Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Sirefef Rtk AGAIN!


  • Please log in to reply

#46
3mateo

3mateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Kinner-
Been out of town, apologies for the delay.
LAPTOP: I finally got the laptop (Windows 7) to run the Update Checker. I did all the upgrades/dates & SpeedyFox on it.
It still seems slow, but i thinks that's due to its size and it's using Firefox w/ NoScripts (NS is somewhat inconvenient, but worth it.)

My COMP: SitRep: Has been running very well save the afore mentioned inconvenience of NoScrips.
I still have a few programs from the virus removal that I don't know enuf to use on my own: VEW, FunBar, Avenger, GParted, EZ_Sirefix, ESETSirefefRemover, aswMBR, ServicesRepair, TDSskiller (all many logs).
Should I save any of these, and if so, when would I reuse them?
Any last steps to take?

Thanks for everything!!
=M
  • 0

Advertisements


#47
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
You don't need to save any of them: So here is the XP cleanup routine:

We need to clean up System Restore.

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.


For your Win 7. Let's look at Process Explorer and see if there is a reason it is slow:

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.
Wait a minute for things to settle down. (they will still move around)
File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Also let's look at the error logs:


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#48
3mateo

3mateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Ron-
Thanks, I think we're all done for now w/ virus removal.
For LAPTOP, here are the logs, tho I MIGHT have run the VEW with *Error & *Information (instead of Error & WARNING); I re-ran and posted both as labelled, then ran VEW APPLICATION. Due to the potential confustion, I'll paste those first then the other info & Logs.
Thanks again.
-M




########### VEW SYSTEM RUN 1 (maybe miss-marked #####

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 01/10/2012 5:15:52 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/10/2012 11:29:53 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Log: 'System' Date/Time: 01/10/2012 9:36:57 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Log: 'System' Date/Time: 01/10/2012 9:36:56 PM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Windows Search service terminated with service-specific error %%-1073473535.

Log: 'System' Date/Time: 01/10/2012 9:35:57 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/10/2012 12:15:13 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Multimedia Class Scheduler service entered the running state.

Log: 'System' Date/Time: 02/10/2012 12:14:05 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.

Log: 'System' Date/Time: 02/10/2012 12:13:52 AM
Type: Information Category: 0
Event: 206 Source: Microsoft-Windows-Application-Experience
The Program Compatibility Assistant service successfully performed phase two initialization.

Log: 'System' Date/Time: 02/10/2012 12:13:49 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Application Experience service entered the running state.

Log: 'System' Date/Time: 02/10/2012 12:00:00 AM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Diagnostic System Host service entered the stopped state.

Log: 'System' Date/Time: 01/10/2012 11:56:31 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.

Log: 'System' Date/Time: 01/10/2012 11:56:11 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Windows Modules Installer service entered the stopped state.

Log: 'System' Date/Time: 01/10/2012 11:56:11 PM
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Windows Modules Installer service was changed from auto start to demand start.

Log: 'System' Date/Time: 01/10/2012 11:56:10 PM
Type: Information Category: 0
Event: 7040 Source: Service Control Manager
The start type of the Windows Modules Installer service was changed from demand start to auto start.

Log: 'System' Date/Time: 01/10/2012 11:48:37 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Program Compatibility Assistant Service service entered the running state.

Log: 'System' Date/Time: 01/10/2012 11:48:37 PM
Type: Information Category: 0
Event: 201 Source: Microsoft-Windows-Application-Experience
The Program Compatibility Assistant service started successfully.

Log: 'System' Date/Time: 01/10/2012 11:46:09 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Application Experience service entered the stopped state.

Log: 'System' Date/Time: 01/10/2012 11:36:09 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Application Experience service entered the running state.

Log: 'System' Date/Time: 01/10/2012 11:32:03 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Windows Error Reporting Service service entered the stopped state.

Log: 'System' Date/Time: 01/10/2012 11:31:14 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Problem Reports and Solutions Control Panel Support service entered the stopped state.

Log: 'System' Date/Time: 01/10/2012 11:30:47 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Software Protection service entered the stopped state.

Log: 'System' Date/Time: 01/10/2012 11:30:43 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Computer Browser service entered the stopped state.

Log: 'System' Date/Time: 01/10/2012 11:30:37 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Computer Browser service entered the running state.

Log: 'System' Date/Time: 01/10/2012 11:30:33 PM
Type: Information Category: 7005
Event: 20003 Source: Microsoft-Windows-UserPnp
Driver Management has concluded the process to add Service tunnel for Device Instance ID ROOT\*ISATAP\0001 with the following status: 0.

Log: 'System' Date/Time: 01/10/2012 11:30:25 PM
Type: Information Category: 0
Event: 7036 Source: Service Control Manager
The Problem Reports and Solutions Control Panel Support service entered the running state.



############# VEW SYSTEM RUN 2 (should be correct??) ########

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 01/10/2012 5:20:46 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/10/2012 11:29:53 PM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Log: 'System' Date/Time: 01/10/2012 9:36:57 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Log: 'System' Date/Time: 01/10/2012 9:36:56 PM
Type: Error Category: 0
Event: 7024 Source: Service Control Manager
The Windows Search service terminated with service-specific error %%-1073473535.

Log: 'System' Date/Time: 01/10/2012 9:35:57 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/10/2012 11:30:02 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 01/10/2012 9:35:53 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 01/10/2012 9:35:37 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 01/10/2012 9:35:03 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 01/10/2012 9:35:02 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv.dll



############ VEW APPLICATION ###########################33


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 01/10/2012 5:30:14 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/10/2012 11:29:57 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledSPRetry 6466865

Log: 'Application' Date/Time: 01/10/2012 11:29:57 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: m->NextScheduledEvent 6466865

Log: 'Application' Date/Time: 01/10/2012 11:29:57 PM
Type: Error Category: 0
Event: 100 Source: Bonjour Service
Task Scheduling Error: Continuously busy for more than a second

Log: 'Application' Date/Time: 01/10/2012 9:36:47 PM
Type: Error Category: 3
Event: 7010 Source: Microsoft-Windows-Search
The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


Log: 'Application' Date/Time: 01/10/2012 9:36:47 PM
Type: Error Category: 3
Event: 3058 Source: Microsoft-Windows-Search
The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


Log: 'Application' Date/Time: 01/10/2012 9:36:47 PM
Type: Error Category: 3
Event: 3028 Source: Microsoft-Windows-Search
The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


Log: 'Application' Date/Time: 01/10/2012 9:36:47 PM
Type: Error Category: 3
Event: 3029 Source: Microsoft-Windows-Search
The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)


Log: 'Application' Date/Time: 01/10/2012 9:36:45 PM
Type: Error Category: 3
Event: 3029 Source: Microsoft-Windows-Search
The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


Log: 'Application' Date/Time: 01/10/2012 9:36:45 PM
Type: Error Category: 1
Event: 9002 Source: Microsoft-Windows-Search
The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)


Log: 'Application' Date/Time: 01/10/2012 9:36:45 PM
Type: Error Category: 3
Event: 7042 Source: Microsoft-Windows-Search
The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


Log: 'Application' Date/Time: 01/10/2012 9:36:45 PM
Type: Error Category: 3
Event: 7040 Source: Microsoft-Windows-Search
The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


Log: 'Application' Date/Time: 01/10/2012 9:36:45 PM
Type: Error Category: 3
Event: 9000 Source: Microsoft-Windows-Search
The event description cannot be found.

Log: 'Application' Date/Time: 01/10/2012 9:36:44 PM
Type: Error Category: 3
Event: 455 Source: ESENT
Windows (4000) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00031.log.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/10/2012 9:37:27 PM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Index Corruption}.




############ PROCEXP LOG: ################
Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 59.69 0 K 24 K
procexp(1).exe 3132 30.52 22,188 K 36,692 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
csrss.exe 512 1.96 9,152 K 7,836 K (Unable to verify) (null)
Interrupts n/a 1.82 0 K 0 K Hardware Interrupts and DPCs
System 4 1.64 60 K 2,028 K
SynTPEnh.exe 3152 1.39 9,280 K 4,796 K Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 4576 1.05 32,908 K 14,052 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1400 1.02 13,008 K 8,804 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 620 0.21 3,228 K 4,112 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 816 0.11 3,668 K 4,468 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 2680 0.11 32,784 K 40,676 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 4736 0.08 1,140 K 4,012 K COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
AvastSvc.exe 1472 0.07 22,144 K 6,872 K avast! Service AVAST Software (Verified) AVAST Software
services.exe 604 0.06 4,520 K 4,208 K (Unable to verify) (null)
AvastUI.exe 3420 0.05 8,516 K 12,896 K avast! Antivirus AVAST Software (Verified) AVAST Software
SUPERAntiSpyware.exe 4040 0.04 320,096 K 756 K SUPERAntiSpyware Application SUPERAntiSpyware.com (Verified) SuperAdBlocker.com
iPodService.exe 2716 0.03 1,700 K 2,280 K iPodService Module (32-bit) Apple Inc. (Verified) Apple Inc.
javaw.exe 3556 0.03 79,372 K 22,628 K Java™ Platform SE binary Sun Microsystems, Inc. (Unable to verify) Sun Microsystems, Inc.
lsm.exe 628 0.03 1,324 K 1,732 K (Unable to verify) (null)
svchost.exe 720 0.02 3,292 K 3,936 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AppleMobileDeviceService.exe 1836 0.02 2,516 K 3,500 K MobileDeviceService Apple Inc. (Verified) Apple Inc.
SASCore.exe 1756 0.01 1,028 K 812 K (Unable to verify) (null)
SearchIndexer.exe 3804 0.01 23,028 K 14,576 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1292 0.01 6,372 K 8,208 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 992 < 0.01 18,376 K 19,556 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 3284 < 0.01 5,332 K 6,488 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
stacsv.exe 1024 < 0.01 11,576 K 3,516 K IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
csrss.exe 444 < 0.01 1,508 K 1,744 K (Unable to verify) (null)
DVMExportService.exe 1932 < 0.01 956 K 1,956 K Windows Metadata Export Service DeviceVM, Inc. (Unable to verify) DeviceVM, Inc.
iTunesHelper.exe 3652 < 0.01 3,012 K 3,224 K iTunesHelper Apple Inc. (Verified) Apple Inc.
WmiPrvSE.exe 1148 < 0.01 2,392 K 3,632 K (Unable to verify) (null)
wlanext.exe 1480 1,212 K 1,696 K (Unable to verify) (null)
winlogon.exe 548 1,720 K 2,156 K (Unable to verify) (null)
wininit.exe 504 928 K 600 K (Unable to verify) (null)
taskhost.exe 2128 2,296 K 2,028 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 3980 604 K 608 K (Unable to verify) (null)
svchost.exe 956 27,568 K 28,548 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 888 14,924 K 10,900 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2024 1,348 K 2,416 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1644 8,420 K 7,476 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3680 4,484 K 4,832 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
sttray.exe 3228 5,632 K 3,200 K IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
spoolsv.exe 1596 5,040 K 4,248 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 340 260 K 280 K (Unable to verify) (null)
QuickSync.exe 3276 13,008 K 10,892 K QuickSync Hewlett-Packard (Verified) DATA TRANSFER OF NEVADA, LLC
QLBCtrl.exe 3304 4,428 K 3,696 K Quick Launch Buttons Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
mDNSResponder.exe 1884 1,720 K 2,608 K Bonjour Service Apple Inc. (Verified) Apple Inc.
jusched.exe 3616 856 K 1,088 K Java™ Update Scheduler Sun Microsystems, Inc. (Verified) Oracle America, Inc.
igfxtray.exe 3052 1,212 K 1,636 K igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 3140 1,568 K 2,496 K igfxsrvc Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 3068 1,116 K 1,872 K persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
IAANTmon.exe 436 1,728 K 2,120 K RAID Monitor Intel Corporation (Verified) Intel Corporation
IAAnotif.exe 3160 1,772 K 1,956 K Event Monitor User Notification Tool Intel Corporation (Verified) Intel Corporation
hpwuschd2.exe 3340 668 K 844 K hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
HPWAMain.exe 3404 17,852 K 10,796 K HP Wireless Assistant Main Program Hewlett-Packard (Verified) Hewlett-Packard Company
HPSA_Service.exe 4160 12,732 K 5,812 K HP Support Assistant Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
hpqWmiEx.exe 2316 1,392 K 2,924 K hpqwmiex Module Hewlett-Packard Company (Verified) Hewlett-Packard Company
HpqToaster.exe 1204 3,920 K 2,732 K HpqToaster Module (Verified) Hewlett-Packard Company
HPDrvMntSvc.exe 1964 664 K 592 K HP Quick Synchronization Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
hpCaslNotification.exe 1096 14,576 K 4,020 K hpCaslNotification Hewlett-Packard Development Company L.P. (Verified) Hewlett-Packard Company
hkcmd.exe 3060 1,320 K 1,620 K hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
firefox.exe 6132 68,956 K 90,820 K Firefox Mozilla Corporation (Verified) Mozilla Corporation
dwm.exe 2448 1,020 K 2,020 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 1488 500 K 408 K (Unable to verify) (null)
Com4QLBEx.exe 3648 916 K 1,300 K Com for QLB application Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
armsvc.exe 1780 824 K 676 K Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems, Incorporated
AEstSrv.exe 1804 472 K 356 K Andrea filters APO access service (32-bit) Andrea Electronics Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher



SFC Scannow command: "WINDOWS RESOURCE PROTECTION did not find any integrity violations."
  • 0

#49
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Most obvious problem with the laptop is Windows Search. I would just turn it off since it's not working right and you don't need it.

Right click on Computer and select manage then Services and Applications then Services. Find Windows Search and right click and select Properties. Change the Startup Type to Disabled. Apply. Stop the service if it is running. OK.

Also find the Shell Hardware Detection service and do the same thing to it.

If you find the Bonjour Service do the same thing to it. You might also just uninstall it.

Process Explorer says csrss.exe is not verified and has no maker. It should normally be from Microsoft and it is usually verified so this is not good.
The same thing is wrong with services.exe.

I think we had better run a few scans on this one.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

If it doesn't do it for you:
Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron
  • 0

#50
3mateo

3mateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Ron-
I think i did all steps, with all logs below.
Command Prompt found nothing, 2nd TDSSKiller found one risk, not TDSS.
Also, the OTL seemed to freeze up a while, and it left a bunch of lines in the box when done, i pasted those lines below after the OTL Logs.
Thanks!
_M



############# aswMBR Log #############################


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-02 18:18:06
-----------------------------
18:18:06.256 OS Version: Windows 6.1.7601 Service Pack 1
18:18:06.256 Number of processors: 2 586 0x1C0A
18:18:06.256 ComputerName: MARIA-PC UserName: maria
18:18:10.125 Initialize success
18:18:12.137 AVAST engine defs: 12100200
18:18:24.664 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:18:24.680 Disk 0 Vendor: Hitachi_ PBBO Size: 152627MB BusType: 3
18:18:24.727 Disk 0 MBR read successfully
18:18:24.727 Disk 0 MBR scan
18:18:24.742 Disk 0 unknown MBR code
18:18:24.774 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:18:24.820 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 140476 MB offset 409600
18:18:24.852 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11848 MB offset 288104448
18:18:24.883 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 312369152
18:18:24.930 Disk 0 scanning sectors +312579760
18:18:25.008 Disk 0 scanning C:\Windows\system32\drivers
18:18:49.508 Service scanning
18:19:24.903 Modules scanning
18:19:45.794 AVAST engine scan C:\Windows
18:19:48.712 AVAST engine scan C:\Windows\system32
18:23:06.712 AVAST engine scan C:\Windows\system32\drivers
18:23:22.548 AVAST engine scan C:\Users\maria
18:26:37.481 AVAST engine scan C:\ProgramData
18:26:45.298 Disk 0 MBR has been saved successfully to "C:\Users\maria\Desktop\MBR.dat"
18:26:45.329 The log file has been saved successfully to "C:\Users\maria\Desktop\1 aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-02 18:18:06
-----------------------------
18:18:06.256 OS Version: Windows 6.1.7601 Service Pack 1
18:18:06.256 Number of processors: 2 586 0x1C0A
18:18:06.256 ComputerName: MARIA-PC UserName: maria
18:18:10.125 Initialize success
18:18:12.137 AVAST engine defs: 12100200
18:18:24.664 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:18:24.680 Disk 0 Vendor: Hitachi_ PBBO Size: 152627MB BusType: 3
18:18:24.727 Disk 0 MBR read successfully
18:18:24.727 Disk 0 MBR scan
18:18:24.742 Disk 0 unknown MBR code
18:18:24.774 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:18:24.820 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 140476 MB offset 409600
18:18:24.852 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11848 MB offset 288104448
18:18:24.883 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 312369152
18:18:24.930 Disk 0 scanning sectors +312579760
18:18:25.008 Disk 0 scanning C:\Windows\system32\drivers
18:18:49.508 Service scanning
18:19:24.903 Modules scanning
18:19:45.794 AVAST engine scan C:\Windows
18:19:48.712 AVAST engine scan C:\Windows\system32
18:23:06.712 AVAST engine scan C:\Windows\system32\drivers
18:23:22.548 AVAST engine scan C:\Users\maria
18:26:37.481 AVAST engine scan C:\ProgramData
18:26:45.298 Disk 0 MBR has been saved successfully to "C:\Users\maria\Desktop\MBR.dat"
18:26:45.329 The log file has been saved successfully to "C:\Users\maria\Desktop\1 aswMBR.txt"
18:28:02.818 Scan finished successfully
18:30:35.788 Disk 0 MBR has been saved successfully to "C:\Users\maria\Desktop\MBR.dat"
18:30:35.804 The log file has been saved successfully to "C:\Users\maria\Desktop\1 aswMBR.txt"





############# COMBOFix Log #############

ComboFix 12-10-02.02 - maria 02/10/2012 18:55:07.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.987.289 [GMT -7:00]
Running from: c:\users\maria\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-03 to 2012-10-03 )))))))))))))))))))))))))))))))
.
.
2012-10-03 02:18 . 2012-10-03 02:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-03 01:44 . 2012-09-08 00:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-03 01:44 . 2012-10-03 01:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-02 14:26 . 2012-10-02 14:26 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0769E16D-BBA8-4D6D-AC90-5B0D3D730D47}\offreg.dll
2012-10-02 14:23 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0769E16D-BBA8-4D6D-AC90-5B0D3D730D47}\mpengine.dll
2012-09-26 01:45 . 2012-09-26 01:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-26 01:16 . 2012-09-26 01:16 -------- d-----w- c:\program files\iPod
2012-09-26 01:16 . 2012-09-26 01:17 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-26 01:16 . 2012-09-26 01:17 -------- d-----w- c:\program files\iTunes
2012-09-25 23:42 . 2012-09-25 23:42 -------- d-----w- c:\users\maria\AppData\Roaming\CrystalIdea Software
2012-09-25 23:36 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-09-25 23:36 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-25 23:36 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-25 23:36 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-25 23:35 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-09-25 23:35 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-09-25 03:15 . 2012-09-25 03:15 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-25 03:15 . 2012-09-25 03:15 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-25 02:29 . 2012-09-25 02:30 -------- d-----w- c:\program files\Common Files\Adobe
2012-09-25 01:55 . 2012-09-25 01:55 -------- d-----w- c:\program files\Common Files\Java
2012-09-25 01:54 . 2012-09-25 01:54 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-25 01:14 . 2012-09-25 01:14 -------- d-----w- c:\program files\FileHippo.com
2012-09-25 00:41 . 2012-09-25 00:41 -------- d-----w- c:\users\maria\AppData\Local\Mozilla
2012-09-25 00:40 . 2012-09-25 00:40 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-09 21:52 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-09 21:52 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-09-09 21:47 . 2012-09-09 21:47 -------- d-----w- c:\program files\Apple Software Update
2012-09-09 21:45 . 2012-09-09 21:45 -------- d-----w- c:\program files\Bonjour
2012-09-07 03:08 . 2012-09-07 03:11 -------- d-----w- c:\program files\VS Revo Group
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-25 01:54 . 2012-08-08 22:46 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-25 01:54 . 2012-08-08 22:46 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 09:13 . 2012-09-02 21:38 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-09-02 21:38 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-09-02 21:38 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-09-02 21:38 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-09-02 21:38 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-09-02 21:38 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-09-02 21:37 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-09-02 21:37 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-08 22:13 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-08-08 21:10 . 2012-08-08 21:10 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-08-08 21:10 . 2012-08-08 21:10 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-08-08 21:10 . 2012-08-08 21:10 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-08-08 21:10 . 2012-08-08 21:10 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-08-08 21:10 . 2012-08-08 21:10 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-08-08 21:10 . 2012-08-08 21:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-08-08 21:10 . 2012-08-08 21:10 367104 ----a-w- c:\windows\system32\html.iec
2012-08-08 21:10 . 2012-08-08 21:10 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-08-08 21:10 . 2012-08-08 21:10 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-08 21:10 . 2012-08-08 21:10 161792 ----a-w- c:\windows\system32\msls31.dll
2012-08-08 21:10 . 2012-08-08 21:10 152064 ----a-w- c:\windows\system32\wextract.exe
2012-08-08 21:10 . 2012-08-08 21:10 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-08-08 21:10 . 2012-08-08 21:10 11776 ----a-w- c:\windows\system32\mshta.exe
2012-08-08 21:10 . 2012-08-08 21:10 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-08-08 21:10 . 2012-08-08 21:10 101888 ----a-w- c:\windows\system32\admparse.dll
2012-09-06 01:27 . 2012-09-25 00:40 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2009-10-29 01:18 661504 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Simplify Media"="c:\program files\Hp\HP MediaStream\HPMediaStream.exe" [2009-10-23 21498376]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 4780928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-16 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-16 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-16 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-09-26 1721640]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-10-12 495708]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...90&ver=9.0.872" [?]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-08 766536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 06:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 16:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-09-06 20:05 4780928 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZumoDrive]
2010-01-28 01:18 2038 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk
.
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 Sockblkd;Sockblkd;c:\program files\Extegrity\Exam4\Sockblkd.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 DVMIO;DVMIO;c:\splash.sys\config\dvmio.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\aestsrv.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\splash.sys\config\DVMExportService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 90522642
*NewlyCreated* - ASWMBR
*Deregistered* - 90522642
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-01 c:\windows\Tasks\HPCeeScheduleFormaria.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <-loopback>;;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:8888;https=127.0.0.1:8888;
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
FF - ProfilePath - c:\users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\7umj6700.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
AddRemove-{DF802C05-4660-418c-970C-B988ADB1D316} - c:\program files\MSN\Toolbar\3.0.0566.0\OEMSetup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0b\05\04\121\1e?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4860)
c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
Completion time: 2012-10-02 19:24:55
ComboFix-quarantined-files.txt 2012-10-03 02:24
.
Pre-Run: 98,670,215,168 bytes free
Post-Run: 98,440,790,016 bytes free
.
- - End Of File - - EFE69F337B4946501E298DE99E629771




############# TDSSKiller Log #############

12:48:03.0900 1976 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
12:48:04.0696 1976 ============================================================
12:48:04.0696 1976 Current date / time: 2012/10/03 12:48:04.0696
12:48:04.0696 1976 SystemInfo:
12:48:04.0696 1976
12:48:04.0696 1976 OS Version: 6.1.7601 ServicePack: 1.0
12:48:04.0696 1976 Product type: Workstation
12:48:04.0696 1976 ComputerName: MARIA-PC
12:48:04.0696 1976 UserName: maria
12:48:04.0696 1976 Windows directory: C:\Windows
12:48:04.0696 1976 System windows directory: C:\Windows
12:48:04.0696 1976 Processor architecture: Intel x86
12:48:04.0696 1976 Number of processors: 2
12:48:04.0696 1976 Page size: 0x1000
12:48:04.0696 1976 Boot type: Normal boot
12:48:04.0696 1976 ============================================================
12:48:05.0538 1976 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:48:05.0538 1976 ============================================================
12:48:05.0538 1976 \Device\Harddisk0\DR0:
12:48:05.0538 1976 MBR partitions:
12:48:05.0538 1976 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
12:48:05.0538 1976 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1125E000
12:48:05.0538 1976 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x112C2000, BlocksNum 0x1724000
12:48:05.0538 1976 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x129E6000, BlocksNum 0x336B0
12:48:05.0538 1976 ============================================================
12:48:05.0570 1976 C: <-> \Device\Harddisk0\DR0\Partition2
12:48:05.0632 1976 D: <-> \Device\Harddisk0\DR0\Partition3
12:48:05.0648 1976 E: <-> \Device\Harddisk0\DR0\Partition4
12:48:05.0648 1976 ============================================================
12:48:05.0648 1976 Initialize success
12:48:05.0648 1976 ============================================================
12:48:47.0019 2624 ============================================================
12:48:47.0019 2624 Scan started
12:48:47.0019 2624 Mode: Manual; SigCheck; TDLFS;
12:48:47.0019 2624 ============================================================
12:48:47.0175 2624 ================ Scan system memory ========================
12:48:47.0175 2624 System memory - ok
12:48:47.0175 2624 ================ Scan services =============================
12:48:47.0300 2624 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:48:47.0518 2624 !SASCORE - ok
12:48:47.0705 2624 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:48:47.0892 2624 1394ohci - ok
12:48:47.0955 2624 [ 769DB4F484957CC98153B3C1B5D1162F ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
12:48:48.0017 2624 ACDaemon - ok
12:48:48.0080 2624 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:48:48.0126 2624 ACPI - ok
12:48:48.0158 2624 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:48:48.0282 2624 AcpiPmi - ok
12:48:48.0376 2624 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:48:48.0407 2624 AdobeARMservice - ok
12:48:48.0470 2624 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:48:48.0516 2624 adp94xx - ok
12:48:48.0563 2624 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:48:48.0610 2624 adpahci - ok
12:48:48.0641 2624 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:48:48.0688 2624 adpu320 - ok
12:48:48.0735 2624 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:48:48.0875 2624 AeLookupSvc - ok
12:48:49.0000 2624 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\aestsrv.exe
12:48:49.0109 2624 AESTFilters - ok
12:48:49.0187 2624 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
12:48:49.0343 2624 AFD - ok
12:48:49.0390 2624 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
12:48:49.0421 2624 agp440 - ok
12:48:49.0499 2624 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
12:48:49.0530 2624 aic78xx - ok
12:48:49.0577 2624 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
12:48:49.0686 2624 ALG - ok
12:48:49.0718 2624 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
12:48:49.0749 2624 aliide - ok
12:48:49.0796 2624 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:48:49.0827 2624 amdagp - ok
12:48:49.0858 2624 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
12:48:49.0889 2624 amdide - ok
12:48:49.0967 2624 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:48:50.0045 2624 AmdK8 - ok
12:48:50.0076 2624 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:48:50.0154 2624 AmdPPM - ok
12:48:50.0201 2624 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:48:50.0248 2624 amdsata - ok
12:48:50.0279 2624 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:48:50.0326 2624 amdsbs - ok
12:48:50.0342 2624 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:48:50.0388 2624 amdxata - ok
12:48:50.0420 2624 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
12:48:50.0576 2624 AppID - ok
12:48:50.0622 2624 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:48:50.0747 2624 AppIDSvc - ok
12:48:50.0778 2624 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
12:48:50.0856 2624 Appinfo - ok
12:48:50.0950 2624 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:48:50.0997 2624 Apple Mobile Device - ok
12:48:51.0044 2624 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:48:51.0075 2624 arc - ok
12:48:51.0106 2624 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:48:51.0137 2624 arcsas - ok
12:48:51.0200 2624 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
12:48:51.0231 2624 aswFsBlk - ok
12:48:51.0293 2624 [ F76E51561562AC4105DBBE53FC99BC10 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
12:48:51.0340 2624 aswMonFlt - ok
12:48:51.0371 2624 [ 924819669AFD0EDF5C067193D371FAB0 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
12:48:51.0402 2624 aswRdr - ok
12:48:51.0449 2624 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
12:48:51.0512 2624 aswSnx - ok
12:48:51.0543 2624 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\Windows\system32\drivers\aswSP.sys
12:48:51.0590 2624 aswSP - ok
12:48:51.0605 2624 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
12:48:51.0636 2624 aswTdi - ok
12:48:51.0683 2624 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:48:51.0839 2624 AsyncMac - ok
12:48:51.0886 2624 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
12:48:51.0917 2624 atapi - ok
12:48:51.0980 2624 [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr C:\Windows\system32\DRIVERS\athr.sys
12:48:52.0151 2624 athr - ok
12:48:52.0229 2624 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:48:52.0354 2624 AudioEndpointBuilder - ok
12:48:52.0370 2624 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:48:52.0463 2624 Audiosrv - ok
12:48:52.0541 2624 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:48:52.0572 2624 avast! Antivirus - ok
12:48:52.0635 2624 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:48:52.0760 2624 AxInstSV - ok
12:48:52.0806 2624 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
12:48:52.0931 2624 b06bdrv - ok
12:48:52.0978 2624 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:48:53.0025 2624 b57nd60x - ok
12:48:53.0196 2624 [ 36A47E6AB1F0967C97722183E21ADB1A ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
12:48:53.0337 2624 BCM43XX - ok
12:48:53.0368 2624 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
12:48:53.0508 2624 BDESVC - ok
12:48:53.0555 2624 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
12:48:53.0649 2624 Beep - ok
12:48:53.0711 2624 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
12:48:53.0820 2624 BFE - ok
12:48:53.0883 2624 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
12:48:53.0992 2624 BITS - ok
12:48:54.0023 2624 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:48:54.0070 2624 blbdrive - ok
12:48:54.0179 2624 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:48:54.0242 2624 Bonjour Service - ok
12:48:54.0304 2624 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:48:54.0351 2624 bowser - ok
12:48:54.0398 2624 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:48:54.0460 2624 BrFiltLo - ok
12:48:54.0491 2624 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:48:54.0554 2624 BrFiltUp - ok
12:48:54.0585 2624 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:48:54.0678 2624 BridgeMP - ok
12:48:54.0741 2624 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
12:48:54.0834 2624 Browser - ok
12:48:54.0881 2624 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:48:54.0975 2624 Brserid - ok
12:48:55.0006 2624 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:48:55.0068 2624 BrSerWdm - ok
12:48:55.0115 2624 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:48:55.0162 2624 BrUsbMdm - ok
12:48:55.0193 2624 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:48:55.0271 2624 BrUsbSer - ok
12:48:55.0302 2624 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:48:55.0349 2624 BTHMODEM - ok
12:48:55.0396 2624 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
12:48:55.0490 2624 bthserv - ok
12:48:55.0599 2624 catchme - ok
12:48:55.0646 2624 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:48:55.0770 2624 cdfs - ok
12:48:55.0833 2624 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
12:48:55.0895 2624 cdrom - ok
12:48:55.0958 2624 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
12:48:56.0051 2624 CertPropSvc - ok
12:48:56.0082 2624 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:48:56.0114 2624 circlass - ok
12:48:56.0160 2624 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
12:48:56.0207 2624 CLFS - ok
12:48:56.0301 2624 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:48:56.0348 2624 clr_optimization_v2.0.50727_32 - ok
12:48:56.0379 2624 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:48:56.0441 2624 CmBatt - ok
12:48:56.0472 2624 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:48:56.0504 2624 cmdide - ok
12:48:56.0535 2624 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
12:48:56.0628 2624 CNG - ok
12:48:56.0738 2624 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
12:48:56.0784 2624 Com4QLBEx - ok
12:48:56.0831 2624 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:48:56.0878 2624 Compbatt - ok
12:48:56.0925 2624 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:48:56.0987 2624 CompositeBus - ok
12:48:57.0018 2624 COMSysApp - ok
12:48:57.0065 2624 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:48:57.0096 2624 crcdisk - ok
12:48:57.0159 2624 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:48:57.0252 2624 CryptSvc - ok
12:48:57.0315 2624 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
12:48:57.0440 2624 DcomLaunch - ok
12:48:57.0486 2624 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
12:48:57.0642 2624 defragsvc - ok
12:48:57.0705 2624 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:48:57.0814 2624 DfsC - ok
12:48:57.0892 2624 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:48:57.0986 2624 Dhcp - ok
12:48:58.0017 2624 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
12:48:58.0110 2624 discache - ok
12:48:58.0188 2624 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:48:58.0220 2624 Disk - ok
12:48:58.0282 2624 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:48:58.0360 2624 Dnscache - ok
12:48:58.0407 2624 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
12:48:58.0500 2624 dot3svc - ok
12:48:58.0532 2624 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
12:48:58.0656 2624 DPS - ok
12:48:58.0703 2624 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:48:58.0750 2624 drmkaud - ok
12:48:58.0828 2624 [ 8CF55015B2A443EE869C90CAB31FD435 ] DVMIO C:\SPLASH.SYS\config\dvmio.sys
12:48:58.0875 2624 DVMIO - ok
12:48:58.0968 2624 [ 577582D57D90FB64276ACFEE958DBFD3 ] DvmMDES C:\SPLASH.SYS\config\DVMExportService.exe
12:48:59.0000 2624 DvmMDES ( UnsignedFile.Multi.Generic ) - warning
12:48:59.0000 2624 DvmMDES - detected UnsignedFile.Multi.Generic (1)
12:48:59.0062 2624 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:48:59.0124 2624 DXGKrnl - ok
12:48:59.0171 2624 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
12:48:59.0265 2624 EapHost - ok
12:48:59.0405 2624 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
12:48:59.0546 2624 ebdrv - ok
12:48:59.0592 2624 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
12:48:59.0702 2624 EFS - ok
12:48:59.0780 2624 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:48:59.0858 2624 elxstor - ok
12:48:59.0889 2624 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:48:59.0951 2624 ErrDev - ok
12:49:00.0014 2624 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
12:49:00.0123 2624 EventSystem - ok
12:49:00.0154 2624 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
12:49:00.0263 2624 exfat - ok
12:49:00.0294 2624 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:49:00.0388 2624 fastfat - ok
12:49:00.0450 2624 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
12:49:00.0560 2624 Fax - ok
12:49:00.0591 2624 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:49:00.0622 2624 fdc - ok
12:49:00.0669 2624 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
12:49:00.0762 2624 fdPHost - ok
12:49:00.0794 2624 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
12:49:00.0887 2624 FDResPub - ok
12:49:00.0934 2624 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:49:00.0965 2624 FileInfo - ok
12:49:00.0996 2624 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:49:01.0074 2624 Filetrace - ok
12:49:01.0106 2624 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:49:01.0152 2624 flpydisk - ok
12:49:01.0199 2624 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:49:01.0246 2624 FltMgr - ok
12:49:01.0308 2624 [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache C:\Windows\system32\FntCache.dll
12:49:01.0418 2624 FontCache - ok
12:49:01.0480 2624 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:49:01.0527 2624 FontCache3.0.0.0 - ok
12:49:01.0542 2624 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:49:01.0574 2624 FsDepends - ok
12:49:01.0620 2624 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:49:01.0652 2624 Fs_Rec - ok
12:49:01.0714 2624 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:49:01.0792 2624 fvevol - ok
12:49:01.0839 2624 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:49:01.0886 2624 gagp30kx - ok
12:49:01.0932 2624 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:49:01.0964 2624 GEARAspiWDM - ok
12:49:02.0026 2624 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
12:49:02.0135 2624 gpsvc - ok
12:49:02.0182 2624 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:49:02.0291 2624 hcw85cir - ok
12:49:02.0369 2624 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:49:02.0447 2624 HdAudAddService - ok
12:49:02.0494 2624 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:49:02.0541 2624 HDAudBus - ok
12:49:02.0572 2624 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:49:02.0634 2624 HidBatt - ok
12:49:02.0681 2624 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:49:02.0744 2624 HidBth - ok
12:49:02.0775 2624 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:49:02.0837 2624 HidIr - ok
12:49:02.0868 2624 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
12:49:02.0962 2624 hidserv - ok
12:49:03.0040 2624 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:49:03.0102 2624 HidUsb - ok
12:49:03.0149 2624 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:49:03.0243 2624 hkmsvc - ok
12:49:03.0290 2624 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:49:03.0352 2624 HomeGroupListener - ok
12:49:03.0399 2624 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:49:03.0492 2624 HomeGroupProvider - ok
12:49:03.0586 2624 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
12:49:03.0617 2624 HP Support Assistant Service - ok
12:49:03.0695 2624 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
12:49:03.0742 2624 HPDrvMntSvc.exe - ok
12:49:03.0773 2624 [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
12:49:03.0836 2624 HpqKbFiltr - ok
12:49:03.0898 2624 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
12:49:03.0945 2624 hpqwmiex - ok
12:49:03.0992 2624 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:49:04.0023 2624 HpSAMD - ok
12:49:04.0101 2624 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:49:04.0179 2624 HTTP - ok
12:49:04.0194 2624 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:49:04.0226 2624 hwpolicy - ok
12:49:04.0288 2624 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:49:04.0366 2624 i8042prt - ok
12:49:04.0460 2624 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:49:04.0522 2624 IAANTMON - ok
12:49:04.0553 2624 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:49:04.0600 2624 iaStor - ok
12:49:04.0647 2624 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:49:04.0694 2624 iaStorV - ok
12:49:04.0772 2624 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:49:04.0850 2624 idsvc - ok
12:49:05.0037 2624 [ 81F7C715528AB621C6AF58869D4B07B9 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
12:49:05.0364 2624 igfx - ok
12:49:05.0427 2624 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:49:05.0458 2624 iirsp - ok
12:49:05.0552 2624 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
12:49:05.0661 2624 IKEEXT - ok
12:49:05.0708 2624 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
12:49:05.0754 2624 intelide - ok
12:49:05.0786 2624 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:49:05.0848 2624 intelppm - ok
12:49:05.0895 2624 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:49:05.0988 2624 IPBusEnum - ok
12:49:06.0035 2624 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:49:06.0129 2624 IpFilterDriver - ok
12:49:06.0191 2624 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:49:06.0285 2624 iphlpsvc - ok
12:49:06.0347 2624 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:49:06.0410 2624 IPMIDRV - ok
12:49:06.0441 2624 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:49:06.0534 2624 IPNAT - ok
12:49:06.0628 2624 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:49:06.0690 2624 iPod Service - ok
12:49:06.0722 2624 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:49:06.0800 2624 IRENUM - ok
12:49:06.0831 2624 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:49:06.0862 2624 isapnp - ok
12:49:06.0924 2624 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:49:06.0956 2624 iScsiPrt - ok
12:49:06.0987 2624 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:49:07.0034 2624 kbdclass - ok
12:49:07.0080 2624 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:49:07.0143 2624 kbdhid - ok
12:49:07.0143 2624 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
12:49:07.0190 2624 KeyIso - ok
12:49:07.0252 2624 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:49:07.0283 2624 KSecDD - ok
12:49:07.0315 2624 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:49:07.0346 2624 KSecPkg - ok
12:49:07.0393 2624 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
12:49:07.0517 2624 KtmRm - ok
12:49:07.0580 2624 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
12:49:07.0689 2624 LanmanServer - ok
12:49:07.0720 2624 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:49:07.0814 2624 LanmanWorkstation - ok
12:49:07.0876 2624 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:49:07.0970 2624 lltdio - ok
12:49:08.0017 2624 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:49:08.0126 2624 lltdsvc - ok
12:49:08.0157 2624 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
12:49:08.0251 2624 lmhosts - ok
12:49:08.0297 2624 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:49:08.0329 2624 LSI_FC - ok
12:49:08.0375 2624 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:49:08.0407 2624 LSI_SAS - ok
12:49:08.0438 2624 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:49:08.0469 2624 LSI_SAS2 - ok
12:49:08.0500 2624 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:49:08.0547 2624 LSI_SCSI - ok
12:49:08.0578 2624 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
12:49:08.0672 2624 luafv - ok
12:49:08.0781 2624 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:49:08.0828 2624 MBAMProtector - ok
12:49:08.0953 2624 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:49:08.0999 2624 MBAMScheduler - ok
12:49:09.0046 2624 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:49:09.0109 2624 MBAMService - ok
12:49:09.0124 2624 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:49:09.0171 2624 megasas - ok
12:49:09.0218 2624 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:49:09.0249 2624 MegaSR - ok
12:49:09.0296 2624 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
12:49:09.0405 2624 MMCSS - ok
12:49:09.0436 2624 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
12:49:09.0514 2624 Modem - ok
12:49:09.0561 2624 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:49:09.0623 2624 monitor - ok
12:49:09.0670 2624 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
12:49:09.0701 2624 mouclass - ok
12:49:09.0733 2624 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:49:09.0779 2624 mouhid - ok
12:49:09.0826 2624 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:49:09.0873 2624 mountmgr - ok
12:49:09.0967 2624 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:49:10.0013 2624 MozillaMaintenance - ok
12:49:10.0029 2624 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
12:49:10.0076 2624 mpio - ok
12:49:10.0107 2624 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:49:10.0201 2624 mpsdrv - ok
12:49:10.0247 2624 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:49:10.0357 2624 MpsSvc - ok
12:49:10.0403 2624 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:49:10.0466 2624 MRxDAV - ok
12:49:10.0528 2624 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:49:10.0637 2624 mrxsmb - ok
12:49:10.0684 2624 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:49:10.0731 2624 mrxsmb10 - ok
12:49:10.0762 2624 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:49:10.0793 2624 mrxsmb20 - ok
12:49:10.0825 2624 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
12:49:10.0856 2624 msahci - ok
12:49:10.0903 2624 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:49:10.0949 2624 msdsm - ok
12:49:10.0965 2624 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
12:49:11.0027 2624 MSDTC - ok
12:49:11.0074 2624 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:49:11.0137 2624 Msfs - ok
12:49:11.0168 2624 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:49:11.0246 2624 mshidkmdf - ok
12:49:11.0277 2624 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:49:11.0308 2624 msisadrv - ok
12:49:11.0371 2624 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:49:11.0464 2624 MSiSCSI - ok
12:49:11.0480 2624 msiserver - ok
12:49:11.0511 2624 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:49:11.0605 2624 MSKSSRV - ok
12:49:11.0636 2624 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:49:11.0729 2624 MSPCLOCK - ok
12:49:11.0729 2624 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:49:11.0807 2624 MSPQM - ok
12:49:11.0854 2624 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:49:11.0901 2624 MsRPC - ok
12:49:11.0948 2624 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:49:11.0995 2624 mssmbios - ok
12:49:12.0026 2624 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:49:12.0088 2624 MSTEE - ok
12:49:12.0119 2624 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:49:12.0166 2624 MTConfig - ok
12:49:12.0213 2624 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
12:49:12.0244 2624 Mup - ok
12:49:12.0291 2624 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
12:49:12.0385 2624 napagent - ok
12:49:12.0431 2624 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:49:12.0478 2624 NativeWifiP - ok
12:49:12.0541 2624 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:49:12.0619 2624 NDIS - ok
12:49:12.0681 2624 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:49:12.0775 2624 NdisCap - ok
12:49:12.0806 2624 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:49:12.0899 2624 NdisTapi - ok
12:49:12.0977 2624 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:49:13.0055 2624 Ndisuio - ok
12:49:13.0118 2624 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:49:13.0211 2624 NdisWan - ok
12:49:13.0243 2624 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:49:13.0321 2624 NDProxy - ok
12:49:13.0367 2624 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:49:13.0445 2624 NetBIOS - ok
12:49:13.0508 2624 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:49:13.0586 2624 NetBT - ok
12:49:13.0617 2624 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
12:49:13.0648 2624 Netlogon - ok
12:49:13.0726 2624 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
12:49:13.0820 2624 Netman - ok
12:49:13.0851 2624 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
12:49:13.0960 2624 netprofm - ok
12:49:13.0991 2624 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:49:14.0023 2624 NetTcpPortSharing - ok
12:49:14.0194 2624 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
12:49:14.0459 2624 netw5v32 - ok
12:49:14.0491 2624 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:49:14.0537 2624 nfrd960 - ok
12:49:14.0569 2624 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:49:14.0678 2624 NlaSvc - ok
12:49:14.0725 2624 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:49:14.0818 2624 Npfs - ok
12:49:14.0849 2624 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
12:49:14.0943 2624 nsi - ok
12:49:14.0974 2624 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:49:15.0068 2624 nsiproxy - ok
12:49:15.0146 2624 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:49:15.0239 2624 Ntfs - ok
12:49:15.0271 2624 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
12:49:15.0380 2624 Null - ok
12:49:15.0442 2624 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:49:15.0473 2624 nvraid - ok
12:49:15.0505 2624 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:49:15.0536 2624 nvstor - ok
12:49:15.0567 2624 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:49:15.0598 2624 nv_agp - ok
12:49:15.0692 2624 [ E54AA592A65F317390EEE386A8821692 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:49:15.0770 2624 odserv - ok
12:49:15.0817 2624 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:49:15.0879 2624 ohci1394 - ok
12:49:15.0941 2624 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:49:15.0973 2624 ose - ok
12:49:16.0019 2624 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:49:16.0144 2624 p2pimsvc - ok
12:49:16.0191 2624 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
12:49:16.0253 2624 p2psvc - ok
12:49:16.0285 2624 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:49:16.0331 2624 Parport - ok
12:49:16.0363 2624 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:49:16.0409 2624 partmgr - ok
12:49:16.0441 2624 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:49:16.0487 2624 Parvdm - ok
12:49:16.0519 2624 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:49:16.0565 2624 PcaSvc - ok
12:49:16.0628 2624 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
12:49:16.0675 2624 pci - ok
12:49:16.0721 2624 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
12:49:16.0753 2624 pciide - ok
12:49:16.0799 2624 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:49:16.0831 2624 pcmcia - ok
12:49:16.0862 2624 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
12:49:16.0893 2624 pcw - ok
12:49:16.0940 2624 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:49:17.0049 2624 PEAUTH - ok
12:49:17.0174 2624 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
12:49:17.0314 2624 pla - ok
12:49:17.0377 2624 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:49:17.0470 2624 PlugPlay - ok
12:49:17.0501 2624 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:49:17.0564 2624 PNRPAutoReg - ok
12:49:17.0595 2624 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:49:17.0642 2624 PNRPsvc - ok
12:49:17.0689 2624 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:49:17.0782 2624 PolicyAgent - ok
12:49:17.0829 2624 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
12:49:17.0907 2624 Power - ok
12:49:17.0954 2624 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:49:18.0047 2624 PptpMiniport - ok
12:49:18.0079 2624 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:49:18.0125 2624 Processor - ok
12:49:18.0172 2624 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll
12:49:18.0250 2624 ProfSvc - ok
12:49:18.0266 2624 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:49:18.0313 2624 ProtectedStorage - ok
12:49:18.0344 2624 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:49:18.0437 2624 Psched - ok
12:49:18.0500 2624 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:49:18.0609 2624 ql2300 - ok
12:49:18.0640 2624 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:49:18.0671 2624 ql40xx - ok
12:49:18.0718 2624 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
12:49:18.0796 2624 QWAVE - ok
12:49:18.0843 2624 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:49:18.0890 2624 QWAVEdrv - ok
12:49:18.0921 2624 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:49:18.0999 2624 RasAcd - ok
12:49:19.0046 2624 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:49:19.0139 2624 RasAgileVpn - ok
12:49:19.0186 2624 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
12:49:19.0280 2624 RasAuto - ok
12:49:19.0311 2624 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:49:19.0405 2624 Rasl2tp - ok
12:49:19.0467 2624 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
12:49:19.0592 2624 RasMan - ok
12:49:19.0639 2624 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:49:19.0717 2624 RasPppoe - ok
12:49:19.0748 2624 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:49:19.0826 2624 RasSstp - ok
12:49:19.0873 2624 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:49:19.0966 2624 rdbss - ok
12:49:20.0013 2624 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:49:20.0044 2624 rdpbus - ok
12:49:20.0107 2624 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:49:20.0231 2624 RDPCDD - ok
12:49:20.0294 2624 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:49:20.0356 2624 RDPENCDD - ok
12:49:20.0372 2624 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:49:20.0465 2624 RDPREFMP - ok
12:49:20.0528 2624 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:49:20.0668 2624 RDPWD - ok
12:49:20.0715 2624 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:49:20.0762 2624 rdyboost - ok
12:49:20.0793 2624 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
12:49:20.0902 2624 RemoteAccess - ok
12:49:20.0933 2624 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:49:21.0043 2624 RemoteRegistry - ok
12:49:21.0058 2624 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:49:21.0167 2624 RpcEptMapper - ok
12:49:21.0199 2624 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
12:49:21.0261 2624 RpcLocator - ok
12:49:21.0292 2624 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
12:49:21.0386 2624 RpcSs - ok
12:49:21.0448 2624 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:49:21.0542 2624 rspndr - ok
12:49:21.0604 2624 [ F9541F3B59DA30423F2F76EF443C07FC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
12:49:21.0651 2624 RSUSBSTOR - ok
12:49:21.0682 2624 [ C5A68C5EC01FD6F03396DD154B48DB56 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
12:49:21.0823 2624 RTL8167 - ok
12:49:21.0854 2624 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
12:49:21.0901 2624 SamSs - ok
12:49:21.0979 2624 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:49:22.0010 2624 SASDIFSV - ok
12:49:22.0041 2624 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:49:22.0057 2624 SASKUTIL - ok
12:49:22.0103 2624 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:49:22.0135 2624 sbp2port - ok
12:49:22.0166 2624 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:49:22.0259 2624 SCardSvr - ok
12:49:22.0322 2624 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:49:22.0415 2624 scfilter - ok
12:49:22.0478 2624 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
12:49:22.0618 2624 Schedule - ok
12:49:22.0634 2624 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:49:22.0712 2624 SCPolicySvc - ok
12:49:22.0759 2624 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
12:49:22.0821 2624 sdbus - ok
12:49:22.0868 2624 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:49:22.0977 2624 SDRSVC - ok
12:49:23.0024 2624 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:49:23.0117 2624 secdrv - ok
12:49:23.0164 2624 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
12:49:23.0258 2624 seclogon - ok
12:49:23.0305 2624 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
12:49:23.0414 2624 SENS - ok
12:49:23.0429 2624 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:49:23.0461 2624 Serenum - ok
12:49:23.0507 2624 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:49:23.0539 2624 Serial - ok
12:49:23.0585 2624 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:49:23.0632 2624 sermouse - ok
12:49:23.0726 2624 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
12:49:23.0819 2624 SessionEnv - ok
12:49:23.0866 2624 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:49:23.0913 2624 sffdisk - ok
12:49:23.0929 2624 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:49:23.0975 2624 sffp_mmc - ok
12:49:24.0007 2624 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:49:24.0069 2624 sffp_sd - ok
12:49:24.0085 2624 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:49:24.0147 2624 sfloppy - ok
12:49:24.0194 2624 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:49:24.0272 2624 SharedAccess - ok
12:49:24.0303 2624 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:49:24.0412 2624 ShellHWDetection - ok
12:49:24.0459 2624 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:49:24.0506 2624 sisagp - ok
12:49:24.0537 2624 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:49:24.0568 2624 SiSRaid2 - ok
12:49:24.0599 2624 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:49:24.0646 2624 SiSRaid4 - ok
12:49:24.0677 2624 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:49:24.0755 2624 Smb - ok
12:49:24.0802 2624 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:49:24.0849 2624 SNMPTRAP - ok
12:49:24.0865 2624 Sockblkd - ok
12:49:24.0880 2624 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
12:49:24.0911 2624 spldr - ok
12:49:24.0974 2624 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
12:49:25.0083 2624 Spooler - ok
12:49:25.0208 2624 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
12:49:25.0395 2624 sppsvc - ok
12:49:25.0442 2624 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:49:25.0535 2624 sppuinotify - ok
12:49:25.0582 2624 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:49:25.0691 2624 srv - ok
12:49:25.0738 2624 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:49:25.0785 2624 srv2 - ok
12:49:25.0832 2624 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
12:49:25.0894 2624 SrvHsfHDA - ok
12:49:25.0941 2624 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
12:49:26.0003 2624 SrvHsfV92 - ok
12:49:26.0050 2624 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
12:49:26.0097 2624 SrvHsfWinac - ok
12:49:26.0144 2624 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:49:26.0206 2624 srvnet - ok
12:49:26.0253 2624 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:49:26.0331 2624 SSDPSRV - ok
12:49:26.0362 2624 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:49:26.0456 2624 SstpSvc - ok
12:49:26.0596 2624 [ 1816C34D3DC9A0F1745FB455506C7B58 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\STacSV.exe
12:49:26.0659 2624 STacSV - ok
12:49:26.0690 2624 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:49:26.0721 2624 stexstor - ok
12:49:26.0783 2624 [ 96CB9FD21207AF4456D37957441F6001 ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
12:49:26.0830 2624 STHDA - ok
12:49:26.0908 2624 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
12:49:26.0986 2624 StiSvc - ok
12:49:27.0017 2624 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
12:49:27.0049 2624 swenum - ok
12:49:27.0095 2624 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
12:49:27.0189 2624 swprv - ok
12:49:27.0251 2624 [ 067CB9D745407A8C1B26E89A6A2CE152 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:49:27.0283 2624 SynTP - ok
12:49:27.0376 2624 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
12:49:27.0470 2624 SysMain - ok
12:49:27.0517 2624 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:49:27.0579 2624 TabletInputService - ok
12:49:27.0626 2624 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
12:49:27.0735 2624 TapiSrv - ok
12:49:27.0782 2624 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
12:49:27.0875 2624 TBS - ok
12:49:27.0985 2624 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:49:28.0063 2624 Tcpip - ok
12:49:28.0141 2624 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:49:28.0219 2624 TCPIP6 - ok
12:49:28.0265 2624 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:49:28.0343 2624 tcpipreg - ok
12:49:28.0406 2624 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:49:28.0484 2624 TDPIPE - ok
12:49:28.0515 2624 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:49:28.0577 2624 TDTCP - ok
12:49:28.0624 2624 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:49:28.0718 2624 tdx - ok
12:49:28.0749 2624 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:49:28.0780 2624 TermDD - ok
12:49:28.0843 2624 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
12:49:28.0952 2624 TermService - ok
12:49:28.0983 2624 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
12:49:29.0061 2624 Themes - ok
12:49:29.0092 2624 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
12:49:29.0170 2624 THREADORDER - ok
12:49:29.0217 2624 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
12:49:29.0326 2624 TrkWks - ok
12:49:29.0420 2624 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:49:29.0529 2624 TrustedInstaller - ok
12:49:29.0576 2624 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:49:29.0654 2624 tssecsrv - ok
12:49:29.0701 2624 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:49:29.0825 2624 TsUsbFlt - ok
12:49:29.0857 2624 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:49:29.0950 2624 tunnel - ok
12:49:29.0981 2624 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:49:30.0013 2624 uagp35 - ok
12:49:30.0044 2624 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:49:30.0137 2624 udfs - ok
12:49:30.0200 2624 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:49:30.0262 2624 UI0Detect - ok
12:49:30.0309 2624 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:49:30.0340 2624 uliagpkx - ok
12:49:30.0403 2624 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
12:49:30.0449 2624 umbus - ok
12:49:30.0481 2624 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:49:30.0543 2624 UmPass - ok
12:49:30.0590 2624 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
12:49:30.0668 2624 upnphost - ok
12:49:30.0699 2624 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:49:30.0793 2624 usbccgp - ok
12:49:30.0839 2624 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:49:30.0886 2624 usbcir - ok
12:49:30.0902 2624 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:49:30.0933 2624 usbehci - ok
12:49:30.0964 2624 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:49:31.0027 2624 usbhub - ok
12:49:31.0058 2624 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:49:31.0105 2624 usbohci - ok
12:49:31.0151 2624 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:49:31.0198 2624 usbprint - ok
12:49:31.0245 2624 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:49:31.0307 2624 usbscan - ok
12:49:31.0323 2624 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:49:31.0448 2624 USBSTOR - ok
12:49:31.0510 2624 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:49:31.0557 2624 usbuhci - ok
12:49:31.0604 2624 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:49:31.0666 2624 usbvideo - ok
12:49:31.0713 2624 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
12:49:31.0791 2624 UxSms - ok
12:49:31.0807 2624 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
12:49:31.0853 2624 VaultSvc - ok
12:49:31.0885 2624 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:49:31.0931 2624 vdrvroot - ok
12:49:31.0978 2624 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
12:49:32.0072 2624 vds - ok
12:49:32.0103 2624 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:49:32.0165 2624 vga - ok
12:49:32.0212 2624 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:49:32.0290 2624 VgaSave - ok
12:49:32.0321 2624 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:49:32.0368 2624 vhdmp - ok
12:49:32.0384 2624 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:49:32.0431 2624 viaagp - ok
12:49:32.0462 2624 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
12:49:32.0524 2624 ViaC7 - ok
12:49:32.0555 2624 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
12:49:32.0587 2624 viaide - ok
12:49:32.0633 2624 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:49:32.0665 2624 volmgr - ok
12:49:32.0696 2624 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:49:32.0743 2624 volmgrx - ok
12:49:32.0774 2624 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:49:32.0805 2624 volsnap - ok
12:49:32.0852 2624 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:49:32.0883 2624 vsmraid - ok
12:49:32.0961 2624 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
12:49:33.0070 2624 VSS - ok
12:49:33.0101 2624 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:49:33.0164 2624 vwifibus - ok
12:49:33.0195 2624 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:49:33.0257 2624 vwififlt - ok
12:49:33.0304 2624 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:49:33.0351 2624 vwifimp - ok
12:49:33.0413 2624 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
12:49:33.0538 2624 W32Time - ok
12:49:33.0601 2624 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:49:33.0647 2624 WacomPen - ok
12:49:33.0710 2624 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:49:33.0803 2624 WANARP - ok
12:49:33.0819 2624 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:49:33.0881 2624 Wanarpv6 - ok
12:49:33.0959 2624 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
12:49:34.0115 2624 wbengine - ok
12:49:34.0147 2624 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:49:34.0225 2624 WbioSrvc - ok
12:49:34.0287 2624 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:49:34.0349 2624 wcncsvc - ok
12:49:34.0365 2624 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:49:34.0478 2624 WcsPlugInService - ok
12:49:34.0509 2624 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:49:34.0541 2624 Wd - ok
12:49:34.0603 2624 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:49:34.0665 2624 Wdf01000 - ok
12:49:34.0712 2624 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:49:34.0837 2624 WdiServiceHost - ok
12:49:34.0853 2624 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:49:34.0915 2624 WdiSystemHost - ok
12:49:34.0946 2624 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
12:49:35.0024 2624 WebClient - ok
12:49:35.0071 2624 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:49:35.0165 2624 Wecsvc - ok
12:49:35.0180 2624 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:49:35.0289 2624 wercplsupport - ok
12:49:35.0352 2624 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
12:49:35.0461 2624 WerSvc - ok
12:49:35.0523 2624 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:49:35.0601 2624 WfpLwf - ok
12:49:35.0633 2624 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:49:35.0664 2624 WIMMount - ok
12:49:35.0742 2624 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:49:35.0867 2624 WinDefend - ok
12:49:35.0882 2624 WinHttpAutoProxySvc - ok
12:49:35.0960 2624 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:49:36.0023 2624 Winmgmt - ok
12:49:36.0116 2624 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
12:49:36.0241 2624 WinRM - ok
12:49:36.0335 2624 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:49:36.0397 2624 WinUsb - ok
12:49:36.0459 2624 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:49:36.0553 2624 Wlansvc - ok
12:49:36.0600 2624 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:49:36.0678 2624 WmiAcpi - ok
12:49:36.0725 2624 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:49:36.0771 2624 wmiApSrv - ok
12:49:36.0881 2624 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:49:37.0005 2624 WMPNetworkSvc - ok
12:49:37.0037 2624 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:49:37.0130 2624 WPCSvc - ok
12:49:37.0177 2624 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:49:37.0255 2624 WPDBusEnum - ok
12:49:37.0302 2624 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:49:37.0395 2624 ws2ifsl - ok
12:49:37.0427 2624 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
12:49:37.0505 2624 wscsvc - ok
12:49:37.0520 2624 WSearch - ok
12:49:37.0661 2624 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:49:37.0770 2624 wuauserv - ok
12:49:37.0801 2624 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:49:37.0863 2624 WudfPf - ok
12:49:37.0910 2624 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:49:38.0004 2624 WUDFRd - ok
12:49:38.0051 2624 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:49:38.0129 2624 wudfsvc - ok
12:49:38.0175 2624 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:49:38.0269 2624 WwanSvc - ok
12:49:38.0316 2624 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
12:49:38.0363 2624 yukonw7 - ok
12:49:38.0409 2624 ================ Scan global ===============================
12:49:38.0441 2624 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
12:49:38.0487 2624 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
12:49:38.0503 2624 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
12:49:38.0565 2624 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:49:38.0612 2624 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:49:38.0628 2624 [Global] - ok
12:49:38.0628 2624 ================ Scan MBR ==================================
12:49:38.0628 2624 [ 7EED5871C68A0B6E5A3B0D034C8530A9 ] \Device\Harddisk0\DR0
12:49:38.0909 2624 \Device\Harddisk0\DR0 - ok
12:49:38.0924 2624 ================ Scan VBR ==================================
12:49:38.0924 2624 [ EFA3207A02EB756627695E207E890D58 ] \Device\Harddisk0\DR0\Partition1
12:49:38.0940 2624 \Device\Harddisk0\DR0\Partition1 - ok
12:49:38.0971 2624 [ 9F4E466FEC85B390EA5E9C2BDE9B9FD3 ] \Device\Harddisk0\DR0\Partition2
12:49:38.0971 2624 \Device\Harddisk0\DR0\Partition2 - ok
12:49:39.0002 2624 [ C91B9265430050199841E29C23831F95 ] \Device\Harddisk0\DR0\Partition3
12:49:39.0018 2624 \Device\Harddisk0\DR0\Partition3 - ok
12:49:39.0033 2624 [ 1D95DC51C67F3A14F49D839FE9C55E82 ] \Device\Harddisk0\DR0\Partition4
12:49:39.0049 2624 \Device\Harddisk0\DR0\Partition4 - ok
12:49:39.0049 2624 ============================================================
12:49:39.0049 2624 Scan finished
12:49:39.0049 2624 ============================================================
12:49:39.0080 1152 Detected object count: 1
12:49:39.0080 1152 Actual detected object count: 1
12:51:48.0794 1152 DvmMDES ( UnsignedFile.Multi.Generic ) - skipped by user
12:51:48.0794 1152 DvmMDES ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:52:52.0383 1792 Deinitialize success




############# MBAM QuickScan LOG ###################

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.02.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
maria :: MARIA-PC [administrator]

03/10/2012 12:55:24 PM
mbam-log-2012-10-03 (12-55-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196940
Time elapsed: 7 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



############# VEW 1st LOG ###################

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/10/2012 2:36:09 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/10/2012 9:20:42 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom

Log: 'System' Date/Time: 03/10/2012 9:20:41 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 03/10/2012 8:57:08 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: cdrom

Log: 'System' Date/Time: 03/10/2012 8:57:07 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 03/10/2012 8:55:46 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/10/2012 9:20:21 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 03/10/2012 9:19:53 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 03/10/2012 9:19:53 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv.dll

Log: 'System' Date/Time: 03/10/2012 8:56:47 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.





############# VEW 2nd LOG ################3

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/10/2012 2:37:06 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/10/2012 9:28:42 PM
Type: Information Category: 0
Event: 903 Source: Microsoft-Windows-Security-SPP
The Software Protection service has stopped.

Log: 'Application' Date/Time: 03/10/2012 9:23:41 PM
Type: Information Category: 0
Event: 902 Source: Microsoft-Windows-Security-SPP
The Software Protection service has started. 6.1.7601.17514

Log: 'Application' Date/Time: 03/10/2012 9:23:41 PM
Type: Information Category: 0
Event: 1003 Source: Microsoft-Windows-Security-SPP
The Software Protection service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status=
1: 197247fa-8fb7-4a9d-9415-1ba0e14215e8, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
2: 1d90c7cc-f3cc-4c2f-9650-7ac451fc73eb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
3: 276d6155-27e2-437a-95f9-f1251168c970, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
4: 69ffd12a-074f-4ab0-b654-99a2e278faeb, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
5: 71c7c851-1863-4232-8ac2-cdd7f5e45dae, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
6: 8b51f6c7-0b38-4487-83ff-bd3289c6292d, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
7: 8be4a481-9b5c-4588-a5ec-5dad4b1f15da, 1, 1 [(0 [0x00000000, 1, 0], [(?)(?)( 1 0x00000000 0 0 msft:rm/algorithm/bios/4.0 0x00000000 0)(?)(?)(?)])(1 )(2 )]
8: 8d84e167-c8ad-469f-a2b2-00b154668f70, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
9: 9dee7406-49c2-43f2-b479-09bc4d5c4399, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
10: ac605e70-4f18-45ca-a99c-190e4b047cd1, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
11: d56863eb-6e59-4f2d-ae01-46322b5fba79, 1, 0 [(0 [0xC004F014, 0, 0], [(?)(?)(?)(?)(?)(?)])(1 )(2 )]
12: 4a8149bb-7d61-49f4-8822-82c7bf88d64b, 0, 0 [0xC004F055]
13: afd5f68f-b70f-4000-a21d-28dbc8be8b07, 0, 0 [0xC004F055]



Log: 'Application' Date/Time: 03/10/2012 9:23:40 PM
Type: Information Category: 0
Event: 1066 Source: Microsoft-Windows-Security-SPP
Initialization status for service objects. C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/2005, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/licenserenewal/1.0, 0x00000000, 0x00000000


Log: 'Application' Date/Time: 03/10/2012 9:23:31 PM
Type: Information Category: 0
Event: 1 Source: SecurityCenter
The Windows Security Center Service has started.

Log: 'Application' Date/Time: 03/10/2012 9:23:11 PM
Type: Information Category: 0
Event: 0 Source: Com4QLBEx
The event description cannot be found.

Log: 'Application' Date/Time: 03/10/2012 9:23:08 PM
Type: Information Category: 0
Event: 900 Source: Microsoft-Windows-Security-SPP
The Software Protection service is starting.

Log: 'Application' Date/Time: 03/10/2012 9:23:04 PM
Type: Information Category: 0
Event: 0 Source: HP Support Assistant Service
Service started successfully.

Log: 'Application' Date/Time: 03/10/2012 9:22:54 PM
Type: Information Category: 0
Event: 0 Source: hpqwmiex
The event description cannot be found.

Log: 'Application' Date/Time: 03/10/2012 9:22:51 PM
Type: Information Category: 0
Event: 0 Source: iPod Service
The event description cannot be found.

Log: 'Application' Date/Time: 03/10/2012 9:22:27 PM
Type: Information Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 03/10/2012 9:22:27 PM
Type: Information Category: 0
Event: 4101 Source: Microsoft-Windows-Winlogon
Windows license validated.

Log: 'Application' Date/Time: 03/10/2012 9:20:44 PM
Type: Information Category: 0
Event: 7500 Source: IAANTmon
Intel RAID Controller: Unknown Controller
Number of Serial ATA ports: 2

RAID Option ROM Version: Unknown
Driver Version: 8.9.0.1023
RAID Plug-In Version: 8.9.0.1023
Language Resource Version of the RAID Plug-In: File not found
Create Volume Wizard Version: 8.9.0.1023
Language Resource Version of the Create Volume Wizard: File not found
Create Volume from Existing Hard Drive Wizard Version: 8.9.0.1023
Language Resource Version of the Create Volume from Existing Hard Drive Wizard: File not found
Modify Volume Wizard Version: 8.9.0.1023
Language Resource Version of the Modify Volume Wizard: File not found
Delete Volume Wizard Version: 8.9.0.1023
Language Resource Version of the Delete Volume Wizard: File not found
ISDI Library Version: 8.9.0.1023
Event Monitor User Notification Tool Version: 8.9.0.1023
Language Resource Version of the Event Monitor User Notification Tool: File not found
Event Monitor Version: 8.9.0.1023

Hard Drive 0
Usage: Unknown hard drive usage
Status: Normal
Device Port: 0
Device Port Location: Internal
Current Serial ATA Transfer Mode: Generation 2
Model: Hitachi HTS545016B9A300
Serial Number: 091201PBPB01QCDX78LL
Firmware: PBBOCA0G
Native Command Queuing Support: Yes
System Hard Drive: Yes
Size: 149 GB
Physical Sector Size: 512 Bytes
Logical Sector Size: 512 Bytes

Unused Port 0
Device Port: 1
Device Port Location: Internal


Log: 'Application' Date/Time: 03/10/2012 9:20:43 PM
Type: Information Category: 0
Event: 5617 Source: Microsoft-Windows-WMI
Windows Management Instrumentation Service subsystems initialized successfully

Log: 'Application' Date/Time: 03/10/2012 9:20:42 PM
Type: Information Category: 0
Event: 5615 Source: Microsoft-Windows-WMI
Windows Management Instrumentation Service started sucessfully

Log: 'Application' Date/Time: 03/10/2012 9:20:39 PM
Type: Information Category: 0
Event: 105 Source: DvmMDES
The event description cannot be found.

Log: 'Application' Date/Time: 03/10/2012 9:20:39 PM
Type: Information Category: 0
Event: 0 Source: AdobeARMservice
The event description cannot be found.

Log: 'Application' Date/Time: 03/10/2012 9:20:34 PM
Type: Information Category: 0
Event: 1531 Source: Microsoft-Windows-User Profiles Service
The User Profile Service has started successfully.

Log: 'Application' Date/Time: 03/10/2012 9:20:34 PM
Type: Information Category: 0
Event: 4625 Source: Microsoft-Windows-EventSystem
The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.

Log: 'Application' Date/Time: 03/10/2012 9:19:51 PM
Type: Information Category: 0
Event: 1532 Source: Microsoft-Windows-User Profiles Service
The User Profile Service has stopped.




############# OTL LOG ####################3

OTL logfile created on: 03/10/2012 2:44:36 PM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\maria\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

987.48 Mb Total Physical Memory | 264.82 Mb Available Physical Memory | 26.82% Memory free
1.96 Gb Paging File | 1.15 Gb Available in Paging File | 58.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.18 Gb Total Space | 91.66 Gb Free Space | 66.81% Space Free | Partition Type: NTFS
Drive D: | 11.57 Gb Total Space | 1.93 Gb Free Space | 16.69% Space Free | Partition Type: NTFS
Drive E: | 98.84 Mb Total Space | 94.74 Mb Free Space | 95.86% Space Free | Partition Type: FAT32

Computer Name: MARIA-PC | User Name: maria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/03 14:39:43 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\maria\Desktop\OTL.com
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/05 18:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/21 02:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 02:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/11 11:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2011/06/23 21:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/28 17:06:24 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/10/11 23:51:52 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/10/11 23:51:52 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\stacsv.exe
PRC - [2009/07/08 20:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) -- C:\SPLASH.SYS\config\DVMExportService.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/01 22:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/25 17:16:51 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/09/25 16:54:22 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/09/25 16:53:38 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/09/25 16:51:50 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/09/25 16:51:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/09/25 16:51:23 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/09/25 16:50:31 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/09/05 18:26:41 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/05 18:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/21 02:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/11 11:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2009/10/11 23:51:52 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\stacsv.exe -- (STacSV)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/08 20:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SPLASH.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/03/01 22:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5576240ee6baaa25\AEstSrv.exe -- (AESTFilters)
SRV - [2009/02/06 18:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Extegrity\Exam4\Sockblkd.sys -- (Sockblkd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\maria\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/21 02:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 02:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 02:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 02:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/08/21 02:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/08/21 02:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/10/11 23:51:52 | 000,420,864 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/09/29 19:25:26 | 000,017,624 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\SPLASH.SYS\config\dvmio.sys -- (DVMIO)
DRV - [2009/09/01 18:59:42 | 000,174,592 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 16:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 15:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/13 15:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/04/29 09:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {087373C6-82EB-4A21-B362-8E050F4FCAE0}
IE - HKLM\..\SearchScopes\{087373C6-82EB-4A21-B362-8E050F4FCAE0}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{ADEBEA3B-E4AD-49B8-AF30-8985B8C0D784}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {D2DFD67B-7B2C-4BA4-B9D5-1A3C4AC17379}
IE - HKCU\..\SearchScopes\{087373C6-82EB-4A21-B362-8E050F4FCAE0}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6497888A-C95A-4418-8232-0E675A645B9C}: "URL" = http://www.reallybig...s={searchTerms}
IE - HKCU\..\SearchScopes\{ADEBEA3B-E4AD-49B8-AF30-8985B8C0D784}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...id=80105&lng=en
IE - HKCU\..\SearchScopes\{D2DFD67B-7B2C-4BA4-B9D5-1A3C4AC17379}: "URL" = http://www.google.co...Encoding?}&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8888;https=127.0.0.1:8888;

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.6
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/24 17:40:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/09/24 17:41:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maria\AppData\Roaming\Mozilla\Extensions
[2012/09/24 18:04:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\7umj6700.default\extensions
[2012/09/24 18:04:22 | 000,529,316 | ---- | M] () (No name found) -- C:\Users\maria\AppData\Roaming\Mozilla\Firefox\Profiles\7umj6700.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/09/24 17:40:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 18:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 18:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 18:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0566.0\msneshellx.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0566.0\msneshellx.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [Simplify Media] C:\Program Files\Hp\HP MediaStream\HPMediaStream.exe (Simplify Media, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: AllowMultipleTSSessions = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A00ADEA3-3189-48AA-A4D3-500E49CB8778}: DhcpNameServer = 192.168.0.1 205.171.2.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig - StartUpReg: ZumoDrive - hkey= - key= - C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
MsConfig - State: "startup" - 2

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/03 14:39:38 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\maria\Desktop\OTL.com
[2012/10/03 13:55:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012/10/02 23:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/10/02 23:34:10 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/10/02 19:22:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/02 18:51:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/02 18:51:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/02 18:51:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/02 18:50:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/02 18:49:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/02 18:44:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/02 18:44:02 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/02 18:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/02 18:35:16 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\maria\Desktop\tdsskiller.exe
[2012/10/02 18:33:00 | 004,759,935 | R--- | C] (Swearware) -- C:\Users\maria\Desktop\ComboFix.exe
[2012/10/02 18:16:47 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\maria\Desktop\aswMBR.exe
[2012/10/01 14:01:47 | 000,000,000 | ---D | C] -- C:\Users\maria\Desktop\ALL DESKTOP Icons
[2012/10/01 13:56:04 | 002,691,192 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\maria\Desktop\procexp(1).exe
[2012/09/25 18:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/09/25 18:45:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/25 18:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/25 18:16:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/25 18:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/25 18:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/25 17:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/09/25 16:42:42 | 000,000,000 | ---D | C] -- C:\Users\maria\AppData\Roaming\CrystalIdea Software
[2012/09/25 16:39:34 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/25 16:39:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/25 16:39:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/25 16:39:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/25 16:39:29 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/25 16:39:24 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/25 16:39:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/25 16:39:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/25 16:36:15 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/09/25 16:36:09 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/25 16:36:09 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/25 16:35:33 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012/09/24 20:15:37 | 000,696,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/24 20:15:37 | 000,073,136 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/24 19:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/09/24 18:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/24 18:55:24 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/09/24 18:54:44 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/09/24 18:54:44 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/09/24 18:54:44 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/24 18:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012/09/24 17:41:12 | 000,000,000 | ---D | C] -- C:\Users\maria\AppData\Roaming\Mozilla
[2012/09/24 17:41:12 | 000,000,000 | ---D | C] -- C:\Users\maria\AppData\Local\Mozilla
[2012/09/24 17:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/09/24 17:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/24 17:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/12 00:17:12 | 000,000,000 | ---D | C] -- C:\Users\maria\Documents\attachments_2012_09_12
[2012/09/09 14:52:56 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2012/09/09 14:47:30 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/09/09 14:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/09/06 20:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

========== Files - Modified Within 30 Days ==========

[2012/10/03 14:39:43 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\maria\Desktop\OTL.com
[2012/10/03 14:30:53 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012/10/03 14:28:42 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/03 14:28:42 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/03 14:20:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/03 14:20:17 | 776,581,120 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/02 23:34:12 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/10/02 18:47:13 | 004,009,167 | ---- | M] () -- C:\Users\maria\Desktop\ServicesRepair.exe
[2012/10/02 18:44:06 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/02 18:35:29 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\maria\Desktop\tdsskiller.exe
[2012/10/02 18:33:53 | 004,759,935 | R--- | M] (Swearware) -- C:\Users\maria\Desktop\ComboFix.exe
[2012/10/02 18:30:35 | 000,000,512 | ---- | M] () -- C:\Users\maria\Desktop\MBR.dat
[2012/10/02 18:17:18 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\maria\Desktop\aswMBR.exe
[2012/10/01 17:29:21 | 000,016,661 | ---- | M] () -- C:\Users\maria\Desktop\VEW Stystem Log first Run maybe wrong.odt
[2012/10/01 17:13:45 | 000,061,440 | ---- | M] ( ) -- C:\Users\maria\Desktop\VEW.exe
[2012/10/01 13:56:06 | 002,691,192 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\maria\Desktop\procexp(1).exe
[2012/10/01 06:51:36 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFormaria.job
[2012/09/30 13:13:13 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/30 13:13:13 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/25 17:06:34 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/25 16:49:23 | 000,354,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/24 20:15:37 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/24 20:15:37 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/24 18:54:21 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/24 18:54:13 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/09/24 18:54:13 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/09/24 18:54:11 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/09/24 18:54:09 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/09/24 18:54:08 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/09/24 17:40:45 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/10 23:59:39 | 000,000,005 | ---- | M] () -- C:\Users\maria\AppData\Roaming\mbam.context.scan
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/10/02 23:34:12 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/10/02 18:51:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/02 18:51:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/02 18:51:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/02 18:51:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/02 18:51:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/02 18:46:33 | 004,009,167 | ---- | C] () -- C:\Users\maria\Desktop\ServicesRepair.exe
[2012/10/02 18:44:06 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/02 18:26:45 | 000,000,512 | ---- | C] () -- C:\Users\maria\Desktop\MBR.dat
[2012/10/01 17:29:17 | 000,016,661 | ---- | C] () -- C:\Users\maria\Desktop\VEW Stystem Log first Run maybe wrong.odt
[2012/10/01 17:13:35 | 000,061,440 | ---- | C] ( ) -- C:\Users\maria\Desktop\VEW.exe
[2012/09/24 19:30:56 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/09/24 18:14:05 | 000,001,905 | ---- | C] () -- C:\Users\maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2012/09/24 17:40:45 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/24 17:40:45 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/10 23:53:20 | 000,000,005 | ---- | C] () -- C:\Users\maria\AppData\Roaming\mbam.context.scan
[2011/07/16 09:53:00 | 000,001,849 | ---- | C] () -- C:\Users\maria\AppData\Roaming\GhostObjGAFix.xml
[2010/12/01 14:30:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS545016B9A300
Partitions: 4
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 199.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 137.00GB
Starting Offset: 209715200
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 12.00GB
Starting Offset: 147509477376
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 103.00MB
Starting Offset: 159933005824
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/09/24 20:49:55 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\Adobe
[2011/03/18 07:08:35 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\Apowersoft
[2010/11/01 07:27:31 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\Apple Computer
[2011/12/21 00:13:42 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\Azureus
[2010/09/02 11:52:20 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2012/09/25 16:42:42 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\CrystalIdea Software
[2011/12/03 23:28:41 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\CyberLink
[2011/11/16 15:35:24 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\Hewlett-Packard
[2010/07/05 10:55:16 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\HP Support Assistant
[2012/04/27 23:47:50 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\hpqLog
[2010/07/05 10:55:16 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\HpUpdate
[2010/01/27 18:24:50 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\Identities
[2010/01/27 17:33:10 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\Macromedia
[2012/08/31 11:22:10 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\Malwarebytes
[2012/10/01 14:20:33 | 000,000,000 | --SD | M] -- C:\Users\maria\AppData\Roaming\Microsoft
[2012/09/24 17:41:26 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\Mozilla
[2010/12/11 09:50:53 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\OpenOffice.org
[2012/10/02 23:35:57 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\Skype
[2011/11/10 14:50:42 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\skypePM
[2012/08/09 10:38:37 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\SUPERAntiSpyware.com
[2012/09/09 17:21:37 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\vlc
[2011/07/21 21:18:33 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\Windows Live Writer
[2011/11/10 11:50:39 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\WinRAR
[2010/09/26 01:12:57 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\Yahoo!
[2012/08/10 07:51:06 | 000,000,000 | ---D | M] -- C:\Users\maria\AppData\Roaming\ZumoDrive

< MD5 for: ATAPI.SYS >
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 18:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CSRSS.EXE >
[2009/07/13 18:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009/07/13 18:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

< MD5 for: EXPLORER.EXE >
[2009/11/18 00:20:19 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2009/11/18 00:20:19 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/07/13 18:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 05:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\erdnt\cache\mswsock.dll
[2010/11/20 05:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\System32\mswsock.dll
[2010/11/20 05:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\System32\NapiNSP.dll
[2009/07/13 18:16:02 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=0B7E85364CB878E2AD531DB7B601A9E5 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.1.7600.16385_none_abf396ebf0847c31\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2009/07/13 18:16:03 | 000,051,712 | ---- | M] (Microsoft Corporation) MD5=045DB4EAB4FBD23210E85ECC3F464A2E -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7600.16385_none_675c4bea6c3ddad6\nlaapi.dll
[2010/11/20 05:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\System32\nlaapi.dll
[2010/11/20 05:20:30 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=104A1070E90F1C530328E69B49718841 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.1.7601.17514_none_698d5fb2692c5e70\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\System32\pnrpnsp.dll
[2009/07/13 18:16:12 | 000,065,024 | ---- | M] (Microsoft Corporation) MD5=5CF640EDDB1E40A5AB1BB743BCDEC610 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.1.7600.16385_none_71556bd683c82a7a\pnrpnsp.dll

< MD5 for: PRINTISOLATIONHOST.EXE >
[2009/07/13 18:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\System32\PrintIsolationHost.exe
[2009/07/13 18:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=640A476C8867AEAAD8FF9F59A61AFE2F -- C:\Windows\winsxs\x86_microsoft-windows-p..ng-server-isolation_31bf3856ad364e35_6.1.7600.16385_none_9c856911bff5c373\PrintIsolationHost.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/27 23:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 22:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 18:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\System32\winrnr.dll
[2009/07/13 18:16:19 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=5DF5D8CFD9B9573FA3B2C89D9061A240 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.1.7600.16385_none_5924a912b169ccdb\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/05 18:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/05 18:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/05 18:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/05 18:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/05 18:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/05 18:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/08/08 14:10:50 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/08/08 14:10:50 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/08/08 14:10:50 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/08/24 00:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/08/24 00:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/05 18:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/05 18:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/05 18:27:05 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/05 18:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/05 18:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/05 18:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/08/08 14:10:50 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/08/08 14:10:50 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/08/08 14:10:50 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/08/24 00:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/08/24 00:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >



############### OTL EXTRAS Log ####################

OTL Extras logfile created on: 03/10/2012 2:44:36 PM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\maria\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

987.48 Mb Total Physical Memory | 264.82 Mb Available Physical Memory | 26.82% Memory free
1.96 Gb Paging File | 1.15 Gb Available in Paging File | 58.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.18 Gb Total Space | 91.66 Gb Free Space | 66.81% Space Free | Partition Type: NTFS
Drive D: | 11.57 Gb Total Space | 1.93 Gb Free Space | 16.69% Space Free | Partition Type: NTFS
Drive E: | 98.84 Mb Total Space | 94.74 Mb Free Space | 95.86% Space Free | Partition Type: FAT32

Computer Name: MARIA-PC | User Name: maria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Unable to open value key File not found
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- Reg Error: Unable to open value key
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Unable to open value key
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18F04336-56C2-463A-8FEC-8FD02B38ACD2}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{2B94D1F1-1A6C-4146-BAB5-191AAA457DF8}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{3D30EE49-08EE-4DC2-8F73-C800447497F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{42E27604-10F1-4098-AA8A-98CAB43627C8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C2EB6CA-6A92-4CDA-B189-642EE563EBC2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{50836838-CB71-48CB-B587-04A13B26368F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{70B252BE-832A-49FA-8052-2A18DE6A12E4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{84762CD3-53E8-4CDB-BA2F-A87F61D2DFC0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8A2766DD-40F0-45F0-89D5-EF84195D3AE1}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{9D4570A5-4536-4599-96FE-5F62DCAD4412}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C6CD3E9B-EB48-4EB9-B81C-3465E728B864}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{25FBA9ED-0590-49ED-B248-4BE63D97C07A}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe |
"TCP Query User{E6309996-EA14-42BD-B2B1-2A92C3559A61}C:\program files\apowersoft\streaming video recorder\streaming-video-recorder.exe" = protocol=6 | dir=in | app=c:\program files\apowersoft\streaming video recorder\streaming-video-recorder.exe |
"TCP Query User{FF3425EB-4DAA-4730-AAAE-7984C8A61D54}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe |
"UDP Query User{46725EBE-B3DA-43DD-BF28-43389CA4D84C}C:\program files\apowersoft\streaming video recorder\streaming-video-recorder.exe" = protocol=17 | dir=in | app=c:\program files\apowersoft\streaming video recorder\streaming-video-recorder.exe |
"UDP Query User{4F680437-8685-440D-B83B-EDA4B5BAA469}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe |
"UDP Query User{DCBAB994-9E71-4719-B541-7CB3F6F027A9}C:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\hp quicksync\jre\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1061DF04-CF33-40B0-8360-D07C9BBEB122}" = HP Wireless Assistant
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{21FFAF37-E51A-41AB-8749-ACD1F9CF8E37}" = HP QuickWeb
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{34985F59-8F6F-46F4-9AD5-53E2714294D2}" = ArcSoft WebCam Companion 3
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{4414C431-245A-4AF7-8FE0-3ED2333FD8D2}" = HP MediaStream
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B7057D5-6D5D-4088-8217-48EA20C44373}" = HP User Guides 0169
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EEA95E6C-6847-49BE-83C9-ED92D8E18983}" = HP QuickSync
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Aerial Apparatus Driver Operator Study Guide_is1" = Aerial Apparatus Driver Operator Study Guide 1.3
"avast" = avast! Free Antivirus
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"FileHippo.com" = FileHippo.com Update Checker
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.4
"ZumoDrive" = HP CloudDrive

========== Last 20 Event Log Errors ==========

[ Hewlett-Packard Events ]
Error - 03/05/2012 9:59:05 PM | Computer Name = maria-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 03/05/2012 9:59:05 PM | Computer Name = maria-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 23/05/2012 7:00:44 PM | Computer Name = maria-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/e1d6e90b_b64c_49f9_af6a_890528d18da1/hl0vsgm_rmax9xopyl_ubhcs_15.rem'
has been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 987 Ram Utilization: 60 TargetSite: Void UpdateDetail(System.String)

Error - 23/05/2012 7:00:50 PM | Computer Name = maria-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 28/06/2012 12:19:51 AM | Computer Name = maria-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 18/07/2012 10:21:52 PM | Computer Name = maria-PC | Source = hpsa_service.exe | ID = 2000
Description =

Error - 18/07/2012 10:21:53 PM | Computer Name = maria-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 01/08/2012 11:42:31 AM | Computer Name = maria-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 24/08/2012 11:19:23 PM | Computer Name = maria-PC | Source = HPSF.exe | ID = 4000
Description =

Error - 27/09/2012 8:47:22 AM | Computer Name = maria-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/a6622b17_d59f_478f_b10e_47d82834289b/dvhkxq+poryoue3dp2qt9ic7_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 987 Ram Utilization: 60 TargetSite: Void UpdateDetail(System.String)

[ System Events ]
Error - 03/10/2012 4:55:46 PM | Computer Name = maria-PC | Source = DCOM | ID = 10010
Description =

Error - 03/10/2012 4:57:07 PM | Computer Name = maria-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 03/10/2012 4:57:08 PM | Computer Name = maria-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 03/10/2012 5:20:41 PM | Computer Name = maria-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 03/10/2012 5:20:42 PM | Computer Name = maria-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom


< End of report >



############## OTL STUFF STILL IN SCAN BOX After Scan ######

DRIVES
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles




############ FUNBAR LOG ###################

Farbar Service Scanner Version: 19-09-2012
Ran by maria (administrator) on 03-10-2012 at 15:28:25
Running from "C:\Users\maria\Desktop"
Microsoft Windows 7 Starter Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-09-25 16:36] - [2012-08-22 10:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#51
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Extegrity\Exam4\Sockblkd.sys -- (Sockblkd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\maria\AppData\Local\Temp\catchme.sys -- (catchme)
IE - HKLM\..\SearchScopes\{ADEBEA3B-E4AD-49B8-AF30-8985B8C0D784}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKCU\..\SearchScopes\{6497888A-C95A-4418-8232-0E675A645B9C}: "URL" = http://www.reallybig...s={searchTerms}
IE - HKCU\..\SearchScopes\{ADEBEA3B-E4AD-49B8-AF30-8985B8C0D784}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...id=80105&lng=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8888;https=127.0.0.1:8888;
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0566.0\msneshellx.dll File not found
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0566.0\msneshellx.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.


:files
at /c
C:\Windows\tasks\At*.job
C:\Windows\assembly\GAC\Desktop.ini
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Users\Public\AppData\Local\Temp\*.exe
C:\Users\Maria\AppData\Local\Temp\*.exe
C:\Windows\System32\services.exe|C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe /replace
C:\Windows\System32\csrss.exe|C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe /replace
netstat -ano | find "16464" /c
netstat -ano | find "16465" /c
netstat -ano | find "16470" /c
netstat -ano | find "16471" /c
netstat -ano | find "21810" /c
netstat -ano | find "22292" /c
netstat -ano | find "34354" /c
netstat -ano | find "34355" /c

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. This will also create a file winsock2.reg on your desktop. It is an insurance file. If you can't get on the Internet after the fix, try right clicking on the winsock2.reg and Merge then reboot. If that doesn't help then do a System Restore.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\10042012-some number.log so if you don't catch it when OTL runs, look for it there.

Run Process Explorer as before and post the new log and let's see if that made any difference.
  • 0

#52
3mateo

3mateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
rON-
I dOnT KnOw hOw To rUn PROCESS Explorer. Sorry!
can you tell me?
-M

OTL LOG:

========== OTL ==========
Service Sockblkd stopped successfully!
Service Sockblkd deleted successfully!
File C:\Program Files\Extegrity\Exam4\Sockblkd.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\maria\AppData\Local\Temp\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ADEBEA3B-E4AD-49B8-AF30-8985B8C0D784}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADEBEA3B-E4AD-49B8-AF30-8985B8C0D784}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6497888A-C95A-4418-8232-0E675A645B9C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6497888A-C95A-4418-8232-0E675A645B9C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ADEBEA3B-E4AD-49B8-AF30-8985B8C0D784}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADEBEA3B-E4AD-49B8-AF30-8985B8C0D784}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
========== FILES ==========
< at /c >
There are no entries in the list.
C:\Users\maria\Desktop\cmd.bat deleted successfully.
C:\Users\maria\Desktop\cmd.txt deleted successfully.
File\Folder C:\Windows\tasks\At*.job not found.
File\Folder C:\Windows\assembly\GAC\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_32\Desktop.ini not found.
File\Folder C:\Windows\assembly\GAC_64\Desktop.ini not found.
File\Folder C:\Users\Public\AppData\Local\Temp\*.exe not found.
C:\Users\Maria\AppData\Local\Temp\SkypeSetup.exe moved successfully.
Unable to replace file: C:\Windows\System32\services.exe with C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe without a reboot.
Unable to replace file: C:\Windows\System32\csrss.exe with C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe without a reboot.
< netstat -ano | find "16464" /c >
C:\Users\maria\Desktop\cmd.bat deleted successfully.
C:\Users\maria\Desktop\cmd.txt deleted successfully.
< netstat -ano | find "16465" /c >
C:\Users\maria\Desktop\cmd.bat deleted successfully.
C:\Users\maria\Desktop\cmd.txt deleted successfully.
< netstat -ano | find "16470" /c >
C:\Users\maria\Desktop\cmd.bat deleted successfully.
C:\Users\maria\Desktop\cmd.txt deleted successfully.
< netstat -ano | find "16471" /c >
C:\Users\maria\Desktop\cmd.bat deleted successfully.
C:\Users\maria\Desktop\cmd.txt deleted successfully.
< netstat -ano | find "21810" /c >
C:\Users\maria\Desktop\cmd.bat deleted successfully.
C:\Users\maria\Desktop\cmd.txt deleted successfully.
< netstat -ano | find "22292" /c >
C:\Users\maria\Desktop\cmd.bat deleted successfully.
C:\Users\maria\Desktop\cmd.txt deleted successfully.
< netstat -ano | find "34354" /c >
C:\Users\maria\Desktop\cmd.bat deleted successfully.
C:\Users\maria\Desktop\cmd.txt deleted successfully.
< netstat -ano | find "34355" /c >
C:\Users\maria\Desktop\cmd.bat deleted successfully.
C:\Users\maria\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: maria
->Flash cache emptied: 41813 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: maria
->Java cache emptied: 385 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.70.1 log created on 10042012_221042

Files\Folders moved on Reboot...

PendingFileRenameOperations files...
[2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) C:\Windows\System32\services.exe : MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6
[2009/07/13 18:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) C:\Windows\System32\csrss.exe : MD5=342271F6142E7C70805B8A81E1BA5F5C

Registry entries deleted on Reboot...
  • 0

#53
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute for things to settle down.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
  • 0

#54
3mateo

3mateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Here it is, thanks!


Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 44.09 0 K 24 K
procexp(1).exe 2580 36.11 18,436 K 33,120 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
csrss.exe 516 6.78 9,128 K 6,624 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
SynTPEnh.exe 3588 5.08 9,204 K 8,428 K Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
Interrupts n/a 4.96 0 K 0 K Hardware Interrupts and DPCs
System 4 1.69 44 K 392 K
explorer.exe 3364 0.50 27,756 K 40,640 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 748 0.22 3,068 K 5,208 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iPodService.exe 852 0.14 1,696 K 3,512 K iPodService Module (32-bit) Apple Inc. (Verified) Apple Inc.
AvastSvc.exe 1496 0.11 17,776 K 9,300 K avast! Service AVAST Software (Verified) AVAST Software
AppleMobileDeviceService.exe 276 0.09 2,440 K 5,372 K MobileDeviceService Apple Inc. (Verified) Apple Inc.
svchost.exe 1304 0.06 6,116 K 9,436 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SASCore.exe 1940 0.04 764 K 1,572 K Core Service SUPERAntiSpyware.com (Verified) SuperAdBlocker.com
svchost.exe 1028 0.03 17,696 K 23,760 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AvastUI.exe 4056 0.03 8,620 K 14,628 K avast! Antivirus AVAST Software (Verified) AVAST Software
svchost.exe 1412 0.03 11,948 K 9,100 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
mbamgui.exe 3272 0.02 2,284 K 4,452 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
svchost.exe 988 0.02 28,752 K 28,436 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
stacsv.exe 1076 0.01 11,604 K 4,752 K IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
iTunesHelper.exe 2072 0.01 2,984 K 6,284 K iTunesHelper Apple Inc. (Verified) Apple Inc.
DVMExportService.exe 444 < 0.01 952 K 2,672 K Windows Metadata Export Service DeviceVM, Inc. (Unable to verify) DeviceVM, Inc.
csrss.exe 452 < 0.01 1,336 K 2,524 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 3136 4,984 K 6,732 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3596 2,360 K 4,628 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe 1504 1,184 K 2,700 K Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 596 1,696 K 3,564 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 508 936 K 1,836 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 3220 2,344 K 4,112 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 2160 600 K 1,672 K Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 2796 4,604 K 6,932 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2964 30,424 K 7,424 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 844 3,240 K 4,760 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1668 9,600 K 10,196 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 928 13,808 K 11,100 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
sttray.exe 3772 5,648 K 7,568 K IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
spoolsv.exe 1632 4,784 K 6,364 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 340 260 K 564 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 564 4,616 K 7,812 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
QLBCtrl.exe 3868 4,284 K 6,788 K Quick Launch Buttons Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
mbamservice.exe 1248 103,012 K 43,752 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamscheduler.exe 1024 1,772 K 3,176 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
lsm.exe 616 1,408 K 2,352 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 608 2,928 K 5,492 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
jusched.exe 2404 860 K 1,832 K Java™ Update Scheduler Sun Microsystems, Inc. (Verified) Oracle America, Inc.
igfxtray.exe 3292 1,208 K 2,780 K igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 728 1,536 K 3,336 K igfxsrvc Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 3444 1,144 K 3,048 K persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
IAANTmon.exe 1908 1,696 K 3,388 K RAID Monitor Intel Corporation (Verified) Intel Corporation
IAAnotif.exe 3672 1,704 K 3,428 K Event Monitor User Notification Tool Intel Corporation (Verified) Intel Corporation
hpwuschd2.exe 984 664 K 1,604 K hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
HPWAMain.exe 3968 17,456 K 15,696 K HP Wireless Assistant Main Program Hewlett-Packard (Verified) Hewlett-Packard Company
HPSA_Service.exe 2872 10,944 K 7,556 K HP Support Assistant Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
hpqWmiEx.exe 3876 1,416 K 3,912 K hpqwmiex Module Hewlett-Packard Company (Verified) Hewlett-Packard Company
HpqToaster.exe 912 3,856 K 5,932 K HpqToaster Module (Verified) Hewlett-Packard Company
HPDrvMntSvc.exe 556 660 K 1,704 K HP Quick Synchronization Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
hpCaslNotification.exe 2468 15,016 K 3,268 K hpCaslNotification Hewlett-Packard Development Company L.P. (Verified) Hewlett-Packard Company
hkcmd.exe 3428 1,332 K 2,848 K hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
dwm.exe 3344 1,008 K 2,212 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 1512 504 K 1,180 K Console Window Host Microsoft Corporation (Verified) Microsoft Windows
Com4QLBEx.exe 1388 916 K 2,428 K Com for QLB application Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
armsvc.exe 1988 824 K 1,848 K Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems, Incorporated
AEstSrv.exe 2028 472 K 1,172 K Andrea filters APO access service (32-bit) Andrea Electronics Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
  • 0

#55
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
That worked. Now all files are verified and have their maker's identified.

The thing I don't like now is this:

Interrupts n/a 4.96 0 K 0 K Hardware Interrupts and DPCs

I had a laptop once with a bad battery and it had the high Interrupts like this one which really slow a PC down so shut it down, remove the main battery, start it up again and run Process Explorer again and post the new log.
  • 0

Advertisements


#56
3mateo

3mateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Ron-
With no battery in laptop:
Thanks,
-M


Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 92.03 0 K 24 K
procexp(1).exe 2644 4.43 17,860 K 32,816 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
SynTPEnh.exe 2728 1.00 9,144 K 12,484 K Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
Interrupts n/a 0.95 0 K 0 K Hardware Interrupts and DPCs
csrss.exe 500 0.79 8,900 K 7,388 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
System 4 0.39 48 K 1,004 K
explorer.exe 504 0.08 24,896 K 39,540 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 732 0.06 3,060 K 7,160 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
services.exe 604 0.05 4,428 K 7,308 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
iPodService.exe 3344 0.03 1,708 K 5,064 K iPodService Module (32-bit) Apple Inc. (Verified) Apple Inc.
svchost.exe 972 0.03 32,008 K 38,404 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AvastSvc.exe 1508 0.03 20,704 K 5,140 K avast! Service AVAST Software (Verified) AVAST Software
svchost.exe 1000 0.03 20,508 K 31,268 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 920 0.02 14,740 K 14,968 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AppleMobileDeviceService.exe 1352 0.02 2,336 K 8,080 K MobileDeviceService Apple Inc. (Verified) Apple Inc.
SASCore.exe 392 0.01 776 K 2,756 K Core Service SUPERAntiSpyware.com (Verified) SuperAdBlocker.com
wlanext.exe 1488 0.01 1,220 K 3,924 K Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
AvastUI.exe 2916 0.01 8,868 K 14,384 K avast! Antivirus AVAST Software (Verified) AVAST Software
HPWAMain.exe 2824 0.01 17,520 K 20,896 K HP Wireless Assistant Main Program Hewlett-Packard (Verified) Hewlett-Packard Company
svchost.exe 1300 < 0.01 6,000 K 11,072 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 440 < 0.01 1,348 K 3,528 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
mbamgui.exe 2192 < 0.01 2,204 K 6,152 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
svchost.exe 1408 < 0.01 11,916 K 11,752 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 844 < 0.01 2,860 K 2,724 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
iTunesHelper.exe 3592 < 0.01 2,940 K 9,808 K iTunesHelper Apple Inc. (Verified) Apple Inc.
stacsv.exe 1036 < 0.01 11,556 K 6,208 K IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
DVMExportService.exe 1912 < 0.01 956 K 3,432 K Windows Metadata Export Service DeviceVM, Inc. (Unable to verify) DeviceVM, Inc.
WmiPrvSE.exe 3392 1,960 K 5,268 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 540 1,700 K 4,976 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 508 948 K 3,392 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 1992 6,136 K 14,104 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 3688 608 K 2,488 K Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 1680 8,404 K 11,036 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1728 30,280 K 7,100 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 828 2,732 K 5,748 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3908 4,316 K 9,228 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
sttray.exe 2772 5,636 K 13,512 K IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
spoolsv.exe 1628 4,704 K 9,228 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 340 264 K 820 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
QLBCtrl.exe 2784 4,228 K 10,468 K Quick Launch Buttons Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
mbamservice.exe 2064 103,032 K 47,592 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamscheduler.exe 1260 1,880 K 5,280 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
lsm.exe 620 1,444 K 3,244 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 612 3,036 K 7,700 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
jusched.exe 3316 860 K 3,428 K Java™ Update Scheduler Sun Microsystems, Inc. (Verified) Oracle America, Inc.
igfxtray.exe 2684 1,216 K 4,460 K igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 2976 1,484 K 4,436 K igfxsrvc Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 2704 1,108 K 4,352 K persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
IAANTmon.exe 2148 1,684 K 5,056 K RAID Monitor Intel Corporation (Verified) Intel Corporation
IAAnotif.exe 2760 1,780 K 5,728 K Event Monitor User Notification Tool Intel Corporation (Verified) Intel Corporation
hpwuschd2.exe 2816 672 K 2,588 K hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
HPSA_Service.exe 3156 11,184 K 10,292 K HP Support Assistant Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
hpqWmiEx.exe 4056 1,356 K 5,160 K hpqwmiex Module Hewlett-Packard Company (Verified) Hewlett-Packard Company
HpqToaster.exe 2332 3,840 K 9,344 K HpqToaster Module (Verified) Hewlett-Packard Company
HPDrvMntSvc.exe 2020 668 K 2,696 K HP Quick Synchronization Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
hpCaslNotification.exe 2600 14,808 K 4,960 K hpCaslNotification Hewlett-Packard Development Company L.P. (Verified) Hewlett-Packard Company
hkcmd.exe 2692 1,332 K 4,416 K hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
dwm.exe 404 876 K 3,060 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 1496 508 K 2,192 K Console Window Host Microsoft Corporation (Verified) Microsoft Windows
Com4QLBEx.exe 3436 920 K 3,784 K Com for QLB application Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
armsvc.exe 496 820 K 2,932 K Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems, Incorporated
AEstSrv.exe 1124 600 K 1,908 K Andrea filters APO access service (32-bit) Andrea Electronics Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
  • 0

#57
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Big improvement!

Interrupts n/a 0.95 0 K 0 K Hardware Interrupts and DPCs


Does it seem quicker without the battery? What I think happens is a bad battery loads down the power supply and reduces the voltage applied to the PC but that's just a guess.

Does it run very long on the battery or is the battery pretty much dead anyway?
  • 0

#58
3mateo

3mateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I haven't explicitly timed it, but I have noticed it is slowly getting worse, i.e. it runs for a shorter and shorter time on battery only.
My girlfriend uses it 95% of the time, so I could only hazard a guess that it runs for 90mins more or less. But it's 2 or 3 yers old, so I'd guess that aspect of decaying time parameter to be normal?
Thanks,
-M
  • 0

#59
3mateo

3mateo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Ron-
Is there anything else I should do? Not use the battery, buy a new one, etc?
Thanks,
-M
  • 0

#60
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
If it seems faster without the battery then either leave it out or get a new battery.

Does it seem to be running normally now?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP