Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post BSOD ntoskrnl.exe error after FBI Cyberc ...
Go to first new post Trojan virus
Go to first new post cant connect to internet!!
Go to first new post win32.trojan.agent on Ad-Aware
Go to first new post YellowMoxie Redirect
Go to first new post Audio Ads Playing in the Background + Ot ...
Go to first new post Click live search redirect..........Help ...
Go to first new post Blekko Lavasoft search engine removal
Go to first new post windows XP OBJECT DELAY LOAD
Go to first new post Printer Communication Problem- HKLM Boot ...
Go to first new post Infected with "Police Cybercrime In ...
Go to first new post adminstrator account not working
Go to first new post Help! Everything not responding!
Go to first new post email hacked
Go to first new post Fubar virus?
Search Search
Search for:
Tech Support Guy Forums > > >

Windows 7 problem

(In Progress)
(!)

Reply
Page 1 of 2 1 2
kittysfriend's Avatar
Member with 9 posts.
THREAD STARTER
  
Join Date: May 2012
02-May-2012, 10:41 PM #1
Unhappy Windows 7 problem
Hello everyone! I'm new here and Im not an expert so please bear with me. When I start up my computer runs it good but after 10 o 15 min starts to run very slow., freezes up , works again for a little while, freez,es up again ,very hard to do anything in it. I ran my antivirus (avast), Spybot, Fix It, got rid of programs that I wasn't using, etc. y still have this issue. Can somebody please help me? I will appreciate it. Windows 7 Home Premium Service Pack 1 , AMD Atthlom (tm) II x2 240 processor 2.8 GHz. 3.00 GB. It took me about 20 min to write this because freezes up constantly. Thank You.
kittysfriend's Avatar
Member with 9 posts.
THREAD STARTER
  
Join Date: May 2012
07-May-2012, 12:59 PM #2
Virus??
I'm thinking that some kind of wirus or malware is infecting my computer. It still freezes up then runs ok but after few minutes slows down and freezes up agan etc. I ran my antivirus AVAST, Spybot, SuperAntispyware, Malwarebytes but still no real imprivement. Any help to solve this issue would be very much appreciated.. Thanks.
Glaswegian's Avatar
Glaswegian   (Iain) Glaswegian is offline Glaswegian is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 3,825 posts.
  
Join Date: Dec 2004
Location: Erm...Glasgow?
09-May-2012, 03:58 PM #3
Hi and welcome.

As far as you possibly can, please try and produce the logs as requested here

http://forums.techguy.org/virus-othe...e-posting.html

You may need to use another computer and transfer files using a flash/USB drive.
kittysfriend's Avatar
Member with 9 posts.
THREAD STARTER
  
Join Date: May 2012
17-May-2012, 09:16 PM #4
Hello, my computer is freezing up a lot . When i first turn it up runs ok but after 10 or 15 min starts to run slow and constantly freezes up, web pages no responding etc.. I ran my AV(Avast), SUPERAntispyware, CCleaner, Revo Uninstaller, I even sort to dusted it removing the side panel but still no improvement. I surely hope you can help me to fix it. Sorry it took me a little while to have the logs ready but here they are:
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:41:36 PM, on 5/17/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Mike Flaherty\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: NETGEAR WNA1100 Smart Wizard.lnk = ?
O8 - Extra context menu item: Free YouTube Download - C:\Users\Mike Flaherty\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.pandora.com
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VideoScavengerService (VideoScavenger_1eService) - Unknown owner - C:\PROGRA~2\VIDEOS~2\bar\1.bin\1ebarsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
--
End of file - 8602 bytes
DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Mike Flaherty at 19:48:56 on 2012-05-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1208 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube Download - C:\Users\Mike Flaherty\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: eset.eu
Trusted Zone: pandora.com\www
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{896487C6-66F0-4A66-88D6-8886E11C62A7} : DhcpNameServer = 192.168.1.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-5 44768]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-28 1119768]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-2 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 WSWNA1100;WSWNA1100;C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2011-11-10 266240]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-19 136176]
S2 VideoScavenger_1eService;VideoScavengerService;C:\PROGRA~2\VIDEOS~2\bar\1.b in\1ebarsvc.exe --> C:\PROGRA~2\VIDEOS~2\bar\1.bin\1ebarsvc.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-1 253088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-19 136176]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2011-11-10 960992]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
.
=============== Created Last 30 ================
.
2012-05-16 15:27:05 -------- d-----w- C:\Users\Mike Flaherty\AppData\Roaming\WinPatrol
2012-05-16 15:25:59 -------- d-----w- C:\Program Files (x86)\BillP Studios
2012-05-15 12:44:02 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B7062DD4-9765-4457-9C4F-7781C0D5FD82}\mpengine.dll
2012-05-14 06:37:56 0 ----a-w- C:\Windows\SysWow64\sho9EFD.tmp
2012-05-14 02:37:02 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-05-13 20:30:13 -------- d-----w- C:\Program Files\CCleaner
2012-05-13 20:02:49 -------- d-----w- C:\Program Files (x86)\Oracle
2012-05-13 20:02:16 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-13 16:42:55 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\VS Revo Group
2012-05-13 16:42:31 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2012-05-13 16:42:25 -------- d-----w- C:\Program Files\VS Revo Group
2012-05-13 16:40:20 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-05-10 21:28:46 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-10 21:28:45 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-10 21:28:42 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-10 21:28:41 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-10 21:28:40 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-10 21:28:39 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-10 21:24:17 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-10 21:22:20 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-10 21:22:14 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-10 21:22:13 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 21:22:12 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 21:22:11 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-10 21:22:11 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-10 02:21:16 -------- d-----w- C:\$RECYCLE.BIN
2012-05-03 17:10:58 -------- d-----w- C:\Users\Mike Flaherty\AppData\Roaming\SUPERAntiSpyware.com
2012-05-03 17:08:17 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-05-03 17:08:17 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-05-02 19:01:02 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-02 19:01:02 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-02 18:52:03 -------- d-----w- C:\ProgramData\Tarma Installer
2012-05-02 17:46:06 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2012-05-02 17:46:03 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2012-05-02 03:52:56 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{19E45BDF-2B34-4D0A-9C55-BDD2099A94B9}
2012-05-01 21:58:17 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-30 18:26:28 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{B0DBDC34-8F96-45EE-ABFA-30640198EBA7}
2012-04-30 18:26:14 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{26A04E8F-696D-4397-A436-77A2B891AD27}
2012-04-29 23:20:11 -------- d-----w- C:\Program Files (x86)\1ClickDownload
2012-04-29 17:03:36 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{843877A5-1C1A-4ED2-899C-0656CE4FFA04}
2012-04-29 17:03:24 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{BD0779B7-53C9-45D7-A5B4-A3F0F835865A}
2012-04-26 12:13:29 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{E91D1899-415B-4096-AB2A-25887FC0D2D2}
2012-04-26 12:13:11 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{E7C55B2E-A894-4AB9-AD29-A622FF5ADAD1}
2012-04-25 12:06:46 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{6D6C7581-77D8-4B59-A96A-83CBCBE0C81B}
2012-04-25 12:06:32 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{C9D05630-C3F8-414C-B2B4-D8697B8D6E49}
2012-04-24 14:16:09 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{83514587-159B-44FD-9AF3-EB779EB73321}
2012-04-24 14:15:57 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{68BD7463-6CC7-4C7E-9273-A8AAD8A146D0}
2012-04-24 02:15:26 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{B137B435-907E-4BF5-BC35-83D9714B9DD4}
2012-04-24 02:15:13 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{D6D35E2C-7A86-4A11-8431-3C54C26F8C03}
2012-04-23 12:44:17 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{550080EC-A195-4895-B6BA-7F53021D0C33}
2012-04-23 12:44:04 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{311ED0F6-3086-45FD-B288-6BE9CA3BD756}
2012-04-22 15:46:56 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{BE29E081-1453-4F50-B30E-56400EFC64C1}
2012-04-22 15:46:43 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{9265AD69-5771-4168-B693-4BBF1D9CCEE4}
2012-04-22 03:06:29 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{3E09BC01-7AA5-451D-8C4C-E17C215A0EB6}
2012-04-22 03:06:18 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{1BEF5C4B-CC80-4B7A-A093-EA6DB301D6CF}
2012-04-21 15:01:59 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{1748F28F-6DB0-4DA5-B7D9-64DD0AF71B05}
2012-04-21 15:01:43 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{5CB068CF-B1C6-4973-83B5-89E35AF5A6F1}
2012-04-21 01:00:07 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{24EF0619-E673-4634-8B3F-C7019B421A72}
2012-04-21 00:59:53 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{89888D3F-9101-4A92-BD4B-60D57E408B95}
2012-04-20 11:12:09 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{DFD8B380-03E1-4EC7-A29C-FC45BF620B50}
2012-04-20 11:11:55 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{691BFF31-EFD1-4E6F-8BF9-AAF6CFF69E67}
2012-04-19 17:53:46 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{97B2A960-6D0A-4CE9-BB65-AA5E066F4C91}
2012-04-19 17:53:34 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{FB04D0F0-060F-41E7-A7A6-A4F7ED32BED8}
2012-04-19 02:41:55 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{8E33291B-8A0E-48C6-9352-5553D25B181E}
2012-04-19 02:41:43 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{ABBD67A2-A0EA-420D-8B1E-493809D92A85}
2012-04-19 02:41:37 -------- d-----w- C:\Users\Mike Flaherty\Tracing
2012-04-19 02:41:31 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{9B47F1B6-61B1-42AF-9F34-8ABC9A635385}
2012-04-19 02:22:35 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{1126C4A0-D439-4C57-929E-C443B6A2331F}
2012-04-19 02:22:23 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{7E0E0FA3-C1B4-4600-9540-DE28BE21516E}
.
==================== Find3M ====================
.
2012-05-01 21:58:17 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 12:48:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-06 23:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 19:52:21.23 ===============

Attach. Notepad:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/13/2011 10:33:18 PM
System Uptime: 5/17/2012 7:44:26 PM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2A6C
Processor: AMD Athlon(tm) II X2 240 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 384.364 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.603 GiB free.
E: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP152: 5/10/2012 10:41:05 PM - Windows Update
RP154: 5/13/2012 11:52:26 AM - Revo Uninstaller Pro's restore point - Freecorder 5
RP156: 5/13/2012 11:56:27 AM - Revo Uninstaller Pro's restore point - Java(TM) 6 Update 22
RP157: 5/13/2012 11:56:47 AM - Removed Java(TM) 6 Update 22
RP159: 5/13/2012 12:04:19 PM - Revo Uninstaller Pro's restore point - Java(TM) 6 Update 31
RP160: 5/13/2012 12:06:35 PM - Removed Java(TM) 6 Update 31
RP161: 5/13/2012 12:23:01 PM - Revo Uninstaller's restore point - Freecorder 5
RP162: 5/13/2012 12:30:51 PM - Revo Uninstaller's restore point - Freecorder 5
RP163: 5/13/2012 3:00:08 PM - Installed Java(TM) 7 Update 4
RP164: 5/13/2012 3:02:26 PM - Installed JavaFX 2.1.0
RP165: 5/13/2012 4:46:28 PM - Installed HiJackThis
RP166: 5/13/2012 9:18:01 PM - Installed HiJackThis
RP167: 5/13/2012 9:33:20 PM - Installed HiJackThis
RP168: 5/15/2012 7:43:25 AM - Windows Update
RP169: 5/16/2012 10:53:21 AM - Revo Uninstaller's restore point - HiJackThis
RP170: 5/16/2012 10:54:48 AM - Removed HiJackThis
RP171: 5/16/2012 11:19:18 AM - Revo Uninstaller's restore point - VideoScavenger Toolbar
RP172: 5/16/2012 11:25:58 AM - Revo Uninstaller's restore point - ESET Online Scanner v3
RP174: 5/17/2012 7:07:59 AM - Revo Uninstaller Pro's restore point - Malwarebytes Anti-Malware version 1.61.0.1400
.
==== Installed Programs ======================
.
Adobe Reader X (10.1.3)
Apple Application Support
Apple Software Update
avast! Free Antivirus
CyberLink DVD Suite Deluxe
D3DX10
DVD Menu Pack for HP MediaSmart Video
Facetheme
ffdshow [rev 2975] [2009-05-28]
GIMP 2.6.12-2
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.2.0
HP Customer Experience Enhancements
HP Deskjet 3050 J610 series Help
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MovieStore
HP Odometer
HP Photo Creations
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP Update
HPDiagnosticAlert
Hulu Desktop
IrfanView (remove only)
Java Auto Updater
Java(TM) 7 Update 4
JavaFX 2.1.0
Kingsoft Presentation (8.1.0.3008)
LabelPrint
LightScribe System Software
Media Go
Media Go Video Playback Engine 1.84.107.07010
Media Player Codec Pack 4.1.7
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR WNA1100 N150 Wireless USB Adapter
NVIDIA ForceWare Network Access Manager
OpenOffice.org 3.3
PDF Complete Special Edition
PhotoNow!
PlayReady PC Runtime x86
PlayStation(R)Network Downloader
PlayStation(R)Store
Power2Go
PowerDirector
PressReader
QuickTime Alternative 2.8.0
Realtek High Definition Audio Driver
Recovery Manager
Revo Uninstaller 1.94
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Spybot - Search & Destroy
SpywareBlaster 4.6
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
.
==== Event Viewer Messages From Past Week ========
.
5/17/2012 7:45:03 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
5/17/2012 7:45:03 PM, Error: Service Control Manager [7000] - The VideoScavengerService service failed to start due to the following error: The system cannot find the file specified.
5/17/2012 7:31:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
5/16/2012 7:40:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
5/16/2012 7:40:23 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
5/16/2012 7:40:23 AM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/16/2012 7:15:39 AM, Error: Microsoft-Windows-WHEA-Logger [20] - A fatal hardware error has occurred. Component: AMD Northbridge Error Source: Machine Check Exception Error Type: 11 Processor ID: 0 The details view of this entry contains further information.
.
==== End Of File ===========================

Hope to hear from you soon. Thanks
Glaswegian's Avatar
Glaswegian   (Iain) Glaswegian is offline Glaswegian is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 3,825 posts.
  
Join Date: Dec 2004
Location: Erm...Glasgow?
18-May-2012, 04:00 PM #5
Hi again - well done.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed. Note that if you do not respond within 5 days I shall no longer check this thread for replies.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.


IMPORTANT - for Windows Vista and Windows 7 start all tools by using right click > Run as Administrator.




Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully! If using Windows XP you should ensure you install the Recovery Console.

You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

Please include the log C:\ComboFix.txt in your next reply for further review.
__________________
Member of ASAP Member of UNITE Want to learn how to fight malware?

Defender of the Haggis and all things Scottish.
kittysfriend's Avatar
Member with 9 posts.
THREAD STARTER
  
Join Date: May 2012
19-May-2012, 01:03 PM #6
Here is the log for ComboFix
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Glaswegian's Avatar
Glaswegian   (Iain) Glaswegian is offline Glaswegian is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 3,825 posts.
  
Join Date: Dec 2004
Location: Erm...Glasgow?
20-May-2012, 03:49 PM #7
Please just copy and paste your logs directly into the thread - thanks.


ComboFix 12-05-19.01 - Mike Flaherty 05/19/2012 11:31:25.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.246 [GMT -5:00]
Running from: c:\users\Mike Flaherty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OHP0H7B5\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))
.
.
2012-05-19 16:42 . 2012-05-19 16:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-16 15:27 . 2012-05-16 15:27 -------- d-----w- c:\users\Mike Flaherty\AppData\Roaming\WinPatrol
2012-05-16 15:25 . 2012-05-16 15:25 -------- d-----w- c:\program files (x86)\BillP Studios
2012-05-15 12:44 . 2012-04-18 08:03 8917360 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7062DD4-9765-4457-9C4F-7781C0D5FD82}\mpengine.dll
2012-05-14 06:37 . 2012-05-14 06:37 0 ----a-w- c:\windows\SysWow64\sho9EFD.tmp
2012-05-14 02:37 . 2012-05-14 02:37 -------- d-----w- c:\program files (x86)\Trend Micro
2012-05-13 20:30 . 2012-05-13 20:30 -------- d-----w- c:\program files\CCleaner
2012-05-13 20:03 . 2012-05-13 20:03 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-13 20:02 . 2012-05-13 20:02 -------- d-----w- c:\program files (x86)\Oracle
2012-05-13 20:02 . 2012-04-04 23:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-13 20:01 . 2012-05-13 20:01 -------- d-----w- c:\program files (x86)\Java
2012-05-13 19:12 . 2012-05-13 19:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-05-13 16:42 . 2012-05-13 16:42 -------- d-----w- c:\users\Mike Flaherty\AppData\Local\VS Revo Group
2012-05-13 16:42 . 2009-12-30 16:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-05-13 16:42 . 2012-05-13 16:42 -------- d-----w- c:\program files\VS Revo Group
2012-05-13 16:40 . 2012-05-13 16:40 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-05-10 21:28 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 21:28 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 21:28 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 21:28 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 21:28 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 21:28 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 21:24 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 21:22 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 21:22 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 21:22 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 21:22 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 21:22 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 21:22 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-08 02:03 . 2012-05-08 02:03 -------- d-----w- c:\users\Mike Flaherty\AppData\Roaming\U3
2012-05-03 17:10 . 2012-05-03 17:10 -------- d-----w- c:\users\Mike Flaherty\AppData\Roaming\SUPERAntiSpyware.com
2012-05-03 17:08 . 2012-05-03 17:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-03 17:08 . 2012-05-03 17:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-02 19:01 . 2012-05-13 21:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-02 19:01 . 2012-05-02 19:20 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-02 18:52 . 2012-05-02 18:52 -------- d-----w- c:\programdata\Tarma Installer
2012-05-02 17:46 . 2010-01-10 23:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2012-05-02 17:46 . 2012-05-02 17:46 -------- d-----w- c:\program files (x86)\SpywareBlaster
2012-05-01 21:58 . 2012-05-01 21:58 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-30 00:24 . 2012-04-30 00:24 -------- d-----w- c:\users\Mcx1-MIKEFLAHERTY-HP
2012-04-29 23:20 . 2012-05-01 20:55 -------- d-----w- c:\program files (x86)\1ClickDownload
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-01 21:58 . 2011-11-10 12:24 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 12:48 . 2012-01-09 02:27 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-06 23:15 . 2011-11-10 04:27 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-11-10 04:27 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-11-10 04:27 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-11-10 04:27 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-11-10 04:27 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-04-05 20:05 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2011-11-10 04:27 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-11-10 04:27 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-11-10 04:27 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-01 06:46 . 2012-04-11 23:22 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-11 23:22 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-11 23:22 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-11 23:22 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-11 23:22 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-11 23:22 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 23:22 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-11 23:24 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 23:24 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 23:24 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 23:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-11 23:24 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-11 23:24 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 23:24 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-11 23:24 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 15:18 . 2011-11-10 05:04 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-03 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-04-15 374368]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2011-11-10 4545024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
R2 VideoScavenger_1eService;VideoScavengerService;c:\progra~2\VIDEOS~2\bar\1.b in\1ebarsvc.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 253088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 136176]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2010-03-23 960992]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2010-08-04 266240]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 21:58]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 21:56]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 21:56]
.
2012-05-19 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-12-22 17:24]
.
2012-05-18 c:\windows\Tasks\HPCeeScheduleForMike Flaherty.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-05-01 c:\windows\Tasks\HPCeeScheduleForMIKEFLAHERTY-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-05-19 c:\windows\Tasks\WpsUpdateTask_Mike Flaherty.job
- c:\program files (x86)\Kingsoft\Kingsoft Presentation\office6\wpsupdate.exe [2011-11-03 16:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Mike Flaherty\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
Trusted Zone: eset.eu
Trusted Zone: pandora.com\www
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
AddRemove-facetheme-apl - c:\program files (x86)\Object\facetheme-apl_uninstall.exe
AddRemove-ffdshow_is1 - c:\program files (x86)\Media Convert Master\codec\ffdshow\unins000.exe
AddRemove-QuicktimeAlt_is1 - c:\program files (x86)\Media Convert Master\codec\quicktime\unins000.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{ACF7DA4C-EEB2-484A-A3A1-303D4054D50C}"=hex:51,66,7a,6c,4c,1d,38,12,22,d9,e4,
a8,80,a0,24,0d,dc,b7,73,7d,45,0a,91,18
"{27A220B7-BB43-4FAF-B27B-F803D18EEA28}"=hex:51,66,7a,6c,4c,1d,38,12,d9,23,b1,
23,71,f5,c1,0a,cd,6d,bb,43,d4,d0,ae,3c
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
"{C6549209-1FF1-4A5C-A815-981F64F34B19}"=hex:51,66,7a,6c,4c,1d,38,12,67,91,47,
c2,c3,51,32,0f,d7,03,db,5f,61,ad,0f,0d
"{D047FE10-DFE2-45CF-9FBF-966B9E64920F}"=hex:51,66,7a,6c,4c,1d,38,12,7e,fd,54,
d4,d0,91,a1,00,e0,a9,d5,2b,9b,3a,d6,1b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:90,a0,d2,6b,9e,28,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-05-19 11:49:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-19 16:49
.
Pre-Run: 412,070,006,784 bytes free
Post-Run: 411,837,775,872 bytes free
.
- - End Of File - - 97FDA8F27F50968CC32BDB259D3D26E1
__________________
Member of ASAP Member of UNITE Want to learn how to fight malware?

Defender of the Haggis and all things Scottish.
Glaswegian's Avatar
Glaswegian   (Iain) Glaswegian is offline Glaswegian is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 3,825 posts.
  
Join Date: Dec 2004
Location: Erm...Glasgow?
20-May-2012, 03:58 PM #8
Hi again

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.



Combofix
  • Close any open browsers.
  • Open notepad and copy/paste the text in the box below into it:

Code:
ClearJavaCache::

File::
c:\windows\SysWow64\sho9EFD.tmp
Looking at the image below as an example



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript onto ComboFix.exe.

If you receive a prompt saying there is an updated version of ComboFix available, please allow it to update.

When finished, it will produce a log for you at "C:\ComboFix.txt"

Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

CAUTION! Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!


Please post the log C:\ComboFix.txt for further review.




Download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results. Note that the full scan may take quite some time.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.
Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.
__________________
Member of ASAP Member of UNITE Want to learn how to fight malware?

Defender of the Haggis and all things Scottish.
kittysfriend's Avatar
Member with 9 posts.
THREAD STARTER
  
Join Date: May 2012
22-May-2012, 01:00 AM #9
Hello again .. Combofix log:
ComboFix 12-05-21.05 - Mike Flaherty 05/21/2012 19:03:49.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.184 [GMT -5:00]
Running from: c:\users\Mike Flaherty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
.
.
2012-05-22 00:15 . 2012-05-22 00:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-19 16:59 . 2012-05-15 06:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6DF769-0CC9-4161-9E41-5A2ACE5C3269}\mpengine.dll
2012-05-16 15:27 . 2012-05-16 15:27 -------- d-----w- c:\users\Mike Flaherty\AppData\Roaming\WinPatrol
2012-05-16 15:25 . 2012-05-16 15:25 -------- d-----w- c:\program files (x86)\BillP Studios
2012-05-14 06:37 . 2012-05-14 06:37 0 ----a-w- c:\windows\SysWow64\sho9EFD.tmp
2012-05-14 02:37 . 2012-05-14 02:37 -------- d-----w- c:\program files (x86)\Trend Micro
2012-05-13 20:30 . 2012-05-13 20:30 -------- d-----w- c:\program files\CCleaner
2012-05-13 20:03 . 2012-05-13 20:03 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-13 20:02 . 2012-05-13 20:02 -------- d-----w- c:\program files (x86)\Oracle
2012-05-13 20:02 . 2012-04-04 23:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-13 20:01 . 2012-05-13 20:01 -------- d-----w- c:\program files (x86)\Java
2012-05-13 19:12 . 2012-05-13 19:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-05-13 16:42 . 2012-05-13 16:42 -------- d-----w- c:\users\Mike Flaherty\AppData\Local\VS Revo Group
2012-05-13 16:42 . 2009-12-30 16:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-05-13 16:42 . 2012-05-13 16:42 -------- d-----w- c:\program files\VS Revo Group
2012-05-13 16:40 . 2012-05-13 16:40 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-05-10 21:28 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 21:28 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 21:28 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 21:28 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 21:28 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 21:28 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 21:24 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 21:22 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 21:22 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 21:22 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 21:22 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 21:22 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 21:22 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-08 02:03 . 2012-05-08 02:03 -------- d-----w- c:\users\Mike Flaherty\AppData\Roaming\U3
2012-05-03 17:10 . 2012-05-03 17:10 -------- d-----w- c:\users\Mike Flaherty\AppData\Roaming\SUPERAntiSpyware.com
2012-05-03 17:08 . 2012-05-03 17:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-03 17:08 . 2012-05-03 17:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-02 19:01 . 2012-05-13 21:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-02 19:01 . 2012-05-02 19:20 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-02 18:52 . 2012-05-02 18:52 -------- d-----w- c:\programdata\Tarma Installer
2012-05-02 17:46 . 2010-01-10 23:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2012-05-02 17:46 . 2012-05-02 17:46 -------- d-----w- c:\program files (x86)\SpywareBlaster
2012-05-01 21:58 . 2012-05-01 21:58 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-30 00:24 . 2012-04-30 00:24 -------- d-----w- c:\users\Mcx1-MIKEFLAHERTY-HP
2012-04-29 23:20 . 2012-05-01 20:55 -------- d-----w- c:\program files (x86)\1ClickDownload
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-01 21:58 . 2011-11-10 12:24 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 12:48 . 2012-01-09 02:27 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-06 23:15 . 2011-11-10 04:27 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-11-10 04:27 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-11-10 04:27 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-11-10 04:27 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-11-10 04:27 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-04-05 20:05 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2011-11-10 04:27 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-11-10 04:27 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-11-10 04:27 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-01 06:46 . 2012-04-11 23:22 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-11 23:22 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-11 23:22 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-11 23:22 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-11 23:22 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-11 23:22 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 23:22 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-11 23:24 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 23:24 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 23:24 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 23:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-11 23:24 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-11 23:24 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 23:24 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-11 23:24 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 15:18 . 2011-11-10 05:04 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-19_16.45.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-19 16:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-22 00:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-19 16:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-22 00:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-19 16:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-22 00:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2011-04-14 03:35 . 2012-05-21 23:41 59252 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-05-19 15:11 44920 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-21 23:41 44920 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-14 05:16 . 2012-05-21 23:41 15240 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1845553030-3031872880-4008053321-1000_UserData.bin
+ 2011-11-14 22:37 . 2012-05-21 05:42 5064 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-11-14 22:37 . 2012-05-16 12:13 5064 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-05-22 00:17 . 2012-05-22 00:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-19 16:44 . 2012-05-19 16:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-19 16:44 . 2012-05-19 16:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-22 00:17 . 2012-05-22 00:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-05-18 23:47 315868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-22 00:16 315868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-14 05:41 . 2012-05-22 00:16 16050720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1845553030-3031872880-4008053321-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-03 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-04-15 374368]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2011-11-10 4545024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 VideoScavenger_1eService;VideoScavengerService;c:\progra~2\VIDEOS~2\bar\1.b in\1ebarsvc.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 253088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 136176]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2010-03-23 960992]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2010-08-04 266240]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 21:58]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 21:56]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 21:56]
.
2012-05-22 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-12-22 17:24]
.
2012-05-21 c:\windows\Tasks\HPCeeScheduleForMike Flaherty.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-05-01 c:\windows\Tasks\HPCeeScheduleForMIKEFLAHERTY-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-05-22 c:\windows\Tasks\WpsUpdateTask_Mike Flaherty.job
- c:\program files (x86)\Kingsoft\Kingsoft Presentation\office6\wpsupdate.exe [2011-11-03 16:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Mike Flaherty\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
Trusted Zone: eset.eu
Trusted Zone: pandora.com\www
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{ACF7DA4C-EEB2-484A-A3A1-303D4054D50C}"=hex:51,66,7a,6c,4c,1d,38,12,22,d9,e4,
a8,80,a0,24,0d,dc,b7,73,7d,45,0a,91,18
"{27A220B7-BB43-4FAF-B27B-F803D18EEA28}"=hex:51,66,7a,6c,4c,1d,38,12,d9,23,b1,
23,71,f5,c1,0a,cd,6d,bb,43,d4,d0,ae,3c
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
"{C6549209-1FF1-4A5C-A815-981F64F34B19}"=hex:51,66,7a,6c,4c,1d,38,12,67,91,47,
c2,c3,51,32,0f,d7,03,db,5f,61,ad,0f,0d
"{D047FE10-DFE2-45CF-9FBF-966B9E64920F}"=hex:51,66,7a,6c,4c,1d,38,12,7e,fd,54,
d4,d0,91,a1,00,e0,a9,d5,2b,9b,3a,d6,1b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:90,a0,d2,6b,9e,28,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-05-21 19:21:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-22 00:21
ComboFix2.txt 2012-05-19 16:49
.
Pre-Run: 411,589,783,552 bytes free
Post-Run: 411,622,252,544 bytes free
.
- - End Of File - - 1D3737D285437D79F40E1E2B9AFCD112
mbam log:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.21.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mike Flaherty :: MIKEFLAHERTY-HP [administrator]
5/21/2012 8:05:23 PM
mbam-log-2012-05-21 (20-05-23).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 356029
Time elapsed: 1 hour(s), 1 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 63
HKCR\CLSID\{94c801cd-46bf-4b4d-834b-8f0a69bdff24} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{be40c362-3ddb-40c0-8c2a-267385081db3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{2F3F4ADB-1C1C-4D5E-9FBC-C3AA53596CCC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoScavenger_1e.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoScavenger_1e.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{94C801CD-46BF-4B4D-834B-8F0A69BDFF24} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{94C801CD-46BF-4B4D-834B-8F0A69BDFF24} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ad0c6fea-e1cd-454a-af7f-6c1d44a176c3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{748fa372-339e-4075-b913-86d0740a1de9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{2D8FDA07-6836-475F-8ABB-E6B26B63F864} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{9ca70986-06bc-49f5-9097-b17cf968af09} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{a4c7b974-dcbe-4fd1-9e37-997182655a35} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{612EB90E-13E5-42B5-8C0A-E30C055DEE21} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{10f92d9b-690c-423c-a118-9c75637207ac} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoScavenger_1e.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoScavenger_1e.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ef18fe12-f90d-4205-8a09-5426c14395eb} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{52695f97-1a52-40a0-afcd-99d149a1d0b8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{3ECAC16A-A8C3-48C8-85BE-C6002305780C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoScavenger_1e.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoScavenger_1e.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{dc27caca-cb20-4b93-b5d7-87224164438f} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{28eca842-8b53-456e-8ddc-772e86e9b396} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{8B03E21E-AE2A-4C72-A965-F4538BC7C680} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoScavenger_1e.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoScavenger_1e.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DC27CACA-CB20-4B93-B5D7-87224164438F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{F53C4FFC-1A47-4ECA-B372-014EC02F7301} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoScavenger_1e.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoScavenger_1e.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F53C4FFC-1A47-4ECA-B372-014EC02F7301} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{a45fb14e-bfa8-48a7-ada6-73e30f50f657} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{0574bcfe-3611-4ad5-9114-2218c8f1a423} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{0B5629F3-8E8C-4406-B1AB-25F86AFFB2D9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{fede4586-5ada-4476-9fe0-f01dcaf20a56} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoScavenger_1e.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoScavenger_1e.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{212f8bcf-00eb-4aa4-832e-b9389caa8b03} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{0cf8e2b6-ef06-4153-b56d-174d01508780} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{9C343FA3-1DDB-4209-9B39-5ACD2FA7A841} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoScavenger_1e.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoScavenger_1e.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{212F8BCF-00EB-4AA4-832E-B9389CAA8B03} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{807210b2-c03e-4203-a5e0-cb1b3496426b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{7e651229-9439-4ab7-be20-7041e6456335} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{DA84BB1A-5D7B-45CD-AE39-A82C382BFA73} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoScavenger_1e.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoScavenger_1e.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{149a544b-9203-49f5-b177-4f62b4b219b4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoScavenger_1e.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoScavenger_1e.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{35c636a4-4435-4723-b751-5b62d04ba15b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{9f5e1ec6-0c22-4932-b2c4-9c40116f41a4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{0AFB9872-419A-466E-A8DC-10504076DEB3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{311c61de-a01b-414e-a7c1-68eae31aae8a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{548e3328-d7ec-4fee-ad39-3b4ec4a54d7b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{33B63E5E-73E3-4ECC-859F-8A185B4DE045} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoScavenger_1e.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoScavenger_1e.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{311C61DE-A01B-414E-A7C1-68EAE31AAE8A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{23f4cec5-8255-4ea2-876f-f07b2f7cf395} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoScavenger_1e.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\VideoScavenger_1e.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 32
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eauxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebarsvc.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebrmon.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebrstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1edatact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1edlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1edyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1efeedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ehighin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ehkstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ehtml.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ehtmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ehttpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eidle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eimpipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1emedint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1emlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1emsg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ePlugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eradio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eregfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ereghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eregiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1escript.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eskin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eskplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eSrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1etpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1euabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\NP1eStub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
(end)
Thanks so much for your help and time.... I anxiously await your replay.
Glaswegian's Avatar
Glaswegian   (Iain) Glaswegian is offline Glaswegian is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 3,825 posts.
  
Join Date: Dec 2004
Location: Erm...Glasgow?
22-May-2012, 05:00 PM #10
Hi again

Looks like MBAM cleared out a pile of stuff - how is your system running now?
kittysfriend's Avatar
Member with 9 posts.
THREAD STARTER
  
Join Date: May 2012
23-May-2012, 08:50 AM #11
Well It's running better now but still freezes up but not as frecuently. is there anything else we can do to make it better??... oops! it just froze up. Thanks again for your time..!
kittysfriend's Avatar
Member with 9 posts.
THREAD STARTER
  
Join Date: May 2012
23-May-2012, 01:45 PM #12
Same pattern again. It was running better but again it is freezing up constantly. Do you think is something else besides malware? Hardware related?
Glaswegian's Avatar
Glaswegian   (Iain) Glaswegian is offline Glaswegian is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 3,825 posts.
  
Join Date: Dec 2004
Location: Erm...Glasgow?
23-May-2012, 04:47 PM #13
Hi again

That's a possibility - but we'll have a deeper look.

Please download TDSSKiller.zip and extract TDSSKiller.exe to your desktop.

Execute TDSSKiller.exe by doubleclicking on it. Press Start Scan.


  • If Malicious objects are found, ensure Cure is selected (it should be by default)



  • Click Continue then click Reboot now



  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

Please attach that log.
__________________
Member of ASAP Member of UNITE Want to learn how to fight malware?

Defender of the Haggis and all things Scottish.
kittysfriend's Avatar
Member with 9 posts.
THREAD STARTER
  
Join Date: May 2012
23-May-2012, 11:18 PM #14
This is the log :
18:40:36.0498 3724 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
18:40:37.0060 3724 ============================================================
18:40:37.0060 3724 Current date / time: 2012/05/23 18:40:37.0060
18:40:37.0060 3724 SystemInfo:
18:40:37.0060 3724
18:40:37.0060 3724 OS Version: 6.1.7601 ServicePack: 1.0
18:40:37.0060 3724 Product type: Workstation
18:40:37.0060 3724 ComputerName: MIKEFLAHERTY-HP
18:40:37.0060 3724 UserName: Mike Flaherty
18:40:37.0060 3724 Windows directory: C:\Windows
18:40:37.0060 3724 System windows directory: C:\Windows
18:40:37.0060 3724 Running under WOW64
18:40:37.0060 3724 Processor architecture: Intel x64
18:40:37.0060 3724 Number of processors: 2
18:40:37.0060 3724 Page size: 0x1000
18:40:37.0060 3724 Boot type: Normal boot
18:40:37.0060 3724 ============================================================
18:40:38.0402 3724 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:40:38.0417 3724 ============================================================
18:40:38.0417 3724 \Device\Harddisk0\DR0:
18:40:38.0433 3724 MBR partitions:
18:40:38.0433 3724 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:40:38.0433 3724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x388AF000
18:40:38.0433 3724 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x388E1800, BlocksNum 0x1AA4000
18:40:38.0433 3724 ============================================================
18:40:38.0448 3724 C: <-> \Device\Harddisk0\DR0\Partition1
18:40:38.0495 3724 D: <-> \Device\Harddisk0\DR0\Partition2
18:40:38.0573 3724 ============================================================
18:40:38.0573 3724 Initialize success
18:40:38.0573 3724 ============================================================
18:40:40.0929 4788 ============================================================
18:40:40.0929 4788 Scan started
18:40:40.0929 4788 Mode: Manual;
18:40:40.0929 4788 ============================================================
18:40:41.0615 4788 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:40:41.0631 4788 !SASCORE - ok
18:40:41.0802 4788 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:40:41.0802 4788 1394ohci - ok
18:40:41.0865 4788 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:40:41.0865 4788 ACPI - ok
18:40:41.0927 4788 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:40:41.0927 4788 AcpiPmi - ok
18:40:42.0083 4788 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:40:42.0083 4788 AdobeARMservice - ok
18:40:42.0224 4788 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:40:42.0224 4788 AdobeFlashPlayerUpdateSvc - ok
18:40:42.0302 4788 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:40:42.0317 4788 adp94xx - ok
18:40:42.0364 4788 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:40:42.0364 4788 adpahci - ok
18:40:42.0380 4788 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:40:42.0380 4788 adpu320 - ok
18:40:42.0458 4788 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:40:42.0458 4788 AeLookupSvc - ok
18:40:42.0504 4788 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:40:42.0504 4788 AFD - ok
18:40:42.0598 4788 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:40:42.0598 4788 agp440 - ok
18:40:42.0629 4788 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:40:42.0629 4788 ALG - ok
18:40:42.0707 4788 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:40:42.0707 4788 aliide - ok
18:40:42.0738 4788 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:40:42.0738 4788 amdide - ok
18:40:42.0801 4788 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:40:42.0801 4788 AmdK8 - ok
18:40:42.0832 4788 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:40:42.0832 4788 AmdPPM - ok
18:40:42.0910 4788 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:40:42.0910 4788 amdsata - ok
18:40:42.0957 4788 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:40:42.0957 4788 amdsbs - ok
18:40:42.0972 4788 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:40:42.0972 4788 amdxata - ok
18:40:43.0066 4788 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:40:43.0066 4788 AppID - ok
18:40:43.0113 4788 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:40:43.0113 4788 AppIDSvc - ok
18:40:43.0160 4788 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:40:43.0160 4788 Appinfo - ok
18:40:43.0284 4788 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:40:43.0300 4788 Apple Mobile Device - ok
18:40:43.0316 4788 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:40:43.0316 4788 arc - ok
18:40:43.0394 4788 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:40:43.0394 4788 arcsas - ok
18:40:43.0409 4788 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
18:40:43.0409 4788 aswFsBlk - ok
18:40:43.0440 4788 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
18:40:43.0440 4788 aswMonFlt - ok
18:40:43.0503 4788 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
18:40:43.0503 4788 aswRdr - ok
18:40:43.0565 4788 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
18:40:43.0581 4788 aswSnx - ok
18:40:43.0612 4788 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
18:40:43.0612 4788 aswSP - ok
18:40:43.0628 4788 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
18:40:43.0643 4788 aswTdi - ok
18:40:43.0643 4788 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:40:43.0643 4788 AsyncMac - ok
18:40:43.0721 4788 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:40:43.0721 4788 atapi - ok
18:40:43.0815 4788 athur (c24a645aedbdf5fa0a23f7581c6f9c63) C:\Windows\system32\DRIVERS\athurx.sys
18:40:43.0830 4788 athur - ok
18:40:44.0002 4788 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:40:44.0018 4788 AudioEndpointBuilder - ok
18:40:44.0018 4788 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:40:44.0033 4788 AudioSrv - ok
18:40:44.0111 4788 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:40:44.0111 4788 avast! Antivirus - ok
18:40:44.0158 4788 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:40:44.0158 4788 AxInstSV - ok
18:40:44.0236 4788 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:40:44.0267 4788 b06bdrv - ok
18:40:44.0314 4788 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:40:44.0314 4788 b57nd60a - ok
18:40:44.0330 4788 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:40:44.0330 4788 BDESVC - ok
18:40:44.0361 4788 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:40:44.0361 4788 Beep - ok
18:40:44.0501 4788 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:40:44.0517 4788 BFE - ok
18:40:44.0610 4788 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:40:44.0642 4788 BITS - ok
18:40:44.0688 4788 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:40:44.0688 4788 blbdrive - ok
18:40:44.0766 4788 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:40:44.0766 4788 bowser - ok
18:40:44.0766 4788 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:40:44.0766 4788 BrFiltLo - ok
18:40:44.0798 4788 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:40:44.0798 4788 BrFiltUp - ok
18:40:44.0844 4788 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:40:44.0844 4788 BridgeMP - ok
18:40:44.0891 4788 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:40:44.0891 4788 Browser - ok
18:40:44.0938 4788 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:40:44.0938 4788 Brserid - ok
18:40:44.0969 4788 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:40:44.0969 4788 BrSerWdm - ok
18:40:44.0969 4788 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:40:44.0969 4788 BrUsbMdm - ok
18:40:45.0000 4788 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:40:45.0000 4788 BrUsbSer - ok
18:40:45.0016 4788 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:40:45.0016 4788 BTHMODEM - ok
18:40:45.0094 4788 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:40:45.0094 4788 bthserv - ok
18:40:45.0125 4788 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:40:45.0125 4788 cdfs - ok
18:40:45.0437 4788 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:40:45.0484 4788 cdrom - ok
18:40:45.0562 4788 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:40:45.0562 4788 CertPropSvc - ok
18:40:45.0578 4788 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:40:45.0593 4788 circlass - ok
18:40:45.0609 4788 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:40:45.0609 4788 CLFS - ok
18:40:45.0687 4788 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:40:45.0687 4788 clr_optimization_v2.0.50727_32 - ok
18:40:45.0734 4788 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:40:45.0734 4788 clr_optimization_v2.0.50727_64 - ok
18:40:45.0843 4788 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:40:45.0874 4788 clr_optimization_v4.0.30319_32 - ok
18:40:45.0921 4788 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:40:45.0921 4788 clr_optimization_v4.0.30319_64 - ok
18:40:45.0999 4788 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:40:46.0014 4788 CmBatt - ok
18:40:46.0030 4788 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:40:46.0030 4788 cmdide - ok
18:40:46.0077 4788 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:40:46.0092 4788 CNG - ok
18:40:46.0124 4788 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:40:46.0124 4788 Compbatt - ok
18:40:46.0155 4788 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:40:46.0155 4788 CompositeBus - ok
18:40:46.0155 4788 COMSysApp - ok
18:40:46.0217 4788 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:40:46.0217 4788 crcdisk - ok
18:40:46.0264 4788 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:40:46.0264 4788 CryptSvc - ok
18:40:46.0389 4788 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:40:46.0389 4788 cvhsvc - ok
18:40:46.0467 4788 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:40:46.0482 4788 DcomLaunch - ok
18:40:46.0576 4788 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:40:46.0576 4788 defragsvc - ok
18:40:46.0638 4788 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:40:46.0654 4788 DfsC - ok
18:40:46.0701 4788 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:40:46.0716 4788 Dhcp - ok
18:40:46.0748 4788 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:40:46.0748 4788 discache - ok
18:40:46.0794 4788 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:40:46.0794 4788 Disk - ok
18:40:46.0857 4788 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:40:46.0857 4788 Dnscache - ok
18:40:47.0106 4788 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:40:47.0106 4788 dot3svc - ok
18:40:47.0138 4788 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:40:47.0153 4788 DPS - ok
18:40:47.0169 4788 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:40:47.0169 4788 drmkaud - ok
18:40:47.0262 4788 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:40:47.0278 4788 DXGKrnl - ok
18:40:47.0340 4788 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:40:47.0356 4788 EapHost - ok
18:40:47.0481 4788 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:40:47.0512 4788 ebdrv - ok
18:40:47.0699 4788 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:40:47.0699 4788 EFS - ok
18:40:47.0840 4788 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:40:47.0840 4788 ehRecvr - ok
18:40:47.0902 4788 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:40:47.0902 4788 ehSched - ok
18:40:47.0980 4788 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:40:47.0996 4788 elxstor - ok
18:40:48.0011 4788 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:40:48.0011 4788 ErrDev - ok
18:40:48.0089 4788 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:40:48.0105 4788 EventSystem - ok
18:40:48.0136 4788 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:40:48.0136 4788 exfat - ok
18:40:48.0167 4788 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:40:48.0167 4788 fastfat - ok
18:40:48.0276 4788 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:40:48.0276 4788 Fax - ok
18:40:48.0308 4788 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:40:48.0308 4788 fdc - ok
18:40:48.0339 4788 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:40:48.0339 4788 fdPHost - ok
18:40:48.0370 4788 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:40:48.0370 4788 FDResPub - ok
18:40:48.0432 4788 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:40:48.0432 4788 FileInfo - ok
18:40:48.0464 4788 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:40:48.0464 4788 Filetrace - ok
18:40:48.0479 4788 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:40:48.0479 4788 flpydisk - ok
18:40:48.0557 4788 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:40:48.0557 4788 FltMgr - ok
18:40:48.0978 4788 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:40:48.0994 4788 FontCache - ok
18:40:49.0134 4788 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:40:49.0134 4788 FontCache3.0.0.0 - ok
18:40:49.0275 4788 ForceWare Intelligent Application Manager (IAM) (b60df5324d7ea0c8017f4c5331962d59) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
18:40:49.0275 4788 ForceWare Intelligent Application Manager (IAM) - ok
18:40:49.0384 4788 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:40:49.0384 4788 FsDepends - ok
18:40:49.0415 4788 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:40:49.0415 4788 Fs_Rec - ok
18:40:49.0478 4788 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:40:49.0478 4788 fvevol - ok
18:40:49.0509 4788 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:40:49.0509 4788 gagp30kx - ok
18:40:49.0649 4788 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:40:49.0680 4788 gpsvc - ok
18:40:49.0883 4788 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:40:49.0883 4788 gupdate - ok
18:40:49.0899 4788 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:40:49.0899 4788 gupdatem - ok
18:40:49.0930 4788 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:40:49.0930 4788 hcw85cir - ok
18:40:49.0961 4788 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:40:49.0977 4788 HdAudAddService - ok
18:40:50.0008 4788 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:40:50.0024 4788 HDAudBus - ok
18:40:50.0070 4788 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:40:50.0070 4788 HidBatt - ok
18:40:50.0086 4788 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:40:50.0086 4788 HidBth - ok
18:40:50.0117 4788 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:40:50.0117 4788 HidIr - ok
18:40:50.0148 4788 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:40:50.0164 4788 hidserv - ok
18:40:50.0258 4788 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:40:50.0258 4788 HidUsb - ok
18:40:50.0289 4788 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:40:50.0289 4788 hkmsvc - ok
18:40:50.0367 4788 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:40:50.0367 4788 HomeGroupListener - ok
18:40:50.0398 4788 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:40:50.0414 4788 HomeGroupProvider - ok
18:40:50.0585 4788 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
18:40:50.0585 4788 HP Support Assistant Service - ok
18:40:50.0710 4788 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
18:40:50.0710 4788 HPClientSvc - ok
18:40:50.0788 4788 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
18:40:50.0788 4788 HPDrvMntSvc.exe - ok
18:40:50.0866 4788 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
18:40:50.0882 4788 hpqwmiex - ok
18:40:51.0069 4788 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:40:51.0069 4788 HpSAMD - ok
18:40:51.0162 4788 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:40:51.0162 4788 HTTP - ok
18:40:51.0194 4788 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:40:51.0194 4788 hwpolicy - ok
18:40:51.0287 4788 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:40:51.0287 4788 i8042prt - ok
18:40:51.0318 4788 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:40:51.0334 4788 iaStorV - ok
18:40:51.0506 4788 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:40:51.0521 4788 idsvc - ok
18:40:51.0537 4788 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:40:51.0537 4788 iirsp - ok
18:40:51.0599 4788 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:40:51.0599 4788 IKEEXT - ok
18:40:51.0708 4788 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
18:40:51.0740 4788 IntcAzAudAddService - ok
18:40:51.0864 4788 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:40:51.0864 4788 intelide - ok
18:40:51.0896 4788 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:40:51.0896 4788 intelppm - ok
18:40:51.0942 4788 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:40:51.0942 4788 IPBusEnum - ok
18:40:51.0974 4788 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:40:51.0974 4788 IpFilterDriver - ok
18:40:52.0036 4788 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:40:52.0052 4788 iphlpsvc - ok
18:40:52.0067 4788 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:40:52.0067 4788 IPMIDRV - ok
18:40:52.0083 4788 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:40:52.0114 4788 IPNAT - ok
18:40:52.0145 4788 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:40:52.0145 4788 IRENUM - ok
18:40:52.0176 4788 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:40:52.0176 4788 isapnp - ok
18:40:52.0208 4788 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:40:52.0208 4788 iScsiPrt - ok
18:40:52.0332 4788 jswpsapi (cf9ba304b8047b9582d72d9bfef42eae) C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
18:40:52.0348 4788 jswpsapi - ok
18:40:52.0379 4788 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
18:40:52.0379 4788 JSWPSLWF - ok
18:40:52.0395 4788 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:40:52.0395 4788 kbdclass - ok
18:40:52.0426 4788 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:40:52.0442 4788 kbdhid - ok
18:40:52.0520 4788 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:40:52.0520 4788 KeyIso - ok
18:40:52.0535 4788 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:40:52.0535 4788 KSecDD - ok
18:40:52.0551 4788 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:40:52.0551 4788 KSecPkg - ok
18:40:52.0598 4788 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:40:52.0598 4788 ksthunk - ok
18:40:52.0660 4788 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:40:52.0676 4788 KtmRm - ok
18:40:52.0800 4788 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:40:52.0800 4788 LanmanServer - ok
18:40:52.0863 4788 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:40:52.0878 4788 LanmanWorkstation - ok
18:40:52.0988 4788 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:40:52.0988 4788 LightScribeService - ok
18:40:53.0019 4788 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:40:53.0019 4788 lltdio - ok
18:40:53.0050 4788 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:40:53.0066 4788 lltdsvc - ok
18:40:53.0081 4788 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:40:53.0081 4788 lmhosts - ok
18:40:53.0112 4788 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:40:53.0112 4788 LSI_FC - ok
18:40:53.0128 4788 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:40:53.0128 4788 LSI_SAS - ok
18:40:53.0144 4788 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:40:53.0144 4788 LSI_SAS2 - ok
18:40:53.0159 4788 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:40:53.0159 4788 LSI_SCSI - ok
18:40:53.0222 4788 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:40:53.0222 4788 luafv - ok
18:40:53.0284 4788 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
18:40:53.0284 4788 MBAMProtector - ok
18:40:53.0409 4788 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:40:53.0409 4788 MBAMService - ok
18:40:53.0440 4788 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:40:53.0440 4788 Mcx2Svc - ok
18:40:53.0471 4788 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:40:53.0471 4788 megasas - ok
18:40:53.0502 4788 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:40:53.0518 4788 MegaSR - ok
18:40:53.0565 4788 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:40:53.0565 4788 MMCSS - ok
18:40:53.0596 4788 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:40:53.0596 4788 Modem - ok
18:40:53.0658 4788 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:40:53.0658 4788 monitor - ok
18:40:53.0690 4788 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:40:53.0690 4788 mouclass - ok
18:40:53.0768 4788 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:40:53.0768 4788 mouhid - ok
18:40:53.0799 4788 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:40:53.0799 4788 mountmgr - ok
18:40:53.0861 4788 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:40:53.0861 4788 mpio - ok
18:40:53.0877 4788 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:40:53.0877 4788 mpsdrv - ok
18:40:53.0955 4788 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:40:53.0955 4788 MpsSvc - ok
18:40:53.0986 4788 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:40:54.0002 4788 MRxDAV - ok
18:40:54.0033 4788 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:40:54.0033 4788 mrxsmb - ok
18:40:54.0064 4788 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:40:54.0064 4788 mrxsmb10 - ok
18:40:54.0080 4788 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:40:54.0095 4788 mrxsmb20 - ok
18:40:54.0126 4788 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:40:54.0126 4788 msahci - ok
18:40:54.0173 4788 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:40:54.0173 4788 msdsm - ok
18:40:54.0204 4788 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:40:54.0220 4788 MSDTC - ok
18:40:54.0267 4788 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:40:54.0267 4788 Msfs - ok
18:40:54.0282 4788 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:40:54.0282 4788 mshidkmdf - ok
18:40:54.0314 4788 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:40:54.0329 4788 msisadrv - ok
18:40:54.0376 4788 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:40:54.0376 4788 MSiSCSI - ok
18:40:54.0392 4788 msiserver - ok
18:40:54.0423 4788 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:40:54.0423 4788 MSKSSRV - ok
18:40:54.0423 4788 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:40:54.0438 4788 MSPCLOCK - ok
18:40:54.0438 4788 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:40:54.0438 4788 MSPQM - ok
18:40:54.0579 4788 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:40:54.0594 4788 MsRPC - ok
18:40:54.0610 4788 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:40:54.0641 4788 mssmbios - ok
18:40:54.0657 4788 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:40:54.0657 4788 MSTEE - ok
18:40:54.0657 4788 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:40:54.0672 4788 MTConfig - ok
18:40:54.0688 4788 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:40:54.0688 4788 Mup - ok
18:40:54.0750 4788 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:40:54.0750 4788 napagent - ok
18:40:54.0797 4788 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:40:54.0813 4788 NativeWifiP - ok
18:40:54.0891 4788 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:40:54.0906 4788 NDIS - ok
18:40:54.0922 4788 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:40:54.0922 4788 NdisCap - ok
18:40:55.0000 4788 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:40:55.0000 4788 NdisTapi - ok
18:40:55.0047 4788 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:40:55.0047 4788 Ndisuio - ok
18:40:55.0109 4788 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:40:55.0109 4788 NdisWan - ok
18:40:55.0125 4788 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:40:55.0125 4788 NDProxy - ok
18:40:55.0140 4788 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:40:55.0140 4788 NetBIOS - ok
18:40:55.0234 4788 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:40:55.0234 4788 NetBT - ok
18:40:55.0250 4788 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:40:55.0250 4788 Netlogon - ok
18:40:55.0343 4788 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:40:55.0343 4788 Netman - ok
18:40:55.0421 4788 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:40:55.0437 4788 netprofm - ok
18:40:55.0562 4788 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:40:55.0562 4788 NetTcpPortSharing - ok
18:40:55.0577 4788 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:40:55.0577 4788 nfrd960 - ok
18:40:55.0640 4788 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:40:55.0655 4788 NlaSvc - ok
18:40:55.0655 4788 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:40:55.0655 4788 Npfs - ok
18:40:55.0702 4788 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:40:55.0702 4788 nsi - ok
18:40:55.0718 4788 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:40:55.0718 4788 nsiproxy - ok
18:40:55.0827 4788 nSvcIp (6324eef641c2b6d1b7ec423850b10f82) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
18:40:55.0827 4788 nSvcIp - ok
18:40:55.0936 4788 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:40:55.0952 4788 Ntfs - ok
18:40:56.0092 4788 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:40:56.0092 4788 Null - ok
18:40:56.0669 4788 nvlddmkm (c967514483fa30a0a352e70bb6414d1d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:40:56.0872 4788 nvlddmkm - ok
18:40:57.0075 4788 NVNET (bd25e03ead63ac3365f25175b4dbd56a) C:\Windows\system32\DRIVERS\nvmf6264.sys
18:40:57.0075 4788 NVNET - ok
18:40:57.0106 4788 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:40:57.0153 4788 nvraid - ok
18:40:57.0200 4788 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:40:57.0200 4788 nvstor - ok
18:40:57.0231 4788 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
18:40:57.0231 4788 nvstor64 - ok
18:40:57.0278 4788 nvsvc (e26706a65d97ef9188b1d7bfa23c96c2) C:\Windows\system32\nvvsvc.exe
18:40:57.0293 4788 nvsvc - ok
18:40:57.0309 4788 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:40:57.0309 4788 nv_agp - ok
18:40:57.0340 4788 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:40:57.0340 4788 ohci1394 - ok
18:40:57.0434 4788 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:40:57.0434 4788 ose - ok
18:40:57.0699 4788 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:40:57.0746 4788 osppsvc - ok
18:40:57.0902 4788 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:40:57.0902 4788 p2pimsvc - ok
18:40:57.0980 4788 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:40:57.0995 4788 p2psvc - ok
18:40:58.0058 4788 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:40:58.0058 4788 Parport - ok
18:40:58.0136 4788 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:40:58.0151 4788 partmgr - ok
18:40:58.0167 4788 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:40:58.0167 4788 PcaSvc - ok
18:40:58.0245 4788 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:40:58.0245 4788 pci - ok
18:40:58.0260 4788 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:40:58.0260 4788 pciide - ok
18:40:58.0323 4788 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:40:58.0323 4788 pcmcia - ok
18:40:58.0338 4788 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:40:58.0338 4788 pcw - ok
18:40:58.0463 4788 pdfcDispatcher - ok
18:40:58.0510 4788 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:40:58.0526 4788 PEAUTH - ok
18:40:58.0635 4788 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:40:58.0635 4788 PerfHost - ok
18:40:58.0728 4788 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:40:58.0744 4788 pla - ok
18:40:58.0822 4788 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:40:58.0822 4788 PlugPlay - ok
18:40:58.0869 4788 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:40:58.0869 4788 PNRPAutoReg - ok
18:40:58.0900 4788 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:40:58.0900 4788 PNRPsvc - ok
18:40:59.0025 4788 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:40:59.0040 4788 PolicyAgent - ok
18:40:59.0072 4788 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:40:59.0072 4788 Power - ok
18:40:59.0134 4788 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:40:59.0150 4788 PptpMiniport - ok
18:40:59.0165 4788 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:40:59.0196 4788 Processor - ok
18:40:59.0243 4788 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:40:59.0243 4788 ProfSvc - ok
18:40:59.0306 4788 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:40:59.0306 4788 ProtectedStorage - ok
18:40:59.0352 4788 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:40:59.0352 4788 Psched - ok
18:40:59.0446 4788 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:40:59.0462 4788 ql2300 - ok
18:40:59.0555 4788 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:40:59.0555 4788 ql40xx - ok
18:40:59.0586 4788 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:40:59.0586 4788 QWAVE - ok
18:40:59.0602 4788 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:40:59.0602 4788 QWAVEdrv - ok
18:40:59.0618 4788 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:40:59.0618 4788 RasAcd - ok
18:40:59.0649 4788 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:40:59.0664 4788 RasAgileVpn - ok
18:40:59.0664 4788 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:40:59.0664 4788 RasAuto - ok
18:40:59.0711 4788 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:40:59.0711 4788 Rasl2tp - ok
18:40:59.0774 4788 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:40:59.0774 4788 RasMan - ok
18:40:59.0820 4788 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:40:59.0820 4788 RasPppoe - ok
18:40:59.0836 4788 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:40:59.0836 4788 RasSstp - ok
18:40:59.0898 4788 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:40:59.0898 4788 rdbss - ok
18:40:59.0945 4788 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:40:59.0945 4788 rdpbus - ok
18:40:59.0961 4788 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:40:59.0961 4788 RDPCDD - ok
18:40:59.0992 4788 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:40:59.0992 4788 RDPENCDD - ok
18:40:59.0992 4788 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:40:59.0992 4788 RDPREFMP - ok
18:41:00.0023 4788 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:41:00.0023 4788 RDPWD - ok
18:41:00.0086 4788 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:41:00.0086 4788 rdyboost - ok
18:41:00.0117 4788 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:41:00.0132 4788 RemoteAccess - ok
18:41:00.0164 4788 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:41:00.0164 4788 RemoteRegistry - ok
18:41:00.0226 4788 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
18:41:00.0226 4788 Revoflt - ok
18:41:00.0335 4788 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
18:41:00.0335 4788 RoxioNow Service - ok
18:41:00.0366 4788 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:41:00.0366 4788 RpcEptMapper - ok
18:41:00.0398 4788 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:41:00.0398 4788 RpcLocator - ok
18:41:00.0460 4788 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:41:00.0460 4788 RpcSs - ok
18:41:00.0522 4788 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:41:00.0522 4788 rspndr - ok
18:41:00.0554 4788 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:41:00.0554 4788 SamSs - ok
18:41:00.0632 4788 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:41:00.0632 4788 SASDIFSV - ok
18:41:00.0663 4788 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:41:00.0663 4788 SASKUTIL - ok
18:41:00.0694 4788 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:41:00.0710 4788 sbp2port - ok
18:41:00.0803 4788 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
18:41:00.0803 4788 SBSDWSCService - ok
18:41:00.0850 4788 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:41:00.0866 4788 SCardSvr - ok
18:41:00.0928 4788 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:41:00.0944 4788 scfilter - ok
18:41:01.0006 4788 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:41:01.0022 4788 Schedule - ok
18:41:01.0053 4788 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
18:41:01.0053 4788 SCMNdisP - ok
18:41:01.0084 4788 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:41:01.0100 4788 SCPolicySvc - ok
18:41:01.0131 4788 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:41:01.0131 4788 SDRSVC - ok
18:41:01.0178 4788 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:41:01.0178 4788 secdrv - ok
18:41:01.0209 4788 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:41:01.0209 4788 seclogon - ok
18:41:01.0240 4788 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:41:01.0240 4788 SENS - ok
18:41:01.0271 4788 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:41:01.0287 4788 SensrSvc - ok
18:41:01.0302 4788 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:41:01.0318 4788 Serenum - ok
18:41:01.0334 4788 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:41:01.0334 4788 Serial - ok
18:41:01.0365 4788 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:41:01.0365 4788 sermouse - ok
18:41:01.0412 4788 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:41:01.0412 4788 SessionEnv - ok
18:41:01.0427 4788 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:41:01.0427 4788 sffdisk - ok
18:41:01.0443 4788 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:41:01.0443 4788 sffp_mmc - ok
18:41:01.0474 4788 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:41:01.0474 4788 sffp_sd - ok
18:41:01.0490 4788 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:41:01.0490 4788 sfloppy - ok
18:41:01.0552 4788 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
18:41:01.0552 4788 Sftfs - ok
18:41:01.0630 4788 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:41:01.0646 4788 sftlist - ok
18:41:01.0677 4788 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:41:01.0677 4788 Sftplay - ok
18:41:01.0724 4788 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:41:01.0724 4788 Sftredir - ok
18:41:01.0739 4788 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
18:41:01.0739 4788 Sftvol - ok
18:41:01.0770 4788 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:41:01.0770 4788 sftvsa - ok
18:41:01.0817 4788 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:41:01.0817 4788 SharedAccess - ok
18:41:01.0864 4788 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:41:01.0880 4788 ShellHWDetection - ok
18:41:01.0911 4788 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:41:01.0911 4788 SiSRaid2 - ok
18:41:01.0926 4788 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:41:01.0926 4788 SiSRaid4 - ok
18:41:01.0942 4788 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:41:01.0942 4788 Smb - ok
18:41:02.0020 4788 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:41:02.0020 4788 SNMPTRAP - ok
18:41:02.0036 4788 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:41:02.0036 4788 spldr - ok
18:41:02.0067 4788 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:41:02.0082 4788 Spooler - ok
18:41:02.0207 4788 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:41:02.0238 4788 sppsvc - ok
18:41:02.0316 4788 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:41:02.0316 4788 sppuinotify - ok
18:41:02.0379 4788 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:41:02.0379 4788 srv - ok
18:41:02.0426 4788 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:41:02.0426 4788 srv2 - ok
18:41:02.0441 4788 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:41:02.0457 4788 srvnet - ok
18:41:02.0504 4788 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:41:02.0519 4788 SSDPSRV - ok
18:41:02.0550 4788 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:41:02.0550 4788 SstpSvc - ok
18:41:02.0566 4788 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:41:02.0566 4788 stexstor - ok
18:41:02.0613 4788 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
18:41:02.0613 4788 StillCam - ok
18:41:02.0660 4788 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:41:02.0675 4788 stisvc - ok
18:41:02.0722 4788 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:41:02.0722 4788 swenum - ok
18:41:02.0753 4788 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:41:02.0769 4788 swprv - ok
18:41:02.0878 4788 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:41:02.0894 4788 SysMain - ok
18:41:02.0987 4788 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:41:02.0987 4788 TabletInputService - ok
18:41:03.0034 4788 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:41:03.0034 4788 TapiSrv - ok
18:41:03.0065 4788 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:41:03.0065 4788 TBS - ok
18:41:03.0221 4788 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:41:03.0252 4788 Tcpip - ok
18:41:03.0377 4788 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:41:03.0393 4788 TCPIP6 - ok
18:41:03.0455 4788 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:41:03.0455 4788 tcpipreg - ok
18:41:03.0486 4788 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:41:03.0486 4788 TDPIPE - ok
18:41:03.0518 4788 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:41:03.0518 4788 TDTCP - ok
18:41:03.0564 4788 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:41:03.0564 4788 tdx - ok
18:41:03.0596 4788 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:41:03.0596 4788 TermDD - ok
18:41:03.0642 4788 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:41:03.0658 4788 TermService - ok
18:41:03.0674 4788 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:41:03.0674 4788 Themes - ok
18:41:03.0689 4788 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:41:03.0689 4788 THREADORDER - ok
18:41:03.0720 4788 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:41:03.0720 4788 TrkWks - ok
18:41:03.0814 4788 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:41:03.0814 4788 TrustedInstaller - ok
18:41:03.0845 4788 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:41:03.0845 4788 tssecsrv - ok
18:41:03.0892 4788 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:41:03.0892 4788 TsUsbFlt - ok
18:41:03.0954 4788 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:41:03.0954 4788 tunnel - ok
18:41:03.0986 4788 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:41:03.0986 4788 uagp35 - ok
18:41:04.0048 4788 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:41:04.0048 4788 udfs - ok
18:41:04.0079 4788 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:41:04.0095 4788 UI0Detect - ok
18:41:04.0126 4788 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:41:04.0126 4788 uliagpkx - ok
18:41:04.0157 4788 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:41:04.0157 4788 umbus - ok
18:41:04.0188 4788 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:41:04.0188 4788 UmPass - ok
18:41:04.0220 4788 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:41:04.0235 4788 upnphost - ok
18:41:04.0251 4788 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
18:41:04.0251 4788 USBAAPL64 - ok
18:41:04.0282 4788 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:41:04.0282 4788 usbccgp - ok
18:41:04.0313 4788 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:41:04.0313 4788 usbcir - ok
18:41:04.0360 4788 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:41:04.0360 4788 usbehci - ok
18:41:04.0407 4788 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:41:04.0407 4788 usbhub - ok
18:41:04.0438 4788 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:41:04.0438 4788 usbohci - ok
18:41:04.0469 4788 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:41:04.0469 4788 usbprint - ok
18:41:04.0500 4788 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:41:04.0500 4788 usbscan - ok
18:41:04.0547 4788 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:41:04.0547 4788 USBSTOR - ok
18:41:04.0547 4788 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:41:04.0563 4788 usbuhci - ok
18:41:04.0594 4788 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:41:04.0594 4788 UxSms - ok
18:41:04.0610 4788 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:41:04.0610 4788 VaultSvc - ok
18:41:04.0641 4788 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:41:04.0641 4788 vdrvroot - ok
18:41:04.0703 4788 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:41:04.0719 4788 vds - ok
18:41:04.0734 4788 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:41:04.0734 4788 vga - ok
18:41:04.0750 4788 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:41:04.0766 4788 VgaSave - ok
18:41:04.0797 4788 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:41:04.0797 4788 vhdmp - ok
18:41:04.0812 4788 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:41:04.0812 4788 viaide - ok
18:41:04.0859 4788 VideoScavenger_1eService - ok
18:41:04.0890 4788 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:41:04.0890 4788 volmgr - ok
18:41:04.0937 4788 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:41:04.0953 4788 volmgrx - ok
18:41:05.0000 4788 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:41:05.0000 4788 volsnap - ok
18:41:05.0046 4788 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:41:05.0046 4788 vsmraid - ok
18:41:05.0124 4788 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:41:05.0156 4788 VSS - ok
18:41:05.0234 4788 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:41:05.0234 4788 vwifibus - ok
18:41:05.0265 4788 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:41:05.0265 4788 vwififlt - ok
18:41:05.0327 4788 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:41:05.0327 4788 W32Time - ok
18:41:05.0343 4788 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:41:05.0343 4788 WacomPen - ok
18:41:05.0436 4788 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:41:05.0436 4788 WANARP - ok
18:41:05.0436 4788 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:41:05.0436 4788 Wanarpv6 - ok
18:41:05.0530 4788 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:41:05.0546 4788 WatAdminSvc - ok
18:41:05.0639 4788 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:41:05.0670 4788 wbengine - ok
18:41:05.0733 4788 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:41:05.0748 4788 WbioSrvc - ok
18:41:05.0795 4788 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:41:05.0795 4788 wcncsvc - ok
18:41:05.0826 4788 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:41:05.0826 4788 WcsPlugInService - ok
18:41:05.0873 4788 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:41:05.0873 4788 Wd - ok
18:41:05.0936 4788 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:41:05.0936 4788 Wdf01000 - ok
18:41:05.0967 4788 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:41:05.0967 4788 WdiServiceHost - ok
18:41:05.0967 4788 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:41:05.0982 4788 WdiSystemHost - ok
18:41:06.0029 4788 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:41:06.0029 4788 WebClient - ok
18:41:06.0060 4788 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:41:06.0076 4788 Wecsvc - ok
18:41:06.0076 4788 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:41:06.0092 4788 wercplsupport - ok
18:41:06.0123 4788 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:41:06.0123 4788 WerSvc - ok
18:41:06.0201 4788 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:41:06.0201 4788 WfpLwf - ok
18:41:06.0216 4788 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:41:06.0216 4788 WIMMount - ok
18:41:06.0248 4788 WinDefend - ok
18:41:06.0263 4788 WinHttpAutoProxySvc - ok
18:41:06.0310 4788 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:41:06.0310 4788 Winmgmt - ok
18:41:06.0404 4788 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:41:06.0419 4788 WinRM - ok
18:41:06.0528 4788 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:41:06.0528 4788 WinUsb - ok
18:41:06.0575 4788 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:41:06.0591 4788 Wlansvc - ok
18:41:06.0622 4788 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:41:06.0622 4788 WmiAcpi - ok
18:41:06.0669 4788 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:41:06.0669 4788 wmiApSrv - ok
18:41:06.0762 4788 WMPNetworkSvc - ok
18:41:06.0778 4788 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:41:06.0778 4788 WPCSvc - ok
18:41:06.0825 4788 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:41:06.0825 4788 WPDBusEnum - ok
18:41:06.0856 4788 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:41:06.0856 4788 ws2ifsl - ok
18:41:06.0887 4788 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:41:06.0903 4788 wscsvc - ok
18:41:06.0903 4788 WSearch - ok
18:41:06.0965 4788 WSWNA1100 (35a20217c4d06d1d36a3addfd8ce58c2) C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
18:41:06.0965 4788 WSWNA1100 - ok
18:41:07.0074 4788 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:41:07.0106 4788 wuauserv - ok
18:41:07.0215 4788 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:41:07.0215 4788 WudfPf - ok
18:41:07.0262 4788 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:41:07.0262 4788 WUDFRd - ok
18:41:07.0293 4788 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:41:07.0293 4788 wudfsvc - ok
18:41:07.0324 4788 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:41:07.0340 4788 WwanSvc - ok
18:41:07.0355 4788 MBR (0x1B8) (1f691ff5b785d6413bc581cc9565f0d8) \Device\Harddisk0\DR0
18:41:07.0464 4788 \Device\Harddisk0\DR0 - ok
18:41:07.0464 4788 Boot (0x1200) (b84a99d1ff63b7156108962c9bedcba0) \Device\Harddisk0\DR0\Partition0
18:41:07.0480 4788 \Device\Harddisk0\DR0\Partition0 - ok
18:41:07.0480 4788 Boot (0x1200) (b549abfba84e1b05c3cc1f20db6083ad) \Device\Harddisk0\DR0\Partition1
18:41:07.0496 4788 \Device\Harddisk0\DR0\Partition1 - ok
18:41:07.0527 4788 Boot (0x1200) (424a8c952a050cd96b8c9574f245f654) \Device\Harddisk0\DR0\Partition2
18:41:07.0542 4788 \Device\Harddisk0\DR0\Partition2 - ok
18:41:07.0542 4788 ============================================================
18:41:07.0542 4788 Scan finished
18:41:07.0542 4788 ============================================================
18:41:07.0574 3788 Detected object count: 0
18:41:07.0574 3788 Actual detected object count: 0
18:50:06.0587 4932 Deinitialize success
Glaswegian's Avatar
Glaswegian   (Iain) Glaswegian is offline Glaswegian is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 3,825 posts.
  
Join Date: Dec 2004
Location: Erm...Glasgow?
24-May-2012, 05:06 PM #15
Hi again

Nothing there.


Download Yorkyt.exe and save to your Desktop.



Double click the Yorkyt.exe to run it, Vista or Windows 7 user right click and "Run as Administrator"





Select Yes to restart at the prompt.





Let it restart again when prompted.





Be patient as the tool is working after the 2nd reboot.





When you see the above, test to see if browser redirects are present or not.

Attach the Yorkyt.exe.log to your next message (it should be on your desktop)
__________________
Member of ASAP Member of UNITE Want to learn how to fight malware?

Defender of the Haggis and all things Scottish.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 2 1 2
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 10:10 AM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑