 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
08:43:39.0612 4220 AdobeARMservice - ok
08:43:39.0697 4220 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:43:39.0700 4220 AdobeFlashPlayerUpdateSvc - ok
08:43:39.0781 4220 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:43:39.0790 4220 adp94xx - ok
08:43:39.0817 4220 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:43:39.0827 4220 adpahci - ok
08:43:39.0850 4220 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
08:43:39.0856 4220 adpu160m - ok
08:43:39.0881 4220 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:43:39.0887 4220 adpu320 - ok
08:43:39.0937 4220 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:43:39.0938 4220 AeLookupSvc - ok
08:43:39.0983 4220 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
08:43:39.0990 4220 AFD - ok
08:43:40.0039 4220 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:43:40.0041 4220 agp440 - ok
08:43:40.0069 4220 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
08:43:40.0071 4220 aic78xx - ok
08:43:40.0112 4220 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
08:43:40.0114 4220 ALG - ok
08:43:40.0137 4220 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
08:43:40.0139 4220 aliide - ok
08:43:40.0256 4220 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
08:43:40.0287 4220 amdagp - ok
08:43:40.0310 4220 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
08:43:40.0312 4220 amdide - ok
08:43:40.0372 4220 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
08:43:40.0468 4220 AmdK7 - ok
08:43:40.0536 4220 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:43:40.0576 4220 AmdK8 - ok
08:43:40.0734 4220 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
08:43:40.0735 4220 Appinfo - ok
08:43:40.0846 4220 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
08:43:40.0862 4220 arc - ok
08:43:40.0885 4220 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:43:40.0935 4220 arcsas - ok
08:43:40.0980 4220 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:43:41.0018 4220 AsyncMac - ok
08:43:41.0060 4220 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
08:43:41.0061 4220 atapi - ok
08:43:41.0154 4220 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:43:41.0158 4220 AudioEndpointBuilder - ok
08:43:41.0178 4220 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
08:43:41.0182 4220 Audiosrv - ok
08:43:41.0236 4220 [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
08:43:41.0241 4220 BBSvc - ok
08:43:41.0275 4220 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
08:43:41.0280 4220 BBUpdate - ok
08:43:41.0310 4220 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
08:43:41.0312 4220 Beep - ok
08:43:41.0380 4220 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
08:43:41.0384 4220 BFE - ok
08:43:41.0450 4220 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
08:43:41.0460 4220 BITS - ok
08:43:41.0473 4220 blbdrive - ok
08:43:41.0517 4220 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:43:41.0519 4220 bowser - ok
08:43:41.0569 4220 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
08:43:41.0570 4220 BrFiltLo - ok
08:43:41.0598 4220 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
08:43:41.0599 4220 BrFiltUp - ok
08:43:41.0648 4220 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
08:43:41.0650 4220 Browser - ok
08:43:41.0676 4220 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
08:43:41.0679 4220 Brserid - ok
08:43:41.0723 4220 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
08:43:41.0725 4220 BrSerWdm - ok
08:43:41.0745 4220 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
08:43:41.0746 4220 BrUsbMdm - ok
08:43:41.0770 4220 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
08:43:41.0771 4220 BrUsbSer - ok
08:43:41.0829 4220 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:43:41.0831 4220 BTHMODEM - ok
08:43:41.0893 4220 [ A839289518D08655E2162F3ECF3EE485 ] Camav C:\Windows\system32\Drivers\Camav.sys
08:43:41.0895 4220 Camav - ok
08:43:41.0934 4220 [ 5320B8515BFF632B85A97BD12DA08825 ] camflt C:\Windows\system32\DRIVERS\camflt.sys
08:43:41.0941 4220 camflt - ok
08:43:42.0039 4220 catchme - ok
08:43:42.0108 4220 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:43:42.0110 4220 cdfs - ok
08:43:42.0154 4220 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:43:42.0157 4220 cdrom - ok
08:43:42.0201 4220 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
08:43:42.0203 4220 CertPropSvc - ok
08:43:42.0229 4220 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
08:43:42.0231 4220 circlass - ok
08:43:42.0290 4220 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
08:43:42.0297 4220 CLFS - ok
08:43:42.0429 4220 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:43:42.0432 4220 clr_optimization_v2.0.50727_32 - ok
08:43:42.0503 4220 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:43:42.0506 4220 clr_optimization_v4.0.30319_32 - ok
08:43:42.0570 4220 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:43:42.0571 4220 CmBatt - ok
08:43:42.0643 4220 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:43:42.0650 4220 cmdide - ok
08:43:42.0676 4220 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:43:42.0676 4220 Compbatt - ok
08:43:42.0693 4220 COMSysApp - ok
08:43:42.0736 4220 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:43:42.0737 4220 crcdisk - ok
08:43:42.0767 4220 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
08:43:42.0775 4220 Crusoe - ok
08:43:42.0848 4220 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:43:42.0850 4220 CryptSvc - ok
08:43:42.0961 4220 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:43:42.0969 4220 DcomLaunch - ok
08:43:43.0022 4220 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:43:43.0034 4220 DfsC - ok
08:43:43.0122 4220 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
08:43:43.0178 4220 DFSR - ok
08:43:43.0238 4220 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
08:43:43.0242 4220 Dhcp - ok
08:43:43.0281 4220 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
08:43:43.0282 4220 disk - ok
08:43:43.0328 4220 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:43:43.0330 4220 Dnscache - ok
08:43:43.0379 4220 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:43:43.0384 4220 dot3svc - ok
08:43:43.0436 4220 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
08:43:43.0439 4220 Dot4 - ok
08:43:43.0464 4220 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
08:43:43.0466 4220 Dot4Print - ok
08:43:43.0512 4220 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
08:43:43.0526 4220 dot4usb - ok
08:43:43.0573 4220 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
08:43:43.0576 4220 DPS - ok
08:43:43.0621 4220 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:43:43.0622 4220 drmkaud - ok
08:43:43.0692 4220 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:43:43.0705 4220 DXGKrnl - ok
08:43:43.0778 4220 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
08:43:43.0781 4220 E1G60 - ok
08:43:43.0818 4220 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
08:43:43.0820 4220 EapHost - ok
08:43:43.0866 4220 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
08:43:43.0869 4220 Ecache - ok
08:43:43.0913 4220 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:43:43.0920 4220 elxstor - ok
08:43:43.0998 4220 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
08:43:44.0005 4220 EMDMgmt - ok
08:43:44.0083 4220 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
08:43:44.0087 4220 EventSystem - ok
08:43:44.0139 4220 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
08:43:44.0143 4220 exfat - ok
08:43:44.0201 4220 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:43:44.0207 4220 fastfat - ok
08:43:44.0250 4220 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:43:44.0251 4220 fdc - ok
08:43:44.0298 4220 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
08:43:44.0301 4220 fdPHost - ok
08:43:44.0325 4220 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
08:43:44.0328 4220 FDResPub - ok
08:43:44.0368 4220 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:43:44.0369 4220 FileInfo - ok
08:43:44.0424 4220 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:43:44.0427 4220 Filetrace - ok
08:43:44.0477 4220 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:43:44.0478 4220 flpydisk - ok
08:43:44.0535 4220 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:43:44.0538 4220 FltMgr - ok
08:43:44.0616 4220 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
08:43:44.0624 4220 FontCache - ok
08:43:44.0731 4220 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:43:44.0747 4220 FontCache3.0.0.0 - ok
08:43:44.0787 4220 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:43:44.0788 4220 Fs_Rec - ok
08:43:44.0833 4220 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:43:44.0835 4220 gagp30kx - ok
08:43:44.0881 4220 Giraffic - ok
08:43:44.0933 4220 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
08:43:44.0942 4220 gpsvc - ok
08:43:45.0086 4220 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
08:43:45.0091 4220 gupdate - ok
08:43:45.0119 4220 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
08:43:45.0121 4220 gupdatem - ok
08:43:45.0179 4220 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:43:45.0189 4220 gusvc - ok
08:43:45.0272 4220 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:43:45.0290 4220 HdAudAddService - ok
08:43:45.0401 4220 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:43:45.0412 4220 HDAudBus - ok
08:43:45.0457 4220 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:43:45.0471 4220 HidBth - ok
08:43:45.0507 4220 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
08:43:45.0509 4220 HidIr - ok
08:43:45.0543 4220 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
08:43:45.0545 4220 hidserv - ok
08:43:45.0587 4220 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:43:45.0605 4220 HidUsb - ok
08:43:45.0645 4220 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:43:45.0649 4220 hkmsvc - ok
08:43:45.0675 4220 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
08:43:45.0676 4220 HpCISSs - ok
08:43:45.0721 4220 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:43:45.0730 4220 HTTP - ok
08:43:45.0767 4220 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
08:43:45.0776 4220 i2omp - ok
08:43:45.0831 4220 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
08:43:45.0833 4220 i8042prt - ok
08:43:46.0232 4220 [ 9378D57E2B96C0A185D844770AD49948 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
08:43:46.0289 4220 ialm - ok
08:43:46.0333 4220 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
08:43:46.0338 4220 iaStorV - ok
08:43:46.0410 4220 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:43:46.0432 4220 idsvc - ok
08:43:46.0569 4220 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
08:43:46.0589 4220 igfx - ok
08:43:46.0634 4220 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:43:46.0642 4220 iirsp - ok
08:43:46.0691 4220 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
08:43:46.0696 4220 IKEEXT - ok
08:43:46.0830 4220 [ 0789485FFAE865458E0F079DCBF4FCD2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
08:43:46.0875 4220 IntcAzAudAddService - ok
08:43:46.0919 4220 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
08:43:46.0920 4220 intelide - ok
08:43:46.0939 4220 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:43:46.0946 4220 intelppm - ok
08:43:46.0987 4220 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:43:46.0991 4220 IPBusEnum - ok
08:43:47.0039 4220 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:43:47.0049 4220 IpFilterDriver - ok
08:43:47.0090 4220 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:43:47.0094 4220 iphlpsvc - ok
08:43:47.0111 4220 IpInIp - ok
08:43:47.0154 4220 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
08:43:47.0169 4220 IPMIDRV - ok
08:43:47.0205 4220 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
08:43:47.0208 4220 IPNAT - ok
08:43:47.0245 4220 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:43:47.0259 4220 IRENUM - ok
08:43:47.0287 4220 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:43:47.0290 4220 isapnp - ok
08:43:47.0338 4220 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
08:43:47.0342 4220 iScsiPrt - ok
08:43:47.0370 4220 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
08:43:47.0372 4220 iteatapi - ok
08:43:47.0430 4220 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
08:43:47.0431 4220 iteraid - ok
08:43:47.0476 4220 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:43:47.0492 4220 kbdclass - ok
08:43:47.0537 4220 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:43:47.0539 4220 kbdhid - ok
08:43:47.0598 4220 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
08:43:47.0600 4220 KeyIso - ok
08:43:47.0701 4220 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:43:47.0720 4220 KSecDD - ok
08:43:47.0772 4220 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
08:43:47.0788 4220 KtmRm - ok
08:43:47.0846 4220 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
08:43:47.0851 4220 LanmanServer - ok
08:43:47.0894 4220 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:43:47.0899 4220 LanmanWorkstation - ok
08:43:47.0953 4220 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
08:43:47.0955 4220 LightScribeService - ok
08:43:47.0988 4220 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:43:47.0990 4220 lltdio - ok
08:43:48.0052 4220 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:43:48.0058 4220 lltdsvc - ok
08:43:48.0116 4220 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:43:48.0119 4220 lmhosts - ok
08:43:48.0165 4220 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:43:48.0181 4220 LSI_FC - ok
08:43:48.0204 4220 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:43:48.0207 4220 LSI_SAS - ok
08:43:48.0244 4220 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:43:48.0246 4220 LSI_SCSI - ok
08:43:48.0276 4220 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
08:43:48.0278 4220 luafv - ok
08:43:48.0337 4220 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
08:43:48.0338 4220 MBAMProtector - ok
08:43:48.0421 4220 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
08:43:48.0430 4220 MBAMScheduler - ok
08:43:48.0559 4220 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
08:43:48.0575 4220 MBAMService - ok
08:43:48.0599 4220 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
08:43:48.0600 4220 megasas - ok
08:43:48.0646 4220 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
08:43:48.0654 4220 MMCSS - ok
08:43:48.0694 4220 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
08:43:48.0696 4220 Modem - ok
08:43:48.0743 4220 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:43:48.0750 4220 monitor - ok
08:43:48.0766 4220 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:43:48.0768 4220 mouclass - ok
08:43:48.0807 4220 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:43:48.0808 4220 mouhid - ok
08:43:48.0855 4220 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
08:43:48.0856 4220 MountMgr - ok
08:43:48.0907 4220 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
08:43:48.0909 4220 mpio - ok
08:43:48.0947 4220 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:43:48.0951 4220 mpsdrv - ok
08:43:48.0998 4220 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
08:43:49.0004 4220 MpsSvc - ok
08:43:49.0031 4220 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
08:43:49.0046 4220 Mraid35x - ok
08:43:49.0090 4220 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:43:49.0092 4220 MRxDAV - ok
08:43:49.0139 4220 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:43:49.0155 4220 mrxsmb - ok
08:43:49.0199 4220 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:43:49.0204 4220 mrxsmb10 - ok
08:43:49.0227 4220 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:43:49.0228 4220 mrxsmb20 - ok
08:43:49.0278 4220 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
08:43:49.0294 4220 msahci - ok
08:43:49.0323 4220 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:43:49.0331 4220 msdsm - ok
08:43:49.0366 4220 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
08:43:49.0371 4220 MSDTC - ok
08:43:49.0422 4220 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:43:49.0423 4220 Msfs - ok
08:43:49.0464 4220 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:43:49.0465 4220 msisadrv - ok
08:43:49.0518 4220 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:43:49.0522 4220 MSiSCSI - ok
08:43:49.0535 4220 msiserver - ok
08:43:49.0590 4220 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:43:49.0606 4220 MSKSSRV - ok
08:43:49.0664 4220 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:43:49.0674 4220 MSPCLOCK - ok
08:43:49.0708 4220 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:43:49.0709 4220 MSPQM - ok
08:43:49.0747 4220 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:43:49.0751 4220 MsRPC - ok
08:43:49.0811 4220 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
08:43:49.0812 4220 mssmbios - ok
08:43:49.0838 4220 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:43:49.0848 4220 MSTEE - ok
08:43:49.0890 4220 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
08:43:49.0891 4220 Mup - ok
08:43:49.0967 4220 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
08:43:49.0976 4220 napagent - ok
08:43:50.0037 4220 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:43:50.0057 4220 NativeWifiP - ok
08:43:50.0154 4220 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:43:50.0165 4220 NDIS - ok
08:43:50.0192 4220 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:43:50.0193 4220 NdisTapi - ok
08:43:50.0235 4220 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:43:50.0250 4220 Ndisuio - ok
08:43:50.0287 4220 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:43:50.0299 4220 NdisWan - ok
08:43:50.0337 4220 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:43:50.0339 4220 NDProxy - ok
08:43:50.0380 4220 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
08:43:50.0391 4220 Net Driver HPZ12 - ok
08:43:50.0423 4220 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:43:50.0425 4220 NetBIOS - ok
08:43:50.0488 4220 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
08:43:50.0507 4220 netbt - ok
08:43:50.0524 4220 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
08:43:50.0527 4220 Netlogon - ok
08:43:50.0631 4220 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
08:43:50.0637 4220 Netman - ok
08:43:50.0722 4220 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
08:43:50.0726 4220 netprofm - ok
08:43:50.0836 4220 [ C9AFE484B3645DA74FD459F45E4F756F ] netr73 C:\Windows\system32\DRIVERS\netr73.sys
08:43:50.0853 4220 netr73 - ok
08:43:50.0896 4220 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:43:50.0915 4220 NetTcpPortSharing - ok
08:43:50.0958 4220 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:43:50.0960 4220 nfrd960 - ok
08:43:51.0028 4220 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:43:51.0032 4220 NlaSvc - ok
08:43:51.0093 4220 NMIndexingService - ok
08:43:51.0120 4220 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:43:51.0121 4220 Npfs - ok
08:43:51.0172 4220 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
08:43:51.0176 4220 nsi - ok
08:43:51.0208 4220 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:43:51.0210 4220 nsiproxy - ok
08:43:51.0273 4220 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:43:51.0308 4220 Ntfs - ok
08:43:51.0352 4220 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
08:43:51.0353 4220 NTIDrvr - ok
08:43:51.0379 4220 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
08:43:51.0380 4220 ntrigdigi - ok
08:43:51.0417 4220 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
08:43:51.0418 4220 Null - ok
08:43:51.0455 4220 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:43:51.0457 4220 nvraid - ok
08:43:51.0479 4220 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:43:51.0480 4220 nvstor - ok
08:43:51.0518 4220 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:43:51.0531 4220 nv_agp - ok
08:43:51.0567 4220 NwlnkFlt - ok
08:43:51.0583 4220 NwlnkFwd - ok
08:43:51.0654 4220 [ D955D5DE998DB2476BF0892BE3A96C26 ] O2Flash C:\Windows\system32\o2flash.exe
08:43:51.0661 4220 O2Flash - ok
08:43:51.0721 4220 [ A874F4E22D116BF5701DB6DD8BCB1D27 ] O2MDRDR C:\Windows\system32\DRIVERS\o2media.sys
08:43:51.0722 4220 O2MDRDR - ok
08:43:51.0740 4220 [ 55153F3F852C4BC0E050A65F5D914C01 ] O2SDRDR C:\Windows\system32\DRIVERS\o2sd.sys
08:43:51.0742 4220 O2SDRDR - ok
08:43:51.0850 4220 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:43:51.0859 4220 odserv - ok
08:43:51.0923 4220 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
08:43:51.0925 4220 ohci1394 - ok
08:43:51.0979 4220 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:43:51.0982 4220 ose - ok
08:43:52.0032 4220 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
08:43:52.0053 4220 p2pimsvc - ok
08:43:52.0078 4220 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
08:43:52.0086 4220 p2psvc - ok
08:43:52.0119 4220 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
08:43:52.0122 4220 Parport - ok
08:43:52.0166 4220 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:43:52.0168 4220 partmgr - ok
08:43:52.0195 4220 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
08:43:52.0196 4220 Parvdm - ok
08:43:52.0234 4220 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
08:43:52.0237 4220 PcaSvc - ok
08:43:52.0274 4220 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
08:43:52.0277 4220 pci - ok
08:43:52.0314 4220 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
08:43:52.0316 4220 pciide - ok
08:43:52.0348 4220 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:43:52.0352 4220 pcmcia - ok
08:43:52.0409 4220 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
08:43:52.0412 4220 pcouffin - ok
08:43:52.0482 4220 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:43:52.0513 4220 PEAUTH - ok
08:43:52.0648 4220 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
08:43:52.0711 4220 pla - ok
08:43:52.0753 4220 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:43:52.0759 4220 PlugPlay - ok
08:43:52.0804 4220 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
08:43:52.0806 4220 Pml Driver HPZ12 - ok
08:43:52.0843 4220 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
08:43:52.0851 4220 PNRPAutoReg - ok
08:43:52.0887 4220 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
08:43:52.0895 4220 PNRPsvc - ok
08:43:52.0944 4220 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:43:52.0955 4220 PolicyAgent - ok
08:43:53.0002 4220 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:43:53.0004 4220 PptpMiniport - ok
08:43:53.0034 4220 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
08:43:53.0036 4220 Processor - ok
08:43:53.0067 4220 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
08:43:53.0071 4220 ProfSvc - ok
08:43:53.0100 4220 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
08:43:53.0103 4220 ProtectedStorage - ok
08:43:53.0147 4220 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
08:43:53.0149 4220 PSched - ok
08:43:53.0201 4220 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:43:53.0225 4220 ql2300 - ok
08:43:53.0268 4220 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:43:53.0270 4220 ql40xx - ok
08:43:53.0312 4220 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
08:43:53.0320 4220 QWAVE - ok
08:43:53.0352 4220 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:43:53.0353 4220 QWAVEdrv - ok
08:43:53.0389 4220 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:43:53.0391 4220 RasAcd - ok
08:43:53.0428 4220 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
08:43:53.0434 4220 RasAuto - ok
08:43:53.0491 4220 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:43:53.0493 4220 Rasl2tp - ok
08:43:53.0566 4220 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
08:43:53.0571 4220 RasMan - ok
08:43:53.0626 4220 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:43:53.0636 4220 RasPppoe - ok
08:43:53.0696 4220 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:43:53.0699 4220 RasSstp - ok
08:43:53.0741 4220 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:43:53.0758 4220 rdbss - ok
08:43:53.0788 4220 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:43:53.0789 4220 RDPCDD - ok
08:43:53.0845 4220 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
08:43:53.0851 4220 rdpdr - ok
08:43:53.0882 4220 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:43:53.0883 4220 RDPENCDD - ok
08:43:53.0924 4220 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:43:53.0928 4220 RDPWD - ok
08:43:53.0992 4220 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:43:53.0996 4220 RemoteAccess - ok
08:43:54.0042 4220 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:43:54.0047 4220 RemoteRegistry - ok
08:43:54.0086 4220 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
08:43:54.0089 4220 RpcLocator - ok
08:43:54.0127 4220 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
08:43:54.0135 4220 RpcSs - ok
08:43:54.0168 4220 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:43:54.0170 4220 rspndr - ok
08:43:54.0206 4220 [ 166911EADA13CD34DD8F8C667707BE94 ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys
08:43:54.0208 4220 RTL8023xp - ok
08:43:54.0224 4220 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
08:43:54.0227 4220 SamSs - ok
08:43:54.0289 4220 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
08:43:54.0290 4220 SASDIFSV - ok
08:43:54.0327 4220 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
08:43:54.0329 4220 SASKUTIL - ok
08:43:54.0374 4220 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:43:54.0377 4220 sbp2port - ok
08:43:54.0426 4220 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:43:54.0431 4220 SCardSvr - ok
08:43:54.0488 4220 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
08:43:54.0510 4220 Schedule - ok
08:43:54.0534 4220 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
08:43:54.0537 4220 SCPolicySvc - ok
08:43:54.0567 4220 [ 4339A2585708C7D9B0C0CE5AAD3DD6FF ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
08:43:54.0569 4220 sdbus - ok
08:43:54.0605 4220 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:43:54.0613 4220 SDRSVC - ok
08:43:54.0651 4220 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:43:54.0653 4220 secdrv - ok
08:43:54.0688 4220 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
08:43:54.0692 4220 seclogon - ok
08:43:54.0720 4220 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
08:43:54.0725 4220 SENS - ok
08:43:54.0753 4220 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
08:43:54.0756 4220 Serenum - ok
08:43:54.0790 4220 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
08:43:54.0793 4220 Serial - ok
08:43:54.0822 4220 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:43:54.0823 4220 sermouse - ok
08:43:54.0883 4220 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
08:43:54.0888 4220 SessionEnv - ok
08:43:54.0929 4220 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:43:54.0930 4220 sffdisk - ok
08:43:54.0951 4220 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:43:54.0954 4220 sffp_mmc - ok
08:43:54.0979 4220 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:43:54.0980 4220 sffp_sd - ok
08:43:55.0005 4220 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:43:55.0007 4220 sfloppy - ok
08:43:55.0051 4220 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:43:55.0059 4220 SharedAccess - ok
08:43:55.0116 4220 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:43:55.0121 4220 ShellHWDetection - ok
08:43:55.0160 4220 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
08:43:55.0162 4220 sisagp - ok
08:43:55.0185 4220 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
08:43:55.0187 4220 SiSRaid2 - ok
08:43:55.0209 4220 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:43:55.0212 4220 SiSRaid4 - ok
08:43:55.0341 4220 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
08:43:55.0399 4220 slsvc - ok
08:43:55.0441 4220 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
08:43:55.0446 4220 SLUINotify - ok
08:43:55.0494 4220 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:43:55.0497 4220 Smb - ok
08:43:55.0552 4220 [ 3850ABA97B31094F93BCBE94D6ABBE22 ] smserial C:\Windows\system32\DRIVERS\smserial.sys
08:43:55.0585 4220 smserial - ok
08:43:55.0644 4220 [ 98B44C15B4EED76AA8DCCB64A4CA11AF ] snapman C:\Windows\system32\DRIVERS\snapman.sys
08:43:55.0647 4220 snapman - ok
08:43:55.0689 4220 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:43:55.0693 4220 SNMPTRAP - ok
08:43:55.0722 4220 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
08:43:55.0723 4220 spldr - ok
08:43:55.0758 4220 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
08:43:55.0763 4220 Spooler - ok
08:43:55.0811 4220 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:43:55.0817 4220 srv - ok
08:43:55.0855 4220 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:43:55.0858 4220 srv2 - ok
08:43:55.0900 4220 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:43:55.0902 4220 srvnet - ok
08:43:55.0949 4220 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
08:43:55.0953 4220 ssadbus - ok
08:43:55.0985 4220 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
08:43:55.0987 4220 ssadmdfl - ok
08:43:56.0027 4220 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
08:43:56.0031 4220 ssadmdm - ok
08:43:56.0075 4220 [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
08:43:56.0078 4220 ssadserd - ok
08:43:56.0115 4220 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:43:56.0120 4220 SSDPSRV - ok
08:43:56.0173 4220 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:43:56.0178 4220 SstpSvc - ok
08:43:56.0225 4220 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
08:43:56.0234 4220 stisvc - ok
08:43:56.0261 4220 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
08:43:56.0262 4220 swenum - ok
08:43:56.0317 4220 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
08:43:56.0327 4220 swprv - ok
08:43:56.0362 4220 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
08:43:56.0364 4220 Symc8xx - ok
08:43:56.0387 4220 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
08:43:56.0389 4220 Sym_hi - ok
08:43:56.0413 4220 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
08:43:56.0415 4220 Sym_u3 - ok
08:43:56.0456 4220 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
08:43:56.0466 4220 SysMain - ok
08:43:56.0507 4220 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:43:56.0513 4220 TabletInputService - ok
08:43:56.0553 4220 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:43:56.0575 4220 TapiSrv - ok
08:43:56.0604 4220 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
08:43:56.0612 4220 TBS - ok
08:43:56.0679 4220 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:43:56.0702 4220 Tcpip - ok
08:43:56.0768 4220 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
08:43:56.0776 4220 Tcpip6 - ok
08:43:56.0819 4220 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:43:56.0823 4220 tcpipreg - ok
08:43:56.0857 4220 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:43:56.0859 4220 TDPIPE - ok
08:43:56.0906 4220 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:43:56.0908 4220 TDTCP - ok
08:43:56.0942 4220 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:43:56.0944 4220 tdx - ok
08:43:56.0971 4220 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
08:43:56.0974 4220 TermDD - ok
08:43:57.0016 4220 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
08:43:57.0024 4220 TermService - ok
08:43:57.0049 4220 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
08:43:57.0057 4220 Themes - ok
08:43:57.0090 4220 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
08:43:57.0093 4220 THREADORDER - ok
08:43:57.0137 4220 [ D8A96D0E25D43FDAC3BED09ADF39FDE9 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
08:43:57.0149 4220 timounter - ok
08:43:57.0193 4220 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
08:43:57.0197 4220 TrkWks - ok
08:43:57.0257 4220 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:43:57.0259 4220 TrustedInstaller - ok
08:43:57.0303 4220 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:43:57.0305 4220 tssecsrv - ok
08:43:57.0356 4220 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
08:43:57.0357 4220 tunmp - ok
08:43:57.0406 4220 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:43:57.0408 4220 tunnel - ok
08:43:57.0451 4220 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:43:57.0454 4220 uagp35 - ok
08:43:57.0494 4220 [ E0C67BE430C6DE490D6CCAECFA071F9E ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
08:43:57.0495 4220 UBHelper - ok
08:43:57.0536 4220 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:43:57.0542 4220 udfs - ok
08:43:57.0588 4220 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:43:57.0592 4220 UI0Detect - ok
08:43:57.0645 4220 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:43:57.0647 4220 uliagpkx - ok
08:43:57.0689 4220 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
08:43:57.0695 4220 uliahci - ok
08:43:57.0719 4220 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
08:43:57.0722 4220 UlSata - ok
08:43:57.0753 4220 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
08:43:57.0758 4220 ulsata2 - ok
08:43:57.0807 4220 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:43:57.0809 4220 umbus - ok
08:43:57.0844 4220 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
08:43:57.0850 4220 upnphost - ok
08:43:57.0927 4220 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
08:43:57.0929 4220 usbaudio - ok
08:43:57.0968 4220 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:43:57.0971 4220 usbccgp - ok
08:43:58.0008 4220 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:43:58.0010 4220 usbcir - ok
08:43:58.0062 4220 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:43:58.0063 4220 usbehci - ok
08:43:58.0097 4220 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:43:58.0102 4220 usbhub - ok
08:43:58.0142 4220 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:43:58.0144 4220 usbohci - ok
08:43:58.0170 4220 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
08:43:58.0171 4220 usbprint - ok
08:43:58.0200 4220 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:43:58.0203 4220 USBSTOR - ok
08:43:58.0240 4220 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
08:43:58.0241 4220 usbuhci - ok
08:43:58.0280 4220 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
08:43:58.0285 4220 UxSms - ok
08:43:58.0332 4220 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
08:43:58.0343 4220 vds - ok
08:43:58.0378 4220 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:43:58.0389 4220 vga - ok
08:43:58.0422 4220 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
08:43:58.0423 4220 VgaSave - ok
08:43:58.0456 4220 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
08:43:58.0458 4220 viaagp - ok
08:43:58.0494 4220 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
08:43:58.0496 4220 ViaC7 - ok
08:43:58.0520 4220 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
08:43:58.0522 4220 viaide - ok
08:43:58.0557 4220 [ 149EC3E217F9D11E9CA6C54CE3D70C73 ] vididr C:\Windows\system32\DRIVERS\vididr.sys
08:43:58.0560 4220 vididr - ok
08:43:58.0577 4220 [ E31E9CD40677B84B3ADAA7A0D80DC439 ] vidsflt53 C:\Windows\system32\DRIVERS\vsflt53.sys
08:43:58.0579 4220 vidsflt53 - ok
08:43:58.0623 4220 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:43:58.0624 4220 volmgr - ok
08:43:58.0670 4220 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:43:58.0676 4220 volmgrx - ok
08:43:58.0710 4220 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:43:58.0715 4220 volsnap - ok
08:43:58.0754 4220 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:43:58.0757 4220 vsmraid - ok
08:43:58.0807 4220 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
08:43:58.0840 4220 VSS - ok
08:43:58.0874 4220 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
08:43:58.0880 4220 W32Time - ok
08:43:58.0922 4220 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:43:58.0924 4220 WacomPen - ok
08:43:58.0958 4220 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
08:43:58.0960 4220 Wanarp - ok
08:43:58.0975 4220 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:43:58.0976 4220 Wanarpv6 - ok
08:43:59.0011 4220 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:43:59.0023 4220 wcncsvc - ok
08:43:59.0052 4220 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:43:59.0057 4220 WcsPlugInService - ok
08:43:59.0098 4220 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
08:43:59.0100 4220 Wd - ok
08:43:59.0154 4220 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:43:59.0169 4220 Wdf01000 - ok
08:43:59.0210 4220 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:43:59.0214 4220 WdiServiceHost - ok
08:43:59.0230 4220 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:43:59.0234 4220 WdiSystemHost - ok
08:43:59.0261 4220 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
08:43:59.0266 4220 WebClient - ok
08:43:59.0311 4220 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:43:59.0318 4220 Wecsvc - ok
08:43:59.0355 4220 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:43:59.0360 4220 wercplsupport - ok
08:43:59.0406 4220 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
08:43:59.0411 4220 WerSvc - ok
08:43:59.0489 4220 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
08:43:59.0492 4220 WinDefend - ok
08:43:59.0513 4220 WinHttpAutoProxySvc - ok
08:43:59.0568 4220 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:43:59.0570 4220 Winmgmt - ok
08:43:59.0630 4220 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
08:43:59.0664 4220 WinRM - ok
08:43:59.0736 4220 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:43:59.0747 4220 Wlansvc - ok
08:43:59.0782 4220 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:43:59.0784 4220 WmiAcpi - ok
08:43:59.0831 4220 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:43:59.0835 4220 wmiApSrv - ok
08:43:59.0899 4220 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
08:43:59.0908 4220 WMPNetworkSvc - ok
08:43:59.0938 4220 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:43:59.0945 4220 WPCSvc - ok
08:43:59.0982 4220 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:43:59.0986 4220 WPDBusEnum - ok
08:44:00.0030 4220 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
08:44:00.0032 4220 WpdUsb - ok
08:44:00.0119 4220 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:44:00.0140 4220 WPFFontCache_v0400 - ok
08:44:00.0186 4220 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:44:00.0187 4220 ws2ifsl - ok
08:44:00.0226 4220 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
08:44:00.0231 4220 wscsvc - ok
08:44:00.0245 4220 WSearch - ok
08:44:00.0338 4220 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
08:44:00.0359 4220 wuauserv - ok
08:44:00.0427 4220 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:44:00.0430 4220 WUDFRd - ok
08:44:00.0460 4220 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:44:00.0471 4220 wudfsvc - ok
08:44:00.0499 4220 ================ Scan global ===============================
08:44:00.0522 4220 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
08:44:00.0565 4220 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
08:44:00.0600 4220 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
08:44:00.0636 4220 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
08:44:00.0642 4220 [Global] - ok
08:44:00.0647 4220 ================ Scan MBR ==================================
08:44:00.0657 4220 [ BEEDF9B7F43A72A91456F7131AFC11B2 ] \Device\Harddisk0\DR0
08:44:01.0260 4220 \Device\Harddisk0\DR0 - ok
08:44:01.0265 4220 ================ Scan VBR ==================================
08:44:01.0271 4220 [ FB822C9D5CF38BBD1C34E59E17435AC0 ] \Device\Harddisk0\DR0\Partition1
08:44:01.0275 4220 \Device\Harddisk0\DR0\Partition1 - ok
08:44:01.0281 4220 ============================================================
08:44:01.0281 4220 Scan finished
08:44:01.0281 4220 ============================================================
08:44:01.0311 3736 Detected object count: 0
08:44:01.0311 3736 Actual detected object count: 0
08:45:53.0781 1656 Deinitialize success

Here's the roguekiller log
RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Irma [Admin rights]
Mode : Remove -- Date : 09/30/2012 08:50:25

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[TASK][SUSP PATH] RunAsStdUser Task : "C:\Users\Irma\AppData\Local\cheerychickenSA\bin\1.0.7.0\CheeryChickenSA.exe" -> DELETED
[TASK][SUSP PATH] {46B07B84-B5C6-410F-8B6F-9F6A3E2405DF} : C:\Windows\System32\pcalua.exe -a C:\Users\Irma\AppData\Local\temp\Temp1_General-CleanTool.zip\NeroCleanTool5.0.0.18.exe -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-00A0RT0 ATA Device +++++
--- User ---
[MBR] 98e1aa761af5ecad72d7e2e8b4736b6a
[BSP] 3a8e24af78db4d43c3e596b6d770c8f9 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


Hre's the rkill log
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/30/2012 08:52:46 AM in x86 mode.
Windows Version: Windows Vista ™ Home Basic Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* msiserver => %systemroot%\system32\msiexec.exe /V [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 09/30/2012 08:52:56 AM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)


here's the JRT log
Junkware Removal Tool (JRT) by Thisisu
Version: 1.1.8 (09.30.2012)
OS: Windows Vista ™ Home Basic x86
Ran by Irma on Sun 09/30/2012 at 9:12:36.36
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
Successfully deleted: [KEY] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
Successfully deleted: [KEY] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired

Successfully deleted: [FF EXTENSIONS PROFILE] {acaa314b-eeba-48e4-ad47-84e31c44796c}
Removed the following from [PREFS.JS] :

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\",\"mtime\":1249795622334},\"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\":{\"descriptor\":\"C:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\DivXHTML5\",\"mtime\":1325072205985},\"{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Real\\\\RealPlayer\\\\BrowserRecordPlugin\\\\Firefox\\\\Ext\",\"mtime\":1337459192712}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1335034293366},\"{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\",\"mtime\":1305461722686}}},{\"name\":\"app-profile\",\"addons\":{\"engine@conduit.com\":{\"descriptor\":\"C:\\\\Users\\\\Irma\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\5wivdymi.default\\\\extensions\\\\engine@conduit.com\",\"mtime\":1307439269007},\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\Users\\\\Irma\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\5wivdymi.default\\\\extensions\\\\{20a82645-c095-46ed-80e3-08825760534b}\",\"mtime\":1281287060151},\"{75656794-AB59-4712-BFBC-5D816D56F3BC}\":{\"descriptor\":\"C:\\\\Users\\\\Irma\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\5wivdymi.default\\\\extensions\\\\{75656794-AB59-4712-BFBC-5D816D56F3BC}\",\"mtime\":1316365678905},\"{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\":{\"descriptor\":\"C:\\\\Users\\\\Irma\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\5wivdymi.default\\\\extensions\\\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\",\"mtime\":1341410660362},\"{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\":{\"descriptor\":\"C:\\\\Users\\\\Irma\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\5wivdymi.default\\\\extensions\\\\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\",\"mtime\":1335034305169},\"{cd90bf73-20f6-44ef-993d-bb920303bd2e}\":{\"descriptor\":\"C:\\\\Users\\\\Irma\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\5wivdymi.default\\\\extensions\\\\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\",\"mtime\":1335034332103}}}]");


*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Sun 09/30/2012 at 9:12:57.22
End of Report


And here's the Autoruns log
"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Acronis Scheduler2 Service" "Acronis Scheduler Helper" "Acronis" "c:\program files\common files\acronis\schedule2\schedhlp.exe"
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "DivXUpdate" "DivX Update" "" "c:\program files\divx\divx update\divxupdate.exe"
+ "Garmin Lifetime Updater" "Garmin Lifetime Updater" "Garmin" "c:\program files\garmin\lifetime updater\garminlifetime.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "ISUSScheduler" "InstallShield Update Service Scheduler" "InstallShield Software Corporation" "c:\program files\common files\installshield\updateservice\issch.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "RtHDVCpl" "HD Audio Control Panel" "Realtek Semiconductor" "c:\windows\rthdvcpl.exe"
+ "SMSERIAL" "Application executable file" "Motorola Inc." "c:\program files\motorola\smserial\sm56hlpr.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "TkBellExe" "RealNetworks Scheduler" "RealNetworks, Inc." "c:\program files\real\realplayer\update\realsched.exe"
+ "TrueImageMonitor.exe" "Acronis True Image Monitor" "Acronis" "c:\program files\acronis\trueimagehome\trueimagemonitor.exe"
+ "Windows Defender" "Windows Defender User Interface" "Microsoft Corporation" "c:\program files\windows defender\msascui.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Google Update" "Google Installer" "Google Inc." "c:\users\irma\appdata\local\google\update\googleupdate.exe"
+ "ISUSPM Startup" "InstallShield Update Service Update Manager" "InstallShield Software Corporation" "c:\program files\common files\installshield\updateservice\isuspm.exe"
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "SUPERAntiSpyware.com" "c:\program files\superantispyware\superantispyware.exe"
+ "VeohPlugin" "Veoh Web Player Beta" "Veoh Networks" "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
+ "WMPNSCFG" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Acronis True Image Shell Context Menu Extension" "Acronis True Image Shell Extensions" "Acronis" "c:\program files\acronis\trueimagehome\tishell.dll"
+ "FYZip" "FYZip Shell Extension" "TightRope Interactive" "c:\program files\fyzip\fyzip.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "Yahoo! Mail" "Yahoo! Mail" "Yahoo! Inc." "c:\program files\yahoo!\common\ymmapi.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "FYZip" "FYZip Shell Extension" "TightRope Interactive" "c:\program files\fyzip\fyzip.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "FYZip" "FYZip Shell Extension" "TightRope Interactive" "c:\program files\fyzip\fyzip.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Acronis True Image Shell Context Menu Extension" "Acronis True Image Shell Extensions" "Acronis" "c:\program files\acronis\trueimagehome\tishell.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Bing Bar Helper" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\bingext.dll"
+ "DivX Plus Web Player HTML5 <video>" "DivX Plus Web Player HTML5 <video> version 2.1.2.145" "DivX, LLC" "c:\program files\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "RealPlayer Download and Record Plugin for Internet Explorer" "RealPlayer Download and Record Plugin" "RealPlayer" "c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll"
+ "Yahoo! Toolbar Helper" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn\yt.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
+ "Yahoo! Toolbar" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn\yt.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Bing" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\bingext.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
+ "Yahoo! Toolbar" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn\yt.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-3052812514-1482119601-790790415-1000Core" "Google Installer" "Google Inc." "c:\users\irma\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-3052812514-1482119601-790790415-1000UA" "Google Installer" "Google Inc." "c:\users\irma\appdata\local\google\update\googleupdate.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Windows Defender Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Signature Update" "Windows Defender Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
+ "\RealUpgradeLogonTaskS-1-5-21-3052812514-1482119601-790790415-1000" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe"
+ "\RealUpgradeScheduledTaskS-1-5-21-3052812514-1482119601-790790415-1000" "RealUpgrade Launcher" "RealNetworks, Inc." "c:\program files\real\realupgrade\realupgrade.exe"
+ "\ReclaimerUpdateFiles_Irma" "RealNetworks Installer" "RealNetworks, Inc." "c:\users\irma\appdata\roaming\real\update\upgradehelper\realplayer\10.20\agent\rnupgagent.exe"
+ "\ReclaimerUpdateXML_Irma" "RealNetworks Installer" "RealNetworks, Inc." "c:\users\irma\appdata\roaming\real\update\upgradehelper\realplayer\10.20\agent\rnupgagent.exe"
+ "\RNUpgradeHelperLogonPrompt_Irma" "RealNetworks Installer" "RealNetworks, Inc." "c:\users\irma\appdata\roaming\real\update\upgradehelper\realplayer\10.20\agent\rnupgagent.exe"
+ "\RNUpgradeHelperResumePrompt_Irma" "RealNetworks Installer" "RealNetworks, Inc." "c:\users\irma\appdata\roaming\real\update\upgradehelper\realplayer\10.20\agent\rnupgagent.exe"
+ "\RunAsStdUser Task for VeohWebPlayer" "Veoh Web Player Beta" "Veoh Networks" "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
+ "\SUPERAntiSpyware Scheduled Task 0650400e-6b1d-42a4-abcc-75504e145d5a" "SUPERAntiSpyware Task Dispatcher" "SUPERAdBlocker.com" "c:\program files\superantispyware\sastask.exe"
+ "\SUPERAntiSpyware Scheduled Task d9a7b9b7-6953-4db0-b461-2b521d7a0b99" "SUPERAntiSpyware Task Dispatcher" "SUPERAdBlocker.com" "c:\program files\superantispyware\sastask.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore.exe"
+ "AcrSch2Svc" "Task scheduling for Acronis applications." "Acronis" "c:\program files\common files\acronis\schedule2\schedul2.exe"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "BBSvc" "Keeps Bing Bar up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Bing Bar." "Microsoft Corporation." "c:\program files\microsoft\bingbar\bbsvc.exe"
+ "BBUpdate" "Enables the detection, download and installation of up-to-date configuration files for Bing Bar. Also provides server communication for the customer experience improvement program. Stopping or disabling this service may prevent you from getting the latest updates for Bing Bar, which may expose your computer to security vulnerabilities or functional flaws in the Bing Bar." "Microsoft Corporation" "c:\program files\microsoft\bingbar\seaport.exe"
+ "Giraffic" "Keeps track of the Giraffic Video Accelerator status and version" "Giraffic" "c:\program files\giraffic\veoh_girafficwatchdog.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files\common files\lightscribe\lssrvc.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamservice.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "O2Flash" "O2 Flash Memory Service" "O2Micro International" "c:\windows\system32\o2flash.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "Camav" "Samsung Video Capture" "Samsung electronics, Inc" "c:\windows\system32\drivers\camav.sys"
+ "camflt" "Samsung Video Capture" "Devguru Corporation, Inc" "c:\windows\system32\drivers\camflt.sys"
+ "catchme" "" "" "File not found: C:\Users\Irma\AppData\Local\Temp\catchme.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g60i32.sys"
+ "ialm" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhda.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "netr73" "Ralink 802.11 USB Wireless Adapter Driver" "Ralink Technology, Corp." "c:\windows\system32\drivers\netr73.sys"
+ "NTIDrvr" "NTI CD-ROM Filter Driver" "NewTech Infosystems, Inc." "c:\windows\system32\drivers\ntidrvr.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "O2MDRDR" "o2media" "O2Micro " "c:\windows\system32\drivers\o2media.sys"
+ "O2SDRDR" "O2Micro SD Reader Driver" "O2Micro " "c:\windows\system32\drivers\o2sd.sys"
+ "pcouffin" "low level access layer for CD/DVD/BD devices" "VSO Software" "c:\windows\system32\drivers\pcouffin.sys"
+ "RTL8023xp" "Realtek 10/100 NDIS 5.1 Driver " "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtnicxp.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "smserial" "Motorola SM56 Modem WDM Driver" "Motorola Inc." "c:\windows\system32\drivers\smserial.sys"
+ "snapman" "Acronis Snapshot API" "Acronis" "c:\windows\system32\drivers\snapman.sys"
+ "ssadbus" "SAMSUNG Android USB Composite Device Driver" "MCCI Corporation" "c:\windows\system32\drivers\ssadbus.sys"
+ "ssadmdfl" "SAMSUNG Android USB Modem (Filter)" "MCCI Corporation" "c:\windows\system32\drivers\ssadmdfl.sys"
+ "ssadmdm" "SAMSUNG Android USB Modem Drivers" "MCCI Corporation" "c:\windows\system32\drivers\ssadmdm.sys"
+ "ssadserd" "SAMSUNG Android USB Diagnostic Serial Port (WDM)" "MCCI Corporation" "c:\windows\system32\drivers\ssadserd.sys"
+ "timounter" "Acronis Backup Archive Explorer" "Acronis" "c:\windows\system32\drivers\timntr.sys"
+ "UBHelper" "" "" "c:\windows\system32\drivers\ubhelper.sys"
+ "vididr" "Virtual Disk Driver Service" "Acronis" "c:\windows\system32\drivers\vididr.sys"
+ "vidsflt53" "Acronis Virtual Disk Storage Filter" "Acronis" "c:\windows\system32\drivers\vsflt53.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
+ "vidc.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
+ "vidc.yv12" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Aspect Ratio Resizer 16x9" "Aspect Ratio Converter" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\aspectratioconverter16x9.ax"
+ "Aspect Ratio Resizer 4x3" "Aspect Ratio Converter" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\aspectratioconverter4x3.ax"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "DivX AAC Decoder" "AAC audio decoder filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\daac.ax"
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files\divx\divx codec\divxdec.ax"
+ "DivX Demux Filter" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX Demux Filter (Unrestricted Edition)" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\divxdech264.ax"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Honestech VCD/SVCD Encoder" "honest technology, VCD/SVCD encoder" "honest technology" "c:\windows\system32\htvcdsvcd.ax"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvmanalyse.ax"
+ "muvee Video Analyser" "Video Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvvanalyse.ax"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "RealPlayer Audio Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Transcode Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "RealPlayer Video Filter" "Audio Filter Plugin" "RealNetworks, Inc." "c:\program files\real\realplayer\rdsf3260.dll"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "SEDG Video Decoder" "" "" "c:\program files\samsung\sedg\mcs_dec2.ax"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\windows\system32\xvid.ax"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"C:\Users\Irma\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Clock" "Watch the clock in your own time zone or any city in the world." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\Clock.gadget\en-US\Gadget.xml"
+ "Feed Headlines" "Track the latest news, sports, and entertainment headlines." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\RSSFeeds.Gadget\en-US\Gadget.xml"
+ "Slide Show" "Show a continuous slide show of your pictures." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\SlideShow.Gadget\en-US\Gadget.xml"


Again. Thanks for your time
God bless U
Martin

#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 PM

Posted 30 September 2012 - 11:03 AM

Run the fix it below.
http://go.microsoft.com/?linkid=9728872

Follow the instructioons below to un-tick ipv6
http://support.microsoft.com/kb/929852

Open msconfig under the start-up tab untick everything except your antivirus and anything that may be realted to your wireless
reboot.

Re-run Minitoolbox

Tick the List Installed Programs post here please.

How is the machine running??

#9 duenas77

duenas77
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston TX USA
  • Local time:08:32 PM

Posted 30 September 2012 - 08:35 PM

The machine is running "fine" I do not think it's slow any more. However there's a folder with the name of administrator (Irma) now in the desk top. I wonder how can I take it back to where it belongs.
Another thing I need to tell you. By mistake I unticked ipv6 before running the fix from microsoft. Do you think I should re-do those two steps?
Anyhow here's the log from minitoolbox

MiniToolBox by Farbar Version: 23-07-2012
Ran by Irma (administrator) on 30-09-2012 at 08:38:36
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

802.11g Mini Card Wireless Adapter = Wireless Network Connection (Connected)
Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=10.0.1.1
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
add address name="Local Area Connection" address=10.0.1.113


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Irma-LapTop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 802.11g Mini Card Wireless Adapter
Physical Address. . . . . . . . . : 00-19-DB-08-C6-69
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5d2d:cddc:ce3c:d8e5%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, September 29, 2012 7:49:03 AM
Lease Expires . . . . . . . . . . : Monday, October 01, 2012 7:49:03 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 218108883
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0D-80-D7-FA-00-03-0D-52-C0-51
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-03-0D-5A-14-22
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{160101C1-B6EE-4DF7-B0BB-EEC685FD5D75}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2AAF5B1D-C0E1-44D9-A9B0-13685C5AFC95}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:38dd:34e7:3f57:fefd(Preferred)
Link-local IPv6 Address . . . . . : fe80::38dd:34e7:3f57:fefd%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4002:c05::65
74.125.137.113
74.125.137.100
74.125.137.101
74.125.137.102
74.125.137.139
74.125.137.138



Pinging google.com [74.125.137.100] with 32 bytes of data:

Reply from 74.125.137.100: bytes=32 time=33ms TTL=48

Reply from 74.125.137.100: bytes=32 time=32ms TTL=48



Ping statistics for 74.125.137.100:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 32ms, Maximum = 33ms, Average = 32ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=199ms TTL=50

Reply from 98.139.183.24: bytes=32 time=82ms TTL=48



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 82ms, Maximum = 199ms, Average = 140ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 19 db 08 c6 69 ...... 802.11g Mini Card Wireless Adapter
8 ...00 03 0d 5a 14 22 ...... Realtek RTL8139/810x Family Fast Ethernet NIC
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.{160101C1-B6EE-4DF7-B0BB-EEC685FD5D75}
14 ...00 00 00 00 00 00 00 e0 isatap.{2AAF5B1D-C0E1-44D9-A9B0-13685C5AFC95}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 286
192.168.1.2 255.255.255.255 On-link 192.168.1.2 286
192.168.1.255 255.255.255.255 On-link 192.168.1.2 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 286
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.0.1.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:38dd:34e7:3f57:fefd/128
On-link
9 286 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::38dd:34e7:3f57:fefd/128
On-link
9 286 fe80::5d2d:cddc:ce3c:d8e5/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
9 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/28/2012 10:39:46 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16450 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: a2c
Start Time: 01cd98fab95793db
Termination Time: 77

Error: (09/28/2012 08:56:19 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16450 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: cf8
Start Time: 01cd98c58894867b
Termination Time: 121

Error: (08/16/2012 03:05:31 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\CONFIG.MSI\27AEB0B3.RBF> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/16/2012 03:05:01 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\CONFIG.MSI\27AEB0B1.RBS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/16/2012 03:05:01 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\CONFIG.MSI\27AEB0B1.RBS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/14/2012 10:21:54 AM) (Source: Application Error) (User: )
Description: Faulting application VeohWebPlayer.exe, version 1.3.9.1000, time stamp 0x4fce0418, faulting module QtCore4.dll, version 4.7.0.0, time stamp 0x4dff2959, exception code 0xc0000005, fault offset 0x00051ae6,
process id 0xe00, application start time 0xVeohWebPlayer.exe0.

Error: (07/06/2012 08:19:49 AM) (Source: Application Error) (User: )
Description: Faulting application vlc.exe, version 0.8.6.0, time stamp 0x47f2ba07, faulting module libvlc.dll, version 0.0.0.0, time stamp 0x47f2ba07, exception code 0xc0000005, fault offset 0x0001b82a,
process id 0x1ad8, application start time 0xvlc.exe0.

Error: (06/27/2012 05:09:27 AM) (Source: Application Hang) (User: )
Description: The program DivX Plus Player.exe version 10.3.3.10 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: ef0
Start Time: 01cd5447a48d7e80
Termination Time: 14

Error: (06/26/2012 08:04:25 PM) (Source: Application Error) (User: )
Description: Faulting application VeohWebPlayer.exe, version 1.3.9.1000, time stamp 0x4fce0418, faulting module QtCore4.dll, version 4.7.0.0, time stamp 0x4dff2959, exception code 0xc0000005, fault offset 0x00051ae6,
process id 0x5e0, application start time 0xVeohWebPlayer.exe0.

Error: (06/19/2012 01:57:34 PM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 19.0.1084.56 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 5b0
Start Time: 01cd4e4af59e2160
Termination Time: 1190


System errors:
=============
Error: (09/29/2012 07:48:21 AM) (Source: LSM) (User: )
Description: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.
.

Error: (09/28/2012 08:54:03 PM) (Source: LSM) (User: )
Description: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.
.

Error: (09/28/2012 06:52:23 PM) (Source: LSM) (User: )
Description: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.
.

Error: (09/28/2012 06:33:26 PM) (Source: LSM) (User: )
Description: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.
.

Error: (09/22/2012 00:06:13 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (09/22/2012 08:23:18 AM) (Source: LSM) (User: )
Description: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.
.

Error: (09/22/2012 03:20:51 AM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (09/12/2012 06:44:34 AM) (Source: DCOM) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}

Error: (09/01/2012 02:10:13 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (08/17/2012 04:29:55 AM) (Source: LSM) (User: )
Description: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.
.


Microsoft Office Sessions:
=========================
Error: (01/14/2012 06:04:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3177 seconds with 600 seconds of active time. This session ended with a crash.


========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 2037.45 MB
Available physical RAM: 1297.43 MB
Total Pagefile: 4326.16 MB
Available Pagefile: 3405.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.46 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:465.76 GB) (Free:420.91 GB) NTFS

========================= Users: ========================================

User accounts for \\IRMA-LAPTOP

Administrator Guest Irma


**** End of log ****

#10 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 PM

Posted 01 October 2012 - 06:56 PM

What is inside of the folder?

As far as the other steps never mind them if you say the machine is better now.

#11 duenas77

duenas77
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston TX USA
  • Local time:08:32 PM

Posted 01 October 2012 - 08:01 PM

That new folder in the desktop was the administrator's folder. With the administrator's name. You opened it and it showed "My Documents" "My pictures" "My music" "Downloads" "Fav"s etc. So I unticked the "Show in folder" option and it went away. I have shortcuts to the folders I use the most anyways.
A few other shortcuts appeared in the quick launch bar but I deleted them. But I wonder. One of them was Yahoo messenger and it's been eons since we do not use it.
I suppose I am not going to revert the ipv6 right? should I leave it like that for ever?
Anyhow, other than that the machine is working a lot better. Thanks again!!!!
Blessings
Martin

#12 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 PM

Posted 01 October 2012 - 08:34 PM

Ipv6 never got un-ticked according to your logs no big issue I would not worry about the folders glad all is well. :thumbup2:

#13 duenas77

duenas77
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Houston TX USA
  • Local time:08:32 PM

Posted 04 October 2012 - 04:35 AM

I could never thank you enough.
God bless you
Martin




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users