1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Computer sluggish, pages deconstructing

Discussion in 'Malware and Virus Removal Archive' started by jewelianne, 2012/05/29.

  1. 2012/05/29
    jewelianne

    jewelianne Inactive Thread Starter

    Joined:
    2009/09/27
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    81
    Location:
    New York
    Computer Experience:
    Intermediate
    [Inactive] Computer sluggish, pages deconstructing

    After getting my system clean in March I created a separate account for my son, using WOT, Traffic light, Spybot, MBAM, and Threatfire but somehow still we started having problems again.

    My son's pages are loading as if they are under construction and the computer is sluggish. We had Avast say a Malicious something had been detected and Threatfire said there was suspicious activity detected.

    I ran my scans and they are clean but after running the TFC I found two ghost files on my desktop named desktop.ini and when I hover they say configuration settings.

    I tried to run the necessary scans as per the rules to posting.I ran MBAM and GMER but during asw.MBR the computer screen went to colorful static then it crashed. Then the screen came up saying that it did this to protect my files and opened itself in SafeMode. I didn't know what to do so I restarted just to get here. I did copy all that is said though.

    Problem Signature:
    Problem Event Name Blue Screen
    OS Version 6.7.7601.2.1.0.768.3
    Local ID

    Additional information about the problem

    BCcode 109
    BCP1 A3A039D89950A9F2
    BCP2 B3B7465EEBCEE5F0
    BCP3 FFFFF880009F6540
    BCP4 0000000000000002

    Files that help describe the problem:

    c:\Windows\minidump\052912-18345-01.dmp
    c:\Users\Julianne\Appdata\Local\Temp\WER-39858-0.sysdata.xml


    Here is the MBAM log:

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.29.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Julianne :: JULIANNE-HP [administrator]

    5/29/2012 10:16:32 AM
    mbam-log-2012-05-29 (10-16-32).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 226760
    Time elapsed: 2 minute(s), 38 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    Nothing came up for the GMER.log it was completely blank. Not sure if that is normal or if it is just my system acting up.

    I re-ran GMER and still no log but I also went ahead and ran the DDS and here are the logs for that.

    DDS.txt
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
    Run by Julianne at 12:13:02 on 2012-05-29
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2565 [GMT -4:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\ThreatFire\TFService.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
    C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
    C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    C:\Program Files (x86)\NetZero DSL\ConnectionCenter.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\ThreatFire\TFTray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Secunia\PSI\sua.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll "
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: NetZero DSL: {8e613eaf-e16e-415c-bd39-f71d6a3b5518} - C:\Program Files (x86)\NetZero DSL\Toolbar.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll "
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
    uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
    uRun: [Google Update] "C:\Users\Julianne\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [NetZeroDSL] "C:\Program Files (x86)\NetZero DSL\ConnectionCenter.exe "
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{3E881719-4591-4876-9C61-34D4012ADC89} : DhcpNameServer = 192.168.1.254
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll "
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: NetZero DSL: {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - C:\Program Files (x86)\NetZero DSL\Toolbar.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll "
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun-x64: [NetZeroDSL] "C:\Program Files (x86)\NetZero DSL\ConnectionCenter.exe "
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Julianne\AppData\Roaming\Mozilla\Firefox\Profiles\f8aujxuc.default\
    FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.goodskins.com/flying_hearts/
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Julianne\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Julianne\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: general.useragent.extra.brc -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys --> C:\Windows\system32\drivers\amd_sata.sys [?]
    R0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys --> C:\Windows\system32\drivers\amd_xata.sys [?]
    R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?]
    R0 TfSysMon;TfSysMon;C:\Windows\system32\drivers\TfSysMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-11 44768]
    R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-8-4 1128952]
    R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-22 1153368]
    R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
    R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
    R2 ThreatFire;ThreatFire;C:\Program Files (x86)\ThreatFire\TFService.exe service --> C:\Program Files (x86)\ThreatFire\TFService.exe service [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\drivers\usbfilter.sys --> C:\Windows\system32\drivers\usbfilter.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 257696]
    S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-3-31 129976]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-05-29 14:09:46 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{844A4127-1A88-41EA-89CE-B7E71D0947D8}\mpengine.dll
    2012-05-29 07:00:07 -------- d-----w- C:\Users\Julianne\AppData\Local\{ECAF1FA6-4001-431A-AD41-586443C37807}
    2012-05-29 06:59:09 -------- d-----w- C:\Users\Julianne\AppData\Local\{CD013322-D2E6-4819-9232-B2E04BFA6FF2}
    2012-05-28 15:07:47 -------- d-----w- C:\Users\Julianne\AppData\Local\{C707A5F6-79B3-4F17-A29A-37092272D8BB}
    2012-05-28 15:07:36 -------- d-----w- C:\Users\Julianne\AppData\Local\{10417130-05CE-461E-BEA3-946D062D53F1}
    2012-05-28 02:40:48 -------- d-----w- C:\Users\Julianne\AppData\Local\{38E70F63-3D10-47F8-862E-E7AE6A2C5C67}
    2012-05-27 13:09:03 -------- d-----w- C:\Users\Julianne\AppData\Local\{17D48ACD-1913-49C8-BD53-C0967C5C89BC}
    2012-05-27 13:08:17 -------- d-----w- C:\Users\Julianne\AppData\Local\{7154A44F-2F49-4078-BB40-09C11BAD59D6}
    2012-05-26 13:51:39 -------- d-----w- C:\Users\Julianne\AppData\Local\{BED70FC9-AD64-438A-B8C1-99F812541833}
    2012-05-26 13:51:28 -------- d-----w- C:\Users\Julianne\AppData\Local\{656EBACB-6180-4D5F-A004-09DF4ADACD83}
    2012-05-26 01:51:00 -------- d-----w- C:\Users\Julianne\AppData\Local\{2D4B4B0B-B0B0-45ED-A714-86687EFC99C9}
    2012-05-25 13:06:29 -------- d-----w- C:\Users\Julianne\AppData\Local\{B1938B2B-7233-48FD-8D56-EECF0BBDA12C}
    2012-05-25 13:06:18 -------- d-----w- C:\Users\Julianne\AppData\Local\{82632408-0734-4F6E-8EEA-376CECF9EF90}
    2012-05-25 01:05:52 -------- d-----w- C:\Users\Julianne\AppData\Local\{6C06B308-E783-4A6F-8E34-6083FAE8D0DF}
    2012-05-25 01:05:41 -------- d-----w- C:\Users\Julianne\AppData\Local\{EDABBE79-B601-4759-9ED4-D7EFA244D43F}
    2012-05-24 13:05:14 -------- d-----w- C:\Users\Julianne\AppData\Local\{D9156E7C-9714-40D7-B2FF-3678BBDAEA00}
    2012-05-24 13:05:03 -------- d-----w- C:\Users\Julianne\AppData\Local\{CC2487C7-B63E-4F31-A292-4E8C0F16C5CE}
    2012-05-24 00:41:32 -------- d-----w- C:\Users\Julianne\AppData\Local\{60DDAD69-95E8-48E1-BD1B-CE05E30CA6E1}
    2012-05-24 00:41:21 -------- d-----w- C:\Users\Julianne\AppData\Local\{752932D6-AF58-4A85-9567-A77541D1BAA5}
    2012-05-23 13:41:06 -------- d-----w- C:\Program Files (x86)\Watchtower
    2012-05-23 11:42:37 -------- d-----w- C:\Users\Julianne\AppData\Local\{1225F61F-4DAB-4C81-8EBA-433809FFC255}
    2012-05-23 11:42:23 -------- d-----w- C:\Users\Julianne\AppData\Local\{3B06F685-BD6A-4FE9-978F-24A5F30A64F0}
    2012-05-22 15:21:58 -------- d-----w- C:\Users\Julianne\AppData\Local\{A25B85CB-0CE0-497E-9384-3B2043205D16}
    2012-05-22 15:21:47 -------- d-----w- C:\Users\Julianne\AppData\Local\{C774EF1A-AF66-4CF4-B596-47C1058D0D3D}
    2012-05-22 01:00:44 -------- d-----w- C:\Users\Julianne\AppData\Local\{D116329D-271B-4CFD-A600-A02C30CBD476}
    2012-05-21 11:26:23 -------- d-----w- C:\Users\Julianne\AppData\Local\{79876FB9-05B4-4E88-BA8D-09FDA3B61DB2}
    2012-05-21 11:25:57 -------- d-----w- C:\Users\Julianne\AppData\Local\{5B99A50F-3E13-48B1-A36B-E0BE79FCB2A2}
    2012-05-20 03:29:22 -------- d-----w- C:\Users\Julianne\AppData\Local\{E3C31101-2317-41FF-A7E3-79574E7A1CDE}
    2012-05-19 14:12:28 -------- d-----w- C:\Users\Julianne\AppData\Local\{179CC938-DE44-4E2D-91DE-A1E5EC7B2CF0}
    2012-05-19 14:11:39 -------- d-----w- C:\Users\Julianne\AppData\Local\{2AD9E14C-F4A0-4B56-B900-56D4A26C91C9}
    2012-05-18 02:16:46 -------- d-----w- C:\Users\Julianne\AppData\Local\{09D2E8F5-FA64-4080-94FF-7999A977DBF0}
    2012-05-17 13:04:15 -------- d-----w- C:\Users\Julianne\AppData\Local\{8DCC597E-F0DA-4573-AC3D-6C3D2FAF35F0}
    2012-05-17 13:04:04 -------- d-----w- C:\Users\Julianne\AppData\Local\{ADAA8081-5C8A-4431-BFA8-C63056CC9424}
    2012-05-17 00:32:06 -------- d-----w- C:\Users\Julianne\AppData\Local\{C99EB3AA-36CD-4B49-90D1-CCCEA299F7EC}
    2012-05-17 00:31:55 -------- d-----w- C:\Users\Julianne\AppData\Local\{AFAF5B3E-1696-40A6-B542-B14D9759DC81}
    2012-05-14 18:22:40 -------- d-----w- C:\Users\Julianne\AppData\Local\{0FDAAA57-C1BD-43AF-8BCE-EA4A27FADF14}
    2012-05-14 18:22:29 -------- d-----w- C:\Users\Julianne\AppData\Local\{8BE477BD-F00B-4040-86FC-AC5B2DB4EBE6}
    2012-05-12 02:46:52 1544704 ----a-w- C:\Windows\System32\DWrite.dll
    2012-05-12 02:46:52 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-05-12 02:46:48 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-12 02:46:48 3146240 ----a-w- C:\Windows\System32\win32k.sys
    2012-05-12 02:46:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-12 02:46:47 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-12 02:38:27 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
    2012-05-12 02:36:25 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-05-12 02:35:57 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-12 02:35:57 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2012-05-12 02:35:57 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    2012-05-12 02:35:57 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2012-05-12 02:35:57 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-10 13:50:04 -------- d-----w- C:\Users\Julianne\AppData\Local\{26DB4334-E2C3-43A5-95DF-4E9AB745DD34}
    2012-05-10 13:49:02 -------- d-----w- C:\Users\Julianne\AppData\Local\{EF6DC9D4-4150-4A84-B752-4EBC49E81152}
    2012-05-09 00:44:12 -------- d-----w- C:\Users\Julianne\AppData\Local\{C834BA37-432D-4659-B313-76875B3E8760}
    2012-05-08 14:33:58 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-05-08 14:33:58 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-05-08 12:33:39 -------- d-----w- C:\Users\Julianne\AppData\Local\{A4E8CD14-B931-4D49-8F53-231DD3A76E2D}
    2012-05-08 12:33:25 -------- d-----w- C:\Users\Julianne\AppData\Local\{131E2365-4DD1-4D6D-B42A-78E9E2B2BA07}
    2012-05-07 12:44:29 -------- d-----w- C:\Users\Julianne\AppData\Local\{2242ADD8-4D10-40DD-BFAF-EDD00C405DA4}
    2012-05-07 12:43:13 -------- d-----w- C:\Users\Julianne\AppData\Local\{82BB59D8-DED8-400A-B29B-4E5774712290}
    2012-05-04 12:37:09 -------- d-----w- C:\Users\Julianne\AppData\Local\{EEFFB2AB-1495-449B-9925-B1B2B01D9BF7}
    2012-05-04 12:36:14 -------- d-----w- C:\Users\Julianne\AppData\Local\{D1FE093E-AC8E-4E0A-AE6F-9A065A7D31EF}
    2012-05-03 15:39:12 -------- d-----w- C:\Users\Julianne\AppData\Local\{DEC656AD-2197-4A1F-8A36-40510E159200}
    2012-05-03 15:38:56 -------- d-----w- C:\Users\Julianne\AppData\Local\{C8B0F684-74CE-4579-BCBA-B147E9AAF974}
    2012-05-02 00:37:05 -------- d-----w- C:\Users\Julianne\AppData\Local\{3F0277FA-7241-4AC3-8E51-C3EEB93CFB78}
    2012-05-01 12:36:40 -------- d-----w- C:\Users\Julianne\AppData\Local\{86D68D6E-FCDA-438B-A275-567E32A288BC}
    2012-05-01 12:36:26 -------- d-----w- C:\Users\Julianne\AppData\Local\{41808622-65EA-419F-952D-ECE0A0D4E4BE}
    2012-05-01 00:28:05 -------- d-----w- C:\Users\Julianne\AppData\Local\{62C992C2-0276-46D1-862B-C4CA40A7EE73}
    2012-04-30 01:09:06 -------- d-----w- C:\Users\Julianne\AppData\Local\{9523FFEF-7388-4818-8818-89895F81EE2D}
    2012-04-30 01:08:55 -------- d-----w- C:\Users\Julianne\AppData\Local\{2E7C0AB4-A8E6-4935-AC5C-5635898CA157}
    .
    ==================== Find3M ====================
    .
    2012-05-07 02:23:51 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-07 02:23:51 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-07 02:23:44 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-01 12:45:11 955848 ----a-w- C:\Windows\System32\npdeployJava1.dll
    2012-05-01 12:45:11 839112 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-04-02 13:39:27 231440 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
    2012-03-08 22:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
    2012-03-08 22:40:52 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
    2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
    2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
    2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-03-06 23:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    .
    ============= FINISH: 12:16:26.19 ===============


    Attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/11/2011 4:37:17 PM
    System Uptime: 5/29/2012 11:27:32 AM (1 hours ago)
    .
    Motherboard: FOXCONN | | 2AB1
    Processor: AMD Athlon(tm) II X2 260 Processor | CPU 1 | 800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 454 GiB total, 408.01 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 1.368 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP118: 5/4/2012 12:21:33 PM - HPSF Restore Point
    RP119: 5/11/2012 10:02:51 PM - Scheduled Checkpoint
    RP120: 5/11/2012 10:22:46 PM - Windows Update
    RP121: 5/12/2012 3:00:11 AM - Windows Update
    RP122: 5/15/2012 12:39:22 PM - Windows Update
    RP123: 5/22/2012 10:19:29 AM - Windows Update
    RP124: 5/24/2012 8:10:45 PM - Windows Update
    RP125: 5/29/2012 10:09:20 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Reader X (10.1.3)
    Agatha Christie - Peril at End House
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    avast! Free Antivirus
    Bejeweled 2 Deluxe
    Bejeweled 3
    Belarc Advisor 8.2
    Bing Bar
    Blackhawk Striker 2
    Blasterball 3
    Blio
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCScore
    Chuzzle Deluxe
    CodeStuff Starter
    D3DX10
    Diner Dash 2 Restaurant Rescue
    Dora's World Adventure
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    Farm Frenzy
    FATE - The Traitor Soul
    fflink
    FileHippo.com Update Checker
    Google Chrome
    Hewlett-Packard ACLM.NET v1.1.2.0
    Homeschool Tracker Basic
    HP Customer Experience Enhancements
    HP Games
    HP LinkUp
    HP MediaSmart/TouchSmart Netflix
    HP MovieStore
    HP Odometer
    HP Product Detection
    HP Setup
    HP Setup Manager
    HP Support Assistant
    HP Support Information
    HP Update
    Hulu Desktop
    HydraVision
    Java Auto Updater
    Java(TM) 6 Update 31
    Junk Mail filter update
    kgcbaby
    kgchday
    kgchlwn
    kgcinvt
    kgckids
    kgcmove
    kgcvday
    Kobo
    Kodak EasyShare software
    LabelPrint
    Mah Jong Medley
    Malwarebytes Anti-Malware version 1.61.0.1400
    Mesh Runtime
    Messenger Companion
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft WSE 3.0 Runtime
    Middle School Success
    Mozilla Firefox 12.0 (x86 en-GB)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery P.I. - Stolen in San Francisco
    Namco All-Stars PAC-MAN
    netbrdg
    NetZero DSL (remove only)
    Norton Online Backup
    OfotoXMI
    OpenOffice.org 3.3
    PDF Complete Special Edition
    Penguins!
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PressReader
    QuickTime
    Rainlendar2 (remove only)
    Realtek High Definition Audio Driver
    Recovery Manager
    Remote Graphics Receiver
    RoxioNow Player
    Secunia PSI (2.0.0.4003)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    SFR
    SHASTA
    skin0001
    SKINXSDK
    Slingo Supreme
    Spybot - Search & Destroy
    staticcr
    Ten Thumbs 4.7
    ThreatFire
    Topics Learning High School Success
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update Installer for WildTangent Games App
    Virtual Villagers 4 - The Tree of Life
    VPRINTOL
    Watchtower Library 2011 - English
    Wheel of Fortune 2
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WIRELESS
    Yahoo! Detect
    Zinio Reader 4
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/29/2012 4:24:59 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxcf_device service to connect.
    5/29/2012 4:24:59 AM, Error: Service Control Manager [7000] - The lxcf_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/29/2012 4:24:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service lxcf_device with arguments " " in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}
    5/29/2012 11:25:17 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    5/29/2012 11:09:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    5/29/2012 11:09:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    5/29/2012 11:09:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    5/29/2012 11:09:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    5/29/2012 11:09:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    5/29/2012 11:09:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    5/29/2012 11:09:07 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
    5/29/2012 11:09:06 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    5/29/2012 11:09:06 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    5/29/2012 11:09:06 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    5/29/2012 11:09:06 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    5/29/2012 11:09:06 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    5/29/2012 11:09:06 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    5/29/2012 11:09:06 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    5/29/2012 11:09:06 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    5/29/2012 11:09:06 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    5/29/2012 11:09:06 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/29/2012 11:09:06 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    5/29/2012 11:09:05 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000109 (0xa3a039d89950a9f2, 0xb3b7465eebcee5f0, 0xfffff880009f6540, 0x0000000000000002). A dump was saved in: C:\Windows\Minidump\052912-18345-01.dmp. Report Id: 052912-18345-01.
    5/28/2012 11:07:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    5/27/2012 9:10:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ThreatFire service.
    5/27/2012 10:40:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    5/26/2012 2:50:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Client Services service to connect.
    5/24/2012 9:36:38 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PDF Document Manager service to connect.
    5/24/2012 9:36:38 AM, Error: Service Control Manager [7000] - The PDF Document Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================


    GMER has Services, Registry, Files, C:\ and ADS checked and when it is finished running it says, GMER hasn't found any System modification.
     
    Last edited: 2012/05/29
  2. 2012/05/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =========================================================

    Open Windows Explorer, go Tools>Folder options>View tab and checkmark "Hide protected operating system files ".
    Click OK.

    Is your account working normally?

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     

  3. to hide this advert.

  4. 2012/05/29
    jewelianne

    jewelianne Inactive Thread Starter

    Joined:
    2009/09/27
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    81
    Location:
    New York
    Computer Experience:
    Intermediate
    Those were not done today but when I first discovered that I had issues, I posted it because of what had resulted from it.

    When I open Windows Explorer it takes me to Libraries and I can't find any tools option. What am I missing?
     
  5. 2012/05/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Click Organize>Layout>Menu bar
    Menu bar will appear and you'll see Tools tab.
     
  6. 2012/05/29
    jewelianne

    jewelianne Inactive Thread Starter

    Joined:
    2009/09/27
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    81
    Location:
    New York
    Computer Experience:
    Intermediate
    Thanks for the toolbar and the ghost files have left the desktop.
     
  7. 2012/05/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    You didn't say:
    I still need Bootkit Remover log.
     
  8. 2012/05/29
    jewelianne

    jewelianne Inactive Thread Starter

    Joined:
    2009/09/27
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    81
    Location:
    New York
    Computer Experience:
    Intermediate
    Not yet.

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  9. 2012/05/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  10. 2012/05/29
    jewelianne

    jewelianne Inactive Thread Starter

    Joined:
    2009/09/27
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    81
    Location:
    New York
    Computer Experience:
    Intermediate
    22:09:20.0242 4392 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
    22:09:20.0835 4392 ============================================================
    22:09:20.0835 4392 Current date / time: 2012/05/29 22:09:20.0835
    22:09:20.0835 4392 SystemInfo:
    22:09:20.0835 4392
    22:09:20.0835 4392 OS Version: 6.1.7601 ServicePack: 1.0
    22:09:20.0835 4392 Product type: Workstation
    22:09:20.0835 4392 ComputerName: JULIANNE-HP
    22:09:20.0835 4392 UserName: Julianne
    22:09:20.0835 4392 Windows directory: C:\Windows
    22:09:20.0835 4392 System windows directory: C:\Windows
    22:09:20.0835 4392 Running under WOW64
    22:09:20.0835 4392 Processor architecture: Intel x64
    22:09:20.0835 4392 Number of processors: 2
    22:09:20.0835 4392 Page size: 0x1000
    22:09:20.0835 4392 Boot type: Normal boot
    22:09:20.0835 4392 ============================================================
    22:09:34.0719 4392 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:09:34.0735 4392 ============================================================
    22:09:34.0735 4392 \Device\Harddisk0\DR0:
    22:09:34.0735 4392 MBR partitions:
    22:09:34.0735 4392 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    22:09:34.0735 4392 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38CF0000
    22:09:34.0735 4392 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38D22800, BlocksNum 0x1663000
    22:09:34.0735 4392 ============================================================
    22:09:34.0750 4392 C: <-> \Device\Harddisk0\DR0\Partition1
    22:09:34.0797 4392 D: <-> \Device\Harddisk0\DR0\Partition2
    22:09:34.0797 4392 ============================================================
    22:09:34.0797 4392 Initialize success
    22:09:34.0797 4392 ============================================================
    22:09:49.0835 1460 ============================================================
    22:09:49.0835 1460 Scan started
    22:09:49.0835 1460 Mode: Manual;
    22:09:49.0835 1460 ============================================================
    22:09:50.0350 1460 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    22:09:50.0366 1460 1394ohci - ok
    22:09:50.0460 1460 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    22:09:50.0460 1460 ACDaemon - ok
    22:09:50.0522 1460 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    22:09:50.0538 1460 ACPI - ok
    22:09:50.0584 1460 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    22:09:50.0584 1460 AcpiPmi - ok
    22:09:50.0662 1460 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    22:09:50.0662 1460 AdobeARMservice - ok
    22:09:50.0787 1460 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    22:09:50.0787 1460 AdobeFlashPlayerUpdateSvc - ok
    22:09:50.0865 1460 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    22:09:50.0865 1460 adp94xx - ok
    22:09:50.0912 1460 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    22:09:50.0912 1460 adpahci - ok
    22:09:50.0943 1460 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    22:09:50.0959 1460 adpu320 - ok
    22:09:50.0990 1460 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    22:09:50.0990 1460 AeLookupSvc - ok
    22:09:51.0052 1460 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    22:09:51.0052 1460 AFD - ok
    22:09:51.0084 1460 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    22:09:51.0084 1460 agp440 - ok
    22:09:51.0099 1460 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    22:09:51.0099 1460 ALG - ok
    22:09:51.0130 1460 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    22:09:51.0130 1460 aliide - ok
    22:09:51.0193 1460 AMD External Events Utility (2fdcb3e855076ce97ccb58e2cf8f2a09) C:\Windows\system32\atiesrxx.exe
    22:09:51.0193 1460 AMD External Events Utility - ok
    22:09:51.0208 1460 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    22:09:51.0224 1460 amdide - ok
    22:09:51.0255 1460 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
    22:09:51.0255 1460 amdiox64 - ok
    22:09:51.0286 1460 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    22:09:51.0286 1460 AmdK8 - ok
    22:09:52.0066 1460 amdkmdag (9920704bf815a5b42da5264f013aaeb7) C:\Windows\system32\DRIVERS\atikmdag.sys
    22:09:52.0222 1460 amdkmdag - ok
    22:09:52.0394 1460 amdkmdap (0d1055a47a8f5dc1caa2701831293ebb) C:\Windows\system32\DRIVERS\atikmpag.sys
    22:09:52.0394 1460 amdkmdap - ok
    22:09:52.0441 1460 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
    22:09:52.0441 1460 AmdPPM - ok
    22:09:52.0488 1460 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    22:09:52.0488 1460 amdsata - ok
    22:09:52.0534 1460 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    22:09:52.0534 1460 amdsbs - ok
    22:09:52.0566 1460 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    22:09:52.0566 1460 amdxata - ok
    22:09:52.0597 1460 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\drivers\amd_sata.sys
    22:09:52.0597 1460 amd_sata - ok
    22:09:52.0597 1460 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\drivers\amd_xata.sys
    22:09:52.0612 1460 amd_xata - ok
    22:09:52.0675 1460 AODDriver4.0 - ok
    22:09:52.0722 1460 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    22:09:52.0722 1460 AppID - ok
    22:09:52.0753 1460 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    22:09:52.0753 1460 AppIDSvc - ok
    22:09:52.0768 1460 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    22:09:52.0768 1460 Appinfo - ok
    22:09:52.0831 1460 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    22:09:52.0831 1460 arc - ok
    22:09:52.0846 1460 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    22:09:52.0846 1460 arcsas - ok
    22:09:52.0924 1460 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    22:09:52.0940 1460 aspnet_state - ok
    22:09:52.0971 1460 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
    22:09:52.0971 1460 aswFsBlk - ok
    22:09:52.0987 1460 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
    22:09:52.0987 1460 aswMonFlt - ok
    22:09:53.0018 1460 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
    22:09:53.0018 1460 aswRdr - ok
    22:09:53.0096 1460 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
    22:09:53.0112 1460 aswSnx - ok
    22:09:53.0143 1460 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
    22:09:53.0143 1460 aswSP - ok
    22:09:53.0158 1460 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
    22:09:53.0158 1460 aswTdi - ok
    22:09:53.0190 1460 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    22:09:53.0190 1460 AsyncMac - ok
    22:09:53.0221 1460 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    22:09:53.0221 1460 atapi - ok
    22:09:53.0314 1460 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
    22:09:53.0314 1460 AtiHDAudioService - ok
    22:09:53.0361 1460 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys
    22:09:53.0361 1460 AtiPcie - ok
    22:09:53.0439 1460 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    22:09:53.0455 1460 AudioEndpointBuilder - ok
    22:09:53.0470 1460 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    22:09:53.0470 1460 AudioSrv - ok
    22:09:53.0517 1460 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    22:09:53.0517 1460 avast! Antivirus - ok
    22:09:53.0564 1460 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    22:09:53.0564 1460 AxInstSV - ok
    22:09:53.0626 1460 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    22:09:53.0642 1460 b06bdrv - ok
    22:09:53.0673 1460 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    22:09:53.0689 1460 b57nd60a - ok
    22:09:53.0798 1460 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    22:09:53.0798 1460 BBSvc - ok
    22:09:53.0845 1460 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    22:09:53.0845 1460 BDESVC - ok
    22:09:53.0876 1460 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    22:09:53.0876 1460 Beep - ok
    22:09:53.0954 1460 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    22:09:53.0954 1460 BFE - ok
    22:09:54.0048 1460 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
    22:09:54.0063 1460 BITS - ok
    22:09:54.0094 1460 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
    22:09:54.0094 1460 blbdrive - ok
    22:09:54.0141 1460 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    22:09:54.0157 1460 bowser - ok
    22:09:54.0188 1460 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    22:09:54.0204 1460 BrFiltLo - ok
    22:09:54.0204 1460 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    22:09:54.0219 1460 BrFiltUp - ok
    22:09:54.0266 1460 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    22:09:54.0266 1460 BridgeMP - ok
    22:09:54.0313 1460 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    22:09:54.0313 1460 Browser - ok
    22:09:54.0375 1460 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    22:09:54.0375 1460 Brserid - ok
    22:09:54.0406 1460 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    22:09:54.0406 1460 BrSerWdm - ok
    22:09:54.0422 1460 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:09:54.0422 1460 BrUsbMdm - ok
    22:09:54.0438 1460 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    22:09:54.0438 1460 BrUsbSer - ok
    22:09:54.0469 1460 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    22:09:54.0469 1460 BTHMODEM - ok
    22:09:54.0500 1460 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    22:09:54.0516 1460 bthserv - ok
    22:09:54.0531 1460 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    22:09:54.0547 1460 cdfs - ok
    22:09:54.0594 1460 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    22:09:54.0594 1460 cdrom - ok
    22:09:54.0640 1460 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    22:09:54.0640 1460 CertPropSvc - ok
    22:09:54.0672 1460 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    22:09:54.0687 1460 circlass - ok
    22:09:54.0734 1460 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    22:09:54.0734 1460 CLFS - ok
    22:09:54.0812 1460 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:09:54.0812 1460 clr_optimization_v2.0.50727_32 - ok
    22:09:54.0859 1460 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:09:54.0874 1460 clr_optimization_v2.0.50727_64 - ok
    22:09:54.0952 1460 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:09:54.0952 1460 clr_optimization_v4.0.30319_32 - ok
    22:09:55.0015 1460 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:09:55.0015 1460 clr_optimization_v4.0.30319_64 - ok
    22:09:55.0046 1460 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
    22:09:55.0046 1460 CmBatt - ok
    22:09:55.0077 1460 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    22:09:55.0077 1460 cmdide - ok
    22:09:55.0124 1460 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    22:09:55.0140 1460 CNG - ok
    22:09:55.0155 1460 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
    22:09:55.0155 1460 Compbatt - ok
    22:09:55.0171 1460 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    22:09:55.0171 1460 CompositeBus - ok
    22:09:55.0171 1460 COMSysApp - ok
    22:09:55.0186 1460 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    22:09:55.0202 1460 crcdisk - ok
    22:09:55.0249 1460 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    22:09:55.0249 1460 CryptSvc - ok
    22:09:55.0327 1460 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    22:09:55.0342 1460 DcomLaunch - ok
    22:09:55.0374 1460 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    22:09:55.0389 1460 defragsvc - ok
    22:09:55.0420 1460 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    22:09:55.0420 1460 DfsC - ok
    22:09:55.0467 1460 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    22:09:55.0467 1460 Dhcp - ok
    22:09:55.0467 1460 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    22:09:55.0467 1460 discache - ok
    22:09:55.0514 1460 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    22:09:55.0514 1460 Disk - ok
    22:09:55.0545 1460 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    22:09:55.0561 1460 Dnscache - ok
    22:09:55.0608 1460 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    22:09:55.0608 1460 dot3svc - ok
    22:09:55.0639 1460 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    22:09:55.0639 1460 DPS - ok
    22:09:55.0670 1460 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    22:09:55.0670 1460 drmkaud - ok
    22:09:55.0764 1460 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    22:09:55.0779 1460 DXGKrnl - ok
    22:09:55.0795 1460 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    22:09:55.0795 1460 EapHost - ok
    22:09:56.0091 1460 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    22:09:56.0122 1460 ebdrv - ok
    22:09:56.0247 1460 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    22:09:56.0247 1460 EFS - ok
    22:09:56.0372 1460 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    22:09:56.0388 1460 ehRecvr - ok
    22:09:56.0403 1460 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    22:09:56.0403 1460 ehSched - ok
    22:09:56.0497 1460 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    22:09:56.0512 1460 elxstor - ok
    22:09:56.0544 1460 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    22:09:56.0544 1460 ErrDev - ok
    22:09:56.0606 1460 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    22:09:56.0622 1460 EventSystem - ok
    22:09:56.0668 1460 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    22:09:56.0668 1460 exfat - ok
    22:09:56.0684 1460 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    22:09:56.0684 1460 fastfat - ok
    22:09:56.0746 1460 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    22:09:56.0762 1460 Fax - ok
    22:09:56.0793 1460 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    22:09:56.0793 1460 fdc - ok
    22:09:56.0824 1460 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    22:09:56.0824 1460 fdPHost - ok
    22:09:56.0824 1460 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    22:09:56.0840 1460 FDResPub - ok
    22:09:56.0871 1460 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    22:09:56.0871 1460 FileInfo - ok
    22:09:56.0871 1460 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    22:09:56.0871 1460 Filetrace - ok
    22:09:56.0902 1460 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    22:09:56.0902 1460 flpydisk - ok
    22:09:56.0949 1460 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    22:09:56.0949 1460 FltMgr - ok
    22:09:57.0043 1460 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    22:09:57.0058 1460 FontCache - ok
    22:09:57.0121 1460 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:09:57.0121 1460 FontCache3.0.0.0 - ok
    22:09:57.0168 1460 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    22:09:57.0168 1460 FsDepends - ok
    22:09:57.0214 1460 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
    22:09:57.0214 1460 fssfltr - ok
    22:09:57.0433 1460 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    22:09:57.0448 1460 fsssvc - ok
    22:09:57.0573 1460 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    22:09:57.0573 1460 Fs_Rec - ok
    22:09:57.0620 1460 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    22:09:57.0636 1460 fvevol - ok
    22:09:57.0667 1460 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    22:09:57.0682 1460 gagp30kx - ok
    22:09:57.0792 1460 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    22:09:57.0792 1460 GamesAppService - ok
    22:09:57.0885 1460 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    22:09:57.0885 1460 gpsvc - ok
    22:09:57.0932 1460 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    22:09:57.0932 1460 hcw85cir - ok
    22:09:57.0963 1460 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    22:09:57.0979 1460 HdAudAddService - ok
    22:09:58.0010 1460 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    22:09:58.0026 1460 HDAudBus - ok
    22:09:58.0041 1460 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    22:09:58.0041 1460 HidBatt - ok
    22:09:58.0057 1460 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    22:09:58.0072 1460 HidBth - ok
    22:09:58.0088 1460 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    22:09:58.0088 1460 HidIr - ok
    22:09:58.0119 1460 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    22:09:58.0135 1460 hidserv - ok
    22:09:58.0166 1460 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    22:09:58.0166 1460 HidUsb - ok
    22:09:58.0213 1460 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    22:09:58.0213 1460 hkmsvc - ok
    22:09:58.0228 1460 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    22:09:58.0244 1460 HomeGroupListener - ok
    22:09:58.0275 1460 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    22:09:58.0275 1460 HomeGroupProvider - ok
    22:09:58.0369 1460 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    22:09:58.0369 1460 HP Support Assistant Service - ok
    22:09:58.0447 1460 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    22:09:58.0462 1460 HPClientSvc - ok
    22:09:58.0525 1460 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    22:09:58.0525 1460 HPDrvMntSvc.exe - ok
    22:09:58.0634 1460 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    22:09:58.0650 1460 hpqwmiex - ok
    22:09:58.0774 1460 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    22:09:58.0790 1460 HpSAMD - ok
    22:09:58.0884 1460 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    22:09:58.0899 1460 HTTP - ok
    22:09:58.0915 1460 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    22:09:58.0915 1460 hwpolicy - ok
    22:09:58.0962 1460 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    22:09:58.0962 1460 i8042prt - ok
    22:09:59.0040 1460 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    22:09:59.0040 1460 iaStorV - ok
    22:09:59.0149 1460 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:09:59.0164 1460 idsvc - ok
    22:09:59.0601 1460 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
    22:09:59.0664 1460 igfx - ok
    22:09:59.0835 1460 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    22:09:59.0835 1460 iirsp - ok
    22:09:59.0944 1460 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    22:09:59.0960 1460 IKEEXT - ok
    22:10:00.0163 1460 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
    22:10:00.0194 1460 IntcAzAudAddService - ok
    22:10:00.0303 1460 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    22:10:00.0303 1460 intelide - ok
    22:10:00.0334 1460 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
    22:10:00.0334 1460 intelppm - ok
    22:10:00.0366 1460 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    22:10:00.0366 1460 IPBusEnum - ok
    22:10:00.0397 1460 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:10:00.0397 1460 IpFilterDriver - ok
    22:10:00.0459 1460 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    22:10:00.0475 1460 iphlpsvc - ok
    22:10:00.0490 1460 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    22:10:00.0506 1460 IPMIDRV - ok
    22:10:00.0537 1460 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    22:10:00.0537 1460 IPNAT - ok
    22:10:00.0553 1460 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    22:10:00.0553 1460 IRENUM - ok
    22:10:00.0568 1460 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    22:10:00.0568 1460 isapnp - ok
    22:10:00.0615 1460 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    22:10:00.0615 1460 iScsiPrt - ok
    22:10:00.0646 1460 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    22:10:00.0646 1460 kbdclass - ok
    22:10:00.0662 1460 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    22:10:00.0662 1460 kbdhid - ok
    22:10:00.0693 1460 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:10:00.0693 1460 KeyIso - ok
    22:10:00.0709 1460 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    22:10:00.0709 1460 KSecDD - ok
    22:10:00.0740 1460 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    22:10:00.0740 1460 KSecPkg - ok
    22:10:00.0771 1460 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    22:10:00.0787 1460 ksthunk - ok
    22:10:00.0849 1460 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    22:10:00.0849 1460 KtmRm - ok
    22:10:00.0912 1460 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
    22:10:00.0927 1460 LanmanServer - ok
    22:10:00.0958 1460 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    22:10:00.0958 1460 LanmanWorkstation - ok
    22:10:01.0005 1460 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    22:10:01.0005 1460 lltdio - ok
    22:10:01.0052 1460 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    22:10:01.0052 1460 lltdsvc - ok
    22:10:01.0068 1460 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    22:10:01.0068 1460 lmhosts - ok
    22:10:01.0114 1460 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    22:10:01.0114 1460 LSI_FC - ok
    22:10:01.0146 1460 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    22:10:01.0146 1460 LSI_SAS - ok
    22:10:01.0161 1460 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    22:10:01.0177 1460 LSI_SAS2 - ok
    22:10:01.0192 1460 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    22:10:01.0192 1460 LSI_SCSI - ok
    22:10:01.0239 1460 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    22:10:01.0239 1460 luafv - ok
    22:10:01.0255 1460 lxcf_device - ok
    22:10:01.0286 1460 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    22:10:01.0302 1460 Mcx2Svc - ok
    22:10:01.0317 1460 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    22:10:01.0333 1460 megasas - ok
    22:10:01.0364 1460 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    22:10:01.0380 1460 MegaSR - ok
    22:10:01.0411 1460 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    22:10:01.0426 1460 MMCSS - ok
    22:10:01.0458 1460 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    22:10:01.0458 1460 Modem - ok
    22:10:01.0504 1460 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    22:10:01.0504 1460 monitor - ok
    22:10:01.0536 1460 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    22:10:01.0536 1460 mouclass - ok
    22:10:01.0567 1460 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    22:10:01.0567 1460 mouhid - ok
    22:10:01.0614 1460 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    22:10:01.0614 1460 mountmgr - ok
    22:10:01.0676 1460 MozillaMaintenance (750babaabb49a8a2238fa4b58ac09af8) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    22:10:01.0692 1460 MozillaMaintenance - ok
    22:10:01.0754 1460 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    22:10:01.0754 1460 mpio - ok
    22:10:01.0832 1460 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    22:10:01.0832 1460 mpsdrv - ok
    22:10:01.0926 1460 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    22:10:01.0941 1460 MpsSvc - ok
    22:10:01.0957 1460 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    22:10:01.0957 1460 MRxDAV - ok
    22:10:01.0988 1460 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:10:02.0004 1460 mrxsmb - ok
    22:10:02.0035 1460 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:10:02.0035 1460 mrxsmb10 - ok
    22:10:02.0066 1460 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:10:02.0066 1460 mrxsmb20 - ok
    22:10:02.0082 1460 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    22:10:02.0097 1460 msahci - ok
    22:10:02.0128 1460 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    22:10:02.0128 1460 msdsm - ok
    22:10:02.0175 1460 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    22:10:02.0175 1460 MSDTC - ok
    22:10:02.0206 1460 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    22:10:02.0206 1460 Msfs - ok
    22:10:02.0222 1460 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    22:10:02.0222 1460 mshidkmdf - ok
    22:10:02.0253 1460 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    22:10:02.0253 1460 msisadrv - ok
    22:10:02.0300 1460 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    22:10:02.0300 1460 MSiSCSI - ok
    22:10:02.0316 1460 msiserver - ok
    22:10:02.0347 1460 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    22:10:02.0347 1460 MSKSSRV - ok
    22:10:02.0362 1460 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    22:10:02.0362 1460 MSPCLOCK - ok
    22:10:02.0362 1460 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    22:10:02.0362 1460 MSPQM - ok
    22:10:02.0409 1460 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    22:10:02.0409 1460 MsRPC - ok
    22:10:02.0440 1460 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    22:10:02.0440 1460 mssmbios - ok
    22:10:02.0456 1460 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    22:10:02.0472 1460 MSTEE - ok
    22:10:02.0487 1460 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    22:10:02.0487 1460 MTConfig - ok
    22:10:02.0518 1460 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    22:10:02.0518 1460 Mup - ok
    22:10:02.0596 1460 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    22:10:02.0612 1460 napagent - ok
    22:10:02.0659 1460 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    22:10:02.0659 1460 NativeWifiP - ok
    22:10:02.0752 1460 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    22:10:02.0768 1460 NDIS - ok
    22:10:02.0784 1460 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    22:10:02.0784 1460 NdisCap - ok
    22:10:02.0799 1460 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    22:10:02.0815 1460 NdisTapi - ok
    22:10:02.0815 1460 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    22:10:02.0815 1460 Ndisuio - ok
    22:10:02.0846 1460 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    22:10:02.0846 1460 NdisWan - ok
    22:10:02.0862 1460 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    22:10:02.0862 1460 NDProxy - ok
    22:10:02.0877 1460 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    22:10:02.0877 1460 NetBIOS - ok
    22:10:02.0908 1460 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    22:10:02.0908 1460 NetBT - ok
    22:10:02.0955 1460 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:10:02.0955 1460 Netlogon - ok
    22:10:03.0018 1460 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    22:10:03.0018 1460 Netman - ok
    22:10:03.0096 1460 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:10:03.0096 1460 NetMsmqActivator - ok
    22:10:03.0111 1460 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:10:03.0111 1460 NetPipeActivator - ok
    22:10:03.0174 1460 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    22:10:03.0189 1460 netprofm - ok
    22:10:03.0189 1460 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:10:03.0189 1460 NetTcpActivator - ok
    22:10:03.0189 1460 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    22:10:03.0189 1460 NetTcpPortSharing - ok
    22:10:03.0252 1460 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    22:10:03.0252 1460 nfrd960 - ok
    22:10:03.0314 1460 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    22:10:03.0314 1460 NlaSvc - ok
    22:10:03.0610 1460 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files
     
  11. 2012/05/29
    jewelianne

    jewelianne Inactive Thread Starter

    Joined:
    2009/09/27
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    81
    Location:
    New York
    Computer Experience:
    Intermediate
    (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    22:10:03.0626 1460 NOBU - ok
    22:10:03.0813 1460 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    22:10:03.0813 1460 Npfs - ok
    22:10:03.0829 1460 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    22:10:03.0844 1460 nsi - ok
    22:10:03.0844 1460 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    22:10:03.0860 1460 nsiproxy - ok
    22:10:04.0016 1460 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    22:10:04.0032 1460 Ntfs - ok
    22:10:04.0156 1460 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    22:10:04.0156 1460 Null - ok
    22:10:04.0203 1460 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    22:10:04.0203 1460 nvraid - ok
    22:10:04.0234 1460 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    22:10:04.0234 1460 nvstor - ok
    22:10:04.0281 1460 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    22:10:04.0281 1460 nv_agp - ok
    22:10:04.0328 1460 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    22:10:04.0328 1460 ohci1394 - ok
    22:10:04.0375 1460 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    22:10:04.0390 1460 p2pimsvc - ok
    22:10:04.0453 1460 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    22:10:04.0468 1460 p2psvc - ok
    22:10:04.0515 1460 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
    22:10:04.0515 1460 Parport - ok
    22:10:04.0546 1460 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    22:10:04.0546 1460 partmgr - ok
    22:10:04.0593 1460 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    22:10:04.0593 1460 PcaSvc - ok
    22:10:04.0640 1460 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    22:10:04.0656 1460 pci - ok
    22:10:04.0671 1460 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    22:10:04.0671 1460 pciide - ok
    22:10:04.0702 1460 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    22:10:04.0702 1460 pcmcia - ok
    22:10:04.0734 1460 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    22:10:04.0734 1460 pcw - ok
    22:10:04.0780 1460 pdfcDispatcher - ok
    22:10:04.0858 1460 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    22:10:04.0874 1460 PEAUTH - ok
    22:10:04.0936 1460 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    22:10:04.0936 1460 PerfHost - ok
    22:10:05.0092 1460 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    22:10:05.0124 1460 pla - ok
    22:10:05.0186 1460 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    22:10:05.0202 1460 PlugPlay - ok
    22:10:05.0217 1460 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    22:10:05.0233 1460 PNRPAutoReg - ok
    22:10:05.0280 1460 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    22:10:05.0280 1460 PNRPsvc - ok
    22:10:05.0342 1460 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    22:10:05.0358 1460 PolicyAgent - ok
    22:10:05.0389 1460 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    22:10:05.0389 1460 Power - ok
    22:10:05.0451 1460 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    22:10:05.0451 1460 PptpMiniport - ok
    22:10:05.0498 1460 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    22:10:05.0498 1460 Processor - ok
    22:10:05.0560 1460 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    22:10:05.0560 1460 ProfSvc - ok
    22:10:05.0592 1460 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:10:05.0592 1460 ProtectedStorage - ok
    22:10:05.0623 1460 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    22:10:05.0623 1460 Psched - ok
    22:10:05.0654 1460 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
    22:10:05.0670 1460 PSI - ok
    22:10:05.0810 1460 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    22:10:05.0826 1460 ql2300 - ok
    22:10:05.0982 1460 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    22:10:05.0982 1460 ql40xx - ok
    22:10:06.0028 1460 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    22:10:06.0028 1460 QWAVE - ok
    22:10:06.0060 1460 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    22:10:06.0060 1460 QWAVEdrv - ok
    22:10:06.0060 1460 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    22:10:06.0075 1460 RasAcd - ok
    22:10:06.0091 1460 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    22:10:06.0091 1460 RasAgileVpn - ok
    22:10:06.0122 1460 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    22:10:06.0122 1460 RasAuto - ok
    22:10:06.0153 1460 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:10:06.0153 1460 Rasl2tp - ok
    22:10:06.0200 1460 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    22:10:06.0216 1460 RasMan - ok
    22:10:06.0231 1460 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    22:10:06.0231 1460 RasPppoe - ok
    22:10:06.0262 1460 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    22:10:06.0278 1460 RasSstp - ok
    22:10:06.0309 1460 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    22:10:06.0309 1460 rdbss - ok
    22:10:06.0340 1460 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
    22:10:06.0340 1460 rdpbus - ok
    22:10:06.0372 1460 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:10:06.0372 1460 RDPCDD - ok
    22:10:06.0387 1460 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    22:10:06.0387 1460 RDPENCDD - ok
    22:10:06.0387 1460 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    22:10:06.0387 1460 RDPREFMP - ok
    22:10:06.0434 1460 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
    22:10:06.0450 1460 RDPWD - ok
    22:10:06.0496 1460 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    22:10:06.0496 1460 rdyboost - ok
    22:10:06.0543 1460 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    22:10:06.0543 1460 RemoteAccess - ok
    22:10:06.0574 1460 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    22:10:06.0590 1460 RemoteRegistry - ok
    22:10:06.0668 1460 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    22:10:06.0684 1460 RoxioNow Service - ok
    22:10:06.0699 1460 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    22:10:06.0715 1460 RpcEptMapper - ok
    22:10:06.0746 1460 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    22:10:06.0746 1460 RpcLocator - ok
    22:10:06.0793 1460 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
    22:10:06.0793 1460 RpcSs - ok
    22:10:06.0840 1460 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    22:10:06.0840 1460 rspndr - ok
    22:10:06.0918 1460 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
    22:10:06.0933 1460 RTL8167 - ok
    22:10:06.0964 1460 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:10:06.0964 1460 SamSs - ok
    22:10:07.0011 1460 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    22:10:07.0011 1460 sbp2port - ok
    22:10:07.0152 1460 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    22:10:07.0167 1460 SBSDWSCService - ok
    22:10:07.0198 1460 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    22:10:07.0214 1460 SCardSvr - ok
    22:10:07.0245 1460 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    22:10:07.0245 1460 scfilter - ok
    22:10:07.0323 1460 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    22:10:07.0339 1460 Schedule - ok
    22:10:07.0370 1460 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    22:10:07.0370 1460 SCPolicySvc - ok
    22:10:07.0401 1460 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    22:10:07.0401 1460 SDRSVC - ok
    22:10:07.0495 1460 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    22:10:07.0495 1460 SeaPort - ok
    22:10:07.0542 1460 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    22:10:07.0557 1460 secdrv - ok
    22:10:07.0588 1460 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    22:10:07.0588 1460 seclogon - ok
    22:10:07.0776 1460 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
    22:10:07.0791 1460 Secunia PSI Agent - ok
    22:10:07.0854 1460 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files (x86)\Secunia\PSI\sua.exe
    22:10:07.0854 1460 Secunia Update Agent - ok
    22:10:08.0056 1460 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    22:10:08.0072 1460 SENS - ok
    22:10:08.0088 1460 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    22:10:08.0088 1460 SensrSvc - ok
    22:10:08.0134 1460 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
    22:10:08.0134 1460 Serenum - ok
    22:10:08.0150 1460 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
    22:10:08.0150 1460 Serial - ok
    22:10:08.0181 1460 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    22:10:08.0181 1460 sermouse - ok
    22:10:08.0212 1460 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    22:10:08.0228 1460 SessionEnv - ok
    22:10:08.0259 1460 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    22:10:08.0259 1460 sffdisk - ok
    22:10:08.0275 1460 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    22:10:08.0275 1460 sffp_mmc - ok
    22:10:08.0275 1460 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    22:10:08.0290 1460 sffp_sd - ok
    22:10:08.0322 1460 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    22:10:08.0322 1460 sfloppy - ok
    22:10:08.0384 1460 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    22:10:08.0384 1460 SharedAccess - ok
    22:10:08.0446 1460 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    22:10:08.0446 1460 ShellHWDetection - ok
    22:10:08.0478 1460 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    22:10:08.0478 1460 SiSRaid2 - ok
    22:10:08.0509 1460 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    22:10:08.0509 1460 SiSRaid4 - ok
    22:10:08.0540 1460 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    22:10:08.0540 1460 Smb - ok
    22:10:08.0587 1460 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    22:10:08.0602 1460 SNMPTRAP - ok
    22:10:08.0602 1460 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    22:10:08.0602 1460 spldr - ok
    22:10:08.0649 1460 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    22:10:08.0665 1460 Spooler - ok
    22:10:08.0914 1460 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    22:10:08.0946 1460 sppsvc - ok
    22:10:09.0055 1460 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    22:10:09.0055 1460 sppuinotify - ok
    22:10:09.0148 1460 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    22:10:09.0164 1460 srv - ok
    22:10:09.0195 1460 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    22:10:09.0211 1460 srv2 - ok
    22:10:09.0226 1460 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    22:10:09.0242 1460 srvnet - ok
    22:10:09.0289 1460 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    22:10:09.0304 1460 SSDPSRV - ok
    22:10:09.0320 1460 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    22:10:09.0320 1460 SstpSvc - ok
    22:10:09.0351 1460 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    22:10:09.0351 1460 stexstor - ok
    22:10:09.0429 1460 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    22:10:09.0460 1460 stisvc - ok
    22:10:09.0492 1460 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    22:10:09.0492 1460 swenum - ok
    22:10:09.0554 1460 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    22:10:09.0554 1460 swprv - ok
    22:10:09.0772 1460 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    22:10:09.0788 1460 SysMain - ok
    22:10:10.0006 1460 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    22:10:10.0022 1460 TabletInputService - ok
    22:10:10.0053 1460 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    22:10:10.0069 1460 TapiSrv - ok
    22:10:10.0084 1460 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    22:10:10.0084 1460 TBS - ok
    22:10:10.0303 1460 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    22:10:10.0318 1460 Tcpip - ok
    22:10:10.0615 1460 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    22:10:10.0630 1460 TCPIP6 - ok
    22:10:10.0724 1460 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    22:10:10.0724 1460 tcpipreg - ok
    22:10:10.0802 1460 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    22:10:10.0818 1460 TDPIPE - ok
    22:10:10.0833 1460 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    22:10:10.0849 1460 TDTCP - ok
    22:10:10.0864 1460 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    22:10:10.0880 1460 tdx - ok
    22:10:10.0911 1460 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    22:10:10.0911 1460 TermDD - ok
    22:10:11.0005 1460 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    22:10:11.0020 1460 TermService - ok
    22:10:11.0052 1460 TfFsMon (21ac1ffd8f59b0ebfbbb2c3467e9f2cf) C:\Windows\system32\drivers\TfFsMon.sys
    22:10:11.0052 1460 TfFsMon - ok
    22:10:11.0067 1460 TfNetMon (b0ebe0ce99e4751cf7637a09fead7eda) C:\Windows\system32\drivers\TfNetMon.sys
    22:10:11.0067 1460 TfNetMon - ok
    22:10:11.0098 1460 TfSysMon (d6e991dcdd91323d979878025f0ceaea) C:\Windows\system32\drivers\TfSysMon.sys
    22:10:11.0098 1460 TfSysMon - ok
    22:10:11.0114 1460 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    22:10:11.0114 1460 Themes - ok
    22:10:11.0145 1460 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    22:10:11.0145 1460 THREADORDER - ok
    22:10:11.0176 1460 ThreatFire - ok
    22:10:11.0239 1460 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    22:10:11.0239 1460 TrkWks - ok
    22:10:11.0317 1460 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    22:10:11.0317 1460 TrustedInstaller - ok
    22:10:11.0348 1460 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:10:11.0364 1460 tssecsrv - ok
    22:10:11.0379 1460 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    22:10:11.0379 1460 TsUsbFlt - ok
    22:10:11.0395 1460 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
    22:10:11.0395 1460 TsUsbGD - ok
    22:10:11.0410 1460 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    22:10:11.0410 1460 tunnel - ok
    22:10:11.0442 1460 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    22:10:11.0442 1460 uagp35 - ok
    22:10:11.0488 1460 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    22:10:11.0488 1460 udfs - ok
    22:10:11.0520 1460 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    22:10:11.0520 1460 UI0Detect - ok
    22:10:11.0551 1460 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    22:10:11.0551 1460 uliagpkx - ok
    22:10:11.0582 1460 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    22:10:11.0582 1460 umbus - ok
    22:10:11.0598 1460 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    22:10:11.0613 1460 UmPass - ok
    22:10:11.0660 1460 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    22:10:11.0676 1460 upnphost - ok
    22:10:11.0722 1460 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    22:10:11.0722 1460 usbccgp - ok
    22:10:11.0754 1460 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    22:10:11.0769 1460 usbcir - ok
    22:10:11.0816 1460 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    22:10:11.0816 1460 usbehci - ok
    22:10:11.0832 1460 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\drivers\usbfilter.sys
    22:10:11.0847 1460 usbfilter - ok
    22:10:11.0894 1460 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    22:10:11.0894 1460 usbhub - ok
    22:10:11.0925 1460 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    22:10:11.0925 1460 usbohci - ok
    22:10:11.0956 1460 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    22:10:11.0956 1460 usbprint - ok
    22:10:11.0988 1460 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
    22:10:11.0988 1460 USBSTOR - ok
    22:10:12.0003 1460 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    22:10:12.0003 1460 usbuhci - ok
    22:10:12.0034 1460 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    22:10:12.0034 1460 UxSms - ok
    22:10:12.0081 1460 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    22:10:12.0081 1460 VaultSvc - ok
    22:10:12.0112 1460 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    22:10:12.0112 1460 vdrvroot - ok
    22:10:12.0175 1460 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    22:10:12.0190 1460 vds - ok
    22:10:12.0222 1460 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    22:10:12.0222 1460 vga - ok
    22:10:12.0222 1460 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    22:10:12.0222 1460 VgaSave - ok
    22:10:12.0268 1460 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    22:10:12.0268 1460 vhdmp - ok
    22:10:12.0300 1460 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    22:10:12.0300 1460 viaide - ok
    22:10:12.0331 1460 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    22:10:12.0331 1460 volmgr - ok
    22:10:12.0378 1460 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    22:10:12.0393 1460 volmgrx - ok
    22:10:12.0424 1460 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    22:10:12.0424 1460 volsnap - ok
    22:10:12.0456 1460 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    22:10:12.0471 1460 vsmraid - ok
    22:10:12.0627 1460 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    22:10:12.0658 1460 VSS - ok
    22:10:12.0783 1460 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    22:10:12.0783 1460 vwifibus - ok
    22:10:12.0846 1460 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    22:10:12.0861 1460 W32Time - ok
    22:10:12.0908 1460 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    22:10:12.0908 1460 WacomPen - ok
    22:10:12.0955 1460 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    22:10:12.0955 1460 WANARP - ok
    22:10:12.0955 1460 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    22:10:12.0955 1460 Wanarpv6 - ok
    22:10:13.0111 1460 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    22:10:13.0126 1460 WatAdminSvc - ok
    22:10:13.0267 1460 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    22:10:13.0282 1460 wbengine - ok
    22:10:13.0407 1460 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    22:10:13.0423 1460 WbioSrvc - ok
    22:10:13.0470 1460 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    22:10:13.0485 1460 wcncsvc - ok
    22:10:13.0485 1460 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    22:10:13.0485 1460 WcsPlugInService - ok
    22:10:13.0532 1460 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    22:10:13.0532 1460 Wd - ok
    22:10:13.0594 1460 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    22:10:13.0594 1460 Wdf01000 - ok
    22:10:13.0626 1460 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    22:10:13.0641 1460 WdiServiceHost - ok
    22:10:13.0641 1460 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    22:10:13.0657 1460 WdiSystemHost - ok
    22:10:13.0688 1460 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    22:10:13.0688 1460 WebClient - ok
    22:10:13.0750 1460 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    22:10:13.0766 1460 Wecsvc - ok
    22:10:13.0797 1460 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    22:10:13.0797 1460 wercplsupport - ok
    22:10:13.0844 1460 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    22:10:13.0844 1460 WerSvc - ok
    22:10:13.0906 1460 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    22:10:13.0906 1460 WfpLwf - ok
    22:10:13.0922 1460 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    22:10:13.0922 1460 WIMMount - ok
    22:10:13.0953 1460 WinDefend - ok
    22:10:13.0969 1460 WinHttpAutoProxySvc - ok
    22:10:14.0031 1460 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    22:10:14.0031 1460 Winmgmt - ok
    22:10:14.0203 1460 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    22:10:14.0234 1460 WinRM - ok
    22:10:14.0390 1460 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    22:10:14.0390 1460 WinUsb - ok
    22:10:14.0484 1460 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    22:10:14.0499 1460 Wlansvc - ok
    22:10:14.0562 1460 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    22:10:14.0562 1460 wlcrasvc - ok
    22:10:14.0811 1460 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    22:10:14.0858 1460 wlidsvc - ok
    22:10:14.0983 1460 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    22:10:14.0998 1460 WmiAcpi - ok
    22:10:15.0061 1460 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    22:10:15.0076 1460 wmiApSrv - ok
    22:10:15.0108 1460 WMPNetworkSvc - ok
    22:10:15.0154 1460 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    22:10:15.0170 1460 WPCSvc - ok
    22:10:15.0170 1460 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    22:10:15.0186 1460 WPDBusEnum - ok
    22:10:15.0217 1460 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    22:10:15.0217 1460 ws2ifsl - ok
    22:10:15.0232 1460 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    22:10:15.0248 1460 wscsvc - ok
    22:10:15.0248 1460 WSearch - ok
    22:10:15.0420 1460 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    22:10:15.0466 1460 wuauserv - ok
    22:10:15.0576 1460 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    22:10:15.0576 1460 WudfPf - ok
    22:10:15.0622 1460 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:10:15.0622 1460 WUDFRd - ok
    22:10:15.0669 1460 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    22:10:15.0685 1460 wudfsvc - ok
    22:10:15.0716 1460 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    22:10:15.0716 1460 WwanSvc - ok
    22:10:15.0763 1460 MBR (0x1B8) (640988a1d5d4b53c845f373cad16b498) \Device\Harddisk0\DR0
    22:10:16.0231 1460 \Device\Harddisk0\DR0 - ok
    22:10:16.0231 1460 Boot (0x1200) (afbdc58c50acc15381b97daa785221c2) \Device\Harddisk0\DR0\Partition0
    22:10:16.0231 1460 \Device\Harddisk0\DR0\Partition0 - ok
    22:10:16.0246 1460 Boot (0x1200) (b821962ea32a52eeef49e95b13c06636) \Device\Harddisk0\DR0\Partition1
    22:10:16.0246 1460 \Device\Harddisk0\DR0\Partition1 - ok
    22:10:16.0278 1460 Boot (0x1200) (d38c5036174038cb161417340551a34d) \Device\Harddisk0\DR0\Partition2
    22:10:16.0278 1460 \Device\Harddisk0\DR0\Partition2 - ok
    22:10:16.0278 1460 ============================================================
    22:10:16.0278 1460 Scan finished
    22:10:16.0278 1460 ============================================================
    22:10:16.0293 5460 Detected object count: 0
    22:10:16.0293 5460 Actual detected object count: 0
     
  12. 2012/05/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
     
  13. 2012/05/30
    jewelianne

    jewelianne Inactive Thread Starter

    Joined:
    2009/09/27
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    81
    Location:
    New York
    Computer Experience:
    Intermediate
    Results from TDSS.exe NO Infections were found.

    My son's account is more affected and is still misbehaving. I am doing most of the work on my account because I have the administrator rights, should I be doing these scans on his account?
     
    Last edited: 2012/05/30
  14. 2012/05/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    No.

    You never said if your account works properly.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  15. 2012/05/30
    jewelianne

    jewelianne Inactive Thread Starter

    Joined:
    2009/09/27
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    81
    Location:
    New York
    Computer Experience:
    Intermediate
    I am sorry for omitting that, my pages are very sluggish and I have a few freezing issues and program not responding.
    My son's home page is back to normal but his internet pages are loading as if he is the one constructing them, he can change and configure them anyway he wants on almost all the websites he goes to, even Facebook. (I did notify them and sent them a screenshot). That does not happen on my account only on his.

    I will be sending the Combofix as soon as I complete it.
    Thank you for your help and patience.
     
  16. 2012/05/30
    jewelianne

    jewelianne Inactive Thread Starter

    Joined:
    2009/09/27
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    81
    Location:
    New York
    Computer Experience:
    Intermediate
    ComboFix 12-05-30.04 - Julianne 05/30/2012 19:41:11.3.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.3022 [GMT -4:00]
    Running from: c:\users\Julianne\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-31 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-30 23:57 . 2012-05-30 23:57 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-05-30 23:57 . 2012-05-30 23:57 -------- d-----w- c:\users\Hunter\AppData\Local\temp
    2012-05-30 23:57 . 2012-05-30 23:57 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-29 14:09 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{844A4127-1A88-41EA-89CE-B7E71D0947D8}\mpengine.dll
    2012-05-24 17:39 . 2012-05-24 17:39 -------- d-----w- c:\users\Hunter\AppData\Roaming\Malwarebytes
    2012-05-23 13:41 . 2012-05-23 13:41 -------- d-----w- c:\program files (x86)\Watchtower
    2012-05-12 02:46 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
    2012-05-12 02:46 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-05-12 02:46 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-12 02:46 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
    2012-05-12 02:46 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-12 02:46 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-12 02:40 . 2012-05-12 02:40 -------- d-----w- c:\users\Hunter\AppData\Local\Adobe
    2012-05-12 02:38 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2012-05-12 02:36 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-05-12 02:35 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
    2012-05-12 02:35 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
    2012-05-12 02:35 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-12 02:35 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2012-05-12 02:35 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-08 14:33 . 2012-05-08 14:33 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
    2012-05-08 14:33 . 2012-05-08 14:33 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
    2012-05-01 12:45 . 2012-05-01 12:45 -------- d-----w- c:\program files\Java
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-07 02:23 . 2012-03-30 22:38 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-07 02:23 . 2011-10-19 13:00 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-07 02:23 . 2012-04-14 03:34 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-01 12:45 . 2012-03-31 01:30 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-05-01 12:45 . 2012-03-31 01:30 839112 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-04 19:56 . 2011-08-11 21:16 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-02 13:39 . 2012-04-02 13:39 231440 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
    2012-03-31 11:36 . 2010-06-24 18:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
    2012-03-08 22:40 . 2012-03-31 11:37 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
    2012-03-06 23:15 . 2011-08-11 21:04 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-06 23:15 . 2011-08-11 21:04 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-03-06 23:15 . 2011-08-11 21:04 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-03-06 23:04 . 2011-08-11 21:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-06 23:04 . 2011-08-11 21:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-03-06 23:02 . 2012-02-24 11:19 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-03-06 23:01 . 2011-08-11 21:04 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-03-06 23:01 . 2011-08-11 21:04 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-03-06 23:01 . 2011-08-11 21:04 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Rainlendar2 "= "c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2011-08-12 2433024]
    "FileHippo.com "= "c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Norton Online Backup "= "c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
    "NetZeroDSL "= "c:\program files (x86)\NetZero DSL\ConnectionCenter.exe" [2010-03-05 1095152]
    "avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
    "HP Software Update "= "c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "QuickTime Task "= "c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "ThreatFire "= "c:\program files (x86)\ThreatFire\TFTray.exe" [2010-01-14 378128]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2011-2-23 323584]
    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 257696]
    R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
    R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-03-28 129976]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]
    S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-13 1128952]
    S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
    S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 02:23]
    .
    2012-05-23 c:\windows\Tasks\EasyShare Registration Task.job
    - c:\windows\system32\rundll32.exe [2009-07-13 01:14]
    .
    2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2930640421-823808672-1064729636-1000Core.job
    - c:\users\Julianne\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-31 12:34]
    .
    2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2930640421-823808672-1064729636-1000UA.job
    - c:\users\Julianne\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-31 12:34]
    .
    2012-05-28 c:\windows\Tasks\HPCeeScheduleForJulianne.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @= "{472083B0-C522-11CF-8763-00608CC02F24} "
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv "= "c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "LXCFCATS "= "c:\windows\system32\spool\DRIVERS\x64\3\LXCFtime.dll" [2005-07-20 29184]
    "fssui "= "c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2012-03-08 884584]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Julianne\AppData\Roaming\Mozilla\Firefox\Profiles\f8aujxuc.default\
    FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.goodskins.com/flying_hearts/
    FF - user.js: general.useragent.extra.brc -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
    "ImagePath "= "c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
    "AlternateImagePath "=" "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Shockwave Flash Object "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @= "0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "ShockwaveFlash.ShockwaveFlash.11 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "ShockwaveFlash.ShockwaveFlash "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Macromedia Flash Factory Object "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "FlashFactory.FlashFactory.1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "FlashFactory.FlashFactory "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\ThreatFire\TFService.exe
    c:\program files (x86)\ThreatFire\TFUN.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-30 20:10:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-31 00:10
    .
    Pre-Run: 437,348,048,896 bytes free
    Post-Run: 437,149,335,552 bytes free
    .
    - - End Of File - - FFAD74228B5A935C1D15B94955986F71
     
  17. 2012/05/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    I don't see anything malicious there.

    What exactly is slow?
     
  18. 2012/05/30
    jewelianne

    jewelianne Inactive Thread Starter

    Joined:
    2009/09/27
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    81
    Location:
    New York
    Computer Experience:
    Intermediate
    There is a lag time before a page will load, when I open my browser page it sits there like it is thinking about it and then when it opens I get a white screen for about 2-3 seconds sometimes a little longer and then it will be black as it begins to slowly load little bits of my page until it is all there.
    But if nothing malicious is here, great. I may need to find out why these other things are going on in another area.
     
    Last edited: 2012/05/30
  19. 2012/05/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced
    Which browser?
     
  20. 2012/05/31
    jewelianne

    jewelianne Inactive Thread Starter

    Joined:
    2009/09/27
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    81
    Location:
    New York
    Computer Experience:
    Intermediate
    I had used Mozilla but searches don't work properly on it so now I use Google Chrome which also as I mentioned has some issues.

    On the Mozilla this is what comes up when I search

    Google
    Sorry...
    We're sorry...

    ... but your computer or network may be sending automated queries. To protect our users, we can't process your request right now.
    See Google Help for more information.

    Then after this pops up on my search page my HP Recovery page recommends me to go back to a previous recovery point. Sorry I did not copy that.
     
  21. 2012/05/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,483
    Likes Received:
    103
    Trophy Points:
    843
    Location:
    Daly City, CA
    Computer Experience:
    Experienced

Share This Page