1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows 7 problem

Discussion in 'Virus & Other Malware Removal' started by kittysfriend, May 2, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. kittysfriend

    kittysfriend Thread Starter

    Joined:
    May 2, 2012
    Messages:
    9
    Hello everyone! I'm new here and Im not an expert so please bear with me:eek:. When I start up my computer runs it good but after 10 o 15 min starts to run very slow., freezes up , works again for a little while, freez,es up again ,very hard to do anything in it. I ran my antivirus (avast), Spybot, Fix It, got rid of programs that I wasn't using, etc. y still have this issue. Can somebody please help me?:( I will appreciate it. Windows 7 Home Premium Service Pack 1 , AMD Atthlom (tm) II x2 240 processor 2.8 GHz. 3.00 GB. It took me about 20 min to write this because freezes up constantly. Thank You.:)
     
  2. kittysfriend

    kittysfriend Thread Starter

    Joined:
    May 2, 2012
    Messages:
    9
    I'm thinking that some kind of wirus or malware is infecting my computer. It still freezes up then runs ok but after few minutes slows down and freezes up agan etc. I ran my antivirus AVAST, Spybot, SuperAntispyware, Malwarebytes but still no real imprivement. Any help to solve this issue would be very much appreciated.. Thanks.
     
  3. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
  4. kittysfriend

    kittysfriend Thread Starter

    Joined:
    May 2, 2012
    Messages:
    9
    Hello, my computer is freezing up a lot . When i first turn it up runs ok but after 10 or 15 min starts to run slow and constantly freezes up, web pages no responding etc.. I ran my AV(Avast), SUPERAntispyware, CCleaner, Revo Uninstaller, I even sort to dusted it removing the side panel but still no improvement. I surely hope you can help me to fix it. Sorry it took me a little while to have the logs ready but here they are:
    Hijackthis:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:41:36 PM, on 5/17/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Mike Flaherty\Downloads\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: NETGEAR WNA1100 Smart Wizard.lnk = ?
    O8 - Extra context menu item: Free YouTube Download - C:\Users\Mike Flaherty\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://www.pandora.com
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: VideoScavengerService (VideoScavenger_1eService) - Unknown owner - C:\PROGRA~2\VIDEOS~2\bar\1.bin\1ebarsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
    --
    End of file - 8602 bytes
    DDS:
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
    Run by Mike Flaherty at 19:48:56 on 2012-05-17
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1208 [GMT -5:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
    C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Free YouTube Download - C:\Users\Mike Flaherty\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    Trusted Zone: eset.eu
    Trusted Zone: pandora.com\www
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{896487C6-66F0-4A66-88D6-8886E11C62A7} : DhcpNameServer = 192.168.1.1
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-5 44768]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-28 1119768]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-5-2 1153368]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 WSWNA1100;WSWNA1100;C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2011-11-10 266240]
    R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-19 136176]
    S2 VideoScavenger_1eService;VideoScavengerService;C:\PROGRA~2\VIDEOS~2\bar\1.bin\1ebarsvc.exe --> C:\PROGRA~2\VIDEOS~2\bar\1.bin\1ebarsvc.exe [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-1 253088]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-19 136176]
    S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2011-11-10 960992]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
    S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
    .
    =============== Created Last 30 ================
    .
    2012-05-16 15:27:05 -------- d-----w- C:\Users\Mike Flaherty\AppData\Roaming\WinPatrol
    2012-05-16 15:25:59 -------- d-----w- C:\Program Files (x86)\BillP Studios
    2012-05-15 12:44:02 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B7062DD4-9765-4457-9C4F-7781C0D5FD82}\mpengine.dll
    2012-05-14 06:37:56 0 ----a-w- C:\Windows\SysWow64\sho9EFD.tmp
    2012-05-14 02:37:02 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2012-05-13 20:30:13 -------- d-----w- C:\Program Files\CCleaner
    2012-05-13 20:02:49 -------- d-----w- C:\Program Files (x86)\Oracle
    2012-05-13 20:02:16 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-05-13 16:42:55 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\VS Revo Group
    2012-05-13 16:42:31 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
    2012-05-13 16:42:25 -------- d-----w- C:\Program Files\VS Revo Group
    2012-05-13 16:40:20 -------- d-----w- C:\Program Files (x86)\VS Revo Group
    2012-05-10 21:28:46 1544704 ----a-w- C:\Windows\System32\DWrite.dll
    2012-05-10 21:28:45 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-05-10 21:28:42 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-10 21:28:41 3146240 ----a-w- C:\Windows\System32\win32k.sys
    2012-05-10 21:28:40 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-10 21:28:39 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-10 21:24:17 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
    2012-05-10 21:22:20 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-05-10 21:22:14 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2012-05-10 21:22:13 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-10 21:22:12 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-10 21:22:11 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    2012-05-10 21:22:11 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2012-05-10 02:21:16 -------- d-----w- C:\$RECYCLE.BIN
    2012-05-03 17:10:58 -------- d-----w- C:\Users\Mike Flaherty\AppData\Roaming\SUPERAntiSpyware.com
    2012-05-03 17:08:17 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-05-03 17:08:17 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-05-02 19:01:02 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-05-02 19:01:02 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-05-02 18:52:03 -------- d-----w- C:\ProgramData\Tarma Installer
    2012-05-02 17:46:06 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
    2012-05-02 17:46:03 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
    2012-05-02 03:52:56 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{19E45BDF-2B34-4D0A-9C55-BDD2099A94B9}
    2012-05-01 21:58:17 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-04-30 18:26:28 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{B0DBDC34-8F96-45EE-ABFA-30640198EBA7}
    2012-04-30 18:26:14 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{26A04E8F-696D-4397-A436-77A2B891AD27}
    2012-04-29 23:20:11 -------- d-----w- C:\Program Files (x86)\1ClickDownload
    2012-04-29 17:03:36 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{843877A5-1C1A-4ED2-899C-0656CE4FFA04}
    2012-04-29 17:03:24 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{BD0779B7-53C9-45D7-A5B4-A3F0F835865A}
    2012-04-26 12:13:29 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{E91D1899-415B-4096-AB2A-25887FC0D2D2}
    2012-04-26 12:13:11 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{E7C55B2E-A894-4AB9-AD29-A622FF5ADAD1}
    2012-04-25 12:06:46 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{6D6C7581-77D8-4B59-A96A-83CBCBE0C81B}
    2012-04-25 12:06:32 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{C9D05630-C3F8-414C-B2B4-D8697B8D6E49}
    2012-04-24 14:16:09 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{83514587-159B-44FD-9AF3-EB779EB73321}
    2012-04-24 14:15:57 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{68BD7463-6CC7-4C7E-9273-A8AAD8A146D0}
    2012-04-24 02:15:26 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{B137B435-907E-4BF5-BC35-83D9714B9DD4}
    2012-04-24 02:15:13 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{D6D35E2C-7A86-4A11-8431-3C54C26F8C03}
    2012-04-23 12:44:17 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{550080EC-A195-4895-B6BA-7F53021D0C33}
    2012-04-23 12:44:04 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{311ED0F6-3086-45FD-B288-6BE9CA3BD756}
    2012-04-22 15:46:56 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{BE29E081-1453-4F50-B30E-56400EFC64C1}
    2012-04-22 15:46:43 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{9265AD69-5771-4168-B693-4BBF1D9CCEE4}
    2012-04-22 03:06:29 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{3E09BC01-7AA5-451D-8C4C-E17C215A0EB6}
    2012-04-22 03:06:18 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{1BEF5C4B-CC80-4B7A-A093-EA6DB301D6CF}
    2012-04-21 15:01:59 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{1748F28F-6DB0-4DA5-B7D9-64DD0AF71B05}
    2012-04-21 15:01:43 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{5CB068CF-B1C6-4973-83B5-89E35AF5A6F1}
    2012-04-21 01:00:07 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{24EF0619-E673-4634-8B3F-C7019B421A72}
    2012-04-21 00:59:53 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{89888D3F-9101-4A92-BD4B-60D57E408B95}
    2012-04-20 11:12:09 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{DFD8B380-03E1-4EC7-A29C-FC45BF620B50}
    2012-04-20 11:11:55 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{691BFF31-EFD1-4E6F-8BF9-AAF6CFF69E67}
    2012-04-19 17:53:46 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{97B2A960-6D0A-4CE9-BB65-AA5E066F4C91}
    2012-04-19 17:53:34 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{FB04D0F0-060F-41E7-A7A6-A4F7ED32BED8}
    2012-04-19 02:41:55 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{8E33291B-8A0E-48C6-9352-5553D25B181E}
    2012-04-19 02:41:43 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{ABBD67A2-A0EA-420D-8B1E-493809D92A85}
    2012-04-19 02:41:37 -------- d-----w- C:\Users\Mike Flaherty\Tracing
    2012-04-19 02:41:31 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{9B47F1B6-61B1-42AF-9F34-8ABC9A635385}
    2012-04-19 02:22:35 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{1126C4A0-D439-4C57-929E-C443B6A2331F}
    2012-04-19 02:22:23 -------- d-----w- C:\Users\Mike Flaherty\AppData\Local\{7E0E0FA3-C1B4-4600-9540-DE28BE21516E}
    .
    ==================== Find3M ====================
    .
    2012-05-01 21:58:17 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-21 12:48:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
    2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-03-06 23:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
    2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
    .
    ============= FINISH: 19:52:21.23 ===============

    Attach. Notepad:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/13/2011 10:33:18 PM
    System Uptime: 5/17/2012 7:44:26 PM (0 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | 2A6C
    Processor: AMD Athlon(tm) II X2 240 Processor | CPU 1 | 2800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 452 GiB total, 384.364 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 1.603 GiB free.
    E: is CDROM ()
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP152: 5/10/2012 10:41:05 PM - Windows Update
    RP154: 5/13/2012 11:52:26 AM - Revo Uninstaller Pro's restore point - Freecorder 5
    RP156: 5/13/2012 11:56:27 AM - Revo Uninstaller Pro's restore point - Java(TM) 6 Update 22
    RP157: 5/13/2012 11:56:47 AM - Removed Java(TM) 6 Update 22
    RP159: 5/13/2012 12:04:19 PM - Revo Uninstaller Pro's restore point - Java(TM) 6 Update 31
    RP160: 5/13/2012 12:06:35 PM - Removed Java(TM) 6 Update 31
    RP161: 5/13/2012 12:23:01 PM - Revo Uninstaller's restore point - Freecorder 5
    RP162: 5/13/2012 12:30:51 PM - Revo Uninstaller's restore point - Freecorder 5
    RP163: 5/13/2012 3:00:08 PM - Installed Java(TM) 7 Update 4
    RP164: 5/13/2012 3:02:26 PM - Installed JavaFX 2.1.0
    RP165: 5/13/2012 4:46:28 PM - Installed HiJackThis
    RP166: 5/13/2012 9:18:01 PM - Installed HiJackThis
    RP167: 5/13/2012 9:33:20 PM - Installed HiJackThis
    RP168: 5/15/2012 7:43:25 AM - Windows Update
    RP169: 5/16/2012 10:53:21 AM - Revo Uninstaller's restore point - HiJackThis
    RP170: 5/16/2012 10:54:48 AM - Removed HiJackThis
    RP171: 5/16/2012 11:19:18 AM - Revo Uninstaller's restore point - VideoScavenger Toolbar
    RP172: 5/16/2012 11:25:58 AM - Revo Uninstaller's restore point - ESET Online Scanner v3
    RP174: 5/17/2012 7:07:59 AM - Revo Uninstaller Pro's restore point - Malwarebytes Anti-Malware version 1.61.0.1400
    .
    ==== Installed Programs ======================
    .
    Adobe Reader X (10.1.3)
    Apple Application Support
    Apple Software Update
    avast! Free Antivirus
    CyberLink DVD Suite Deluxe
    D3DX10
    DVD Menu Pack for HP MediaSmart Video
    Facetheme
    ffdshow [rev 2975] [2009-05-28]
    GIMP 2.6.12-2
    Google Update Helper
    Hewlett-Packard ACLM.NET v1.1.2.0
    HP Customer Experience Enhancements
    HP Deskjet 3050 J610 series Help
    HP MediaSmart DVD
    HP MediaSmart Music
    HP MediaSmart Photo
    HP MediaSmart Video
    HP MovieStore
    HP Odometer
    HP Photo Creations
    HP Setup
    HP Setup Manager
    HP Support Assistant
    HP Support Information
    HP Update
    HPDiagnosticAlert
    Hulu Desktop
    IrfanView (remove only)
    Java Auto Updater
    Java(TM) 7 Update 4
    JavaFX 2.1.0
    Kingsoft Presentation (8.1.0.3008)
    LabelPrint
    LightScribe System Software
    Media Go
    Media Go Video Playback Engine 1.84.107.07010
    Media Player Codec Pack 4.1.7
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft WSE 3.0 Runtime
    Movie Theme Pack for HP MediaSmart Video
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NETGEAR WNA1100 N150 Wireless USB Adapter
    NVIDIA ForceWare Network Access Manager
    OpenOffice.org 3.3
    PDF Complete Special Edition
    PhotoNow!
    PlayReady PC Runtime x86
    PlayStation(R)Network Downloader
    PlayStation(R)Store
    Power2Go
    PowerDirector
    PressReader
    QuickTime Alternative 2.8.0
    Realtek High Definition Audio Driver
    Recovery Manager
    Revo Uninstaller 1.94
    RoxioNow Player
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Spybot - Search & Destroy
    SpywareBlaster 4.6
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/17/2012 7:45:03 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
    5/17/2012 7:45:03 PM, Error: Service Control Manager [7000] - The VideoScavengerService service failed to start due to the following error: The system cannot find the file specified.
    5/17/2012 7:31:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    5/16/2012 7:40:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
    5/16/2012 7:40:23 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    5/16/2012 7:40:23 AM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/16/2012 7:15:39 AM, Error: Microsoft-Windows-WHEA-Logger [20] - A fatal hardware error has occurred. Component: AMD Northbridge Error Source: Machine Check Exception Error Type: 11 Processor ID: 0 The details view of this entry contains further information.
    .
    ==== End Of File ===========================

    Hope to hear from you soon. Thanks
     
  5. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi again - well done.

    My name is Iain and I will be helping you clean your system.

    You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

    Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

    Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

    If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

    Please ensure that you follow the instructions in the order I have them listed. Note that if you do not respond within 5 days I shall no longer check this thread for replies.

    Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.


    IMPORTANT - for Windows Vista and Windows 7 start all tools by using right click > Run as Administrator.




    Combofix
    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please read all the information carefully! If using Windows XP you should ensure you install the Recovery Console.

    You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

    Please include the log C:\ComboFix.txt in your next reply for further review.
     
  6. kittysfriend

    kittysfriend Thread Starter

    Joined:
    May 2, 2012
    Messages:
    9
    Here is the log for ComboFix
     

    Attached Files:

  7. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Please just copy and paste your logs directly into the thread - thanks.


    ComboFix 12-05-19.01 - Mike Flaherty 05/19/2012 11:31:25.4.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.246 [GMT -5:00]
    Running from: c:\users\Mike Flaherty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OHP0H7B5\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-19 16:42 . 2012-05-19 16:42 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-16 15:27 . 2012-05-16 15:27 -------- d-----w- c:\users\Mike Flaherty\AppData\Roaming\WinPatrol
    2012-05-16 15:25 . 2012-05-16 15:25 -------- d-----w- c:\program files (x86)\BillP Studios
    2012-05-15 12:44 . 2012-04-18 08:03 8917360 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7062DD4-9765-4457-9C4F-7781C0D5FD82}\mpengine.dll
    2012-05-14 06:37 . 2012-05-14 06:37 0 ----a-w- c:\windows\SysWow64\sho9EFD.tmp
    2012-05-14 02:37 . 2012-05-14 02:37 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-05-13 20:30 . 2012-05-13 20:30 -------- d-----w- c:\program files\CCleaner
    2012-05-13 20:03 . 2012-05-13 20:03 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-05-13 20:02 . 2012-05-13 20:02 -------- d-----w- c:\program files (x86)\Oracle
    2012-05-13 20:02 . 2012-04-04 23:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-05-13 20:01 . 2012-05-13 20:01 -------- d-----w- c:\program files (x86)\Java
    2012-05-13 19:12 . 2012-05-13 19:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2012-05-13 16:42 . 2012-05-13 16:42 -------- d-----w- c:\users\Mike Flaherty\AppData\Local\VS Revo Group
    2012-05-13 16:42 . 2009-12-30 16:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2012-05-13 16:42 . 2012-05-13 16:42 -------- d-----w- c:\program files\VS Revo Group
    2012-05-13 16:40 . 2012-05-13 16:40 -------- d-----w- c:\program files (x86)\VS Revo Group
    2012-05-10 21:28 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
    2012-05-10 21:28 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-05-10 21:28 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-10 21:28 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
    2012-05-10 21:28 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-10 21:28 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-10 21:24 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2012-05-10 21:22 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-05-10 21:22 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
    2012-05-10 21:22 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-10 21:22 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-10 21:22 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
    2012-05-10 21:22 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2012-05-08 02:03 . 2012-05-08 02:03 -------- d-----w- c:\users\Mike Flaherty\AppData\Roaming\U3
    2012-05-03 17:10 . 2012-05-03 17:10 -------- d-----w- c:\users\Mike Flaherty\AppData\Roaming\SUPERAntiSpyware.com
    2012-05-03 17:08 . 2012-05-03 17:33 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-05-03 17:08 . 2012-05-03 17:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-05-02 19:01 . 2012-05-13 21:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-05-02 19:01 . 2012-05-02 19:20 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2012-05-02 18:52 . 2012-05-02 18:52 -------- d-----w- c:\programdata\Tarma Installer
    2012-05-02 17:46 . 2010-01-10 23:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
    2012-05-02 17:46 . 2012-05-02 17:46 -------- d-----w- c:\program files (x86)\SpywareBlaster
    2012-05-01 21:58 . 2012-05-01 21:58 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-04-30 00:24 . 2012-04-30 00:24 -------- d-----w- c:\users\Mcx1-MIKEFLAHERTY-HP
    2012-04-29 23:20 . 2012-05-01 20:55 -------- d-----w- c:\program files (x86)\1ClickDownload
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-01 21:58 . 2011-11-10 12:24 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-21 12:48 . 2012-01-09 02:27 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-03-06 23:15 . 2011-11-10 04:27 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-06 23:15 . 2011-11-10 04:27 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-03-06 23:15 . 2011-11-10 04:27 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-03-06 23:04 . 2011-11-10 04:27 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-06 23:04 . 2011-11-10 04:27 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-03-06 23:02 . 2012-04-05 20:05 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-03-06 23:01 . 2011-11-10 04:27 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-03-06 23:01 . 2011-11-10 04:27 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-03-06 23:01 . 2011-11-10 04:27 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-03-01 06:46 . 2012-04-11 23:22 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-03-01 06:38 . 2012-04-11 23:22 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-03-01 06:33 . 2012-04-11 23:22 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-03-01 06:28 . 2012-04-11 23:22 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-03-01 05:37 . 2012-04-11 23:22 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-03-01 05:33 . 2012-04-11 23:22 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-03-01 05:29 . 2012-04-11 23:22 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-02-28 06:56 . 2012-04-11 23:24 2311168 ----a-w- c:\windows\system32\jscript9.dll
    2012-02-28 06:49 . 2012-04-11 23:24 1390080 ----a-w- c:\windows\system32\wininet.dll
    2012-02-28 06:48 . 2012-04-11 23:24 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-02-28 06:42 . 2012-04-11 23:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-02-28 01:18 . 2012-04-11 23:24 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-02-28 01:11 . 2012-04-11 23:24 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11 . 2012-04-11 23:24 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-02-28 01:03 . 2012-04-11 23:24 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-02-23 15:18 . 2011-11-10 05:04 279656 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-03 4786048]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-04-15 374368]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2011-11-10 4545024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 136176]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    R2 VideoScavenger_1eService;VideoScavengerService;c:\progra~2\VIDEOS~2\bar\1.bin\1ebarsvc.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 253088]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 136176]
    R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2010-03-23 960992]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
    S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2010-08-04 266240]
    S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 21:58]
    .
    2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 21:56]
    .
    2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 21:56]
    .
    2012-05-19 c:\windows\Tasks\HP Photo Creations Communicator.job
    - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-12-22 17:24]
    .
    2012-05-18 c:\windows\Tasks\HPCeeScheduleForMike Flaherty.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    2012-05-01 c:\windows\Tasks\HPCeeScheduleForMIKEFLAHERTY-HP$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    2012-05-19 c:\windows\Tasks\WpsUpdateTask_Mike Flaherty.job
    - c:\program files (x86)\Kingsoft\Kingsoft Presentation\office6\wpsupdate.exe [2011-11-03 16:00]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Free YouTube Download - c:\users\Mike Flaherty\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    Trusted Zone: eset.eu
    Trusted Zone: pandora.com\www
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    AddRemove-facetheme-apl - c:\program files (x86)\Object\facetheme-apl_uninstall.exe
    AddRemove-ffdshow_is1 - c:\program files (x86)\Media Convert Master\codec\ffdshow\unins000.exe
    AddRemove-QuicktimeAlt_is1 - c:\program files (x86)\Media Convert Master\codec\quicktime\unins000.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
    "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
    8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
    "{ACF7DA4C-EEB2-484A-A3A1-303D4054D50C}"=hex:51,66,7a,6c,4c,1d,38,12,22,d9,e4,
    a8,80,a0,24,0d,dc,b7,73,7d,45,0a,91,18
    "{27A220B7-BB43-4FAF-B27B-F803D18EEA28}"=hex:51,66,7a,6c,4c,1d,38,12,d9,23,b1,
    23,71,f5,c1,0a,cd,6d,bb,43,d4,d0,ae,3c
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
    8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
    "{C6549209-1FF1-4A5C-A815-981F64F34B19}"=hex:51,66,7a,6c,4c,1d,38,12,67,91,47,
    c2,c3,51,32,0f,d7,03,db,5f,61,ad,0f,0d
    "{D047FE10-DFE2-45CF-9FBF-966B9E64920F}"=hex:51,66,7a,6c,4c,1d,38,12,7e,fd,54,
    d4,d0,91,a1,00,e0,a9,d5,2b,9b,3a,d6,1b
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
    f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:90,a0,d2,6b,9e,28,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-19 11:49:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-19 16:49
    .
    Pre-Run: 412,070,006,784 bytes free
    Post-Run: 411,837,775,872 bytes free
    .
    - - End Of File - - 97FDA8F27F50968CC32BDB259D3D26E1
     
  8. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi again

    Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.



    Combofix

    • Close any open browsers.
    • Open notepad and copy/paste the text in the box below into it:

    Code:
    ClearJavaCache::
    
    File::
    c:\windows\SysWow64\sho9EFD.tmp
    
    Looking at the image below as an example

    [​IMG]

    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]

    Refering to the picture above, drag CFScript onto ComboFix.exe.

    If you receive a prompt saying there is an updated version of ComboFix available, please allow it to update.

    When finished, it will produce a log for you at "C:\ComboFix.txt"

    Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

    CAUTION! Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!


    Please post the log C:\ComboFix.txt for further review.




    Download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Full Scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results. Note that the full scan may take quite some time.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Save it to your desktop.
    Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.
     
  9. kittysfriend

    kittysfriend Thread Starter

    Joined:
    May 2, 2012
    Messages:
    9
    Hello again .. Combofix log:
    ComboFix 12-05-21.05 - Mike Flaherty 05/21/2012 19:03:49.5.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.184 [GMT -5:00]
    Running from: c:\users\Mike Flaherty\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-22 00:15 . 2012-05-22 00:15 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-19 16:59 . 2012-05-15 06:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6DF769-0CC9-4161-9E41-5A2ACE5C3269}\mpengine.dll
    2012-05-16 15:27 . 2012-05-16 15:27 -------- d-----w- c:\users\Mike Flaherty\AppData\Roaming\WinPatrol
    2012-05-16 15:25 . 2012-05-16 15:25 -------- d-----w- c:\program files (x86)\BillP Studios
    2012-05-14 06:37 . 2012-05-14 06:37 0 ----a-w- c:\windows\SysWow64\sho9EFD.tmp
    2012-05-14 02:37 . 2012-05-14 02:37 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-05-13 20:30 . 2012-05-13 20:30 -------- d-----w- c:\program files\CCleaner
    2012-05-13 20:03 . 2012-05-13 20:03 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-05-13 20:02 . 2012-05-13 20:02 -------- d-----w- c:\program files (x86)\Oracle
    2012-05-13 20:02 . 2012-04-04 23:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-05-13 20:01 . 2012-05-13 20:01 -------- d-----w- c:\program files (x86)\Java
    2012-05-13 19:12 . 2012-05-13 19:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2012-05-13 16:42 . 2012-05-13 16:42 -------- d-----w- c:\users\Mike Flaherty\AppData\Local\VS Revo Group
    2012-05-13 16:42 . 2009-12-30 16:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2012-05-13 16:42 . 2012-05-13 16:42 -------- d-----w- c:\program files\VS Revo Group
    2012-05-13 16:40 . 2012-05-13 16:40 -------- d-----w- c:\program files (x86)\VS Revo Group
    2012-05-10 21:28 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
    2012-05-10 21:28 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-05-10 21:28 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-10 21:28 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
    2012-05-10 21:28 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-10 21:28 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-10 21:24 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2012-05-10 21:22 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-05-10 21:22 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
    2012-05-10 21:22 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-10 21:22 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-10 21:22 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
    2012-05-10 21:22 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2012-05-08 02:03 . 2012-05-08 02:03 -------- d-----w- c:\users\Mike Flaherty\AppData\Roaming\U3
    2012-05-03 17:10 . 2012-05-03 17:10 -------- d-----w- c:\users\Mike Flaherty\AppData\Roaming\SUPERAntiSpyware.com
    2012-05-03 17:08 . 2012-05-03 17:33 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-05-03 17:08 . 2012-05-03 17:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-05-02 19:01 . 2012-05-13 21:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-05-02 19:01 . 2012-05-02 19:20 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2012-05-02 18:52 . 2012-05-02 18:52 -------- d-----w- c:\programdata\Tarma Installer
    2012-05-02 17:46 . 2010-01-10 23:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
    2012-05-02 17:46 . 2012-05-02 17:46 -------- d-----w- c:\program files (x86)\SpywareBlaster
    2012-05-01 21:58 . 2012-05-01 21:58 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-04-30 00:24 . 2012-04-30 00:24 -------- d-----w- c:\users\Mcx1-MIKEFLAHERTY-HP
    2012-04-29 23:20 . 2012-05-01 20:55 -------- d-----w- c:\program files (x86)\1ClickDownload
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-01 21:58 . 2011-11-10 12:24 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-21 12:48 . 2012-01-09 02:27 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-03-06 23:15 . 2011-11-10 04:27 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-06 23:15 . 2011-11-10 04:27 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-03-06 23:15 . 2011-11-10 04:27 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-03-06 23:04 . 2011-11-10 04:27 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-06 23:04 . 2011-11-10 04:27 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-03-06 23:02 . 2012-04-05 20:05 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-03-06 23:01 . 2011-11-10 04:27 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-03-06 23:01 . 2011-11-10 04:27 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-03-06 23:01 . 2011-11-10 04:27 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-03-01 06:46 . 2012-04-11 23:22 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-03-01 06:38 . 2012-04-11 23:22 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-03-01 06:33 . 2012-04-11 23:22 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-03-01 06:28 . 2012-04-11 23:22 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-03-01 05:37 . 2012-04-11 23:22 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-03-01 05:33 . 2012-04-11 23:22 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-03-01 05:29 . 2012-04-11 23:22 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-02-28 06:56 . 2012-04-11 23:24 2311168 ----a-w- c:\windows\system32\jscript9.dll
    2012-02-28 06:49 . 2012-04-11 23:24 1390080 ----a-w- c:\windows\system32\wininet.dll
    2012-02-28 06:48 . 2012-04-11 23:24 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-02-28 06:42 . 2012-04-11 23:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-02-28 01:18 . 2012-04-11 23:24 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-02-28 01:11 . 2012-04-11 23:24 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11 . 2012-04-11 23:24 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-02-28 01:03 . 2012-04-11 23:24 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-02-23 15:18 . 2011-11-10 05:04 279656 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-05-19_16.45.47 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2012-05-19 16:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-05-22 00:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-05-19 16:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-05-22 00:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-05-19 16:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-05-22 00:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-04-14 03:35 . 2012-05-21 23:41 59252 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:10 . 2012-05-19 15:11 44920 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-05-21 23:41 44920 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-04-14 05:16 . 2012-05-21 23:41 15240 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1845553030-3031872880-4008053321-1000_UserData.bin
    + 2011-11-14 22:37 . 2012-05-21 05:42 5064 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    - 2011-11-14 22:37 . 2012-05-16 12:13 5064 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2012-05-22 00:17 . 2012-05-22 00:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-05-19 16:44 . 2012-05-19 16:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-05-19 16:44 . 2012-05-19 16:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-05-22 00:17 . 2012-05-22 00:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 05:01 . 2012-05-18 23:47 315868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-05-22 00:16 315868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-04-14 05:41 . 2012-05-22 00:16 16050720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1845553030-3031872880-4008053321-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-03 4786048]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-04-15 374368]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2011-11-10 4545024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 136176]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 VideoScavenger_1eService;VideoScavengerService;c:\progra~2\VIDEOS~2\bar\1.bin\1ebarsvc.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 253088]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 136176]
    R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2010-03-23 960992]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
    S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2010-08-04 266240]
    S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 21:58]
    .
    2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 21:56]
    .
    2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-19 21:56]
    .
    2012-05-22 c:\windows\Tasks\HP Photo Creations Communicator.job
    - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-12-22 17:24]
    .
    2012-05-21 c:\windows\Tasks\HPCeeScheduleForMike Flaherty.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    2012-05-01 c:\windows\Tasks\HPCeeScheduleForMIKEFLAHERTY-HP$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    2012-05-22 c:\windows\Tasks\WpsUpdateTask_Mike Flaherty.job
    - c:\program files (x86)\Kingsoft\Kingsoft Presentation\office6\wpsupdate.exe [2011-11-03 16:00]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Free YouTube Download - c:\users\Mike Flaherty\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    Trusted Zone: eset.eu
    Trusted Zone: pandora.com\www
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
    "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
    8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
    "{ACF7DA4C-EEB2-484A-A3A1-303D4054D50C}"=hex:51,66,7a,6c,4c,1d,38,12,22,d9,e4,
    a8,80,a0,24,0d,dc,b7,73,7d,45,0a,91,18
    "{27A220B7-BB43-4FAF-B27B-F803D18EEA28}"=hex:51,66,7a,6c,4c,1d,38,12,d9,23,b1,
    23,71,f5,c1,0a,cd,6d,bb,43,d4,d0,ae,3c
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,
    8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7
    "{C6549209-1FF1-4A5C-A815-981F64F34B19}"=hex:51,66,7a,6c,4c,1d,38,12,67,91,47,
    c2,c3,51,32,0f,d7,03,db,5f,61,ad,0f,0d
    "{D047FE10-DFE2-45CF-9FBF-966B9E64920F}"=hex:51,66,7a,6c,4c,1d,38,12,7e,fd,54,
    d4,d0,91,a1,00,e0,a9,d5,2b,9b,3a,d6,1b
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
    f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:90,a0,d2,6b,9e,28,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-21 19:21:56 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-22 00:21
    ComboFix2.txt 2012-05-19 16:49
    .
    Pre-Run: 411,589,783,552 bytes free
    Post-Run: 411,622,252,544 bytes free
    .
    - - End Of File - - 1D3737D285437D79F40E1E2B9AFCD112
    mbam log:
    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.05.21.06
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Mike Flaherty :: MIKEFLAHERTY-HP [administrator]
    5/21/2012 8:05:23 PM
    mbam-log-2012-05-21 (20-05-23).txt
    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 356029
    Time elapsed: 1 hour(s), 1 minute(s), 18 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 63
    HKCR\CLSID\{94c801cd-46bf-4b4d-834b-8f0a69bdff24} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{be40c362-3ddb-40c0-8c2a-267385081db3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{2F3F4ADB-1C1C-4D5E-9FBC-C3AA53596CCC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\VideoScavenger_1e.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\VideoScavenger_1e.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{94C801CD-46BF-4B4D-834B-8F0A69BDFF24} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{94C801CD-46BF-4B4D-834B-8F0A69BDFF24} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{ad0c6fea-e1cd-454a-af7f-6c1d44a176c3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{748fa372-339e-4075-b913-86d0740a1de9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{2D8FDA07-6836-475F-8ABB-E6B26B63F864} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{9ca70986-06bc-49f5-9097-b17cf968af09} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{a4c7b974-dcbe-4fd1-9e37-997182655a35} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{612EB90E-13E5-42B5-8C0A-E30C055DEE21} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{10f92d9b-690c-423c-a118-9c75637207ac} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\VideoScavenger_1e.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\VideoScavenger_1e.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{ef18fe12-f90d-4205-8a09-5426c14395eb} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{52695f97-1a52-40a0-afcd-99d149a1d0b8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{3ECAC16A-A8C3-48C8-85BE-C6002305780C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\VideoScavenger_1e.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\VideoScavenger_1e.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{dc27caca-cb20-4b93-b5d7-87224164438f} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{28eca842-8b53-456e-8ddc-772e86e9b396} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{8B03E21E-AE2A-4C72-A965-F4538BC7C680} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\VideoScavenger_1e.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\VideoScavenger_1e.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DC27CACA-CB20-4B93-B5D7-87224164438F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{F53C4FFC-1A47-4ECA-B372-014EC02F7301} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\VideoScavenger_1e.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\VideoScavenger_1e.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F53C4FFC-1A47-4ECA-B372-014EC02F7301} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{a45fb14e-bfa8-48a7-ada6-73e30f50f657} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{0574bcfe-3611-4ad5-9114-2218c8f1a423} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{0B5629F3-8E8C-4406-B1AB-25F86AFFB2D9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{fede4586-5ada-4476-9fe0-f01dcaf20a56} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\VideoScavenger_1e.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\VideoScavenger_1e.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{212f8bcf-00eb-4aa4-832e-b9389caa8b03} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{0cf8e2b6-ef06-4153-b56d-174d01508780} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{9C343FA3-1DDB-4209-9B39-5ACD2FA7A841} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\VideoScavenger_1e.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\VideoScavenger_1e.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{212F8BCF-00EB-4AA4-832E-B9389CAA8B03} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{807210b2-c03e-4203-a5e0-cb1b3496426b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{7e651229-9439-4ab7-be20-7041e6456335} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{DA84BB1A-5D7B-45CD-AE39-A82C382BFA73} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\VideoScavenger_1e.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\VideoScavenger_1e.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{149a544b-9203-49f5-b177-4f62b4b219b4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\VideoScavenger_1e.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\VideoScavenger_1e.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{35c636a4-4435-4723-b751-5b62d04ba15b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{9f5e1ec6-0c22-4932-b2c4-9c40116f41a4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{0AFB9872-419A-466E-A8DC-10504076DEB3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{311c61de-a01b-414e-a7c1-68eae31aae8a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{548e3328-d7ec-4fee-ad39-3b4ec4a54d7b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\Interface\{33B63E5E-73E3-4ECC-859F-8A185B4DE045} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\VideoScavenger_1e.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\VideoScavenger_1e.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{311C61DE-A01B-414E-A7C1-68EAE31AAE8A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\CLSID\{23f4cec5-8255-4ea2-876f-f07b2f7cf395} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\VideoScavenger_1e.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCR\VideoScavenger_1e.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 32
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eauxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebarsvc.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebrmon.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebrstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1edatact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1edlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1edyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1efeedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ehighin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ehkstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ehtml.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ehtmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ehttpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eidle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eimpipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1emedint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1emlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1emsg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ePlugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eradio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eregfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ereghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eregiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1escript.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eskin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eskplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eSrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1etpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1euabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\NP1eStub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    (end)
    Thanks so much for your help and time.... I anxiously await your replay.
     
  10. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi again

    Looks like MBAM cleared out a pile of stuff - how is your system running now?
     
  11. kittysfriend

    kittysfriend Thread Starter

    Joined:
    May 2, 2012
    Messages:
    9
    Well It's running better now but still freezes up but not as frecuently. is there anything else we can do to make it better??... oops! it just froze up. Thanks again for your time..!
     
  12. kittysfriend

    kittysfriend Thread Starter

    Joined:
    May 2, 2012
    Messages:
    9
    Same pattern again. It was running better but again it is freezing up constantly. Do you think is something else besides malware? Hardware related?
     
  13. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi again

    That's a possibility - but we'll have a deeper look.

    Please download TDSSKiller.zip and extract TDSSKiller.exe to your desktop.

    Execute TDSSKiller.exe by doubleclicking on it. Press Start Scan.

    [​IMG]

    • If Malicious objects are found, ensure Cure is selected (it should be by default)

      [​IMG]

    • Click Continue then click Reboot now

      [​IMG]

    • Once complete, a log will be produced at the root drive which is typically C:\

      For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt.

    Please attach that log.
     
  14. kittysfriend

    kittysfriend Thread Starter

    Joined:
    May 2, 2012
    Messages:
    9
    This is the log :
    18:40:36.0498 3724 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
    18:40:37.0060 3724 ============================================================
    18:40:37.0060 3724 Current date / time: 2012/05/23 18:40:37.0060
    18:40:37.0060 3724 SystemInfo:
    18:40:37.0060 3724
    18:40:37.0060 3724 OS Version: 6.1.7601 ServicePack: 1.0
    18:40:37.0060 3724 Product type: Workstation
    18:40:37.0060 3724 ComputerName: MIKEFLAHERTY-HP
    18:40:37.0060 3724 UserName: Mike Flaherty
    18:40:37.0060 3724 Windows directory: C:\Windows
    18:40:37.0060 3724 System windows directory: C:\Windows
    18:40:37.0060 3724 Running under WOW64
    18:40:37.0060 3724 Processor architecture: Intel x64
    18:40:37.0060 3724 Number of processors: 2
    18:40:37.0060 3724 Page size: 0x1000
    18:40:37.0060 3724 Boot type: Normal boot
    18:40:37.0060 3724 ============================================================
    18:40:38.0402 3724 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:40:38.0417 3724 ============================================================
    18:40:38.0417 3724 \Device\Harddisk0\DR0:
    18:40:38.0433 3724 MBR partitions:
    18:40:38.0433 3724 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    18:40:38.0433 3724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x388AF000
    18:40:38.0433 3724 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x388E1800, BlocksNum 0x1AA4000
    18:40:38.0433 3724 ============================================================
    18:40:38.0448 3724 C: <-> \Device\Harddisk0\DR0\Partition1
    18:40:38.0495 3724 D: <-> \Device\Harddisk0\DR0\Partition2
    18:40:38.0573 3724 ============================================================
    18:40:38.0573 3724 Initialize success
    18:40:38.0573 3724 ============================================================
    18:40:40.0929 4788 ============================================================
    18:40:40.0929 4788 Scan started
    18:40:40.0929 4788 Mode: Manual;
    18:40:40.0929 4788 ============================================================
    18:40:41.0615 4788 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    18:40:41.0631 4788 !SASCORE - ok
    18:40:41.0802 4788 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    18:40:41.0802 4788 1394ohci - ok
    18:40:41.0865 4788 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    18:40:41.0865 4788 ACPI - ok
    18:40:41.0927 4788 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    18:40:41.0927 4788 AcpiPmi - ok
    18:40:42.0083 4788 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    18:40:42.0083 4788 AdobeARMservice - ok
    18:40:42.0224 4788 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    18:40:42.0224 4788 AdobeFlashPlayerUpdateSvc - ok
    18:40:42.0302 4788 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    18:40:42.0317 4788 adp94xx - ok
    18:40:42.0364 4788 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    18:40:42.0364 4788 adpahci - ok
    18:40:42.0380 4788 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    18:40:42.0380 4788 adpu320 - ok
    18:40:42.0458 4788 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    18:40:42.0458 4788 AeLookupSvc - ok
    18:40:42.0504 4788 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    18:40:42.0504 4788 AFD - ok
    18:40:42.0598 4788 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    18:40:42.0598 4788 agp440 - ok
    18:40:42.0629 4788 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    18:40:42.0629 4788 ALG - ok
    18:40:42.0707 4788 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    18:40:42.0707 4788 aliide - ok
    18:40:42.0738 4788 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    18:40:42.0738 4788 amdide - ok
    18:40:42.0801 4788 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    18:40:42.0801 4788 AmdK8 - ok
    18:40:42.0832 4788 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    18:40:42.0832 4788 AmdPPM - ok
    18:40:42.0910 4788 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    18:40:42.0910 4788 amdsata - ok
    18:40:42.0957 4788 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    18:40:42.0957 4788 amdsbs - ok
    18:40:42.0972 4788 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    18:40:42.0972 4788 amdxata - ok
    18:40:43.0066 4788 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    18:40:43.0066 4788 AppID - ok
    18:40:43.0113 4788 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    18:40:43.0113 4788 AppIDSvc - ok
    18:40:43.0160 4788 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    18:40:43.0160 4788 Appinfo - ok
    18:40:43.0284 4788 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:40:43.0300 4788 Apple Mobile Device - ok
    18:40:43.0316 4788 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    18:40:43.0316 4788 arc - ok
    18:40:43.0394 4788 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    18:40:43.0394 4788 arcsas - ok
    18:40:43.0409 4788 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
    18:40:43.0409 4788 aswFsBlk - ok
    18:40:43.0440 4788 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
    18:40:43.0440 4788 aswMonFlt - ok
    18:40:43.0503 4788 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
    18:40:43.0503 4788 aswRdr - ok
    18:40:43.0565 4788 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
    18:40:43.0581 4788 aswSnx - ok
    18:40:43.0612 4788 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
    18:40:43.0612 4788 aswSP - ok
    18:40:43.0628 4788 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
    18:40:43.0643 4788 aswTdi - ok
    18:40:43.0643 4788 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    18:40:43.0643 4788 AsyncMac - ok
    18:40:43.0721 4788 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    18:40:43.0721 4788 atapi - ok
    18:40:43.0815 4788 athur (c24a645aedbdf5fa0a23f7581c6f9c63) C:\Windows\system32\DRIVERS\athurx.sys
    18:40:43.0830 4788 athur - ok
    18:40:44.0002 4788 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    18:40:44.0018 4788 AudioEndpointBuilder - ok
    18:40:44.0018 4788 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    18:40:44.0033 4788 AudioSrv - ok
    18:40:44.0111 4788 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    18:40:44.0111 4788 avast! Antivirus - ok
    18:40:44.0158 4788 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    18:40:44.0158 4788 AxInstSV - ok
    18:40:44.0236 4788 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    18:40:44.0267 4788 b06bdrv - ok
    18:40:44.0314 4788 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    18:40:44.0314 4788 b57nd60a - ok
    18:40:44.0330 4788 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    18:40:44.0330 4788 BDESVC - ok
    18:40:44.0361 4788 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    18:40:44.0361 4788 Beep - ok
    18:40:44.0501 4788 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    18:40:44.0517 4788 BFE - ok
    18:40:44.0610 4788 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
    18:40:44.0642 4788 BITS - ok
    18:40:44.0688 4788 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    18:40:44.0688 4788 blbdrive - ok
    18:40:44.0766 4788 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    18:40:44.0766 4788 bowser - ok
    18:40:44.0766 4788 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    18:40:44.0766 4788 BrFiltLo - ok
    18:40:44.0798 4788 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    18:40:44.0798 4788 BrFiltUp - ok
    18:40:44.0844 4788 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    18:40:44.0844 4788 BridgeMP - ok
    18:40:44.0891 4788 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    18:40:44.0891 4788 Browser - ok
    18:40:44.0938 4788 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    18:40:44.0938 4788 Brserid - ok
    18:40:44.0969 4788 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    18:40:44.0969 4788 BrSerWdm - ok
    18:40:44.0969 4788 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:40:44.0969 4788 BrUsbMdm - ok
    18:40:45.0000 4788 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    18:40:45.0000 4788 BrUsbSer - ok
    18:40:45.0016 4788 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    18:40:45.0016 4788 BTHMODEM - ok
    18:40:45.0094 4788 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    18:40:45.0094 4788 bthserv - ok
    18:40:45.0125 4788 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    18:40:45.0125 4788 cdfs - ok
    18:40:45.0437 4788 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    18:40:45.0484 4788 cdrom - ok
    18:40:45.0562 4788 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    18:40:45.0562 4788 CertPropSvc - ok
    18:40:45.0578 4788 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    18:40:45.0593 4788 circlass - ok
    18:40:45.0609 4788 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    18:40:45.0609 4788 CLFS - ok
    18:40:45.0687 4788 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:40:45.0687 4788 clr_optimization_v2.0.50727_32 - ok
    18:40:45.0734 4788 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    18:40:45.0734 4788 clr_optimization_v2.0.50727_64 - ok
    18:40:45.0843 4788 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:40:45.0874 4788 clr_optimization_v4.0.30319_32 - ok
    18:40:45.0921 4788 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    18:40:45.0921 4788 clr_optimization_v4.0.30319_64 - ok
    18:40:45.0999 4788 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    18:40:46.0014 4788 CmBatt - ok
    18:40:46.0030 4788 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    18:40:46.0030 4788 cmdide - ok
    18:40:46.0077 4788 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    18:40:46.0092 4788 CNG - ok
    18:40:46.0124 4788 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    18:40:46.0124 4788 Compbatt - ok
    18:40:46.0155 4788 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    18:40:46.0155 4788 CompositeBus - ok
    18:40:46.0155 4788 COMSysApp - ok
    18:40:46.0217 4788 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    18:40:46.0217 4788 crcdisk - ok
    18:40:46.0264 4788 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    18:40:46.0264 4788 CryptSvc - ok
    18:40:46.0389 4788 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    18:40:46.0389 4788 cvhsvc - ok
    18:40:46.0467 4788 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    18:40:46.0482 4788 DcomLaunch - ok
    18:40:46.0576 4788 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    18:40:46.0576 4788 defragsvc - ok
    18:40:46.0638 4788 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    18:40:46.0654 4788 DfsC - ok
    18:40:46.0701 4788 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    18:40:46.0716 4788 Dhcp - ok
    18:40:46.0748 4788 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    18:40:46.0748 4788 discache - ok
    18:40:46.0794 4788 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    18:40:46.0794 4788 Disk - ok
    18:40:46.0857 4788 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    18:40:46.0857 4788 Dnscache - ok
    18:40:47.0106 4788 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    18:40:47.0106 4788 dot3svc - ok
    18:40:47.0138 4788 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    18:40:47.0153 4788 DPS - ok
    18:40:47.0169 4788 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    18:40:47.0169 4788 drmkaud - ok
    18:40:47.0262 4788 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    18:40:47.0278 4788 DXGKrnl - ok
    18:40:47.0340 4788 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    18:40:47.0356 4788 EapHost - ok
    18:40:47.0481 4788 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    18:40:47.0512 4788 ebdrv - ok
    18:40:47.0699 4788 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    18:40:47.0699 4788 EFS - ok
    18:40:47.0840 4788 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    18:40:47.0840 4788 ehRecvr - ok
    18:40:47.0902 4788 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    18:40:47.0902 4788 ehSched - ok
    18:40:47.0980 4788 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    18:40:47.0996 4788 elxstor - ok
    18:40:48.0011 4788 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    18:40:48.0011 4788 ErrDev - ok
    18:40:48.0089 4788 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    18:40:48.0105 4788 EventSystem - ok
    18:40:48.0136 4788 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    18:40:48.0136 4788 exfat - ok
    18:40:48.0167 4788 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    18:40:48.0167 4788 fastfat - ok
    18:40:48.0276 4788 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    18:40:48.0276 4788 Fax - ok
    18:40:48.0308 4788 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    18:40:48.0308 4788 fdc - ok
    18:40:48.0339 4788 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    18:40:48.0339 4788 fdPHost - ok
    18:40:48.0370 4788 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    18:40:48.0370 4788 FDResPub - ok
    18:40:48.0432 4788 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    18:40:48.0432 4788 FileInfo - ok
    18:40:48.0464 4788 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    18:40:48.0464 4788 Filetrace - ok
    18:40:48.0479 4788 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    18:40:48.0479 4788 flpydisk - ok
    18:40:48.0557 4788 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    18:40:48.0557 4788 FltMgr - ok
    18:40:48.0978 4788 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    18:40:48.0994 4788 FontCache - ok
    18:40:49.0134 4788 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    18:40:49.0134 4788 FontCache3.0.0.0 - ok
    18:40:49.0275 4788 ForceWare Intelligent Application Manager (IAM) (b60df5324d7ea0c8017f4c5331962d59) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    18:40:49.0275 4788 ForceWare Intelligent Application Manager (IAM) - ok
    18:40:49.0384 4788 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    18:40:49.0384 4788 FsDepends - ok
    18:40:49.0415 4788 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    18:40:49.0415 4788 Fs_Rec - ok
    18:40:49.0478 4788 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    18:40:49.0478 4788 fvevol - ok
    18:40:49.0509 4788 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    18:40:49.0509 4788 gagp30kx - ok
    18:40:49.0649 4788 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    18:40:49.0680 4788 gpsvc - ok
    18:40:49.0883 4788 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:40:49.0883 4788 gupdate - ok
    18:40:49.0899 4788 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:40:49.0899 4788 gupdatem - ok
    18:40:49.0930 4788 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    18:40:49.0930 4788 hcw85cir - ok
    18:40:49.0961 4788 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    18:40:49.0977 4788 HdAudAddService - ok
    18:40:50.0008 4788 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    18:40:50.0024 4788 HDAudBus - ok
    18:40:50.0070 4788 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    18:40:50.0070 4788 HidBatt - ok
    18:40:50.0086 4788 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    18:40:50.0086 4788 HidBth - ok
    18:40:50.0117 4788 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    18:40:50.0117 4788 HidIr - ok
    18:40:50.0148 4788 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    18:40:50.0164 4788 hidserv - ok
    18:40:50.0258 4788 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    18:40:50.0258 4788 HidUsb - ok
    18:40:50.0289 4788 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    18:40:50.0289 4788 hkmsvc - ok
    18:40:50.0367 4788 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    18:40:50.0367 4788 HomeGroupListener - ok
    18:40:50.0398 4788 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    18:40:50.0414 4788 HomeGroupProvider - ok
    18:40:50.0585 4788 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    18:40:50.0585 4788 HP Support Assistant Service - ok
    18:40:50.0710 4788 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    18:40:50.0710 4788 HPClientSvc - ok
    18:40:50.0788 4788 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    18:40:50.0788 4788 HPDrvMntSvc.exe - ok
    18:40:50.0866 4788 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    18:40:50.0882 4788 hpqwmiex - ok
    18:40:51.0069 4788 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    18:40:51.0069 4788 HpSAMD - ok
    18:40:51.0162 4788 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    18:40:51.0162 4788 HTTP - ok
    18:40:51.0194 4788 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    18:40:51.0194 4788 hwpolicy - ok
    18:40:51.0287 4788 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    18:40:51.0287 4788 i8042prt - ok
    18:40:51.0318 4788 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    18:40:51.0334 4788 iaStorV - ok
    18:40:51.0506 4788 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    18:40:51.0521 4788 idsvc - ok
    18:40:51.0537 4788 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    18:40:51.0537 4788 iirsp - ok
    18:40:51.0599 4788 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    18:40:51.0599 4788 IKEEXT - ok
    18:40:51.0708 4788 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
    18:40:51.0740 4788 IntcAzAudAddService - ok
    18:40:51.0864 4788 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    18:40:51.0864 4788 intelide - ok
    18:40:51.0896 4788 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    18:40:51.0896 4788 intelppm - ok
    18:40:51.0942 4788 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    18:40:51.0942 4788 IPBusEnum - ok
    18:40:51.0974 4788 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:40:51.0974 4788 IpFilterDriver - ok
    18:40:52.0036 4788 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    18:40:52.0052 4788 iphlpsvc - ok
    18:40:52.0067 4788 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    18:40:52.0067 4788 IPMIDRV - ok
    18:40:52.0083 4788 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    18:40:52.0114 4788 IPNAT - ok
    18:40:52.0145 4788 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    18:40:52.0145 4788 IRENUM - ok
    18:40:52.0176 4788 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    18:40:52.0176 4788 isapnp - ok
    18:40:52.0208 4788 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    18:40:52.0208 4788 iScsiPrt - ok
    18:40:52.0332 4788 jswpsapi (cf9ba304b8047b9582d72d9bfef42eae) C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
    18:40:52.0348 4788 jswpsapi - ok
    18:40:52.0379 4788 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
    18:40:52.0379 4788 JSWPSLWF - ok
    18:40:52.0395 4788 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    18:40:52.0395 4788 kbdclass - ok
    18:40:52.0426 4788 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    18:40:52.0442 4788 kbdhid - ok
    18:40:52.0520 4788 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:40:52.0520 4788 KeyIso - ok
    18:40:52.0535 4788 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    18:40:52.0535 4788 KSecDD - ok
    18:40:52.0551 4788 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    18:40:52.0551 4788 KSecPkg - ok
    18:40:52.0598 4788 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    18:40:52.0598 4788 ksthunk - ok
    18:40:52.0660 4788 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    18:40:52.0676 4788 KtmRm - ok
    18:40:52.0800 4788 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
    18:40:52.0800 4788 LanmanServer - ok
    18:40:52.0863 4788 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    18:40:52.0878 4788 LanmanWorkstation - ok
    18:40:52.0988 4788 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    18:40:52.0988 4788 LightScribeService - ok
    18:40:53.0019 4788 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    18:40:53.0019 4788 lltdio - ok
    18:40:53.0050 4788 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    18:40:53.0066 4788 lltdsvc - ok
    18:40:53.0081 4788 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    18:40:53.0081 4788 lmhosts - ok
    18:40:53.0112 4788 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    18:40:53.0112 4788 LSI_FC - ok
    18:40:53.0128 4788 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    18:40:53.0128 4788 LSI_SAS - ok
    18:40:53.0144 4788 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    18:40:53.0144 4788 LSI_SAS2 - ok
    18:40:53.0159 4788 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    18:40:53.0159 4788 LSI_SCSI - ok
    18:40:53.0222 4788 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    18:40:53.0222 4788 luafv - ok
    18:40:53.0284 4788 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
    18:40:53.0284 4788 MBAMProtector - ok
    18:40:53.0409 4788 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    18:40:53.0409 4788 MBAMService - ok
    18:40:53.0440 4788 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    18:40:53.0440 4788 Mcx2Svc - ok
    18:40:53.0471 4788 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    18:40:53.0471 4788 megasas - ok
    18:40:53.0502 4788 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    18:40:53.0518 4788 MegaSR - ok
    18:40:53.0565 4788 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    18:40:53.0565 4788 MMCSS - ok
    18:40:53.0596 4788 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    18:40:53.0596 4788 Modem - ok
    18:40:53.0658 4788 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    18:40:53.0658 4788 monitor - ok
    18:40:53.0690 4788 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    18:40:53.0690 4788 mouclass - ok
    18:40:53.0768 4788 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    18:40:53.0768 4788 mouhid - ok
    18:40:53.0799 4788 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    18:40:53.0799 4788 mountmgr - ok
    18:40:53.0861 4788 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    18:40:53.0861 4788 mpio - ok
    18:40:53.0877 4788 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    18:40:53.0877 4788 mpsdrv - ok
    18:40:53.0955 4788 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    18:40:53.0955 4788 MpsSvc - ok
    18:40:53.0986 4788 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    18:40:54.0002 4788 MRxDAV - ok
    18:40:54.0033 4788 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:40:54.0033 4788 mrxsmb - ok
    18:40:54.0064 4788 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:40:54.0064 4788 mrxsmb10 - ok
    18:40:54.0080 4788 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:40:54.0095 4788 mrxsmb20 - ok
    18:40:54.0126 4788 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    18:40:54.0126 4788 msahci - ok
    18:40:54.0173 4788 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    18:40:54.0173 4788 msdsm - ok
    18:40:54.0204 4788 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    18:40:54.0220 4788 MSDTC - ok
    18:40:54.0267 4788 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    18:40:54.0267 4788 Msfs - ok
    18:40:54.0282 4788 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    18:40:54.0282 4788 mshidkmdf - ok
    18:40:54.0314 4788 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    18:40:54.0329 4788 msisadrv - ok
    18:40:54.0376 4788 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    18:40:54.0376 4788 MSiSCSI - ok
    18:40:54.0392 4788 msiserver - ok
    18:40:54.0423 4788 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    18:40:54.0423 4788 MSKSSRV - ok
    18:40:54.0423 4788 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    18:40:54.0438 4788 MSPCLOCK - ok
    18:40:54.0438 4788 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    18:40:54.0438 4788 MSPQM - ok
    18:40:54.0579 4788 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    18:40:54.0594 4788 MsRPC - ok
    18:40:54.0610 4788 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    18:40:54.0641 4788 mssmbios - ok
    18:40:54.0657 4788 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    18:40:54.0657 4788 MSTEE - ok
    18:40:54.0657 4788 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    18:40:54.0672 4788 MTConfig - ok
    18:40:54.0688 4788 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    18:40:54.0688 4788 Mup - ok
    18:40:54.0750 4788 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    18:40:54.0750 4788 napagent - ok
    18:40:54.0797 4788 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    18:40:54.0813 4788 NativeWifiP - ok
    18:40:54.0891 4788 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    18:40:54.0906 4788 NDIS - ok
    18:40:54.0922 4788 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    18:40:54.0922 4788 NdisCap - ok
    18:40:55.0000 4788 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    18:40:55.0000 4788 NdisTapi - ok
    18:40:55.0047 4788 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    18:40:55.0047 4788 Ndisuio - ok
    18:40:55.0109 4788 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    18:40:55.0109 4788 NdisWan - ok
    18:40:55.0125 4788 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    18:40:55.0125 4788 NDProxy - ok
    18:40:55.0140 4788 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    18:40:55.0140 4788 NetBIOS - ok
    18:40:55.0234 4788 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    18:40:55.0234 4788 NetBT - ok
    18:40:55.0250 4788 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:40:55.0250 4788 Netlogon - ok
    18:40:55.0343 4788 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    18:40:55.0343 4788 Netman - ok
    18:40:55.0421 4788 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    18:40:55.0437 4788 netprofm - ok
    18:40:55.0562 4788 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:40:55.0562 4788 NetTcpPortSharing - ok
    18:40:55.0577 4788 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    18:40:55.0577 4788 nfrd960 - ok
    18:40:55.0640 4788 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    18:40:55.0655 4788 NlaSvc - ok
    18:40:55.0655 4788 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    18:40:55.0655 4788 Npfs - ok
    18:40:55.0702 4788 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    18:40:55.0702 4788 nsi - ok
    18:40:55.0718 4788 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    18:40:55.0718 4788 nsiproxy - ok
    18:40:55.0827 4788 nSvcIp (6324eef641c2b6d1b7ec423850b10f82) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    18:40:55.0827 4788 nSvcIp - ok
    18:40:55.0936 4788 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    18:40:55.0952 4788 Ntfs - ok
    18:40:56.0092 4788 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    18:40:56.0092 4788 Null - ok
    18:40:56.0669 4788 nvlddmkm (c967514483fa30a0a352e70bb6414d1d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    18:40:56.0872 4788 nvlddmkm - ok
    18:40:57.0075 4788 NVNET (bd25e03ead63ac3365f25175b4dbd56a) C:\Windows\system32\DRIVERS\nvmf6264.sys
    18:40:57.0075 4788 NVNET - ok
    18:40:57.0106 4788 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    18:40:57.0153 4788 nvraid - ok
    18:40:57.0200 4788 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    18:40:57.0200 4788 nvstor - ok
    18:40:57.0231 4788 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
    18:40:57.0231 4788 nvstor64 - ok
    18:40:57.0278 4788 nvsvc (e26706a65d97ef9188b1d7bfa23c96c2) C:\Windows\system32\nvvsvc.exe
    18:40:57.0293 4788 nvsvc - ok
    18:40:57.0309 4788 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    18:40:57.0309 4788 nv_agp - ok
    18:40:57.0340 4788 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    18:40:57.0340 4788 ohci1394 - ok
    18:40:57.0434 4788 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:40:57.0434 4788 ose - ok
    18:40:57.0699 4788 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    18:40:57.0746 4788 osppsvc - ok
    18:40:57.0902 4788 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    18:40:57.0902 4788 p2pimsvc - ok
    18:40:57.0980 4788 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    18:40:57.0995 4788 p2psvc - ok
    18:40:58.0058 4788 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    18:40:58.0058 4788 Parport - ok
    18:40:58.0136 4788 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    18:40:58.0151 4788 partmgr - ok
    18:40:58.0167 4788 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    18:40:58.0167 4788 PcaSvc - ok
    18:40:58.0245 4788 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    18:40:58.0245 4788 pci - ok
    18:40:58.0260 4788 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    18:40:58.0260 4788 pciide - ok
    18:40:58.0323 4788 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    18:40:58.0323 4788 pcmcia - ok
    18:40:58.0338 4788 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    18:40:58.0338 4788 pcw - ok
    18:40:58.0463 4788 pdfcDispatcher - ok
    18:40:58.0510 4788 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    18:40:58.0526 4788 PEAUTH - ok
    18:40:58.0635 4788 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    18:40:58.0635 4788 PerfHost - ok
    18:40:58.0728 4788 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    18:40:58.0744 4788 pla - ok
    18:40:58.0822 4788 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    18:40:58.0822 4788 PlugPlay - ok
    18:40:58.0869 4788 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    18:40:58.0869 4788 PNRPAutoReg - ok
    18:40:58.0900 4788 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    18:40:58.0900 4788 PNRPsvc - ok
    18:40:59.0025 4788 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    18:40:59.0040 4788 PolicyAgent - ok
    18:40:59.0072 4788 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    18:40:59.0072 4788 Power - ok
    18:40:59.0134 4788 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    18:40:59.0150 4788 PptpMiniport - ok
    18:40:59.0165 4788 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    18:40:59.0196 4788 Processor - ok
    18:40:59.0243 4788 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    18:40:59.0243 4788 ProfSvc - ok
    18:40:59.0306 4788 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:40:59.0306 4788 ProtectedStorage - ok
    18:40:59.0352 4788 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    18:40:59.0352 4788 Psched - ok
    18:40:59.0446 4788 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    18:40:59.0462 4788 ql2300 - ok
    18:40:59.0555 4788 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    18:40:59.0555 4788 ql40xx - ok
    18:40:59.0586 4788 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    18:40:59.0586 4788 QWAVE - ok
    18:40:59.0602 4788 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    18:40:59.0602 4788 QWAVEdrv - ok
    18:40:59.0618 4788 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    18:40:59.0618 4788 RasAcd - ok
    18:40:59.0649 4788 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:40:59.0664 4788 RasAgileVpn - ok
    18:40:59.0664 4788 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    18:40:59.0664 4788 RasAuto - ok
    18:40:59.0711 4788 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:40:59.0711 4788 Rasl2tp - ok
    18:40:59.0774 4788 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    18:40:59.0774 4788 RasMan - ok
    18:40:59.0820 4788 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    18:40:59.0820 4788 RasPppoe - ok
    18:40:59.0836 4788 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    18:40:59.0836 4788 RasSstp - ok
    18:40:59.0898 4788 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    18:40:59.0898 4788 rdbss - ok
    18:40:59.0945 4788 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    18:40:59.0945 4788 rdpbus - ok
    18:40:59.0961 4788 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:40:59.0961 4788 RDPCDD - ok
    18:40:59.0992 4788 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    18:40:59.0992 4788 RDPENCDD - ok
    18:40:59.0992 4788 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    18:40:59.0992 4788 RDPREFMP - ok
    18:41:00.0023 4788 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
    18:41:00.0023 4788 RDPWD - ok
    18:41:00.0086 4788 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    18:41:00.0086 4788 rdyboost - ok
    18:41:00.0117 4788 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    18:41:00.0132 4788 RemoteAccess - ok
    18:41:00.0164 4788 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    18:41:00.0164 4788 RemoteRegistry - ok
    18:41:00.0226 4788 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
    18:41:00.0226 4788 Revoflt - ok
    18:41:00.0335 4788 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    18:41:00.0335 4788 RoxioNow Service - ok
    18:41:00.0366 4788 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    18:41:00.0366 4788 RpcEptMapper - ok
    18:41:00.0398 4788 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    18:41:00.0398 4788 RpcLocator - ok
    18:41:00.0460 4788 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    18:41:00.0460 4788 RpcSs - ok
    18:41:00.0522 4788 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    18:41:00.0522 4788 rspndr - ok
    18:41:00.0554 4788 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:41:00.0554 4788 SamSs - ok
    18:41:00.0632 4788 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    18:41:00.0632 4788 SASDIFSV - ok
    18:41:00.0663 4788 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    18:41:00.0663 4788 SASKUTIL - ok
    18:41:00.0694 4788 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    18:41:00.0710 4788 sbp2port - ok
    18:41:00.0803 4788 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    18:41:00.0803 4788 SBSDWSCService - ok
    18:41:00.0850 4788 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    18:41:00.0866 4788 SCardSvr - ok
    18:41:00.0928 4788 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    18:41:00.0944 4788 scfilter - ok
    18:41:01.0006 4788 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    18:41:01.0022 4788 Schedule - ok
    18:41:01.0053 4788 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
    18:41:01.0053 4788 SCMNdisP - ok
    18:41:01.0084 4788 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    18:41:01.0100 4788 SCPolicySvc - ok
    18:41:01.0131 4788 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    18:41:01.0131 4788 SDRSVC - ok
    18:41:01.0178 4788 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    18:41:01.0178 4788 secdrv - ok
    18:41:01.0209 4788 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    18:41:01.0209 4788 seclogon - ok
    18:41:01.0240 4788 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    18:41:01.0240 4788 SENS - ok
    18:41:01.0271 4788 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    18:41:01.0287 4788 SensrSvc - ok
    18:41:01.0302 4788 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    18:41:01.0318 4788 Serenum - ok
    18:41:01.0334 4788 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    18:41:01.0334 4788 Serial - ok
    18:41:01.0365 4788 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    18:41:01.0365 4788 sermouse - ok
    18:41:01.0412 4788 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    18:41:01.0412 4788 SessionEnv - ok
    18:41:01.0427 4788 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    18:41:01.0427 4788 sffdisk - ok
    18:41:01.0443 4788 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    18:41:01.0443 4788 sffp_mmc - ok
    18:41:01.0474 4788 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    18:41:01.0474 4788 sffp_sd - ok
    18:41:01.0490 4788 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    18:41:01.0490 4788 sfloppy - ok
    18:41:01.0552 4788 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
    18:41:01.0552 4788 Sftfs - ok
    18:41:01.0630 4788 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    18:41:01.0646 4788 sftlist - ok
    18:41:01.0677 4788 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
    18:41:01.0677 4788 Sftplay - ok
    18:41:01.0724 4788 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
    18:41:01.0724 4788 Sftredir - ok
    18:41:01.0739 4788 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
    18:41:01.0739 4788 Sftvol - ok
    18:41:01.0770 4788 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    18:41:01.0770 4788 sftvsa - ok
    18:41:01.0817 4788 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    18:41:01.0817 4788 SharedAccess - ok
    18:41:01.0864 4788 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    18:41:01.0880 4788 ShellHWDetection - ok
    18:41:01.0911 4788 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    18:41:01.0911 4788 SiSRaid2 - ok
    18:41:01.0926 4788 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    18:41:01.0926 4788 SiSRaid4 - ok
    18:41:01.0942 4788 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    18:41:01.0942 4788 Smb - ok
    18:41:02.0020 4788 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    18:41:02.0020 4788 SNMPTRAP - ok
    18:41:02.0036 4788 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    18:41:02.0036 4788 spldr - ok
    18:41:02.0067 4788 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    18:41:02.0082 4788 Spooler - ok
    18:41:02.0207 4788 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    18:41:02.0238 4788 sppsvc - ok
    18:41:02.0316 4788 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    18:41:02.0316 4788 sppuinotify - ok
    18:41:02.0379 4788 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    18:41:02.0379 4788 srv - ok
    18:41:02.0426 4788 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    18:41:02.0426 4788 srv2 - ok
    18:41:02.0441 4788 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    18:41:02.0457 4788 srvnet - ok
    18:41:02.0504 4788 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    18:41:02.0519 4788 SSDPSRV - ok
    18:41:02.0550 4788 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    18:41:02.0550 4788 SstpSvc - ok
    18:41:02.0566 4788 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    18:41:02.0566 4788 stexstor - ok
    18:41:02.0613 4788 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    18:41:02.0613 4788 StillCam - ok
    18:41:02.0660 4788 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    18:41:02.0675 4788 stisvc - ok
    18:41:02.0722 4788 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    18:41:02.0722 4788 swenum - ok
    18:41:02.0753 4788 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    18:41:02.0769 4788 swprv - ok
    18:41:02.0878 4788 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    18:41:02.0894 4788 SysMain - ok
    18:41:02.0987 4788 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    18:41:02.0987 4788 TabletInputService - ok
    18:41:03.0034 4788 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    18:41:03.0034 4788 TapiSrv - ok
    18:41:03.0065 4788 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    18:41:03.0065 4788 TBS - ok
    18:41:03.0221 4788 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    18:41:03.0252 4788 Tcpip - ok
    18:41:03.0377 4788 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    18:41:03.0393 4788 TCPIP6 - ok
    18:41:03.0455 4788 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    18:41:03.0455 4788 tcpipreg - ok
    18:41:03.0486 4788 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    18:41:03.0486 4788 TDPIPE - ok
    18:41:03.0518 4788 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    18:41:03.0518 4788 TDTCP - ok
    18:41:03.0564 4788 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    18:41:03.0564 4788 tdx - ok
    18:41:03.0596 4788 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    18:41:03.0596 4788 TermDD - ok
    18:41:03.0642 4788 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    18:41:03.0658 4788 TermService - ok
    18:41:03.0674 4788 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    18:41:03.0674 4788 Themes - ok
    18:41:03.0689 4788 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    18:41:03.0689 4788 THREADORDER - ok
    18:41:03.0720 4788 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    18:41:03.0720 4788 TrkWks - ok
    18:41:03.0814 4788 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    18:41:03.0814 4788 TrustedInstaller - ok
    18:41:03.0845 4788 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:41:03.0845 4788 tssecsrv - ok
    18:41:03.0892 4788 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    18:41:03.0892 4788 TsUsbFlt - ok
    18:41:03.0954 4788 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    18:41:03.0954 4788 tunnel - ok
    18:41:03.0986 4788 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    18:41:03.0986 4788 uagp35 - ok
    18:41:04.0048 4788 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    18:41:04.0048 4788 udfs - ok
    18:41:04.0079 4788 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    18:41:04.0095 4788 UI0Detect - ok
    18:41:04.0126 4788 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    18:41:04.0126 4788 uliagpkx - ok
    18:41:04.0157 4788 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    18:41:04.0157 4788 umbus - ok
    18:41:04.0188 4788 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    18:41:04.0188 4788 UmPass - ok
    18:41:04.0220 4788 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    18:41:04.0235 4788 upnphost - ok
    18:41:04.0251 4788 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
    18:41:04.0251 4788 USBAAPL64 - ok
    18:41:04.0282 4788 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    18:41:04.0282 4788 usbccgp - ok
    18:41:04.0313 4788 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    18:41:04.0313 4788 usbcir - ok
    18:41:04.0360 4788 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    18:41:04.0360 4788 usbehci - ok
    18:41:04.0407 4788 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    18:41:04.0407 4788 usbhub - ok
    18:41:04.0438 4788 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    18:41:04.0438 4788 usbohci - ok
    18:41:04.0469 4788 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    18:41:04.0469 4788 usbprint - ok
    18:41:04.0500 4788 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    18:41:04.0500 4788 usbscan - ok
    18:41:04.0547 4788 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:41:04.0547 4788 USBSTOR - ok
    18:41:04.0547 4788 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    18:41:04.0563 4788 usbuhci - ok
    18:41:04.0594 4788 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    18:41:04.0594 4788 UxSms - ok
    18:41:04.0610 4788 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    18:41:04.0610 4788 VaultSvc - ok
    18:41:04.0641 4788 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    18:41:04.0641 4788 vdrvroot - ok
    18:41:04.0703 4788 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    18:41:04.0719 4788 vds - ok
    18:41:04.0734 4788 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    18:41:04.0734 4788 vga - ok
    18:41:04.0750 4788 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    18:41:04.0766 4788 VgaSave - ok
    18:41:04.0797 4788 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    18:41:04.0797 4788 vhdmp - ok
    18:41:04.0812 4788 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    18:41:04.0812 4788 viaide - ok
    18:41:04.0859 4788 VideoScavenger_1eService - ok
    18:41:04.0890 4788 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    18:41:04.0890 4788 volmgr - ok
    18:41:04.0937 4788 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    18:41:04.0953 4788 volmgrx - ok
    18:41:05.0000 4788 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    18:41:05.0000 4788 volsnap - ok
    18:41:05.0046 4788 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    18:41:05.0046 4788 vsmraid - ok
    18:41:05.0124 4788 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    18:41:05.0156 4788 VSS - ok
    18:41:05.0234 4788 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    18:41:05.0234 4788 vwifibus - ok
    18:41:05.0265 4788 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    18:41:05.0265 4788 vwififlt - ok
    18:41:05.0327 4788 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    18:41:05.0327 4788 W32Time - ok
    18:41:05.0343 4788 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    18:41:05.0343 4788 WacomPen - ok
    18:41:05.0436 4788 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    18:41:05.0436 4788 WANARP - ok
    18:41:05.0436 4788 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    18:41:05.0436 4788 Wanarpv6 - ok
    18:41:05.0530 4788 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    18:41:05.0546 4788 WatAdminSvc - ok
    18:41:05.0639 4788 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    18:41:05.0670 4788 wbengine - ok
    18:41:05.0733 4788 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    18:41:05.0748 4788 WbioSrvc - ok
    18:41:05.0795 4788 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    18:41:05.0795 4788 wcncsvc - ok
    18:41:05.0826 4788 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    18:41:05.0826 4788 WcsPlugInService - ok
    18:41:05.0873 4788 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    18:41:05.0873 4788 Wd - ok
    18:41:05.0936 4788 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    18:41:05.0936 4788 Wdf01000 - ok
    18:41:05.0967 4788 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    18:41:05.0967 4788 WdiServiceHost - ok
    18:41:05.0967 4788 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    18:41:05.0982 4788 WdiSystemHost - ok
    18:41:06.0029 4788 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    18:41:06.0029 4788 WebClient - ok
    18:41:06.0060 4788 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    18:41:06.0076 4788 Wecsvc - ok
    18:41:06.0076 4788 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    18:41:06.0092 4788 wercplsupport - ok
    18:41:06.0123 4788 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    18:41:06.0123 4788 WerSvc - ok
    18:41:06.0201 4788 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    18:41:06.0201 4788 WfpLwf - ok
    18:41:06.0216 4788 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    18:41:06.0216 4788 WIMMount - ok
    18:41:06.0248 4788 WinDefend - ok
    18:41:06.0263 4788 WinHttpAutoProxySvc - ok
    18:41:06.0310 4788 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    18:41:06.0310 4788 Winmgmt - ok
    18:41:06.0404 4788 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    18:41:06.0419 4788 WinRM - ok
    18:41:06.0528 4788 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    18:41:06.0528 4788 WinUsb - ok
    18:41:06.0575 4788 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    18:41:06.0591 4788 Wlansvc - ok
    18:41:06.0622 4788 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    18:41:06.0622 4788 WmiAcpi - ok
    18:41:06.0669 4788 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    18:41:06.0669 4788 wmiApSrv - ok
    18:41:06.0762 4788 WMPNetworkSvc - ok
    18:41:06.0778 4788 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    18:41:06.0778 4788 WPCSvc - ok
    18:41:06.0825 4788 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    18:41:06.0825 4788 WPDBusEnum - ok
    18:41:06.0856 4788 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    18:41:06.0856 4788 ws2ifsl - ok
    18:41:06.0887 4788 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    18:41:06.0903 4788 wscsvc - ok
    18:41:06.0903 4788 WSearch - ok
    18:41:06.0965 4788 WSWNA1100 (35a20217c4d06d1d36a3addfd8ce58c2) C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
    18:41:06.0965 4788 WSWNA1100 - ok
    18:41:07.0074 4788 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    18:41:07.0106 4788 wuauserv - ok
    18:41:07.0215 4788 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    18:41:07.0215 4788 WudfPf - ok
    18:41:07.0262 4788 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:41:07.0262 4788 WUDFRd - ok
    18:41:07.0293 4788 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    18:41:07.0293 4788 wudfsvc - ok
    18:41:07.0324 4788 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    18:41:07.0340 4788 WwanSvc - ok
    18:41:07.0355 4788 MBR (0x1B8) (1f691ff5b785d6413bc581cc9565f0d8) \Device\Harddisk0\DR0
    18:41:07.0464 4788 \Device\Harddisk0\DR0 - ok
    18:41:07.0464 4788 Boot (0x1200) (b84a99d1ff63b7156108962c9bedcba0) \Device\Harddisk0\DR0\Partition0
    18:41:07.0480 4788 \Device\Harddisk0\DR0\Partition0 - ok
    18:41:07.0480 4788 Boot (0x1200) (b549abfba84e1b05c3cc1f20db6083ad) \Device\Harddisk0\DR0\Partition1
    18:41:07.0496 4788 \Device\Harddisk0\DR0\Partition1 - ok
    18:41:07.0527 4788 Boot (0x1200) (424a8c952a050cd96b8c9574f245f654) \Device\Harddisk0\DR0\Partition2
    18:41:07.0542 4788 \Device\Harddisk0\DR0\Partition2 - ok
    18:41:07.0542 4788 ============================================================
    18:41:07.0542 4788 Scan finished
    18:41:07.0542 4788 ============================================================
    18:41:07.0574 3788 Detected object count: 0
    18:41:07.0574 3788 Actual detected object count: 0
    18:50:06.0587 4932 Deinitialize success
     
  15. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi again

    Nothing there.


    Download Yorkyt.exe and save to your Desktop.



    Double click the Yorkyt.exe to run it, Vista or Windows 7 user right click and "Run as Administrator"


    [​IMG]


    Select Yes to restart at the prompt.


    [​IMG]


    Let it restart again when prompted.


    [​IMG]


    Be patient as the tool is working after the 2nd reboot.


    [​IMG]


    When you see the above, test to see if browser redirects are present or not.

    Attach the Yorkyt.exe.log to your next message (it should be on your desktop)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1051777