Inactive Computer sluggish, pages deconstructing

jewelianne · 2012/05/29

[Inactive] Computer sluggish, pages deconstructing

After getting my system clean in March I created a separate account for my son, using WOT, Traffic light, Spybot, MBAM, and Threatfire but somehow still we started having problems again.

My son's pages are loading as if they are under construction and the computer is sluggish. We had Avast say a Malicious something had been detected and Threatfire said there was suspicious activity detected.

I ran my scans and they are clean but after running the TFC I found two ghost files on my desktop named desktop.ini and when I hover they say configuration settings.

I tried to run the necessary scans as per the rules to posting.I ran MBAM and GMER but during asw.MBR the computer screen went to colorful static then it crashed. Then the screen came up saying that it did this to protect my files and opened itself in SafeMode. I didn't know what to do so I restarted just to get here. I did copy all that is said though.

Problem Signature:
Problem Event Name Blue Screen
OS Version 6.7.7601.2.1.0.768.3
Local ID

Additional information about the problem

BCcode 109
BCP1 A3A039D89950A9F2
BCP2 B3B7465EEBCEE5F0
BCP3 FFFFF880009F6540
BCP4 0000000000000002

Files that help describe the problem:

c:\Windows\minidump\052912-18345-01.dmp
c:\Users\Julianne\Appdata\Local\Temp\WER-39858-0.sysdata.xml

Here is the MBAM log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Julianne :: JULIANNE-HP [administrator]

5/29/2012 10:16:32 AM
mbam-log-2012-05-29 (10-16-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226760
Time elapsed: 2 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Nothing came up for the GMER.log it was completely blank. Not sure if that is normal or if it is just my system acting up.

I re-ran GMER and still no log but I also went ahead and ran the DDS and here are the logs for that.

DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Julianne at 12:13:02 on 2012-05-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2565 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files (x86)\NetZero DSL\ConnectionCenter.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ThreatFire\TFTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll "
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: NetZero DSL: {8e613eaf-e16e-415c-bd39-f71d6a3b5518} - C:\Program Files (x86)\NetZero DSL\Toolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll "
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
uRun: [Google Update] "C:\Users\Julianne\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [NetZeroDSL] "C:\Program Files (x86)\NetZero DSL\ConnectionCenter.exe "
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3E881719-4591-4876-9C61-34D4012ADC89} : DhcpNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll "
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: NetZero DSL: {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - C:\Program Files (x86)\NetZero DSL\Toolbar.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll "
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [NetZeroDSL] "C:\Program Files (x86)\NetZero DSL\ConnectionCenter.exe "
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Julianne\AppData\Roaming\Mozilla\Firefox\Profiles\f8aujxuc.default\
FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
FF - prefs.js: browser.startup.homepage - hxxp://www.goodskins.com/flying_hearts/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Julianne\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Julianne\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys --> C:\Windows\system32\drivers\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys --> C:\Windows\system32\drivers\amd_xata.sys [?]
R0 TfFsMon;TfFsMon;C:\Windows\system32\drivers\TfFsMon.sys --> C:\Windows\system32\drivers\TfFsMon.sys [?]
R0 TfSysMon;TfSysMon;C:\Windows\system32\drivers\TfSysMon.sys --> C:\Windows\system32\drivers\TfSysMon.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-11 44768]
R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-8-4 1128952]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-22 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 ThreatFire;ThreatFire;C:\Program Files (x86)\ThreatFire\TFService.exe service --> C:\Program Files (x86)\ThreatFire\TFService.exe service [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TfNetMon;TfNetMon;\??\C:\Windows\system32\drivers\TfNetMon.sys --> C:\Windows\system32\drivers\TfNetMon.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\drivers\usbfilter.sys --> C:\Windows\system32\drivers\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 257696]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-3-31 129976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-29 14:09:46 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{844A4127-1A88-41EA-89CE-B7E71D0947D8}\mpengine.dll
2012-05-29 07:00:07 -------- d-----w- C:\Users\Julianne\AppData\Local\{ECAF1FA6-4001-431A-AD41-586443C37807}
2012-05-29 06:59:09 -------- d-----w- C:\Users\Julianne\AppData\Local\{CD013322-D2E6-4819-9232-B2E04BFA6FF2}
2012-05-28 15:07:47 -------- d-----w- C:\Users\Julianne\AppData\Local\{C707A5F6-79B3-4F17-A29A-37092272D8BB}
2012-05-28 15:07:36 -------- d-----w- C:\Users\Julianne\AppData\Local\{10417130-05CE-461E-BEA3-946D062D53F1}
2012-05-28 02:40:48 -------- d-----w- C:\Users\Julianne\AppData\Local\{38E70F63-3D10-47F8-862E-E7AE6A2C5C67}
2012-05-27 13:09:03 -------- d-----w- C:\Users\Julianne\AppData\Local\{17D48ACD-1913-49C8-BD53-C0967C5C89BC}
2012-05-27 13:08:17 -------- d-----w- C:\Users\Julianne\AppData\Local\{7154A44F-2F49-4078-BB40-09C11BAD59D6}
2012-05-26 13:51:39 -------- d-----w- C:\Users\Julianne\AppData\Local\{BED70FC9-AD64-438A-B8C1-99F812541833}
2012-05-26 13:51:28 -------- d-----w- C:\Users\Julianne\AppData\Local\{656EBACB-6180-4D5F-A004-09DF4ADACD83}
2012-05-26 01:51:00 -------- d-----w- C:\Users\Julianne\AppData\Local\{2D4B4B0B-B0B0-45ED-A714-86687EFC99C9}
2012-05-25 13:06:29 -------- d-----w- C:\Users\Julianne\AppData\Local\{B1938B2B-7233-48FD-8D56-EECF0BBDA12C}
2012-05-25 13:06:18 -------- d-----w- C:\Users\Julianne\AppData\Local\{82632408-0734-4F6E-8EEA-376CECF9EF90}
2012-05-25 01:05:52 -------- d-----w- C:\Users\Julianne\AppData\Local\{6C06B308-E783-4A6F-8E34-6083FAE8D0DF}
2012-05-25 01:05:41 -------- d-----w- C:\Users\Julianne\AppData\Local\{EDABBE79-B601-4759-9ED4-D7EFA244D43F}
2012-05-24 13:05:14 -------- d-----w- C:\Users\Julianne\AppData\Local\{D9156E7C-9714-40D7-B2FF-3678BBDAEA00}
2012-05-24 13:05:03 -------- d-----w- C:\Users\Julianne\AppData\Local\{CC2487C7-B63E-4F31-A292-4E8C0F16C5CE}
2012-05-24 00:41:32 -------- d-----w- C:\Users\Julianne\AppData\Local\{60DDAD69-95E8-48E1-BD1B-CE05E30CA6E1}
2012-05-24 00:41:21 -------- d-----w- C:\Users\Julianne\AppData\Local\{752932D6-AF58-4A85-9567-A77541D1BAA5}
2012-05-23 13:41:06 -------- d-----w- C:\Program Files (x86)\Watchtower
2012-05-23 11:42:37 -------- d-----w- C:\Users\Julianne\AppData\Local\{1225F61F-4DAB-4C81-8EBA-433809FFC255}
2012-05-23 11:42:23 -------- d-----w- C:\Users\Julianne\AppData\Local\{3B06F685-BD6A-4FE9-978F-24A5F30A64F0}
2012-05-22 15:21:58 -------- d-----w- C:\Users\Julianne\AppData\Local\{A25B85CB-0CE0-497E-9384-3B2043205D16}
2012-05-22 15:21:47 -------- d-----w- C:\Users\Julianne\AppData\Local\{C774EF1A-AF66-4CF4-B596-47C1058D0D3D}
2012-05-22 01:00:44 -------- d-----w- C:\Users\Julianne\AppData\Local\{D116329D-271B-4CFD-A600-A02C30CBD476}
2012-05-21 11:26:23 -------- d-----w- C:\Users\Julianne\AppData\Local\{79876FB9-05B4-4E88-BA8D-09FDA3B61DB2}
2012-05-21 11:25:57 -------- d-----w- C:\Users\Julianne\AppData\Local\{5B99A50F-3E13-48B1-A36B-E0BE79FCB2A2}
2012-05-20 03:29:22 -------- d-----w- C:\Users\Julianne\AppData\Local\{E3C31101-2317-41FF-A7E3-79574E7A1CDE}
2012-05-19 14:12:28 -------- d-----w- C:\Users\Julianne\AppData\Local\{179CC938-DE44-4E2D-91DE-A1E5EC7B2CF0}
2012-05-19 14:11:39 -------- d-----w- C:\Users\Julianne\AppData\Local\{2AD9E14C-F4A0-4B56-B900-56D4A26C91C9}
2012-05-18 02:16:46 -------- d-----w- C:\Users\Julianne\AppData\Local\{09D2E8F5-FA64-4080-94FF-7999A977DBF0}
2012-05-17 13:04:15 -------- d-----w- C:\Users\Julianne\AppData\Local\{8DCC597E-F0DA-4573-AC3D-6C3D2FAF35F0}
2012-05-17 13:04:04 -------- d-----w- C:\Users\Julianne\AppData\Local\{ADAA8081-5C8A-4431-BFA8-C63056CC9424}
2012-05-17 00:32:06 -------- d-----w- C:\Users\Julianne\AppData\Local\{C99EB3AA-36CD-4B49-90D1-CCCEA299F7EC}
2012-05-17 00:31:55 -------- d-----w- C:\Users\Julianne\AppData\Local\{AFAF5B3E-1696-40A6-B542-B14D9759DC81}
2012-05-14 18:22:40 -------- d-----w- C:\Users\Julianne\AppData\Local\{0FDAAA57-C1BD-43AF-8BCE-EA4A27FADF14}
2012-05-14 18:22:29 -------- d-----w- C:\Users\Julianne\AppData\Local\{8BE477BD-F00B-4040-86FC-AC5B2DB4EBE6}
2012-05-12 02:46:52 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-12 02:46:52 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-12 02:46:48 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-12 02:46:48 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-12 02:46:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-12 02:46:47 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-12 02:38:27 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-12 02:36:25 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-12 02:35:57 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 02:35:57 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 02:35:57 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-12 02:35:57 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-12 02:35:57 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 13:50:04 -------- d-----w- C:\Users\Julianne\AppData\Local\{26DB4334-E2C3-43A5-95DF-4E9AB745DD34}
2012-05-10 13:49:02 -------- d-----w- C:\Users\Julianne\AppData\Local\{EF6DC9D4-4150-4A84-B752-4EBC49E81152}
2012-05-09 00:44:12 -------- d-----w- C:\Users\Julianne\AppData\Local\{C834BA37-432D-4659-B313-76875B3E8760}
2012-05-08 14:33:58 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-08 14:33:58 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-08 12:33:39 -------- d-----w- C:\Users\Julianne\AppData\Local\{A4E8CD14-B931-4D49-8F53-231DD3A76E2D}
2012-05-08 12:33:25 -------- d-----w- C:\Users\Julianne\AppData\Local\{131E2365-4DD1-4D6D-B42A-78E9E2B2BA07}
2012-05-07 12:44:29 -------- d-----w- C:\Users\Julianne\AppData\Local\{2242ADD8-4D10-40DD-BFAF-EDD00C405DA4}
2012-05-07 12:43:13 -------- d-----w- C:\Users\Julianne\AppData\Local\{82BB59D8-DED8-400A-B29B-4E5774712290}
2012-05-04 12:37:09 -------- d-----w- C:\Users\Julianne\AppData\Local\{EEFFB2AB-1495-449B-9925-B1B2B01D9BF7}
2012-05-04 12:36:14 -------- d-----w- C:\Users\Julianne\AppData\Local\{D1FE093E-AC8E-4E0A-AE6F-9A065A7D31EF}
2012-05-03 15:39:12 -------- d-----w- C:\Users\Julianne\AppData\Local\{DEC656AD-2197-4A1F-8A36-40510E159200}
2012-05-03 15:38:56 -------- d-----w- C:\Users\Julianne\AppData\Local\{C8B0F684-74CE-4579-BCBA-B147E9AAF974}
2012-05-02 00:37:05 -------- d-----w- C:\Users\Julianne\AppData\Local\{3F0277FA-7241-4AC3-8E51-C3EEB93CFB78}
2012-05-01 12:36:40 -------- d-----w- C:\Users\Julianne\AppData\Local\{86D68D6E-FCDA-438B-A275-567E32A288BC}
2012-05-01 12:36:26 -------- d-----w- C:\Users\Julianne\AppData\Local\{41808622-65EA-419F-952D-ECE0A0D4E4BE}
2012-05-01 00:28:05 -------- d-----w- C:\Users\Julianne\AppData\Local\{62C992C2-0276-46D1-862B-C4CA40A7EE73}
2012-04-30 01:09:06 -------- d-----w- C:\Users\Julianne\AppData\Local\{9523FFEF-7388-4818-8818-89895F81EE2D}
2012-04-30 01:08:55 -------- d-----w- C:\Users\Julianne\AppData\Local\{2E7C0AB4-A8E6-4935-AC5C-5635898CA157}
.
==================== Find3M ====================
.
2012-05-07 02:23:51 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-07 02:23:51 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-07 02:23:44 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-01 12:45:11 955848 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-05-01 12:45:11 839112 ----a-w- C:\Windows\System32\deployJava1.dll
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-02 13:39:27 231440 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2012-03-08 22:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 22:40:52 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-06 23:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
.
============= FINISH: 12:16:26.19 ===============

Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/11/2011 4:37:17 PM
System Uptime: 5/29/2012 11:27:32 AM (1 hours ago)
.
Motherboard: FOXCONN | | 2AB1
Processor: AMD Athlon(tm) II X2 260 Processor | CPU 1 | 800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 408.01 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.368 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP118: 5/4/2012 12:21:33 PM - HPSF Restore Point
RP119: 5/11/2012 10:02:51 PM - Scheduled Checkpoint
RP120: 5/11/2012 10:22:46 PM - Windows Update
RP121: 5/12/2012 3:00:11 AM - Windows Update
RP122: 5/15/2012 12:39:22 PM - Windows Update
RP123: 5/22/2012 10:19:29 AM - Windows Update
RP124: 5/24/2012 8:10:45 PM - Windows Update
RP125: 5/29/2012 10:09:20 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Reader X (10.1.3)
Agatha Christie - Peril at End House
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
avast! Free Antivirus
Bejeweled 2 Deluxe
Bejeweled 3
Belarc Advisor 8.2
Bing Bar
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCScore
Chuzzle Deluxe
CodeStuff Starter
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Farm Frenzy
FATE - The Traitor Soul
fflink
FileHippo.com Update Checker
Google Chrome
Hewlett-Packard ACLM.NET v1.1.2.0
Homeschool Tracker Basic
HP Customer Experience Enhancements
HP Games
HP LinkUp
HP MediaSmart/TouchSmart Netflix
HP MovieStore
HP Odometer
HP Product Detection
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP Update
Hulu Desktop
HydraVision
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kobo
Kodak EasyShare software
LabelPrint
Mah Jong Medley
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Messenger Companion
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Middle School Success
Mozilla Firefox 12.0 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
netbrdg
NetZero DSL (remove only)
Norton Online Backup
OfotoXMI
OpenOffice.org 3.3
PDF Complete Special Edition
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PressReader
QuickTime
Rainlendar2 (remove only)
Realtek High Definition Audio Driver
Recovery Manager
Remote Graphics Receiver
RoxioNow Player
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SFR
SHASTA
skin0001
SKINXSDK
Slingo Supreme
Spybot - Search & Destroy
staticcr
Ten Thumbs 4.7
ThreatFire
Topics Learning High School Success
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
VPRINTOL
Watchtower Library 2011 - English
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WIRELESS
Yahoo! Detect
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
5/29/2012 4:24:59 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxcf_device service to connect.
5/29/2012 4:24:59 AM, Error: Service Control Manager [7000] - The lxcf_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/29/2012 4:24:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service lxcf_device with arguments " " in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}
5/29/2012 11:25:17 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2012 11:09:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/29/2012 11:09:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/29/2012 11:09:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/29/2012 11:09:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/29/2012 11:09:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/29/2012 11:09:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/29/2012 11:09:07 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
5/29/2012 11:09:06 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2012 11:09:06 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/29/2012 11:09:06 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/29/2012 11:09:06 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2012 11:09:06 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2012 11:09:06 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
5/29/2012 11:09:06 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2012 11:09:06 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2012 11:09:06 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/29/2012 11:09:06 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/29/2012 11:09:06 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/29/2012 11:09:05 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000109 (0xa3a039d89950a9f2, 0xb3b7465eebcee5f0, 0xfffff880009f6540, 0x0000000000000002). A dump was saved in: C:\Windows\Minidump\052912-18345-01.dmp. Report Id: 052912-18345-01.
5/28/2012 11:07:15 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
5/27/2012 9:10:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ThreatFire service.
5/27/2012 10:40:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
5/26/2012 2:50:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Client Services service to connect.
5/24/2012 9:36:38 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PDF Document Manager service to connect.
5/24/2012 9:36:38 AM, Error: Service Control Manager [7000] - The PDF Document Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

GMER has Services, Registry, Files, C:\ and ADS checked and when it is finished running it says, GMER hasn't found any System modification.

broni · 2012/05/29

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================================

I ran my scans and they are clean but after running the TFC I found two ghost files on my desktop named desktop.ini
Click to expand...

Open Windows Explorer, go Tools>Folder options>View tab and checkmark "Hide protected operating system files ".
Click OK.

Is your account working normally?

Download Bootkit Remover to your desktop.

Unzip downloaded file to your Desktop.

Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.

jewelianne · 2012/05/29

I ran my scans and they are clean but after running the TFC I found two ghost files on my desktop named desktop.ini
Click to expand...

Those were not done today but when I first discovered that I had issues, I posted it because of what had resulted from it.

When I open Windows Explorer it takes me to Libraries and I can't find any tools option. What am I missing?

broni · 2012/05/29

Click Organize>Layout>Menu bar
Menu bar will appear and you'll see Tools tab.

jewelianne · 2012/05/29

Thanks for the toolbar and the ghost files have left the desktop.

broni · 2012/05/29

You didn't say:

Is your account working normally?
Click to expand...

I still need Bootkit Remover log.

jewelianne · 2012/05/29

Not yet.

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]

Done;
Press any key to quit...

broni · 2012/05/29

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

jewelianne · 2012/05/29

22:09:20.0242 4392 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
22:09:20.0835 4392 ============================================================
22:09:20.0835 4392 Current date / time: 2012/05/29 22:09:20.0835
22:09:20.0835 4392 SystemInfo:
22:09:20.0835 4392
22:09:20.0835 4392 OS Version: 6.1.7601 ServicePack: 1.0
22:09:20.0835 4392 Product type: Workstation
22:09:20.0835 4392 ComputerName: JULIANNE-HP
22:09:20.0835 4392 UserName: Julianne
22:09:20.0835 4392 Windows directory: C:\Windows
22:09:20.0835 4392 System windows directory: C:\Windows
22:09:20.0835 4392 Running under WOW64
22:09:20.0835 4392 Processor architecture: Intel x64
22:09:20.0835 4392 Number of processors: 2
22:09:20.0835 4392 Page size: 0x1000
22:09:20.0835 4392 Boot type: Normal boot
22:09:20.0835 4392 ============================================================
22:09:34.0719 4392 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:09:34.0735 4392 ============================================================
22:09:34.0735 4392 \Device\Harddisk0\DR0:
22:09:34.0735 4392 MBR partitions:
22:09:34.0735 4392 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:09:34.0735 4392 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38CF0000
22:09:34.0735 4392 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38D22800, BlocksNum 0x1663000
22:09:34.0735 4392 ============================================================
22:09:34.0750 4392 C: <-> \Device\Harddisk0\DR0\Partition1
22:09:34.0797 4392 D: <-> \Device\Harddisk0\DR0\Partition2
22:09:34.0797 4392 ============================================================
22:09:34.0797 4392 Initialize success
22:09:34.0797 4392 ============================================================
22:09:49.0835 1460 ============================================================
22:09:49.0835 1460 Scan started
22:09:49.0835 1460 Mode: Manual;
22:09:49.0835 1460 ============================================================
22:09:50.0350 1460 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:09:50.0366 1460 1394ohci - ok
22:09:50.0460 1460 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
22:09:50.0460 1460 ACDaemon - ok
22:09:50.0522 1460 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:09:50.0538 1460 ACPI - ok
22:09:50.0584 1460 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:09:50.0584 1460 AcpiPmi - ok
22:09:50.0662 1460 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:09:50.0662 1460 AdobeARMservice - ok
22:09:50.0787 1460 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:09:50.0787 1460 AdobeFlashPlayerUpdateSvc - ok
22:09:50.0865 1460 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
22:09:50.0865 1460 adp94xx - ok
22:09:50.0912 1460 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
22:09:50.0912 1460 adpahci - ok
22:09:50.0943 1460 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
22:09:50.0959 1460 adpu320 - ok
22:09:50.0990 1460 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:09:50.0990 1460 AeLookupSvc - ok
22:09:51.0052 1460 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:09:51.0052 1460 AFD - ok
22:09:51.0084 1460 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:09:51.0084 1460 agp440 - ok
22:09:51.0099 1460 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:09:51.0099 1460 ALG - ok
22:09:51.0130 1460 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:09:51.0130 1460 aliide - ok
22:09:51.0193 1460 AMD External Events Utility (2fdcb3e855076ce97ccb58e2cf8f2a09) C:\Windows\system32\atiesrxx.exe
22:09:51.0193 1460 AMD External Events Utility - ok
22:09:51.0208 1460 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:09:51.0224 1460 amdide - ok
22:09:51.0255 1460 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
22:09:51.0255 1460 amdiox64 - ok
22:09:51.0286 1460 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
22:09:51.0286 1460 AmdK8 - ok
22:09:52.0066 1460 amdkmdag (9920704bf815a5b42da5264f013aaeb7) C:\Windows\system32\DRIVERS\atikmdag.sys
22:09:52.0222 1460 amdkmdag - ok
22:09:52.0394 1460 amdkmdap (0d1055a47a8f5dc1caa2701831293ebb) C:\Windows\system32\DRIVERS\atikmpag.sys
22:09:52.0394 1460 amdkmdap - ok
22:09:52.0441 1460 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
22:09:52.0441 1460 AmdPPM - ok
22:09:52.0488 1460 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:09:52.0488 1460 amdsata - ok
22:09:52.0534 1460 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
22:09:52.0534 1460 amdsbs - ok
22:09:52.0566 1460 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:09:52.0566 1460 amdxata - ok
22:09:52.0597 1460 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\drivers\amd_sata.sys
22:09:52.0597 1460 amd_sata - ok
22:09:52.0597 1460 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\drivers\amd_xata.sys
22:09:52.0612 1460 amd_xata - ok
22:09:52.0675 1460 AODDriver4.0 - ok
22:09:52.0722 1460 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:09:52.0722 1460 AppID - ok
22:09:52.0753 1460 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:09:52.0753 1460 AppIDSvc - ok
22:09:52.0768 1460 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:09:52.0768 1460 Appinfo - ok
22:09:52.0831 1460 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
22:09:52.0831 1460 arc - ok
22:09:52.0846 1460 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
22:09:52.0846 1460 arcsas - ok
22:09:52.0924 1460 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:09:52.0940 1460 aspnet_state - ok
22:09:52.0971 1460 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
22:09:52.0971 1460 aswFsBlk - ok
22:09:52.0987 1460 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
22:09:52.0987 1460 aswMonFlt - ok
22:09:53.0018 1460 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
22:09:53.0018 1460 aswRdr - ok
22:09:53.0096 1460 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
22:09:53.0112 1460 aswSnx - ok
22:09:53.0143 1460 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
22:09:53.0143 1460 aswSP - ok
22:09:53.0158 1460 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
22:09:53.0158 1460 aswTdi - ok
22:09:53.0190 1460 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:09:53.0190 1460 AsyncMac - ok
22:09:53.0221 1460 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:09:53.0221 1460 atapi - ok
22:09:53.0314 1460 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
22:09:53.0314 1460 AtiHDAudioService - ok
22:09:53.0361 1460 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys
22:09:53.0361 1460 AtiPcie - ok
22:09:53.0439 1460 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:09:53.0455 1460 AudioEndpointBuilder - ok
22:09:53.0470 1460 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:09:53.0470 1460 AudioSrv - ok
22:09:53.0517 1460 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:09:53.0517 1460 avast! Antivirus - ok
22:09:53.0564 1460 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:09:53.0564 1460 AxInstSV - ok
22:09:53.0626 1460 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
22:09:53.0642 1460 b06bdrv - ok
22:09:53.0673 1460 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:09:53.0689 1460 b57nd60a - ok
22:09:53.0798 1460 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
22:09:53.0798 1460 BBSvc - ok
22:09:53.0845 1460 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:09:53.0845 1460 BDESVC - ok
22:09:53.0876 1460 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:09:53.0876 1460 Beep - ok
22:09:53.0954 1460 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:09:53.0954 1460 BFE - ok
22:09:54.0048 1460 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
22:09:54.0063 1460 BITS - ok
22:09:54.0094 1460 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
22:09:54.0094 1460 blbdrive - ok
22:09:54.0141 1460 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:09:54.0157 1460 bowser - ok
22:09:54.0188 1460 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
22:09:54.0204 1460 BrFiltLo - ok
22:09:54.0204 1460 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
22:09:54.0219 1460 BrFiltUp - ok
22:09:54.0266 1460 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:09:54.0266 1460 BridgeMP - ok
22:09:54.0313 1460 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:09:54.0313 1460 Browser - ok
22:09:54.0375 1460 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:09:54.0375 1460 Brserid - ok
22:09:54.0406 1460 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:09:54.0406 1460 BrSerWdm - ok
22:09:54.0422 1460 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:09:54.0422 1460 BrUsbMdm - ok
22:09:54.0438 1460 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:09:54.0438 1460 BrUsbSer - ok
22:09:54.0469 1460 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
22:09:54.0469 1460 BTHMODEM - ok
22:09:54.0500 1460 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:09:54.0516 1460 bthserv - ok
22:09:54.0531 1460 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:09:54.0547 1460 cdfs - ok
22:09:54.0594 1460 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:09:54.0594 1460 cdrom - ok
22:09:54.0640 1460 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:09:54.0640 1460 CertPropSvc - ok
22:09:54.0672 1460 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
22:09:54.0687 1460 circlass - ok
22:09:54.0734 1460 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:09:54.0734 1460 CLFS - ok
22:09:54.0812 1460 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:09:54.0812 1460 clr_optimization_v2.0.50727_32 - ok
22:09:54.0859 1460 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:09:54.0874 1460 clr_optimization_v2.0.50727_64 - ok
22:09:54.0952 1460 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:09:54.0952 1460 clr_optimization_v4.0.30319_32 - ok
22:09:55.0015 1460 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:09:55.0015 1460 clr_optimization_v4.0.30319_64 - ok
22:09:55.0046 1460 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
22:09:55.0046 1460 CmBatt - ok
22:09:55.0077 1460 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:09:55.0077 1460 cmdide - ok
22:09:55.0124 1460 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:09:55.0140 1460 CNG - ok
22:09:55.0155 1460 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
22:09:55.0155 1460 Compbatt - ok
22:09:55.0171 1460 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:09:55.0171 1460 CompositeBus - ok
22:09:55.0171 1460 COMSysApp - ok
22:09:55.0186 1460 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
22:09:55.0202 1460 crcdisk - ok
22:09:55.0249 1460 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:09:55.0249 1460 CryptSvc - ok
22:09:55.0327 1460 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:09:55.0342 1460 DcomLaunch - ok
22:09:55.0374 1460 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:09:55.0389 1460 defragsvc - ok
22:09:55.0420 1460 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:09:55.0420 1460 DfsC - ok
22:09:55.0467 1460 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:09:55.0467 1460 Dhcp - ok
22:09:55.0467 1460 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:09:55.0467 1460 discache - ok
22:09:55.0514 1460 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
22:09:55.0514 1460 Disk - ok
22:09:55.0545 1460 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:09:55.0561 1460 Dnscache - ok
22:09:55.0608 1460 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:09:55.0608 1460 dot3svc - ok
22:09:55.0639 1460 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:09:55.0639 1460 DPS - ok
22:09:55.0670 1460 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:09:55.0670 1460 drmkaud - ok
22:09:55.0764 1460 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:09:55.0779 1460 DXGKrnl - ok
22:09:55.0795 1460 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:09:55.0795 1460 EapHost - ok
22:09:56.0091 1460 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
22:09:56.0122 1460 ebdrv - ok
22:09:56.0247 1460 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:09:56.0247 1460 EFS - ok
22:09:56.0372 1460 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:09:56.0388 1460 ehRecvr - ok
22:09:56.0403 1460 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:09:56.0403 1460 ehSched - ok
22:09:56.0497 1460 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
22:09:56.0512 1460 elxstor - ok
22:09:56.0544 1460 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:09:56.0544 1460 ErrDev - ok
22:09:56.0606 1460 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:09:56.0622 1460 EventSystem - ok
22:09:56.0668 1460 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:09:56.0668 1460 exfat - ok
22:09:56.0684 1460 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:09:56.0684 1460 fastfat - ok
22:09:56.0746 1460 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:09:56.0762 1460 Fax - ok
22:09:56.0793 1460 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
22:09:56.0793 1460 fdc - ok
22:09:56.0824 1460 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:09:56.0824 1460 fdPHost - ok
22:09:56.0824 1460 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:09:56.0840 1460 FDResPub - ok
22:09:56.0871 1460 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:09:56.0871 1460 FileInfo - ok
22:09:56.0871 1460 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:09:56.0871 1460 Filetrace - ok
22:09:56.0902 1460 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
22:09:56.0902 1460 flpydisk - ok
22:09:56.0949 1460 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:09:56.0949 1460 FltMgr - ok
22:09:57.0043 1460 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:09:57.0058 1460 FontCache - ok
22:09:57.0121 1460 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:09:57.0121 1460 FontCache3.0.0.0 - ok
22:09:57.0168 1460 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:09:57.0168 1460 FsDepends - ok
22:09:57.0214 1460 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
22:09:57.0214 1460 fssfltr - ok
22:09:57.0433 1460 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:09:57.0448 1460 fsssvc - ok
22:09:57.0573 1460 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:09:57.0573 1460 Fs_Rec - ok
22:09:57.0620 1460 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:09:57.0636 1460 fvevol - ok
22:09:57.0667 1460 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
22:09:57.0682 1460 gagp30kx - ok
22:09:57.0792 1460 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
22:09:57.0792 1460 GamesAppService - ok
22:09:57.0885 1460 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:09:57.0885 1460 gpsvc - ok
22:09:57.0932 1460 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:09:57.0932 1460 hcw85cir - ok
22:09:57.0963 1460 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:09:57.0979 1460 HdAudAddService - ok
22:09:58.0010 1460 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:09:58.0026 1460 HDAudBus - ok
22:09:58.0041 1460 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
22:09:58.0041 1460 HidBatt - ok
22:09:58.0057 1460 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
22:09:58.0072 1460 HidBth - ok
22:09:58.0088 1460 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
22:09:58.0088 1460 HidIr - ok
22:09:58.0119 1460 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:09:58.0135 1460 hidserv - ok
22:09:58.0166 1460 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:09:58.0166 1460 HidUsb - ok
22:09:58.0213 1460 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:09:58.0213 1460 hkmsvc - ok
22:09:58.0228 1460 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:09:58.0244 1460 HomeGroupListener - ok
22:09:58.0275 1460 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:09:58.0275 1460 HomeGroupProvider - ok
22:09:58.0369 1460 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
22:09:58.0369 1460 HP Support Assistant Service - ok
22:09:58.0447 1460 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
22:09:58.0462 1460 HPClientSvc - ok
22:09:58.0525 1460 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
22:09:58.0525 1460 HPDrvMntSvc.exe - ok
22:09:58.0634 1460 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
22:09:58.0650 1460 hpqwmiex - ok
22:09:58.0774 1460 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:09:58.0790 1460 HpSAMD - ok
22:09:58.0884 1460 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:09:58.0899 1460 HTTP - ok
22:09:58.0915 1460 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:09:58.0915 1460 hwpolicy - ok
22:09:58.0962 1460 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:09:58.0962 1460 i8042prt - ok
22:09:59.0040 1460 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:09:59.0040 1460 iaStorV - ok
22:09:59.0149 1460 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:09:59.0164 1460 idsvc - ok
22:09:59.0601 1460 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:09:59.0664 1460 igfx - ok
22:09:59.0835 1460 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
22:09:59.0835 1460 iirsp - ok
22:09:59.0944 1460 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:09:59.0960 1460 IKEEXT - ok
22:10:00.0163 1460 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
22:10:00.0194 1460 IntcAzAudAddService - ok
22:10:00.0303 1460 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:10:00.0303 1460 intelide - ok
22:10:00.0334 1460 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
22:10:00.0334 1460 intelppm - ok
22:10:00.0366 1460 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:10:00.0366 1460 IPBusEnum - ok
22:10:00.0397 1460 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:10:00.0397 1460 IpFilterDriver - ok
22:10:00.0459 1460 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:10:00.0475 1460 iphlpsvc - ok
22:10:00.0490 1460 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:10:00.0506 1460 IPMIDRV - ok
22:10:00.0537 1460 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:10:00.0537 1460 IPNAT - ok
22:10:00.0553 1460 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:10:00.0553 1460 IRENUM - ok
22:10:00.0568 1460 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:10:00.0568 1460 isapnp - ok
22:10:00.0615 1460 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:10:00.0615 1460 iScsiPrt - ok
22:10:00.0646 1460 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:10:00.0646 1460 kbdclass - ok
22:10:00.0662 1460 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:10:00.0662 1460 kbdhid - ok
22:10:00.0693 1460 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:10:00.0693 1460 KeyIso - ok
22:10:00.0709 1460 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:10:00.0709 1460 KSecDD - ok
22:10:00.0740 1460 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:10:00.0740 1460 KSecPkg - ok
22:10:00.0771 1460 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:10:00.0787 1460 ksthunk - ok
22:10:00.0849 1460 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:10:00.0849 1460 KtmRm - ok
22:10:00.0912 1460 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:10:00.0927 1460 LanmanServer - ok
22:10:00.0958 1460 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:10:00.0958 1460 LanmanWorkstation - ok
22:10:01.0005 1460 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:10:01.0005 1460 lltdio - ok
22:10:01.0052 1460 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:10:01.0052 1460 lltdsvc - ok
22:10:01.0068 1460 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:10:01.0068 1460 lmhosts - ok
22:10:01.0114 1460 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
22:10:01.0114 1460 LSI_FC - ok
22:10:01.0146 1460 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
22:10:01.0146 1460 LSI_SAS - ok
22:10:01.0161 1460 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
22:10:01.0177 1460 LSI_SAS2 - ok
22:10:01.0192 1460 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
22:10:01.0192 1460 LSI_SCSI - ok
22:10:01.0239 1460 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:10:01.0239 1460 luafv - ok
22:10:01.0255 1460 lxcf_device - ok
22:10:01.0286 1460 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:10:01.0302 1460 Mcx2Svc - ok
22:10:01.0317 1460 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
22:10:01.0333 1460 megasas - ok
22:10:01.0364 1460 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
22:10:01.0380 1460 MegaSR - ok
22:10:01.0411 1460 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:10:01.0426 1460 MMCSS - ok
22:10:01.0458 1460 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:10:01.0458 1460 Modem - ok
22:10:01.0504 1460 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:10:01.0504 1460 monitor - ok
22:10:01.0536 1460 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:10:01.0536 1460 mouclass - ok
22:10:01.0567 1460 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:10:01.0567 1460 mouhid - ok
22:10:01.0614 1460 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:10:01.0614 1460 mountmgr - ok
22:10:01.0676 1460 MozillaMaintenance (750babaabb49a8a2238fa4b58ac09af8) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:10:01.0692 1460 MozillaMaintenance - ok
22:10:01.0754 1460 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:10:01.0754 1460 mpio - ok
22:10:01.0832 1460 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:10:01.0832 1460 mpsdrv - ok
22:10:01.0926 1460 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:10:01.0941 1460 MpsSvc - ok
22:10:01.0957 1460 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:10:01.0957 1460 MRxDAV - ok
22:10:01.0988 1460 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:10:02.0004 1460 mrxsmb - ok
22:10:02.0035 1460 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:10:02.0035 1460 mrxsmb10 - ok
22:10:02.0066 1460 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:10:02.0066 1460 mrxsmb20 - ok
22:10:02.0082 1460 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:10:02.0097 1460 msahci - ok
22:10:02.0128 1460 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:10:02.0128 1460 msdsm - ok
22:10:02.0175 1460 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:10:02.0175 1460 MSDTC - ok
22:10:02.0206 1460 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:10:02.0206 1460 Msfs - ok
22:10:02.0222 1460 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:10:02.0222 1460 mshidkmdf - ok
22:10:02.0253 1460 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:10:02.0253 1460 msisadrv - ok
22:10:02.0300 1460 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:10:02.0300 1460 MSiSCSI - ok
22:10:02.0316 1460 msiserver - ok
22:10:02.0347 1460 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:10:02.0347 1460 MSKSSRV - ok
22:10:02.0362 1460 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:10:02.0362 1460 MSPCLOCK - ok
22:10:02.0362 1460 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:10:02.0362 1460 MSPQM - ok
22:10:02.0409 1460 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:10:02.0409 1460 MsRPC - ok
22:10:02.0440 1460 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:10:02.0440 1460 mssmbios - ok
22:10:02.0456 1460 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:10:02.0472 1460 MSTEE - ok
22:10:02.0487 1460 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
22:10:02.0487 1460 MTConfig - ok
22:10:02.0518 1460 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:10:02.0518 1460 Mup - ok
22:10:02.0596 1460 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:10:02.0612 1460 napagent - ok
22:10:02.0659 1460 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:10:02.0659 1460 NativeWifiP - ok
22:10:02.0752 1460 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:10:02.0768 1460 NDIS - ok
22:10:02.0784 1460 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:10:02.0784 1460 NdisCap - ok
22:10:02.0799 1460 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:10:02.0815 1460 NdisTapi - ok
22:10:02.0815 1460 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:10:02.0815 1460 Ndisuio - ok
22:10:02.0846 1460 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:10:02.0846 1460 NdisWan - ok
22:10:02.0862 1460 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:10:02.0862 1460 NDProxy - ok
22:10:02.0877 1460 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:10:02.0877 1460 NetBIOS - ok
22:10:02.0908 1460 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:10:02.0908 1460 NetBT - ok
22:10:02.0955 1460 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:10:02.0955 1460 Netlogon - ok
22:10:03.0018 1460 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:10:03.0018 1460 Netman - ok
22:10:03.0096 1460 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:10:03.0096 1460 NetMsmqActivator - ok
22:10:03.0111 1460 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:10:03.0111 1460 NetPipeActivator - ok
22:10:03.0174 1460 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:10:03.0189 1460 netprofm - ok
22:10:03.0189 1460 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:10:03.0189 1460 NetTcpActivator - ok
22:10:03.0189 1460 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:10:03.0189 1460 NetTcpPortSharing - ok
22:10:03.0252 1460 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
22:10:03.0252 1460 nfrd960 - ok
22:10:03.0314 1460 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:10:03.0314 1460 NlaSvc - ok
22:10:03.0610 1460 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files

jewelianne · 2012/05/29

(x86)\Symantec\Norton Online Backup\NOBuAgent.exe
22:10:03.0626 1460 NOBU - ok
22:10:03.0813 1460 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:10:03.0813 1460 Npfs - ok
22:10:03.0829 1460 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:10:03.0844 1460 nsi - ok
22:10:03.0844 1460 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:10:03.0860 1460 nsiproxy - ok
22:10:04.0016 1460 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:10:04.0032 1460 Ntfs - ok
22:10:04.0156 1460 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:10:04.0156 1460 Null - ok
22:10:04.0203 1460 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:10:04.0203 1460 nvraid - ok
22:10:04.0234 1460 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:10:04.0234 1460 nvstor - ok
22:10:04.0281 1460 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:10:04.0281 1460 nv_agp - ok
22:10:04.0328 1460 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:10:04.0328 1460 ohci1394 - ok
22:10:04.0375 1460 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:10:04.0390 1460 p2pimsvc - ok
22:10:04.0453 1460 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:10:04.0468 1460 p2psvc - ok
22:10:04.0515 1460 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
22:10:04.0515 1460 Parport - ok
22:10:04.0546 1460 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:10:04.0546 1460 partmgr - ok
22:10:04.0593 1460 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:10:04.0593 1460 PcaSvc - ok
22:10:04.0640 1460 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:10:04.0656 1460 pci - ok
22:10:04.0671 1460 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:10:04.0671 1460 pciide - ok
22:10:04.0702 1460 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
22:10:04.0702 1460 pcmcia - ok
22:10:04.0734 1460 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:10:04.0734 1460 pcw - ok
22:10:04.0780 1460 pdfcDispatcher - ok
22:10:04.0858 1460 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:10:04.0874 1460 PEAUTH - ok
22:10:04.0936 1460 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:10:04.0936 1460 PerfHost - ok
22:10:05.0092 1460 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:10:05.0124 1460 pla - ok
22:10:05.0186 1460 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:10:05.0202 1460 PlugPlay - ok
22:10:05.0217 1460 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:10:05.0233 1460 PNRPAutoReg - ok
22:10:05.0280 1460 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:10:05.0280 1460 PNRPsvc - ok
22:10:05.0342 1460 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:10:05.0358 1460 PolicyAgent - ok
22:10:05.0389 1460 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:10:05.0389 1460 Power - ok
22:10:05.0451 1460 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:10:05.0451 1460 PptpMiniport - ok
22:10:05.0498 1460 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
22:10:05.0498 1460 Processor - ok
22:10:05.0560 1460 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:10:05.0560 1460 ProfSvc - ok
22:10:05.0592 1460 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:10:05.0592 1460 ProtectedStorage - ok
22:10:05.0623 1460 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:10:05.0623 1460 Psched - ok
22:10:05.0654 1460 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
22:10:05.0670 1460 PSI - ok
22:10:05.0810 1460 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
22:10:05.0826 1460 ql2300 - ok
22:10:05.0982 1460 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
22:10:05.0982 1460 ql40xx - ok
22:10:06.0028 1460 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:10:06.0028 1460 QWAVE - ok
22:10:06.0060 1460 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:10:06.0060 1460 QWAVEdrv - ok
22:10:06.0060 1460 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:10:06.0075 1460 RasAcd - ok
22:10:06.0091 1460 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:10:06.0091 1460 RasAgileVpn - ok
22:10:06.0122 1460 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:10:06.0122 1460 RasAuto - ok
22:10:06.0153 1460 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:10:06.0153 1460 Rasl2tp - ok
22:10:06.0200 1460 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:10:06.0216 1460 RasMan - ok
22:10:06.0231 1460 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:10:06.0231 1460 RasPppoe - ok
22:10:06.0262 1460 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:10:06.0278 1460 RasSstp - ok
22:10:06.0309 1460 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:10:06.0309 1460 rdbss - ok
22:10:06.0340 1460 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
22:10:06.0340 1460 rdpbus - ok
22:10:06.0372 1460 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:10:06.0372 1460 RDPCDD - ok
22:10:06.0387 1460 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:10:06.0387 1460 RDPENCDD - ok
22:10:06.0387 1460 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:10:06.0387 1460 RDPREFMP - ok
22:10:06.0434 1460 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:10:06.0450 1460 RDPWD - ok
22:10:06.0496 1460 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:10:06.0496 1460 rdyboost - ok
22:10:06.0543 1460 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:10:06.0543 1460 RemoteAccess - ok
22:10:06.0574 1460 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:10:06.0590 1460 RemoteRegistry - ok
22:10:06.0668 1460 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
22:10:06.0684 1460 RoxioNow Service - ok
22:10:06.0699 1460 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:10:06.0715 1460 RpcEptMapper - ok
22:10:06.0746 1460 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:10:06.0746 1460 RpcLocator - ok
22:10:06.0793 1460 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
22:10:06.0793 1460 RpcSs - ok
22:10:06.0840 1460 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:10:06.0840 1460 rspndr - ok
22:10:06.0918 1460 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:10:06.0933 1460 RTL8167 - ok
22:10:06.0964 1460 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:10:06.0964 1460 SamSs - ok
22:10:07.0011 1460 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:10:07.0011 1460 sbp2port - ok
22:10:07.0152 1460 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
22:10:07.0167 1460 SBSDWSCService - ok
22:10:07.0198 1460 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:10:07.0214 1460 SCardSvr - ok
22:10:07.0245 1460 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:10:07.0245 1460 scfilter - ok
22:10:07.0323 1460 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:10:07.0339 1460 Schedule - ok
22:10:07.0370 1460 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:10:07.0370 1460 SCPolicySvc - ok
22:10:07.0401 1460 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:10:07.0401 1460 SDRSVC - ok
22:10:07.0495 1460 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
22:10:07.0495 1460 SeaPort - ok
22:10:07.0542 1460 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:10:07.0557 1460 secdrv - ok
22:10:07.0588 1460 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:10:07.0588 1460 seclogon - ok
22:10:07.0776 1460 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
22:10:07.0791 1460 Secunia PSI Agent - ok
22:10:07.0854 1460 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files (x86)\Secunia\PSI\sua.exe
22:10:07.0854 1460 Secunia Update Agent - ok
22:10:08.0056 1460 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:10:08.0072 1460 SENS - ok
22:10:08.0088 1460 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:10:08.0088 1460 SensrSvc - ok
22:10:08.0134 1460 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
22:10:08.0134 1460 Serenum - ok
22:10:08.0150 1460 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
22:10:08.0150 1460 Serial - ok
22:10:08.0181 1460 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
22:10:08.0181 1460 sermouse - ok
22:10:08.0212 1460 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:10:08.0228 1460 SessionEnv - ok
22:10:08.0259 1460 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:10:08.0259 1460 sffdisk - ok
22:10:08.0275 1460 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:10:08.0275 1460 sffp_mmc - ok
22:10:08.0275 1460 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:10:08.0290 1460 sffp_sd - ok
22:10:08.0322 1460 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
22:10:08.0322 1460 sfloppy - ok
22:10:08.0384 1460 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:10:08.0384 1460 SharedAccess - ok
22:10:08.0446 1460 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:10:08.0446 1460 ShellHWDetection - ok
22:10:08.0478 1460 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
22:10:08.0478 1460 SiSRaid2 - ok
22:10:08.0509 1460 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
22:10:08.0509 1460 SiSRaid4 - ok
22:10:08.0540 1460 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:10:08.0540 1460 Smb - ok
22:10:08.0587 1460 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:10:08.0602 1460 SNMPTRAP - ok
22:10:08.0602 1460 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:10:08.0602 1460 spldr - ok
22:10:08.0649 1460 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:10:08.0665 1460 Spooler - ok
22:10:08.0914 1460 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:10:08.0946 1460 sppsvc - ok
22:10:09.0055 1460 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:10:09.0055 1460 sppuinotify - ok
22:10:09.0148 1460 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:10:09.0164 1460 srv - ok
22:10:09.0195 1460 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:10:09.0211 1460 srv2 - ok
22:10:09.0226 1460 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:10:09.0242 1460 srvnet - ok
22:10:09.0289 1460 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:10:09.0304 1460 SSDPSRV - ok
22:10:09.0320 1460 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:10:09.0320 1460 SstpSvc - ok
22:10:09.0351 1460 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
22:10:09.0351 1460 stexstor - ok
22:10:09.0429 1460 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:10:09.0460 1460 stisvc - ok
22:10:09.0492 1460 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:10:09.0492 1460 swenum - ok
22:10:09.0554 1460 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:10:09.0554 1460 swprv - ok
22:10:09.0772 1460 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:10:09.0788 1460 SysMain - ok
22:10:10.0006 1460 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:10:10.0022 1460 TabletInputService - ok
22:10:10.0053 1460 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:10:10.0069 1460 TapiSrv - ok
22:10:10.0084 1460 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:10:10.0084 1460 TBS - ok
22:10:10.0303 1460 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:10:10.0318 1460 Tcpip - ok
22:10:10.0615 1460 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:10:10.0630 1460 TCPIP6 - ok
22:10:10.0724 1460 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:10:10.0724 1460 tcpipreg - ok
22:10:10.0802 1460 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:10:10.0818 1460 TDPIPE - ok
22:10:10.0833 1460 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:10:10.0849 1460 TDTCP - ok
22:10:10.0864 1460 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:10:10.0880 1460 tdx - ok
22:10:10.0911 1460 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:10:10.0911 1460 TermDD - ok
22:10:11.0005 1460 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:10:11.0020 1460 TermService - ok
22:10:11.0052 1460 TfFsMon (21ac1ffd8f59b0ebfbbb2c3467e9f2cf) C:\Windows\system32\drivers\TfFsMon.sys
22:10:11.0052 1460 TfFsMon - ok
22:10:11.0067 1460 TfNetMon (b0ebe0ce99e4751cf7637a09fead7eda) C:\Windows\system32\drivers\TfNetMon.sys
22:10:11.0067 1460 TfNetMon - ok
22:10:11.0098 1460 TfSysMon (d6e991dcdd91323d979878025f0ceaea) C:\Windows\system32\drivers\TfSysMon.sys
22:10:11.0098 1460 TfSysMon - ok
22:10:11.0114 1460 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:10:11.0114 1460 Themes - ok
22:10:11.0145 1460 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:10:11.0145 1460 THREADORDER - ok
22:10:11.0176 1460 ThreatFire - ok
22:10:11.0239 1460 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:10:11.0239 1460 TrkWks - ok
22:10:11.0317 1460 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:10:11.0317 1460 TrustedInstaller - ok
22:10:11.0348 1460 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:10:11.0364 1460 tssecsrv - ok
22:10:11.0379 1460 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:10:11.0379 1460 TsUsbFlt - ok
22:10:11.0395 1460 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
22:10:11.0395 1460 TsUsbGD - ok
22:10:11.0410 1460 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:10:11.0410 1460 tunnel - ok
22:10:11.0442 1460 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
22:10:11.0442 1460 uagp35 - ok
22:10:11.0488 1460 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:10:11.0488 1460 udfs - ok
22:10:11.0520 1460 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:10:11.0520 1460 UI0Detect - ok
22:10:11.0551 1460 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:10:11.0551 1460 uliagpkx - ok
22:10:11.0582 1460 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:10:11.0582 1460 umbus - ok
22:10:11.0598 1460 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
22:10:11.0613 1460 UmPass - ok
22:10:11.0660 1460 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:10:11.0676 1460 upnphost - ok
22:10:11.0722 1460 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:10:11.0722 1460 usbccgp - ok
22:10:11.0754 1460 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:10:11.0769 1460 usbcir - ok
22:10:11.0816 1460 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:10:11.0816 1460 usbehci - ok
22:10:11.0832 1460 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\drivers\usbfilter.sys
22:10:11.0847 1460 usbfilter - ok
22:10:11.0894 1460 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:10:11.0894 1460 usbhub - ok
22:10:11.0925 1460 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
22:10:11.0925 1460 usbohci - ok
22:10:11.0956 1460 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:10:11.0956 1460 usbprint - ok
22:10:11.0988 1460 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
22:10:11.0988 1460 USBSTOR - ok
22:10:12.0003 1460 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:10:12.0003 1460 usbuhci - ok
22:10:12.0034 1460 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:10:12.0034 1460 UxSms - ok
22:10:12.0081 1460 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:10:12.0081 1460 VaultSvc - ok
22:10:12.0112 1460 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:10:12.0112 1460 vdrvroot - ok
22:10:12.0175 1460 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:10:12.0190 1460 vds - ok
22:10:12.0222 1460 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:10:12.0222 1460 vga - ok
22:10:12.0222 1460 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:10:12.0222 1460 VgaSave - ok
22:10:12.0268 1460 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:10:12.0268 1460 vhdmp - ok
22:10:12.0300 1460 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:10:12.0300 1460 viaide - ok
22:10:12.0331 1460 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:10:12.0331 1460 volmgr - ok
22:10:12.0378 1460 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:10:12.0393 1460 volmgrx - ok
22:10:12.0424 1460 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:10:12.0424 1460 volsnap - ok
22:10:12.0456 1460 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
22:10:12.0471 1460 vsmraid - ok
22:10:12.0627 1460 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:10:12.0658 1460 VSS - ok
22:10:12.0783 1460 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:10:12.0783 1460 vwifibus - ok
22:10:12.0846 1460 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:10:12.0861 1460 W32Time - ok
22:10:12.0908 1460 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
22:10:12.0908 1460 WacomPen - ok
22:10:12.0955 1460 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:10:12.0955 1460 WANARP - ok
22:10:12.0955 1460 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:10:12.0955 1460 Wanarpv6 - ok
22:10:13.0111 1460 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:10:13.0126 1460 WatAdminSvc - ok
22:10:13.0267 1460 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:10:13.0282 1460 wbengine - ok
22:10:13.0407 1460 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:10:13.0423 1460 WbioSrvc - ok
22:10:13.0470 1460 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:10:13.0485 1460 wcncsvc - ok
22:10:13.0485 1460 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:10:13.0485 1460 WcsPlugInService - ok
22:10:13.0532 1460 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
22:10:13.0532 1460 Wd - ok
22:10:13.0594 1460 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:10:13.0594 1460 Wdf01000 - ok
22:10:13.0626 1460 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:10:13.0641 1460 WdiServiceHost - ok
22:10:13.0641 1460 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:10:13.0657 1460 WdiSystemHost - ok
22:10:13.0688 1460 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:10:13.0688 1460 WebClient - ok
22:10:13.0750 1460 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:10:13.0766 1460 Wecsvc - ok
22:10:13.0797 1460 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:10:13.0797 1460 wercplsupport - ok
22:10:13.0844 1460 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:10:13.0844 1460 WerSvc - ok
22:10:13.0906 1460 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:10:13.0906 1460 WfpLwf - ok
22:10:13.0922 1460 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:10:13.0922 1460 WIMMount - ok
22:10:13.0953 1460 WinDefend - ok
22:10:13.0969 1460 WinHttpAutoProxySvc - ok
22:10:14.0031 1460 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:10:14.0031 1460 Winmgmt - ok
22:10:14.0203 1460 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:10:14.0234 1460 WinRM - ok
22:10:14.0390 1460 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:10:14.0390 1460 WinUsb - ok
22:10:14.0484 1460 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:10:14.0499 1460 Wlansvc - ok
22:10:14.0562 1460 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:10:14.0562 1460 wlcrasvc - ok
22:10:14.0811 1460 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:10:14.0858 1460 wlidsvc - ok
22:10:14.0983 1460 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:10:14.0998 1460 WmiAcpi - ok
22:10:15.0061 1460 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:10:15.0076 1460 wmiApSrv - ok
22:10:15.0108 1460 WMPNetworkSvc - ok
22:10:15.0154 1460 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:10:15.0170 1460 WPCSvc - ok
22:10:15.0170 1460 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:10:15.0186 1460 WPDBusEnum - ok
22:10:15.0217 1460 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:10:15.0217 1460 ws2ifsl - ok
22:10:15.0232 1460 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:10:15.0248 1460 wscsvc - ok
22:10:15.0248 1460 WSearch - ok
22:10:15.0420 1460 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:10:15.0466 1460 wuauserv - ok
22:10:15.0576 1460 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:10:15.0576 1460 WudfPf - ok
22:10:15.0622 1460 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:10:15.0622 1460 WUDFRd - ok
22:10:15.0669 1460 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:10:15.0685 1460 wudfsvc - ok
22:10:15.0716 1460 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:10:15.0716 1460 WwanSvc - ok
22:10:15.0763 1460 MBR (0x1B8) (640988a1d5d4b53c845f373cad16b498) \Device\Harddisk0\DR0
22:10:16.0231 1460 \Device\Harddisk0\DR0 - ok
22:10:16.0231 1460 Boot (0x1200) (afbdc58c50acc15381b97daa785221c2) \Device\Harddisk0\DR0\Partition0
22:10:16.0231 1460 \Device\Harddisk0\DR0\Partition0 - ok
22:10:16.0246 1460 Boot (0x1200) (b821962ea32a52eeef49e95b13c06636) \Device\Harddisk0\DR0\Partition1
22:10:16.0246 1460 \Device\Harddisk0\DR0\Partition1 - ok
22:10:16.0278 1460 Boot (0x1200) (d38c5036174038cb161417340551a34d) \Device\Harddisk0\DR0\Partition2
22:10:16.0278 1460 \Device\Harddisk0\DR0\Partition2 - ok
22:10:16.0278 1460 ============================================================
22:10:16.0278 1460 Scan finished
22:10:16.0278 1460 ============================================================
22:10:16.0293 5460 Detected object count: 0
22:10:16.0293 5460 Actual detected object count: 0

broni · 2012/05/29

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

jewelianne · 2012/05/30

Results from TDSS.exe NO Infections were found.

My son's account is more affected and is still misbehaving. I am doing most of the work on my account because I have the administrator rights, should I be doing these scans on his account?

broni · 2012/05/30

No.

You never said if your account works properly.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

jewelianne · 2012/05/30

I am sorry for omitting that, my pages are very sluggish and I have a few freezing issues and program not responding.
My son's home page is back to normal but his internet pages are loading as if he is the one constructing them, he can change and configure them anyway he wants on almost all the websites he goes to, even Facebook. (I did notify them and sent them a screenshot). That does not happen on my account only on his.

I will be sending the Combofix as soon as I complete it.
Thank you for your help and patience.

jewelianne · 2012/05/30

ComboFix 12-05-30.04 - Julianne 05/30/2012 19:41:11.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.3022 [GMT -4:00]
Running from: c:\users\Julianne\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-31 )))))))))))))))))))))))))))))))
.
.
2012-05-30 23:57 . 2012-05-30 23:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-30 23:57 . 2012-05-30 23:57 -------- d-----w- c:\users\Hunter\AppData\Local\temp
2012-05-30 23:57 . 2012-05-30 23:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-29 14:09 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{844A4127-1A88-41EA-89CE-B7E71D0947D8}\mpengine.dll
2012-05-24 17:39 . 2012-05-24 17:39 -------- d-----w- c:\users\Hunter\AppData\Roaming\Malwarebytes
2012-05-23 13:41 . 2012-05-23 13:41 -------- d-----w- c:\program files (x86)\Watchtower
2012-05-12 02:46 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 02:46 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 02:46 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 02:46 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 02:46 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 02:46 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 02:40 . 2012-05-12 02:40 -------- d-----w- c:\users\Hunter\AppData\Local\Adobe
2012-05-12 02:38 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 02:36 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 02:35 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 02:35 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 02:35 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 02:35 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 02:35 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 14:33 . 2012-05-08 14:33 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-08 14:33 . 2012-05-08 14:33 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-01 12:45 . 2012-05-01 12:45 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 02:23 . 2012-03-30 22:38 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-07 02:23 . 2011-10-19 13:00 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-07 02:23 . 2012-04-14 03:34 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-01 12:45 . 2012-03-31 01:30 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-01 12:45 . 2012-03-31 01:30 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2011-08-11 21:16 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 13:39 . 2012-04-02 13:39 231440 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2012-03-31 11:36 . 2010-06-24 18:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:40 . 2012-03-31 11:37 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-06 23:15 . 2011-08-11 21:04 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-08-11 21:04 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-08-11 21:04 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-08-11 21:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-08-11 21:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-02-24 11:19 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2011-08-11 21:04 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-08-11 21:04 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-08-11 21:04 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2 "= "c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2011-08-12 2433024]
"FileHippo.com "= "c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup "= "c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"NetZeroDSL "= "c:\program files (x86)\NetZero DSL\ConnectionCenter.exe" [2010-03-05 1095152]
"avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"HP Software Update "= "c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task "= "c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"ThreatFire "= "c:\program files (x86)\ThreatFire\TFTray.exe" [2010-01-14 378128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2011-2-23 323584]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 257696]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-03-28 129976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-13 1128952]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 02:23]
.
2012-05-23 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2930640421-823808672-1064729636-1000Core.job
- c:\users\Julianne\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-31 12:34]
.
2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2930640421-823808672-1064729636-1000UA.job
- c:\users\Julianne\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-31 12:34]
.
2012-05-28 c:\windows\Tasks\HPCeeScheduleForJulianne.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"LXCFCATS "= "c:\windows\system32\spool\DRIVERS\x64\3\LXCFtime.dll" [2005-07-20 29184]
"fssui "= "c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2012-03-08 884584]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Julianne\AppData\Roaming\Mozilla\Firefox\Profiles\f8aujxuc.default\
FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
FF - prefs.js: browser.startup.homepage - hxxp://www.goodskins.com/flying_hearts/
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath "= "c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService "
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath "=" "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.11 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\ThreatFire\TFService.exe
c:\program files (x86)\ThreatFire\TFUN.exe
.
**************************************************************************
.
Completion time: 2012-05-30 20:10:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-31 00:10
.
Pre-Run: 437,348,048,896 bytes free
Post-Run: 437,149,335,552 bytes free
.
- - End Of File - - FFAD74228B5A935C1D15B94955986F71

broni · 2012/05/30

I don't see anything malicious there.

What exactly is slow?

jewelianne · 2012/05/30

There is a lag time before a page will load, when I open my browser page it sits there like it is thinking about it and then when it opens I get a white screen for about 2-3 seconds sometimes a little longer and then it will be black as it begins to slowly load little bits of my page until it is all there.
But if nothing malicious is here, great. I may need to find out why these other things are going on in another area.

broni · 2012/05/30

Which browser?

jewelianne · 2012/05/31

I had used Mozilla but searches don't work properly on it so now I use Google Chrome which also as I mentioned has some issues.

On the Mozilla this is what comes up when I search

Google
Sorry...
We're sorry...

... but your computer or network may be sending automated queries. To protect our users, we can't process your request right now.
See Google Help for more information.

Then after this pops up on my search page my HP Recovery page recommends me to go back to a previous recovery point. Sorry I did not copy that.

broni · 2012/05/31

I suggest you reinstall both browsers.

As for Firefox use this procedure to uninstall it: http://kb.mozillazine.org/Uninstalling_Firefox
Then install fresh copy.

Log in or Sign up

Inactive Computer sluggish, pages deconstructing

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Computer sluggish, pages deconstructing

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches