Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

computer running slow and browser closes randomly

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

computer running slow and browser closes randomly

Unread postby eacerda23 » September 22nd, 2012, 2:04 pm

We just got this laptop from a relative and it's running really slow. I've tried to use different browsers to see if it would stop but that didn't do anything for me. I've used Safari, IE9, Google Chrome and Firefox. Can someone please help me out? I'd really appreciate it.




.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Valued Customer at 10:54:21 on 2012-09-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1200 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\idle-Threads.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\semaphore-Threads.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Program Files (x86)\Shop To Win\ShopToWin.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://blekko.com/ws/?source=f45f13b3&t ... p=homepage
mWinlogon: Userinit=userinit.exe
BHO: I Want This: {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Blekko Search Bar 005: {5ce808f4-c861-4392-b55e-c97a89fbe2dd} - C:\Program Files (x86)\blekkotb_005\blekkotb_005X.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Blekko search bar: {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
BHO: ALOT Appbar Helper: {85f5cf95-ec8f-49fc-bb3f-38c79455cba2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Shop to Win: {f9e44926-2497-46f3-8a25-928136ac079e} - C:\Program Files (x86)\Shop to Win 20\Shop to Win 20.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient_2.dll
TB: ALOT Appbar: {a531d99c-5a22-449b-83da-872725c6d0ed} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
TB: Blekko search bar: {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
TB: Blekko Search Bar 005: {5ce808f4-c861-4392-b55e-c97a89fbe2dd} - C:\Program Files (x86)\blekkotb_005\blekkotb_005X.dll
uRun: [Google Update] "C:\Users\Valued Customer\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Valued Customer\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Shop To Win] C:\Program Files (x86)\Shop To Win\ShopToWin.exe
uRun: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\VALUED~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F8E38C16-6951-42D1-96F2-EB5D2E669710} : DhcpNameServer = 192.168.1.1
BHO-X64: I Want This: {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
BHO-X64: CrossriderApp0002258 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Blekko Search Bar 005: {5ce808f4-c861-4392-b55e-c97a89fbe2dd} - C:\Program Files (x86)\blekkotb_005\blekkotb_005X.dll
BHO-X64: Blekko Search Bar 005 - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Blekko search bar: {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
BHO-X64: Blekko search bar - No File
BHO-X64: ALOT Appbar Helper: {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll
BHO-X64: ALOT Appbar Helper - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Shop to Win: {F9E44926-2497-46F3-8A25-928136AC079E} - C:\Program Files (x86)\Shop to Win 20\Shop to Win 20.dll
BHO-X64: Freecause Shopping BHO - No File
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient_2.dll
BHO-X64: Yontoo Layers - No File
TB-X64: ALOT Appbar: {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll
TB-X64: Blekko search bar: {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - C:\Program Files (x86)\blekkotb_soc\blekkotb_019X.dll
TB-X64: Blekko Search Bar 005: {5ce808f4-c861-4392-b55e-c97a89fbe2dd} - C:\Program Files (x86)\blekkotb_005\blekkotb_005X.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 scssifilter;scssifilter;C:\Windows\system32\Drivers\scssifilter64.sys --> C:\Windows\system32\Drivers\scssifilter64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 .Net Main;Microsoft.NET Framework Kernel x2.0c;system32\idle-Threads.exe --> system32\idle-Threads.exe [?]
R2 .Net Semaphore;CNG Key Isolation Service x2.0c;system32\semaphore-Threads.exe --> system32\semaphore-Threads.exe [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-1-26 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R4 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S2 .Net Crypt;Microsoft.NET Framework SecurityCrypt x2.0c;system32\mutex-Threads.exe --> system32\mutex-Threads.exe [?]
S2 .Net Security;Microsoft.NET Framework KernelSecurity x2.0c;system32\latch-Threads.exe --> system32\latch-Threads.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 250056]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-22 17:38:34 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DDF9798B-2D08-49C0-9B40-A9D5A6672A88}\mpengine.dll
2012-09-17 04:11:48 9310152 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-15 00:19:28 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FB48DE93-3C10-49D9-B79C-F05C01F2829D}\gapaengine.dll
2012-09-14 23:53:06 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-09-14 23:53:06 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-09-14 23:53:02 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-09-14 23:53:02 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-09-14 23:53:02 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-09-14 23:53:01 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-09-14 23:53:01 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-09-14 23:53:01 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-09-14 23:34:22 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-09-14 23:34:04 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-09-14 23:33:43 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-09-14 23:33:43 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-09-15 00:21:31 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-15 00:21:31 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-07-04 20:26:03 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-19 17:23:22 405504 --sh--r- C:\Windows\System32\vshadow.exe
2011-12-19 17:23:25 364032 --sh--r- C:\Windows\System32\vshadowamd64.exe
2011-12-19 17:23:29 352256 --sh--r- C:\Windows\System32\vshadowXP.exe
.
============= FINISH: 10:55:17.53 ===============






.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/31/2012 2:21:34 PM
System Uptime: 9/22/2012 10:26:10 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0WTVYR
Processor: AMD Athlon(tm) II P320 Dual-Core Processor | CPU 1 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 249.905 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP50: 5/28/2012 10:20:56 PM - Windows Update
RP51: 6/1/2012 10:37:08 PM - Windows Update
RP52: 6/6/2012 7:03:44 PM - Windows Update
RP53: 6/9/2012 2:40:09 PM - Windows Update
RP54: 6/12/2012 9:51:34 PM - Windows Update
RP55: 6/13/2012 11:51:56 AM - Windows Update
RP56: 6/17/2012 12:23:44 PM - Windows Update
RP57: 9/14/2012 4:33:11 PM - Windows Update
RP58: 9/14/2012 5:16:01 PM - Windows Update
RP59: 9/16/2012 7:19:48 PM - Windows Update
RP60: 9/22/2012 10:37:22 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
ALOT Appbar
Anti-phishing Domain Advisor
Blekko search bar
Blekko Search Bar 005
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Facebook Video Calling 1.2.0.159
Google Chrome
I Want This
IDT Audio
Java Auto Updater
Java(TM) 6 Update 30
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Netwaiting
OpenOffice.org 3.3
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Shop To Win
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Word Free
.
==== Event Viewer Messages From Past Week ========
.
9/16/2012 8:55:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8003f46060, 0xfffffa8003f46340, 0xfffff80002f85510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 091612-54241-01.
.
==== End Of File ===========================
eacerda23
Active Member
 
Posts: 9
Joined: September 22nd, 2012, 1:42 pm
Advertisement
Register to Remove

Re: computer running slow and browser closes randomly

Unread postby pgmigg » September 23rd, 2012, 1:47 pm

Hello eacerda23,

Welcome to the forum! :)

My nickname is pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: computer running slow and browser closes randomly

Unread postby eacerda23 » September 23rd, 2012, 2:38 pm

Thank you for replying and I look forward to your help.
eacerda23
Active Member
 
Posts: 9
Joined: September 22nd, 2012, 1:42 pm

Re: computer running slow and browser closes randomly

Unread postby eacerda23 » September 23rd, 2012, 2:41 pm

Ok, I just found out that my wife made some changes to the laptop after I had posted the DDS logs. She's added Avira anti-virus and also installed MalwareBytes Anti-Malware Removal and ran a scan. Would you like me to run the DDS logs again? Please let me know. Thank you.
eacerda23
Active Member
 
Posts: 9
Joined: September 22nd, 2012, 1:42 pm

Re: computer running slow and browser closes randomly

Unread postby pgmigg » September 23rd, 2012, 4:55 pm

Hello eacerda23.
Ok, I just found out that my wife made some changes to the laptop after I had posted the DDS logs. She's added Avira anti-virus and also installed MalwareBytes Anti-Malware Removal and ran a scan.
Much - does not mean better!

Multiple Anti Virus programs detected
  1. It looks like you are operating your computer with multiple Anti Virus programs installed at once:
    Avira Antivirus
    Microsoft Security Essentials
  2. Running - more than one - antivirus program is not recommended because:
    1. They can conflict with each other.
    2. Report the other antivirus software as malicious.
    3. Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
    4. Can cause your computer to run slowly, become unstable and crash.
  3. I strongly suggest you uninstall one of them. Which one, is your decision, but if you asked me, I would recommend you to keep and continue to use Microsoft Security Essentials

Would you like me to run the DDS logs again? Please let me know. Thank you.
No, thank you, I don't need to have additional DDS scan for now...

pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: computer running slow and browser closes randomly

Unread postby pgmigg » September 23rd, 2012, 9:17 pm

Hello eacerda23,

Thank you for your patience... Let start our treatment! :)

Firstly, tell me please which AntiVirus program (Avira Antivirus or Microsoft Security Essentials ) you decided to keep?

Step 1.
Create a System Restore Point
Because we are going to be making changes to your computer, it is advisable to create a new System Restore Point.
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 2.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the word Code: into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    ALOT Appbar
    Blekko search bar
    Blekko Search Bar 005
    I Want This
    Shop To Win
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.
  6. Reboot you computer.

Step 3.
TDSSKiller - Rootkit Removal Tool - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Right click on TDSSKiller.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply кegardless of the result.

Step 4.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Step 5.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries into SystemLook's main text entry window:

    Code: Select all
    :filefind
    *alotappbar*
    *Fun4IM*
    *Bandoo*
    *Blekko*
    *Conduit*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *IObit*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *Yontoo*
    
    :folderfind
    *alotappbar*
    *Fun4IM*
    *Bandoo*
    *Blekko*
    *Conduit*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *IObit*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *Yontoo*
    
    :Regfind
    alotappbar
    Fun4IM
    Bandoo
    Blekko
    Conduit
    Searchnu
    Searchqu
    iLivid
    IObit
    whitesmoke
    datamngr
    trolltech
    Yontoo
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Answer for my question related to AV program you use now.
  2. Do you have any problems executing the instructions?
  3. Contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file
  4. Contents of a OTL.txt log file
  5. Contents of a Extras.txt log file
  6. Contents of the SystemLook.txt log file
  7. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: computer running slow and browser closes randomly

Unread postby eacerda23 » September 23rd, 2012, 11:11 pm

I've decided to remove Avira.

No issues running the programs

21:40:02.0518 2748 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:40:03.0252 2748 ============================================================
21:40:03.0252 2748 Current date / time: 2012/09/23 21:40:03.0252
21:40:03.0252 2748 SystemInfo:
21:40:03.0252 2748
21:40:03.0252 2748 OS Version: 6.1.7601 ServicePack: 1.0
21:40:03.0252 2748 Product type: Workstation
21:40:03.0252 2748 ComputerName: VALUEDCUSTOMER
21:40:03.0252 2748 UserName: Valued Customer
21:40:03.0252 2748 Windows directory: C:\Windows
21:40:03.0252 2748 System windows directory: C:\Windows
21:40:03.0252 2748 Running under WOW64
21:40:03.0252 2748 Processor architecture: Intel x64
21:40:03.0252 2748 Number of processors: 2
21:40:03.0252 2748 Page size: 0x1000
21:40:03.0252 2748 Boot type: Normal boot
21:40:03.0252 2748 ============================================================
21:40:09.0686 2748 !crdlk
21:40:09.0689 2748 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
21:40:09.0715 2748 ============================================================
21:40:09.0715 2748 \Device\Harddisk0\DR0:
21:40:09.0715 2748 MBR partitions:
21:40:09.0715 2748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
21:40:09.0716 2748 ============================================================
21:40:09.0743 2748 C: <-> \Device\Harddisk0\DR0\Partition1
21:40:09.0743 2748 ============================================================
21:40:09.0743 2748 Initialize success
21:40:09.0743 2748 ============================================================
21:40:12.0159 2776 ============================================================
21:40:12.0159 2776 Scan started
21:40:12.0159 2776 Mode: Manual;
21:40:12.0159 2776 ============================================================
21:40:12.0705 2776 ================ Scan system memory ========================
21:40:12.0705 2776 System memory - ok
21:40:12.0706 2776 ================ Scan services =============================
21:40:13.0064 2776 [ DE3D5966A9F9543862DA2EDFBCADCEED ] .Net Crypt C:\Windows\system32\mutex-Threads.exe
21:40:13.0065 2776 Suspicious file (NoAccess): C:\Windows\system32\mutex-Threads.exe. md5: DE3D5966A9F9543862DA2EDFBCADCEED
21:40:13.0141 2776 .Net Crypt ( LockedFile.Multi.Generic ) - warning
21:40:13.0142 2776 .Net Crypt - detected LockedFile.Multi.Generic (1)
21:40:13.0421 2776 [ FC95A70CD34D43AD85777D0A8EC885E4 ] .Net Main C:\Windows\system32\idle-Threads.exe
21:40:13.0421 2776 Suspicious file (NoAccess): C:\Windows\system32\idle-Threads.exe. md5: FC95A70CD34D43AD85777D0A8EC885E4
21:40:13.0489 2776 .Net Main ( LockedFile.Multi.Generic ) - warning
21:40:13.0489 2776 .Net Main - detected LockedFile.Multi.Generic (1)
21:40:13.0749 2776 [ 666D0C1705072E6ED6B217ECE48BFA7F ] .Net Security C:\Windows\system32\latch-Threads.exe
21:40:13.0749 2776 Suspicious file (NoAccess): C:\Windows\system32\latch-Threads.exe. md5: 666D0C1705072E6ED6B217ECE48BFA7F
21:40:13.0832 2776 .Net Security ( LockedFile.Multi.Generic ) - warning
21:40:13.0832 2776 .Net Security - detected LockedFile.Multi.Generic (1)
21:40:13.0894 2776 [ 99106574328104A21F32329E95C5304F ] .Net Semaphore C:\Windows\system32\semaphore-Threads.exe
21:40:13.0896 2776 Suspicious file (NoAccess): C:\Windows\system32\semaphore-Threads.exe. md5: 99106574328104A21F32329E95C5304F
21:40:13.0924 2776 .Net Semaphore ( LockedFile.Multi.Generic ) - warning
21:40:13.0924 2776 .Net Semaphore - detected LockedFile.Multi.Generic (1)
21:40:14.0010 2776 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:40:14.0014 2776 1394ohci - ok
21:40:14.0064 2776 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:40:14.0070 2776 ACPI - ok
21:40:14.0117 2776 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:40:14.0118 2776 AcpiPmi - ok
21:40:14.0238 2776 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:40:14.0240 2776 AdobeARMservice - ok
21:40:14.0419 2776 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:40:14.0423 2776 AdobeFlashPlayerUpdateSvc - ok
21:40:14.0507 2776 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:40:14.0516 2776 adp94xx - ok
21:40:14.0591 2776 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:40:14.0594 2776 adpahci - ok
21:40:14.0665 2776 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:40:14.0668 2776 adpu320 - ok
21:40:14.0716 2776 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:40:14.0717 2776 AeLookupSvc - ok
21:40:14.0807 2776 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
21:40:14.0809 2776 AESTFilters - ok
21:40:14.0898 2776 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:40:14.0906 2776 AFD - ok
21:40:14.0958 2776 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:40:14.0960 2776 agp440 - ok
21:40:15.0033 2776 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:40:15.0035 2776 ALG - ok
21:40:15.0077 2776 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:40:15.0078 2776 aliide - ok
21:40:15.0141 2776 [ C6469CED96FEDEF508AEB74553135CDC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:40:15.0145 2776 AMD External Events Utility - ok
21:40:15.0194 2776 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:40:15.0195 2776 amdide - ok
21:40:15.0247 2776 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:40:15.0249 2776 AmdK8 - ok
21:40:15.0455 2776 [ 18AD9AD00FFAD95DC820762FB7F4B80F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:40:15.0496 2776 amdkmdag - ok
21:40:15.0578 2776 [ DBF0DB9A8B60A2C029EB70824AFCCBDA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:40:15.0582 2776 amdkmdap - ok
21:40:15.0632 2776 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:40:15.0634 2776 AmdPPM - ok
21:40:15.0709 2776 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:40:15.0712 2776 amdsata - ok
21:40:15.0758 2776 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:40:15.0762 2776 amdsbs - ok
21:40:15.0799 2776 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:40:15.0800 2776 amdxata - ok
21:40:15.0891 2776 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:40:15.0893 2776 AppID - ok
21:40:15.0942 2776 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:40:15.0944 2776 AppIDSvc - ok
21:40:16.0001 2776 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:40:16.0003 2776 Appinfo - ok
21:40:16.0072 2776 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:40:16.0074 2776 arc - ok
21:40:16.0103 2776 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:40:16.0105 2776 arcsas - ok
21:40:16.0141 2776 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:40:16.0142 2776 AsyncMac - ok
21:40:16.0184 2776 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:40:16.0185 2776 atapi - ok
21:40:16.0287 2776 [ 637E0753BD6DEB8EA5314A5C357EC1A0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
21:40:16.0290 2776 AtiHdmiService - ok
21:40:16.0347 2776 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
21:40:16.0349 2776 AtiPcie - ok
21:40:16.0445 2776 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:40:16.0455 2776 AudioEndpointBuilder - ok
21:40:16.0489 2776 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:40:16.0495 2776 AudioSrv - ok
21:40:16.0564 2776 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:40:16.0567 2776 AxInstSV - ok
21:40:16.0638 2776 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:40:16.0646 2776 b06bdrv - ok
21:40:16.0685 2776 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:40:16.0687 2776 b57nd60a - ok
21:40:16.0833 2776 [ 8B5D16D20774FC3727F44E161BE2C0AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
21:40:16.0862 2776 BCM43XX - ok
21:40:16.0924 2776 [ D224B2E6BB543F1D8F1177D57FEC2950 ] BcmVWL C:\Windows\system32\DRIVERS\bcmvwl64.sys
21:40:16.0924 2776 BcmVWL - ok
21:40:16.0966 2776 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:40:16.0969 2776 BDESVC - ok
21:40:17.0013 2776 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:40:17.0013 2776 Beep - ok
21:40:17.0113 2776 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:40:17.0124 2776 BFE - ok
21:40:17.0191 2776 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:40:17.0200 2776 BITS - ok
21:40:17.0268 2776 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:40:17.0269 2776 blbdrive - ok
21:40:17.0321 2776 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:40:17.0323 2776 bowser - ok
21:40:17.0368 2776 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:40:17.0369 2776 BrFiltLo - ok
21:40:17.0397 2776 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:40:17.0399 2776 BrFiltUp - ok
21:40:17.0493 2776 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:40:17.0496 2776 Browser - ok
21:40:17.0574 2776 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:40:17.0580 2776 Brserid - ok
21:40:17.0631 2776 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:40:17.0633 2776 BrSerWdm - ok
21:40:17.0654 2776 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:40:17.0655 2776 BrUsbMdm - ok
21:40:17.0686 2776 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:40:17.0687 2776 BrUsbSer - ok
21:40:17.0754 2776 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
21:40:17.0756 2776 BthEnum - ok
21:40:17.0823 2776 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:40:17.0825 2776 BTHMODEM - ok
21:40:17.0873 2776 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:40:17.0875 2776 BthPan - ok
21:40:17.0926 2776 [ A51FA9D0E85D5ADABEF72E67F386309C ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
21:40:17.0935 2776 BTHPORT - ok
21:40:17.0992 2776 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:40:17.0994 2776 bthserv - ok
21:40:18.0039 2776 [ F740B9A16B2C06700F2130E19986BF3B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
21:40:18.0040 2776 BTHUSB - ok
21:40:18.0085 2776 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
21:40:18.0087 2776 btwaudio - ok
21:40:18.0154 2776 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
21:40:18.0156 2776 btwavdt - ok
21:40:18.0271 2776 [ 6DDE1E97BE4D50253DFB9090A6A62524 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:40:18.0284 2776 btwdins - ok
21:40:18.0343 2776 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
21:40:18.0344 2776 btwl2cap - ok
21:40:18.0399 2776 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
21:40:18.0401 2776 btwrchid - ok
21:40:18.0473 2776 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:40:18.0475 2776 cdfs - ok
21:40:18.0541 2776 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:40:18.0544 2776 cdrom - ok
21:40:18.0609 2776 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:40:18.0611 2776 CertPropSvc - ok
21:40:18.0676 2776 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:40:18.0678 2776 circlass - ok
21:40:18.0758 2776 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:40:18.0765 2776 CLFS - ok
21:40:18.0883 2776 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:40:18.0886 2776 clr_optimization_v2.0.50727_32 - ok
21:40:18.0994 2776 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:40:18.0995 2776 clr_optimization_v2.0.50727_64 - ok
21:40:19.0092 2776 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:40:19.0095 2776 clr_optimization_v4.0.30319_32 - ok
21:40:19.0151 2776 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:40:19.0153 2776 clr_optimization_v4.0.30319_64 - ok
21:40:19.0208 2776 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:40:19.0209 2776 CmBatt - ok
21:40:19.0245 2776 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:40:19.0246 2776 cmdide - ok
21:40:19.0311 2776 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:40:19.0319 2776 CNG - ok
21:40:19.0372 2776 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:40:19.0373 2776 Compbatt - ok
21:40:19.0433 2776 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:40:19.0435 2776 CompositeBus - ok
21:40:19.0486 2776 COMSysApp - ok
21:40:19.0531 2776 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:40:19.0532 2776 crcdisk - ok
21:40:19.0589 2776 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:40:19.0591 2776 CryptSvc - ok
21:40:19.0664 2776 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:40:19.0677 2776 DcomLaunch - ok
21:40:19.0747 2776 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:40:19.0753 2776 defragsvc - ok
21:40:19.0820 2776 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:40:19.0823 2776 DfsC - ok
21:40:19.0905 2776 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:40:19.0911 2776 Dhcp - ok
21:40:19.0959 2776 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:40:19.0959 2776 discache - ok
21:40:20.0029 2776 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:40:20.0031 2776 Disk - ok
21:40:20.0114 2776 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:40:20.0119 2776 Dnscache - ok
21:40:20.0198 2776 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:40:20.0204 2776 dot3svc - ok
21:40:20.0282 2776 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:40:20.0286 2776 DPS - ok
21:40:20.0357 2776 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:40:20.0358 2776 drmkaud - ok
21:40:20.0461 2776 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:40:20.0475 2776 DXGKrnl - ok
21:40:20.0560 2776 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:40:20.0563 2776 EapHost - ok
21:40:20.0686 2776 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:40:20.0708 2776 ebdrv - ok
21:40:20.0794 2776 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:40:20.0797 2776 EFS - ok
21:40:20.0889 2776 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:40:20.0900 2776 ehRecvr - ok
21:40:20.0967 2776 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:40:20.0970 2776 ehSched - ok
21:40:21.0034 2776 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:40:21.0042 2776 elxstor - ok
21:40:21.0102 2776 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:40:21.0103 2776 ErrDev - ok
21:40:21.0226 2776 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:40:21.0234 2776 EventSystem - ok
21:40:21.0302 2776 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:40:21.0306 2776 exfat - ok
21:40:21.0365 2776 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:40:21.0369 2776 fastfat - ok
21:40:21.0432 2776 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:40:21.0444 2776 Fax - ok
21:40:21.0500 2776 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:40:21.0501 2776 fdc - ok
21:40:21.0561 2776 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:40:21.0563 2776 fdPHost - ok
21:40:21.0608 2776 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:40:21.0610 2776 FDResPub - ok
21:40:21.0667 2776 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:40:21.0669 2776 FileInfo - ok
21:40:21.0716 2776 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:40:21.0717 2776 Filetrace - ok
21:40:21.0750 2776 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:40:21.0751 2776 flpydisk - ok
21:40:21.0796 2776 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:40:21.0799 2776 FltMgr - ok
21:40:21.0882 2776 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:40:21.0893 2776 FontCache - ok
21:40:21.0978 2776 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:40:21.0980 2776 FontCache3.0.0.0 - ok
21:40:22.0043 2776 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:40:22.0045 2776 FsDepends - ok
21:40:22.0118 2776 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:40:22.0119 2776 Fs_Rec - ok
21:40:22.0179 2776 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:40:22.0183 2776 fvevol - ok
21:40:22.0235 2776 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:40:22.0237 2776 gagp30kx - ok
21:40:22.0335 2776 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:40:22.0348 2776 gpsvc - ok
21:40:22.0406 2776 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:40:22.0408 2776 hcw85cir - ok
21:40:22.0487 2776 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:40:22.0493 2776 HdAudAddService - ok
21:40:22.0562 2776 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:40:22.0564 2776 HDAudBus - ok
21:40:22.0625 2776 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:40:22.0627 2776 HidBatt - ok
21:40:22.0663 2776 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:40:22.0665 2776 HidBth - ok
21:40:22.0717 2776 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:40:22.0719 2776 HidIr - ok
21:40:22.0779 2776 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:40:22.0781 2776 hidserv - ok
21:40:22.0833 2776 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
21:40:22.0834 2776 HidUsb - ok
21:40:22.0911 2776 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:40:22.0915 2776 hkmsvc - ok
21:40:22.0982 2776 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:40:22.0987 2776 HomeGroupListener - ok
21:40:23.0050 2776 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:40:23.0055 2776 HomeGroupProvider - ok
21:40:23.0131 2776 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:40:23.0133 2776 HpSAMD - ok
21:40:23.0208 2776 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:40:23.0220 2776 HTTP - ok
21:40:23.0279 2776 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:40:23.0279 2776 hwpolicy - ok
21:40:23.0341 2776 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:40:23.0344 2776 i8042prt - ok
21:40:23.0409 2776 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:40:23.0417 2776 iaStorV - ok
21:40:23.0518 2776 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:40:23.0532 2776 idsvc - ok
21:40:23.0614 2776 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:40:23.0616 2776 iirsp - ok
21:40:23.0700 2776 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:40:23.0714 2776 IKEEXT - ok
21:40:23.0771 2776 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:40:23.0772 2776 intelide - ok
21:40:23.0839 2776 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:40:23.0841 2776 intelppm - ok
21:40:23.0927 2776 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:40:23.0931 2776 IPBusEnum - ok
21:40:23.0994 2776 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:40:23.0996 2776 IpFilterDriver - ok
21:40:24.0074 2776 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:40:24.0084 2776 iphlpsvc - ok
21:40:24.0144 2776 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:40:24.0146 2776 IPMIDRV - ok
21:40:24.0200 2776 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:40:24.0202 2776 IPNAT - ok
21:40:24.0238 2776 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:40:24.0239 2776 IRENUM - ok
21:40:24.0310 2776 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:40:24.0311 2776 isapnp - ok
21:40:24.0360 2776 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:40:24.0363 2776 iScsiPrt - ok
21:40:24.0421 2776 [ CC1E48A7B7C29FE97BAC482DAB69A14D ] itecir C:\Windows\system32\DRIVERS\itecir.sys
21:40:24.0422 2776 itecir - ok
21:40:24.0478 2776 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
21:40:24.0483 2776 k57nd60a - ok
21:40:24.0553 2776 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:40:24.0555 2776 kbdclass - ok
21:40:24.0600 2776 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:40:24.0602 2776 kbdhid - ok
21:40:24.0661 2776 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:40:24.0664 2776 KeyIso - ok
21:40:24.0721 2776 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:40:24.0723 2776 KSecDD - ok
21:40:24.0758 2776 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:40:24.0762 2776 KSecPkg - ok
21:40:24.0839 2776 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:40:24.0840 2776 ksthunk - ok
21:40:24.0890 2776 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:40:24.0898 2776 KtmRm - ok
21:40:24.0969 2776 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:40:24.0975 2776 LanmanServer - ok
21:40:25.0042 2776 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:40:25.0045 2776 LanmanWorkstation - ok
21:40:25.0096 2776 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:40:25.0097 2776 lltdio - ok
21:40:25.0176 2776 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:40:25.0183 2776 lltdsvc - ok
21:40:25.0228 2776 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:40:25.0230 2776 lmhosts - ok
21:40:25.0295 2776 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:40:25.0297 2776 LSI_FC - ok
21:40:25.0338 2776 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:40:25.0339 2776 LSI_SAS - ok
21:40:25.0392 2776 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:40:25.0393 2776 LSI_SAS2 - ok
21:40:25.0419 2776 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:40:25.0420 2776 LSI_SCSI - ok
21:40:25.0473 2776 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:40:25.0475 2776 luafv - ok
21:40:25.0529 2776 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:40:25.0531 2776 Mcx2Svc - ok
21:40:25.0593 2776 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:40:25.0595 2776 megasas - ok
21:40:25.0649 2776 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:40:25.0654 2776 MegaSR - ok
21:40:25.0716 2776 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:40:25.0720 2776 MMCSS - ok
21:40:25.0755 2776 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:40:25.0757 2776 Modem - ok
21:40:25.0828 2776 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:40:25.0830 2776 monitor - ok
21:40:25.0881 2776 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
21:40:25.0883 2776 mouclass - ok
21:40:25.0938 2776 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:40:25.0939 2776 mouhid - ok
21:40:26.0011 2776 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:40:26.0014 2776 mountmgr - ok
21:40:26.0089 2776 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
21:40:26.0093 2776 MpFilter - ok
21:40:26.0153 2776 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:40:26.0157 2776 mpio - ok
21:40:26.0208 2776 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:40:26.0210 2776 mpsdrv - ok
21:40:26.0287 2776 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:40:26.0301 2776 MpsSvc - ok
21:40:26.0355 2776 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:40:26.0358 2776 MRxDAV - ok
21:40:26.0434 2776 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:40:26.0437 2776 mrxsmb - ok
21:40:26.0488 2776 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:40:26.0493 2776 mrxsmb10 - ok
21:40:26.0551 2776 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:40:26.0552 2776 mrxsmb20 - ok
21:40:26.0596 2776 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:40:26.0597 2776 msahci - ok
21:40:26.0655 2776 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:40:26.0658 2776 msdsm - ok
21:40:26.0718 2776 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:40:26.0723 2776 MSDTC - ok
21:40:26.0777 2776 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:40:26.0778 2776 Msfs - ok
21:40:26.0818 2776 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:40:26.0819 2776 mshidkmdf - ok
21:40:26.0872 2776 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:40:26.0873 2776 msisadrv - ok
21:40:26.0927 2776 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:40:26.0931 2776 MSiSCSI - ok
21:40:26.0957 2776 msiserver - ok
21:40:27.0026 2776 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:40:27.0027 2776 MSKSSRV - ok
21:40:27.0088 2776 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:40:27.0090 2776 MsMpSvc - ok
21:40:27.0159 2776 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:40:27.0160 2776 MSPCLOCK - ok
21:40:27.0183 2776 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:40:27.0184 2776 MSPQM - ok
21:40:27.0245 2776 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:40:27.0248 2776 MsRPC - ok
21:40:27.0317 2776 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:40:27.0319 2776 mssmbios - ok
21:40:27.0368 2776 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:40:27.0369 2776 MSTEE - ok
21:40:27.0417 2776 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:40:27.0418 2776 MTConfig - ok
21:40:27.0477 2776 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:40:27.0479 2776 Mup - ok
21:40:27.0564 2776 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:40:27.0574 2776 napagent - ok
21:40:27.0658 2776 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:40:27.0663 2776 NativeWifiP - ok
21:40:27.0747 2776 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:40:27.0762 2776 NDIS - ok
21:40:27.0795 2776 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:40:27.0795 2776 NdisCap - ok
21:40:27.0835 2776 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:40:27.0835 2776 NdisTapi - ok
21:40:27.0914 2776 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:40:27.0916 2776 Ndisuio - ok
21:40:27.0962 2776 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:40:27.0966 2776 NdisWan - ok
21:40:28.0010 2776 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:40:28.0012 2776 NDProxy - ok
21:40:28.0067 2776 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:40:28.0070 2776 NetBIOS - ok
21:40:28.0150 2776 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:40:28.0155 2776 NetBT - ok
21:40:28.0206 2776 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:40:28.0209 2776 Netlogon - ok
21:40:28.0264 2776 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:40:28.0272 2776 Netman - ok
21:40:28.0336 2776 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:40:28.0341 2776 netprofm - ok
21:40:28.0386 2776 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:40:28.0388 2776 NetTcpPortSharing - ok
21:40:28.0596 2776 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
21:40:28.0639 2776 NETw5s64 - ok
21:40:28.0718 2776 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:40:28.0719 2776 nfrd960 - ok
21:40:28.0752 2776 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:40:28.0754 2776 NisDrv - ok
21:40:28.0810 2776 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
21:40:28.0814 2776 NisSrv - ok
21:40:28.0907 2776 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:40:28.0914 2776 NlaSvc - ok
21:40:28.0982 2776 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:40:28.0983 2776 Npfs - ok
21:40:29.0045 2776 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:40:29.0048 2776 nsi - ok
21:40:29.0084 2776 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:40:29.0086 2776 nsiproxy - ok
21:40:29.0200 2776 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:40:29.0213 2776 Ntfs - ok
21:40:29.0261 2776 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:40:29.0262 2776 Null - ok
21:40:29.0304 2776 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:40:29.0306 2776 nvraid - ok
21:40:29.0378 2776 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:40:29.0381 2776 nvstor - ok
21:40:29.0423 2776 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:40:29.0426 2776 nv_agp - ok
21:40:29.0469 2776 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:40:29.0472 2776 ohci1394 - ok
21:40:29.0549 2776 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:40:29.0557 2776 p2pimsvc - ok
21:40:29.0602 2776 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:40:29.0612 2776 p2psvc - ok
21:40:29.0650 2776 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:40:29.0651 2776 Parport - ok
21:40:29.0723 2776 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:40:29.0725 2776 partmgr - ok
21:40:29.0785 2776 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:40:29.0790 2776 PcaSvc - ok
21:40:29.0856 2776 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:40:29.0860 2776 pci - ok
21:40:29.0897 2776 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:40:29.0899 2776 pciide - ok
21:40:29.0942 2776 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:40:29.0944 2776 pcmcia - ok
21:40:29.0994 2776 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:40:29.0995 2776 pcw - ok
21:40:30.0051 2776 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:40:30.0061 2776 PEAUTH - ok
21:40:30.0161 2776 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:40:30.0162 2776 PerfHost - ok
21:40:30.0317 2776 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:40:30.0344 2776 pla - ok
21:40:30.0440 2776 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:40:30.0449 2776 PlugPlay - ok
21:40:30.0495 2776 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:40:30.0496 2776 PNRPAutoReg - ok
21:40:30.0547 2776 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:40:30.0550 2776 PNRPsvc - ok
21:40:30.0610 2776 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:40:30.0615 2776 PolicyAgent - ok
21:40:30.0720 2776 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:40:30.0724 2776 Power - ok
21:40:30.0782 2776 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:40:30.0783 2776 PptpMiniport - ok
21:40:30.0846 2776 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:40:30.0848 2776 Processor - ok
21:40:30.0918 2776 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:40:30.0924 2776 ProfSvc - ok
21:40:30.0973 2776 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:40:30.0976 2776 ProtectedStorage - ok
21:40:31.0047 2776 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:40:31.0050 2776 Psched - ok
21:40:31.0123 2776 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:40:31.0137 2776 ql2300 - ok
21:40:31.0183 2776 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:40:31.0185 2776 ql40xx - ok
21:40:31.0229 2776 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:40:31.0232 2776 QWAVE - ok
21:40:31.0262 2776 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:40:31.0263 2776 QWAVEdrv - ok
21:40:31.0279 2776 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:40:31.0280 2776 RasAcd - ok
21:40:31.0338 2776 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:40:31.0339 2776 RasAgileVpn - ok
21:40:31.0405 2776 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:40:31.0408 2776 RasAuto - ok
21:40:31.0467 2776 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:40:31.0469 2776 Rasl2tp - ok
21:40:31.0535 2776 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:40:31.0538 2776 RasMan - ok
21:40:31.0590 2776 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:40:31.0591 2776 RasPppoe - ok
21:40:31.0645 2776 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:40:31.0647 2776 RasSstp - ok
21:40:31.0712 2776 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:40:31.0717 2776 rdbss - ok
21:40:31.0783 2776 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:40:31.0785 2776 rdpbus - ok
21:40:31.0832 2776 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:40:31.0834 2776 RDPCDD - ok
21:40:31.0870 2776 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:40:31.0871 2776 RDPENCDD - ok
21:40:31.0927 2776 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:40:31.0928 2776 RDPREFMP - ok
21:40:31.0966 2776 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:40:31.0968 2776 RDPWD - ok
21:40:32.0031 2776 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:40:32.0033 2776 rdyboost - ok
21:40:32.0100 2776 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:40:32.0102 2776 RemoteAccess - ok
21:40:32.0165 2776 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:40:32.0168 2776 RemoteRegistry - ok
21:40:32.0243 2776 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:40:32.0245 2776 RFCOMM - ok
21:40:32.0333 2776 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:40:32.0336 2776 RpcEptMapper - ok
21:40:32.0396 2776 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:40:32.0398 2776 RpcLocator - ok
21:40:32.0455 2776 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:40:32.0461 2776 RpcSs - ok
21:40:32.0543 2776 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:40:32.0545 2776 rspndr - ok
21:40:32.0633 2776 [ 30F463768D5143BFD7B2DF822B53CF4D ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
21:40:32.0637 2776 RSUSBSTOR - ok
21:40:32.0693 2776 [ FD978B2BF8A9B2390DCBEF435E9C1F9F ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:40:32.0699 2776 RTL8167 - ok
21:40:32.0750 2776 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:40:32.0752 2776 SamSs - ok
21:40:32.0801 2776 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:40:32.0803 2776 sbp2port - ok
21:40:32.0878 2776 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:40:32.0882 2776 SCardSvr - ok
21:40:32.0947 2776 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:40:32.0948 2776 scfilter - ok
21:40:33.0027 2776 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:40:33.0045 2776 Schedule - ok
21:40:33.0110 2776 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:40:33.0111 2776 SCPolicySvc - ok
21:40:33.0161 2776 [ 078E7AF9978E11E603487616121AB940 ] scssifilter C:\Windows\system32\Drivers\scssifilter64.sys
21:40:33.0162 2776 scssifilter - ok
21:40:33.0212 2776 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
21:40:33.0213 2776 sdbus - ok
21:40:33.0296 2776 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:40:33.0302 2776 SDRSVC - ok
21:40:33.0381 2776 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:40:33.0382 2776 secdrv - ok
21:40:33.0471 2776 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:40:33.0475 2776 seclogon - ok
21:40:33.0533 2776 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:40:33.0537 2776 SENS - ok
21:40:33.0600 2776 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:40:33.0604 2776 SensrSvc - ok
21:40:33.0665 2776 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:40:33.0667 2776 Serenum - ok
21:40:33.0722 2776 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:40:33.0724 2776 Serial - ok
21:40:33.0795 2776 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:40:33.0796 2776 sermouse - ok
21:40:33.0900 2776 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:40:33.0903 2776 SessionEnv - ok
21:40:33.0967 2776 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:40:33.0967 2776 sffdisk - ok
21:40:34.0026 2776 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:40:34.0027 2776 sffp_mmc - ok
21:40:34.0099 2776 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:40:34.0100 2776 sffp_sd - ok
21:40:34.0155 2776 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:40:34.0156 2776 sfloppy - ok
21:40:34.0220 2776 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:40:34.0225 2776 SharedAccess - ok
21:40:34.0300 2776 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:40:34.0303 2776 ShellHWDetection - ok
21:40:34.0385 2776 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:40:34.0387 2776 SiSRaid2 - ok
21:40:34.0429 2776 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:40:34.0432 2776 SiSRaid4 - ok
21:40:34.0483 2776 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:40:34.0485 2776 Smb - ok
21:40:34.0578 2776 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:40:34.0581 2776 SNMPTRAP - ok
21:40:34.0637 2776 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:40:34.0638 2776 spldr - ok
21:40:34.0729 2776 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:40:34.0742 2776 Spooler - ok
21:40:34.0876 2776 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:40:34.0900 2776 sppsvc - ok
21:40:34.0978 2776 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:40:34.0983 2776 sppuinotify - ok
21:40:35.0066 2776 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:40:35.0074 2776 srv - ok
21:40:35.0122 2776 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:40:35.0126 2776 srv2 - ok
21:40:35.0185 2776 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:40:35.0187 2776 srvnet - ok
21:40:35.0236 2776 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:40:35.0239 2776 SSDPSRV - ok
21:40:35.0289 2776 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:40:35.0291 2776 SstpSvc - ok
21:40:35.0363 2776 [ 463E33B1EA7AF1E6EB87B66B831DB41A ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
21:40:35.0367 2776 STacSV - ok
21:40:35.0447 2776 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:40:35.0448 2776 stexstor - ok
21:40:35.0514 2776 [ 4304B75094E106FB5423A290C95841E5 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
21:40:35.0519 2776 STHDA - ok
21:40:35.0608 2776 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:40:35.0620 2776 stisvc - ok
21:40:35.0663 2776 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:40:35.0664 2776 swenum - ok
21:40:35.0748 2776 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:40:35.0760 2776 swprv - ok
21:40:35.0826 2776 [ 8A3FBCB3D6D4710730D27DA4392A4863 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:40:35.0829 2776 SynTP - ok
21:40:35.0942 2776 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:40:35.0961 2776 SysMain - ok
21:40:36.0025 2776 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:40:36.0027 2776 TabletInputService - ok
21:40:36.0079 2776 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:40:36.0088 2776 TapiSrv - ok
21:40:36.0155 2776 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:40:36.0158 2776 TBS - ok
21:40:36.0272 2776 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:40:36.0291 2776 Tcpip - ok
21:40:36.0396 2776 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:40:36.0412 2776 TCPIP6 - ok
21:40:36.0492 2776 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:40:36.0492 2776 tcpipreg - ok
21:40:36.0566 2776 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:40:36.0567 2776 TDPIPE - ok
21:40:36.0643 2776 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:40:36.0645 2776 TDTCP - ok
21:40:36.0723 2776 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:40:36.0726 2776 tdx - ok
21:40:36.0782 2776 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:40:36.0785 2776 TermDD - ok
21:40:36.0849 2776 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:40:36.0856 2776 TermService - ok
21:40:36.0902 2776 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:40:36.0904 2776 Themes - ok
21:40:36.0973 2776 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:40:36.0975 2776 THREADORDER - ok
21:40:37.0037 2776 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:40:37.0040 2776 TrkWks - ok
21:40:37.0133 2776 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:40:37.0136 2776 TrustedInstaller - ok
21:40:37.0207 2776 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:40:37.0208 2776 tssecsrv - ok
21:40:37.0293 2776 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:40:37.0294 2776 TsUsbFlt - ok
21:40:37.0358 2776 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:40:37.0361 2776 tunnel - ok
21:40:37.0424 2776 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:40:37.0426 2776 uagp35 - ok
21:40:37.0506 2776 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:40:37.0513 2776 udfs - ok
21:40:37.0634 2776 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:40:37.0636 2776 UI0Detect - ok
21:40:37.0671 2776 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:40:37.0672 2776 uliagpkx - ok
21:40:37.0714 2776 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:40:37.0714 2776 umbus - ok
21:40:37.0755 2776 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:40:37.0755 2776 UmPass - ok
21:40:37.0818 2776 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:40:37.0821 2776 upnphost - ok
21:40:37.0876 2776 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:40:37.0878 2776 usbccgp - ok
21:40:37.0929 2776 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:40:37.0931 2776 usbcir - ok
21:40:37.0969 2776 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:40:37.0970 2776 usbehci - ok
21:40:38.0035 2776 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
21:40:38.0037 2776 usbfilter - ok
21:40:38.0117 2776 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:40:38.0123 2776 usbhub - ok
21:40:38.0183 2776 [ 1EDE51322FC7630FFD3D18CA638DE708 ] usbmp3 C:\Windows\system32\Drivers\usbmp364.sys
21:40:38.0184 2776 Suspicious file (NoAccess): C:\Windows\system32\Drivers\usbmp364.sys. md5: 1EDE51322FC7630FFD3D18CA638DE708
21:40:38.0217 2776 usbmp3 ( LockedFile.Multi.Generic ) - warning
21:40:38.0217 2776 usbmp3 - detected LockedFile.Multi.Generic (1)
21:40:38.0264 2776 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:40:38.0265 2776 usbohci - ok
21:40:38.0333 2776 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:40:38.0335 2776 usbprint - ok
21:40:38.0403 2776 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:40:38.0405 2776 usbscan - ok
21:40:38.0469 2776 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:40:38.0472 2776 USBSTOR - ok
21:40:38.0526 2776 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:40:38.0528 2776 usbuhci - ok
21:40:38.0562 2776 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:40:38.0564 2776 usbvideo - ok
21:40:38.0650 2776 [ 06486FC1B6D3EDFF4B02777766853E34 ] usbvox C:\Windows\system32\Drivers\usbvox64.sys
21:40:38.0650 2776 Suspicious file (NoAccess): C:\Windows\system32\Drivers\usbvox64.sys. md5: 06486FC1B6D3EDFF4B02777766853E34
21:40:38.0673 2776 usbvox ( LockedFile.Multi.Generic ) - warning
21:40:38.0673 2776 usbvox - detected LockedFile.Multi.Generic (1)
21:40:38.0743 2776 [ 473D87709A8C4FC0E95C48B9D4F69D44 ] usbwav C:\Windows\system32\Drivers\usbwav64.sys
21:40:38.0744 2776 Suspicious file (NoAccess): C:\Windows\system32\Drivers\usbwav64.sys. md5: 473D87709A8C4FC0E95C48B9D4F69D44
21:40:38.0760 2776 usbwav ( LockedFile.Multi.Generic ) - warning
21:40:38.0760 2776 usbwav - detected LockedFile.Multi.Generic (1)
21:40:38.0825 2776 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:40:38.0827 2776 UxSms - ok
21:40:38.0884 2776 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:40:38.0886 2776 VaultSvc - ok
21:40:39.0027 2776 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:40:39.0028 2776 vdrvroot - ok
21:40:39.0106 2776 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:40:39.0117 2776 vds - ok
21:40:39.0179 2776 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:40:39.0180 2776 vga - ok
21:40:39.0216 2776 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:40:39.0217 2776 VgaSave - ok
21:40:39.0263 2776 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:40:39.0265 2776 vhdmp - ok
21:40:39.0321 2776 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:40:39.0322 2776 viaide - ok
21:40:39.0352 2776 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:40:39.0353 2776 volmgr - ok
21:40:39.0418 2776 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:40:39.0422 2776 volmgrx - ok
21:40:39.0465 2776 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:40:39.0467 2776 volsnap - ok
21:40:39.0512 2776 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:40:39.0514 2776 vsmraid - ok
21:40:39.0609 2776 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:40:39.0626 2776 VSS - ok
21:40:39.0682 2776 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:40:39.0682 2776 vwifibus - ok
21:40:39.0730 2776 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:40:39.0731 2776 vwififlt - ok
21:40:39.0801 2776 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:40:39.0806 2776 W32Time - ok
21:40:39.0869 2776 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:40:39.0870 2776 WacomPen - ok
21:40:39.0942 2776 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:40:39.0943 2776 WANARP - ok
21:40:39.0972 2776 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:40:39.0975 2776 Wanarpv6 - ok
21:40:40.0083 2776 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:40:40.0097 2776 WatAdminSvc - ok
21:40:40.0183 2776 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:40:40.0193 2776 wbengine - ok
21:40:40.0239 2776 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:40:40.0242 2776 WbioSrvc - ok
21:40:40.0308 2776 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:40:40.0312 2776 wcncsvc - ok
21:40:40.0347 2776 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:40:40.0349 2776 WcsPlugInService - ok
21:40:40.0406 2776 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:40:40.0406 2776 Wd - ok
21:40:40.0466 2776 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:40:40.0477 2776 Wdf01000 - ok
21:40:40.0528 2776 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:40:40.0530 2776 WdiServiceHost - ok
21:40:40.0565 2776 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:40:40.0567 2776 WdiSystemHost - ok
21:40:40.0614 2776 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:40:40.0617 2776 WebClient - ok
21:40:40.0689 2776 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:40:40.0692 2776 Wecsvc - ok
21:40:40.0728 2776 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:40:40.0730 2776 wercplsupport - ok
21:40:40.0779 2776 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:40:40.0781 2776 WerSvc - ok
21:40:40.0813 2776 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:40:40.0814 2776 WfpLwf - ok
21:40:40.0865 2776 [ 17291A612431D3E8B731A932DD88E8DB ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:40:40.0866 2776 WIMMount - ok
21:40:40.0928 2776 WinDefend - ok
21:40:40.0979 2776 WinHttpAutoProxySvc - ok
21:40:41.0061 2776 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:40:41.0064 2776 Winmgmt - ok
21:40:41.0183 2776 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:40:41.0216 2776 WinRM - ok
21:40:41.0354 2776 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:40:41.0363 2776 Wlansvc - ok
21:40:41.0438 2776 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:40:41.0439 2776 WmiAcpi - ok
21:40:41.0526 2776 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:40:41.0530 2776 wmiApSrv - ok
21:40:41.0597 2776 WMPNetworkSvc - ok
21:40:41.0656 2776 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:40:41.0660 2776 WPCSvc - ok
21:40:41.0710 2776 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:40:41.0713 2776 WPDBusEnum - ok
21:40:41.0769 2776 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:40:41.0770 2776 ws2ifsl - ok
21:40:41.0832 2776 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:40:41.0837 2776 wscsvc - ok
21:40:41.0864 2776 WSearch - ok
21:40:42.0000 2776 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:40:42.0024 2776 wuauserv - ok
21:40:42.0095 2776 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:40:42.0097 2776 WudfPf - ok
21:40:42.0135 2776 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:40:42.0139 2776 WUDFRd - ok
21:40:42.0186 2776 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:40:42.0191 2776 wudfsvc - ok
21:40:42.0266 2776 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:40:42.0273 2776 WwanSvc - ok
21:40:42.0370 2776 ================ Scan global ===============================
21:40:42.0427 2776 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:40:42.0468 2776 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:40:42.0483 2776 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:40:42.0526 2776 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:40:42.0558 2776 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:40:42.0566 2776 [Global] - ok
21:40:42.0567 2776 ================ Scan MBR ==================================
21:40:42.0635 2776 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:40:43.0314 2776 \Device\Harddisk0\DR0 - ok
21:40:43.0316 2776 ================ Scan VBR ==================================
21:40:43.0328 2776 [ AD746533281ACFE6CC69424A7C6FF1DC ] \Device\Harddisk0\DR0\Partition1
21:40:43.0329 2776 \Device\Harddisk0\DR0\Partition1 - ok
21:40:43.0330 2776 ============================================================
21:40:43.0330 2776 Scan finished
21:40:43.0330 2776 ============================================================
21:40:43.0343 3488 Detected object count: 7
21:40:43.0343 3488 Actual detected object count: 7
21:40:52.0626 3488 .Net Crypt ( LockedFile.Multi.Generic ) - skipped by user
21:40:52.0627 3488 .Net Crypt ( LockedFile.Multi.Generic ) - User select action: Skip
21:40:52.0627 3488 .Net Main ( LockedFile.Multi.Generic ) - skipped by user
21:40:52.0628 3488 .Net Main ( LockedFile.Multi.Generic ) - User select action: Skip
21:40:52.0631 3488 .Net Security ( LockedFile.Multi.Generic ) - skipped by user
21:40:52.0632 3488 .Net Security ( LockedFile.Multi.Generic ) - User select action: Skip
21:40:52.0635 3488 .Net Semaphore ( LockedFile.Multi.Generic ) - skipped by user
21:40:52.0635 3488 .Net Semaphore ( LockedFile.Multi.Generic ) - User select action: Skip
21:40:52.0637 3488 usbmp3 ( LockedFile.Multi.Generic ) - skipped by user
21:40:52.0637 3488 usbmp3 ( LockedFile.Multi.Generic ) - User select action: Skip
21:40:52.0639 3488 usbvox ( LockedFile.Multi.Generic ) - skipped by user
21:40:52.0640 3488 usbvox ( LockedFile.Multi.Generic ) - User select action: Skip
21:40:52.0642 3488 usbwav ( LockedFile.Multi.Generic ) - skipped by user
21:40:52.0642 3488 usbwav ( LockedFile.Multi.Generic ) - User select action: Skip
21:41:33.0231 2240 Deinitialize success
eacerda23
Active Member
 
Posts: 9
Joined: September 22nd, 2012, 1:42 pm

Re: computer running slow and browser closes randomly

Unread postby eacerda23 » September 23rd, 2012, 11:12 pm

OTL logfile created on: 9/23/2012 9:44:18 PM - Run 1
OTL by OldTimer - Version 3.2.66.2 Folder = C:\Users\Valued Customer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 60.07% Memory free
5.49 Gb Paging File | 4.21 Gb Available in Paging File | 76.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 245.54 Gb Free Space | 82.37% Space Free | Partition Type: NTFS

Computer Name: VALUEDCUSTOMER | User Name: Valued Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/23 21:43:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Valued Customer\Desktop\OTL.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/17 21:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 21:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin


========== Modules (No Company Name) ==========

MOD - [2012/08/29 21:58:45 | 000,442,392 | ---- | M] () -- C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
MOD - [2012/08/29 21:58:42 | 003,997,720 | ---- | M] () -- C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012/08/29 21:57:15 | 000,144,424 | ---- | M] () -- C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012/08/29 21:57:13 | 000,266,792 | ---- | M] () -- C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012/08/29 21:57:12 | 002,480,680 | ---- | M] () -- C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
MOD - [2012/01/31 18:48:10 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/04/27 21:31:26 | 009,241,864 | RH-- | M] () [Auto | Running] -- C:\Windows\SysNative\idle-Threads.exe -- (.Net Main)
SRV:64bit: - [2012/04/27 21:31:23 | 000,475,912 | -HS- | M] () [Auto | Running] -- C:\Windows\SysNative\semaphore-Threads.exe -- (.Net Semaphore)
SRV:64bit: - [2012/04/27 21:31:22 | 009,421,576 | RHS- | M] () [Auto | Stopped] -- C:\Windows\SysNative\latch-Threads.exe -- (.Net Security)
SRV:64bit: - [2012/04/27 21:31:22 | 009,416,968 | RHS- | M] () [Auto | Stopped] -- C:\Windows\SysNative\mutex-Threads.exe -- (.Net Crypt)
SRV:64bit: - [2012/03/26 20:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 20:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/06/17 21:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/04/27 22:12:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/08/18 00:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/09/22 13:21:29 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/27 21:31:10 | 000,020,616 | R--- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\usbvox64.sys -- (usbvox)
DRV:64bit: - [2012/04/27 21:31:10 | 000,019,592 | R--- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\scssifilter64.sys -- (scssifilter)
DRV:64bit: - [2012/04/27 21:31:10 | 000,019,592 | R--- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\usbmp364.sys -- (usbmp3)
DRV:64bit: - [2012/04/27 21:31:10 | 000,016,520 | R--- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\usbwav64.sys -- (usbwav)
DRV:64bit: - [2012/03/20 22:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/17 21:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/04/27 22:46:04 | 006,790,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/04/27 21:22:50 | 000,220,672 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/08 04:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/02/02 14:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/02/02 14:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/01/12 14:37:34 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/23 14:14:02 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/21 15:56:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/11/11 15:11:42 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/10/08 06:01:22 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2009/09/15 14:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 15:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 15:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 15:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 15:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 10:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/07 18:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3693265637-4016262142-2087571041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/http://www.google.com/ [binary data]
IE - HKU\S-1-5-21-3693265637-4016262142-2087571041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com/ws/?source=f45f13b3&t ... p=homepage
IE - HKU\S-1-5-21-3693265637-4016262142-2087571041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3693265637-4016262142-2087571041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3693265637-4016262142-2087571041-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B B7 D5 90 D5 FC CC 01 [binary data]
IE - HKU\S-1-5-21-3693265637-4016262142-2087571041-1000\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKU\S-1-5-21-3693265637-4016262142-2087571041-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3693265637-4016262142-2087571041-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=111192&babsrc=SP_ss&mntrId=085fa4af0000000000000250f2000001
IE - HKU\S-1-5-21-3693265637-4016262142-2087571041-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=f45f13b3&t ... 7A0F6B1&q={searchTerms}
IE - HKU\S-1-5-21-3693265637-4016262142-2087571041-1000\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searchTerms}
IE - HKU\S-1-5-21-3693265637-4016262142-2087571041-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Valued Customer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)


[2012/09/23 12:59:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\extensions
[2012/09/23 12:59:38 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Valued Customer\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Valued Customer\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Valued Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8E38C16-6951-42D1-96F2-EB5D2E669710}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/23 21:43:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Valued Customer\Desktop\OTL.exe
[2012/09/23 21:37:26 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Valued Customer\Desktop\tdsskiller.exe
[2012/09/23 17:48:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64
[2012/09/23 17:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack x64
[2012/09/23 17:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/09/23 17:46:09 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2012/09/23 17:45:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012/09/23 13:37:00 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/09/23 13:37:00 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/09/23 13:11:01 | 000,000,000 | ---D | C] -- C:\Users\Valued Customer\Desktop\Download
[2012/09/23 12:59:42 | 000,000,000 | ---D | C] -- C:\Users\Valued Customer\AppData\Local\CRE
[2012/09/23 12:59:33 | 000,000,000 | ---D | C] -- C:\Users\Valued Customer\AppData\Roaming\Mozilla
[2012/09/23 12:59:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/09/23 12:59:04 | 000,000,000 | ---D | C] -- C:\Users\Valued Customer\AppData\Local\Conduit
[2012/09/23 07:53:25 | 000,000,000 | ---D | C] -- C:\Users\Valued Customer\AppData\Roaming\Malwarebytes
[2012/09/23 07:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/23 07:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/23 07:53:03 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/23 07:53:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/23 07:29:06 | 000,000,000 | ---D | C] -- C:\Software Installed By Gordie
[2012/09/23 06:59:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/23 06:59:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/23 06:59:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/23 06:59:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/23 06:59:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/23 06:59:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/23 06:59:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/23 06:59:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/23 06:59:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/23 06:59:03 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/23 06:59:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/23 06:59:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/23 06:58:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/23 06:58:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/23 06:58:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/16 22:55:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/09/14 18:54:32 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/09/14 18:54:29 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/09/14 18:53:06 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/09/14 18:53:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/09/14 18:53:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/09/14 18:52:58 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/09/14 18:52:58 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/09/14 18:52:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/09/14 18:52:49 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/14 18:52:48 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/14 18:52:46 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/09/14 18:52:43 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/14 18:52:42 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/14 18:52:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/09/14 18:52:41 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/09/14 18:52:41 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/09/14 18:52:37 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/09/14 18:34:22 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/09/14 18:34:22 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/09/14 18:34:22 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/09/14 18:34:04 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/09/14 18:34:04 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/09/14 18:34:04 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/09/14 18:33:43 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/09/14 18:33:43 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

========== Files - Modified Within 30 Days ==========

[2012/09/23 21:43:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Valued Customer\Desktop\OTL.exe
[2012/09/23 21:43:04 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3693265637-4016262142-2087571041-1000UA.job
[2012/09/23 21:39:05 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 21:39:05 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 21:38:11 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Valued Customer\Desktop\tdsskiller.exe
[2012/09/23 21:36:02 | 000,729,816 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/23 21:36:02 | 000,626,512 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/23 21:36:02 | 000,107,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/23 21:32:00 | 000,014,945 | RHS- | M] () -- C:\Windows\SysNative\masteraclini.enu
[2012/09/23 21:32:00 | 000,000,106 | RH-- | M] () -- C:\Windows\SysNative\masteraclbini.enu
[2012/09/23 21:31:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/23 21:31:08 | 2211,393,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/23 21:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/23 19:52:01 | 000,000,968 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3693265637-4016262142-2087571041-1000UA.job
[2012/09/23 18:44:43 | 000,262,070 | ---- | M] () -- C:\Users\Valued Customer\Desktop\Browsing.jpg
[2012/09/23 18:39:34 | 000,339,031 | ---- | M] () -- C:\Users\Valued Customer\Desktop\Main file page.jpg
[2012/09/23 17:55:53 | 000,299,791 | ---- | M] () -- C:\Users\Valued Customer\Desktop\How to search.jpg
[2012/09/23 17:05:12 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3693265637-4016262142-2087571041-1000Core.job
[2012/09/23 12:43:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3693265637-4016262142-2087571041-1000Core.job
[2012/09/22 13:21:27 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/22 13:21:27 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/20 13:00:00 | 000,127,488 | ---- | M] () -- C:\Windows\SysNative\ff_vfw.dll
[2012/09/20 13:00:00 | 000,112,640 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/09/16 22:55:43 | 000,292,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/16 22:55:04 | 294,850,189 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/15 16:10:19 | 000,109,098 | ---- | M] () -- C:\90916486197055952_pbKF3TrA_f.jpg
[2012/09/15 15:39:31 | 000,035,704 | ---- | M] () -- C:\157274211957188360_pXVFvyPW_f.jpg
[2012/09/15 15:18:29 | 003,913,926 | ---- | M] () -- C:\bottlecaps pinkalicious.jpg
[2012/09/15 15:18:26 | 005,673,861 | ---- | M] () -- C:\bottlecaps pink animal print.jpg
[2012/09/15 15:18:24 | 004,505,670 | ---- | M] () -- C:\bottlecaps minnie.jpg
[2012/09/15 15:16:39 | 013,223,961 | ---- | M] () -- C:\Attachments_2012_09_15.zip
[2012/09/14 19:16:52 | 000,236,692 | ---- | M] () -- C:\cross_subwayart.jpg
[2012/09/14 19:11:23 | 000,165,206 | ---- | M] () -- C:\BALLET_BOTTLECAP_IMAGES.jpg
[2012/09/14 19:05:42 | 000,002,465 | ---- | M] () -- C:\Users\Valued Customer\Desktop\Google Chrome.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/09/23 18:44:43 | 000,262,070 | ---- | C] () -- C:\Users\Valued Customer\Desktop\Browsing.jpg
[2012/09/23 18:39:34 | 000,339,031 | ---- | C] () -- C:\Users\Valued Customer\Desktop\Main file page.jpg
[2012/09/23 17:55:53 | 000,299,791 | ---- | C] () -- C:\Users\Valued Customer\Desktop\How to search.jpg
[2012/09/23 17:48:00 | 000,206,336 | ---- | C] () -- C:\Windows\SysNative\unrar.dll
[2012/09/23 17:48:00 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll
[2012/09/23 17:47:56 | 000,127,488 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
[2012/09/23 17:46:14 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/09/23 17:46:14 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012/09/23 17:46:13 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/09/23 17:46:09 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/09/23 17:46:03 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/09/16 22:55:04 | 294,850,189 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/09/15 16:10:19 | 000,109,098 | ---- | C] () -- C:\90916486197055952_pbKF3TrA_f.jpg
[2012/09/15 15:39:33 | 000,035,704 | ---- | C] () -- C:\157274211957188360_pXVFvyPW_f.jpg
[2012/09/15 15:16:32 | 013,223,961 | ---- | C] () -- C:\Attachments_2012_09_15.zip
[2012/09/15 15:16:28 | 003,913,926 | ---- | C] () -- C:\bottlecaps pinkalicious.jpg
[2012/09/15 15:16:26 | 004,505,670 | ---- | C] () -- C:\bottlecaps minnie.jpg
[2012/09/15 15:16:24 | 005,673,861 | ---- | C] () -- C:\bottlecaps pink animal print.jpg
[2012/09/14 19:16:53 | 000,236,692 | ---- | C] () -- C:\cross_subwayart.jpg
[2012/09/14 19:11:27 | 000,165,206 | ---- | C] () -- C:\BALLET_BOTTLECAP_IMAGES.jpg
[2012/01/31 18:35:20 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/27 11:51:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/26 09:04:24 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/03/07 22:04:19 | 000,000,000 | ---D | M] -- C:\Users\Valued Customer\AppData\Roaming\Babylon
[2012/02/18 00:51:56 | 000,000,000 | ---D | M] -- C:\Users\Valued Customer\AppData\Roaming\OpenOffice.org
[2012/09/22 12:34:00 | 000,000,000 | ---D | M] -- C:\Users\Valued Customer\AppData\Roaming\Qwiklinx

========== Purity Check ==========



< End of report >
eacerda23
Active Member
 
Posts: 9
Joined: September 22nd, 2012, 1:42 pm

Re: computer running slow and browser closes randomly

Unread postby eacerda23 » September 23rd, 2012, 11:20 pm

OTL Extras logfile created on: 9/23/2012 9:44:18 PM - Run 1
OTL by OldTimer - Version 3.2.66.2 Folder = C:\Users\Valued Customer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 60.07% Memory free
5.49 Gb Paging File | 4.21 Gb Available in Paging File | 76.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 245.54 Gb Free Space | 82.37% Space Free | Partition Type: NTFS

Computer Name: VALUEDCUSTOMER | User Name: Valued Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03DE1E8E-F0D4-418F-A97D-E76C98878988}" = rport=445 | protocol=6 | dir=out | app=system |
"{073251B9-A0DB-4B1C-9FD3-5751971B491C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B3918B8-A3B4-4470-85A8-5ECBC3F85079}" = lport=139 | protocol=6 | dir=in | app=system |
"{10D23AF0-EFF5-413A-B189-F782EC00E1BF}" = rport=137 | protocol=17 | dir=out | app=system |
"{1DEB62D4-F2A7-4321-AD7D-6BFE5EFD135D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1EBD03EB-3433-479E-99B9-CAD7107506C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{22CCC7BA-99CB-49E2-A658-1A45D5FFA9A1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26E94CC8-B87C-44D6-BABE-9CA4059166A5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3EF5AD9B-53FE-456C-B480-C525C8C0D211}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BED1E7E-C12E-4FEB-8569-86325D6FA1F8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6251210B-C737-4827-AF31-692D1E4BCEE9}" = lport=138 | protocol=17 | dir=in | app=system |
"{692669A7-2C2B-4435-B504-3FA7897BF3B4}" = lport=445 | protocol=6 | dir=in | app=system |
"{6CEDFD9F-2236-4BD0-975C-C226C9B2E351}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7549FA6E-075D-46EA-87B1-F578F6C6013C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8D846D88-DC4D-4169-A9C4-D7A7D161EF5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{95FDB1A2-67B4-40C4-ADAE-30A811B822AD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9B386A0C-D190-459E-B9A2-1E4D4E81999C}" = rport=138 | protocol=17 | dir=out | app=system |
"{AAFB75B0-70A8-49B8-9CD8-2BA3DAA95102}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA0219EF-CC75-45E7-A00A-475F4FFDB114}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DA6385EF-390A-4390-B755-FC852C7E7444}" = lport=137 | protocol=17 | dir=in | app=system |
"{EF5E574E-76F4-4269-9EF0-7E4CB30ECC00}" = rport=139 | protocol=6 | dir=out | app=system |
"{F062D09A-2193-4395-AAF9-437D21DCD3B1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F15C1172-90A9-4ACB-898D-972F4860FA60}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06910C62-81D9-46E7-BC2D-A8DBE6BD4F13}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0A281485-E190-4368-A126-B9922CDBF174}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0D5E4711-0EC6-40F5-B9C2-7E74B8C61A16}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{11CB5925-E33B-4E19-BB13-976ABBA1CA12}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{17F13DD5-8434-4D39-9EF9-9D9C61BC63E4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3BB66A46-F1B9-457B-9AF7-C50DA45A0F05}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{40F06919-9934-4193-ABD6-D96FD102E9A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{504B1B08-A2F4-4BCA-A1FD-30E3679FCFAD}" = dir=in | app=c:\users\valued customer\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{5CCC715C-2243-4AF7-ACF6-FF93303BAABC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F703776-882A-4234-8CB3-78831EE0CA2F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{654F0573-A80F-48EF-86A1-F498823F9F7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{708BC648-C8AB-4EA1-BCAC-66AA31F43099}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7BDD9FC9-D870-4B6A-9281-3D79BAE4C9B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{859DFBC2-8EFF-45A7-B189-9E74A77C5CB6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ACBC2116-3D0A-4E95-86C4-78C188684291}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD153FE3-E5AE-40C5-94F6-24444F5FFE3A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BD75001C-0AFB-4DA1-BF04-F4AEF1A33ADB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D5EE60FC-D146-4232-A117-79E3B252E352}" = protocol=6 | dir=out | app=system |
"{F61371DF-862B-4DE6-95E5-317695C46352}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FD29CE88-DA42-4EF9-935B-F06A200D9776}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0653A24F-0105-4E6C-4DE1-2811A7BF02F4}" = ATI Catalyst Install Manager
"{1CA13C06-309A-5F5A-3A3F-FDC8582698BD}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"DW WLAN Card" = DW WLAN Card
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.3.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{025B67D0-257E-29E3-72D4-674DF6FE7367}" = CCC Help Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{201AE255-3F42-9146-A8CE-A19EBC366D75}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A21A06E-05A8-327E-0B24-F06575F9B6B0}" = CCC Help Russian
"{5CF2B6B9-AFDF-A0A6-CF1F-6ED89643506B}" = CCC Help Chinese Traditional
"{636B2BAF-8F5E-793D-4B5F-80176D01556C}" = CCC Help Finnish
"{64F3B568-7134-95E4-9183-C1AED7CCD6E9}" = Catalyst Control Center Graphics Full Existing
"{6630F1F3-2B8A-098F-8BE8-10C8BFA4F6A9}" = Catalyst Control Center Graphics Light
"{667FF3E9-6EF0-0769-AB33-864C9ABCF925}" = CCC Help Dutch
"{6A4CADBF-3211-5AAA-92E2-C49B39ADB0A7}" = ccc-core-static
"{6F8A91CE-2F11-D176-7A8F-69E9ED4B44FE}" = CCC Help Czech
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{798EA182-789D-B9C8-4DFE-A0173822AF20}" = Catalyst Control Center Localization All
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7CB24AC4-56FB-CD85-83B2-8BE91B58C4F0}" = CCC Help Hungarian
"{7CF6A9A3-9017-5FC9-2994-58F86B64691C}" = CCC Help Korean
"{7DF7595F-6DEB-4C0D-4FDC-B62399550BC3}" = Catalyst Control Center Core Implementation
"{7F2D2421-5265-62A8-ECCF-F55C5B2D1F91}" = CCC Help Italian
"{8196D7C1-72D0-6749-96CA-AC0BEFBF54D9}" = CCC Help Chinese Standard
"{878821BA-C2E1-BD88-0BB8-4D63C43BDD15}" = CCC Help Spanish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{912B2983-8F9F-8AB2-22AB-6EA5494796E6}" = CCC Help German
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9925D724-344F-B629-1370-AA73A7FE150F}" = Catalyst Control Center Graphics Previews Vista
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA19A4F6-EFE6-64CB-FEB8-4DAFA0DDE2BB}" = CCC Help Swedish
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{C07B302C-B494-DA93-8285-57AC54A7539A}" = CCC Help Thai
"{C2A5E915-588A-7746-3BE1-251A32909D1E}" = CCC Help Japanese
"{C354EA3B-3537-3E85-5CE9-4F52C23C4267}" = Catalyst Control Center Graphics Full New
"{CC4DDF20-9318-9998-C71A-A7251AE38ED4}" = CCC Help Danish
"{D234FD43-C8E6-8D48-FE1C-E1D67EE1EC70}" = CCC Help French
"{DD362236-5315-43DC-CCF8-2D24084D361C}" = Catalyst Control Center Graphics Previews Common
"{E28D850E-B132-404C-21E3-76C9AD7CCEA2}" = CCC Help Polish
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4970BC1-6021-C498-909E-660F6F53E270}" = CCC Help English
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F9DF122F-3A59-7B40-2EDB-B4E9D725CDBB}" = CCC Help Portuguese
"{FE16A8D0-1E0A-8DB0-DC19-F36F734E2DD0}" = CCC Help Norwegian
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"wordfree" = Word Free

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3693265637-4016262142-2087571041-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/18/2012 10:40:06 PM | Computer Name = ValuedCustomer | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: Qwiklinx.dll, version: 1.2.0.1022, time
stamp: 0x4f9abf45 Exception code: 0xc0000005 Fault offset: 0x000114d3 Faulting process
id: 0xa0c Faulting application start time: 0x01cd3568ad32d1ef Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Users\Valued Customer\AppData\Roaming\Qwiklinx\Qwiklinx.dll Report Id: f0baffbb-a15b-11e1-a6c4-ac7b222db3e3

Error - 5/20/2012 5:02:23 PM | Computer Name = ValuedCustomer | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting
process id: 0xe0c Faulting application start time: 0x01cd36cbc39e5062 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: 181ea3f0-a2bf-11e1-be13-ca01f83376e5

Error - 5/22/2012 3:25:38 PM | Computer Name = ValuedCustomer | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: Qwiklinx.dll, version: 1.2.0.1022, time
stamp: 0x4f9abf45 Exception code: 0xc0000005 Fault offset: 0x0000fed4 Faulting process
id: 0x99c Faulting application start time: 0x01cd38509e9b0e5e Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Users\Valued Customer\AppData\Roaming\Qwiklinx\Qwiklinx.dll Report Id: e8b16649-a443-11e1-8caa-bf53b7c970e5

Error - 5/22/2012 9:29:21 PM | Computer Name = ValuedCustomer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/22/2012 9:29:22 PM | Computer Name = ValuedCustomer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/23/2012 9:01:23 PM | Computer Name = ValuedCustomer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/29/2012 9:43:56 PM | Computer Name = ValuedCustomer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/29/2012 9:43:56 PM | Computer Name = ValuedCustomer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/30/2012 9:33:36 PM | Computer Name = ValuedCustomer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/31/2012 11:15:51 PM | Computer Name = ValuedCustomer | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 19.0.1084.52 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 12dc Start
Time: 01cd3c8e61d07c7a Termination Time: 300 Application Path: C:\Users\Valued Customer\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: e4b0f834-ab97-11e1-ae4e-a944efa0cce5

[ Media Center Events ]
Error - 5/17/2012 9:44:18 PM | Computer Name = ValuedCustomer | Source = MCUpdate | ID = 0
Description = 6:44:18 PM - Failed to retrieve Directory (Error: The operation has
timed out)

Error - 5/17/2012 9:49:19 PM | Computer Name = ValuedCustomer | Source = MCUpdate | ID = 0
Description = 6:47:39 PM - Failed to retrieve NetTV (Error: The operation has timed
out)

Error - 5/17/2012 9:51:00 PM | Computer Name = ValuedCustomer | Source = MCUpdate | ID = 0
Description = 6:50:59 PM - Failed to retrieve MCEClientUX (Error: The operation
has timed out)

Error - 5/20/2012 5:05:01 PM | Computer Name = ValuedCustomer | Source = MCUpdate | ID = 0
Description = 2:05:01 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/20/2012 9:54:37 PM | Computer Name = ValuedCustomer | Source = MCUpdate | ID = 0
Description = 6:54:37 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/21/2012 10:55:12 PM | Computer Name = ValuedCustomer | Source = MCUpdate | ID = 0
Description = 7:55:12 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

[ System Events ]
Error - 9/14/2012 7:46:50 PM | Computer Name = ValuedCustomer | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.2172.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 9/14/2012 7:46:50 PM | Computer Name = ValuedCustomer | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.2172.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8403.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 9/14/2012 7:46:50 PM | Computer Name = ValuedCustomer | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.2172.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8403.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 9/14/2012 7:46:50 PM | Computer Name = ValuedCustomer | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.2172.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8403.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 9/14/2012 7:46:50 PM | Computer Name = ValuedCustomer | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.2172.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8403.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 9/14/2012 7:46:50 PM | Computer Name = ValuedCustomer | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.2172.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8403.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 9/14/2012 7:46:50 PM | Computer Name = ValuedCustomer | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.2172.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8403.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 9/14/2012 7:46:50 PM | Computer Name = ValuedCustomer | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.2172.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8403.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 9/14/2012 7:46:50 PM | Computer Name = ValuedCustomer | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.127.2172.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.8403.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 9/16/2012 4:10:02 PM | Computer Name = ValuedCustomer | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:18:24 AM on ?9/?16/?2012 was unexpected.


< End of report >
eacerda23
Active Member
 
Posts: 9
Joined: September 22nd, 2012, 1:42 pm

Re: computer running slow and browser closes randomly

Unread postby eacerda23 » September 23rd, 2012, 11:22 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 21:56 on 23/09/2012 by Valued Customer
Administrator - Elevation successful

========== filefind ==========

Searching for "*alotappbar*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Blekko*"
C:\Users\Valued Customer\AppData\Local\Microsoft\Internet Explorer\DOMStore\39GXCH4I\blekko[1].xml --a---- 13 bytes [12:23 23/09/2012] [12:23 23/09/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Valued Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYR5O868\94f78fc80e4dfa23_blekko[1].js --a---- 280421 bytes [12:23 23/09/2012] [12:23 23/09/2012] 94F78FC80E4DFA23749FAA35BDDDB0DD
C:\Users\Valued Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V8IM1YCE\blekko_com[1].htm --a---- 10975 bytes [12:23 23/09/2012] [12:23 23/09/2012] F7F14965D17ACA310ADADD400DAF52E8
C:\Users\Valued Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\12W2STE4\8bb78fcd1f1cb138_blekko[1].js --a---- 279645 bytes [23:09 17/05/2012] [23:09 17/05/2012] 8BB78FCD1F1CB13888E563F687A3CE81
C:\Users\Valued Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\12W2STE4\d070cc28052e3fd2_blekko[1].js --a---- 279771 bytes [16:35 02/06/2012] [16:35 02/06/2012] D070CC28052E3FD2807DCC44464FD8AC
C:\Users\Valued Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\88PPN98A\54bcf8ce55f31896_blekko[1].js --a---- 276901 bytes [00:27 05/04/2012] [00:27 05/04/2012] 54BCF8CE55F318965F7D1C09890412FB
C:\Users\Valued Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAIY6OMI\1db6976d01fe706f_blekko[1].js --a---- 280970 bytes [20:16 15/09/2012] [20:16 15/09/2012] 1DB6976D01FE706FEA48FA168CDB6565
C:\Users\Valued Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAIY6OMI\4e6a585c28c66562_blekko[1].js --a---- 278708 bytes [21:54 09/06/2012] [21:55 09/06/2012] 4E6A585C28C665629758ED7C889EAA86
C:\Users\Valued Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FJLE7YFA\8bb78fcd1f1cb138_blekko[1].js --a---- 279645 bytes [17:56 16/05/2012] [17:56 16/05/2012] 8BB78FCD1F1CB13888E563F687A3CE81
C:\Users\Valued Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G2106Q70\3abf4a4648c42016_blekko[1].js --a---- 279722 bytes [19:40 26/04/2012] [19:40 26/04/2012] 3ABF4A4648C42016C9726212423A7A61
C:\Users\Valued Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NU8J3857\e769073675c37274_blekko[1].js --a---- 279651 bytes [17:02 04/05/2012] [17:02 04/05/2012] E769073675C37274897404E560391D5E
C:\Users\Valued Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QN25PL8X\1c2c23fe952ed520_blekko[1].js --a---- 278680 bytes [02:22 07/06/2012] [02:22 07/06/2012] 1C2C23FE952ED520DD2E2FFFD2B566A7
C:\Users\Valued Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QN25PL8X\ad466a9e5d12c779_blekko[1].js --a---- 279771 bytes [19:25 22/05/2012] [19:25 22/05/2012] AD466A9E5D12C7791A7C873C9F9CD816
C:\Users\Valued Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X9KOUDUB\5fa2985862a31547_blekko[1].js --a---- 279653 bytes [03:36 11/05/2012] [03:36 11/05/2012] 5FA2985862A3154760CBD0C55124F25D
C:\Users\Valued Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XTPJEI1H\f9136c8adc547d43_blekko[1].js --a---- 276028 bytes [02:19 29/03/2012] [02:19 29/03/2012] F9136C8ADC547D43A30CB2557DC7329C
C:\Users\Valued Customer\AppData\Local\Temp\blekko.exe --a---- 1978793 bytes [02:16 29/03/2012] [02:16 29/03/2012] EEF66C79DF264B5FD1DF6B812695B387
C:\Users\Valued Customer\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\9PQT2JZ4\ad466a9e5d12c779_blekko[1].js --a---- 279771 bytes [19:26 22/05/2012] [19:26 22/05/2012] AD466A9E5D12C7791A7C873C9F9CD816
C:\Users\Valued Customer\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2L6VLFAQ\blekko[1].xml --a---- 42169 bytes [02:19 29/03/2012] [22:25 17/09/2012] F3CFBCBCF6DC4A3C0EE2930138BCB930

Searching for "*Conduit*"
C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage --a---- 3072 bytes [18:00 23/09/2012] [18:00 23/09/2012] B7EDB43A3CCF24BE476FE2B1CCD702FF
C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_facebook.conduitapps.com_0.localstorage-journal --a---- 3608 bytes [18:00 23/09/2012] [18:00 23/09/2012] 82AC48D49ECBC62C345EB576C057C5AE
C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtube.conduitapps.com_0.localstorage --a---- 3072 bytes [18:00 23/09/2012] [18:00 23/09/2012] B7EDB43A3CCF24BE476FE2B1CCD702FF
C:\Users\Valued Customer\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_youtube.conduitapps.com_0.localstorage-journal --a---- 3608 bytes [18:00 23/09/2012] [18:00 23/09/2012] 5A591276CAC1A39AC0603C9C85F13DB5
C:\Users\Valued Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UAQS7D83\componentConduit[1].js --a---- 169596 bytes [05:51 06/04/2012] [05:51 06/04/2012] 2764CE071DB7C3535AB64ABE8A4F4E1C
C:\Users\Valued Customer\AppData\Local\Temp\CT3220468\conduitStatistics.csf --a---- 166 bytes [17:59 23/09/2012] [17:59 23/09/2012] A3E54C7933EEAED35C7C39F6C37519F2
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\ConduitAbstractionLayer.js ------- 30362 bytes [17:59 23/09/2012] [02:10 28/08/2012] 3A48E45ABF3AA24C74640AFA9EDB7B14
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox\images\conduit-logo-OLD.png ------- 1305 bytes [17:59 23/09/2012] [02:10 28/08/2012] 5F8EF9A0B050532B90B2645E9627E3F9
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox\images\conduit-logo.png ------- 3926 bytes [17:59 23/09/2012] [02:10 28/08/2012] 04EC2FEFD3A417F86E983508778A00DD
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\skin\conduitToolBarStyle.css ------- 3 bytes [17:59 23/09/2012] [02:10 28/08/2012] ECAA88F7FA0BF610A5A26CF545DCD3AA
C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\lib\log4conduit.jsm ------- 760 bytes [17:59 23/09/2012] [02:10 28/08/2012] 93898FE6A232C5FCD838D8168F65D802

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*Yontoo*"
C:\Users\Valued Customer\AppData\Local\Temp\YontooSetup-Silent.exe ------- 814224 bytes [03:04 08/03/2012] [21:01 24/02/2012] F478D6CE6BFE173158217A59A5588F79

========== folderfind ==========

Searching for "*alotappbar*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Blekko*"
C:\Program Files (x86)\blekkotb_soc d------ [02:12 29/03/2012]
C:\ProgramData\blekko toolbars d------ [02:12 29/03/2012]
C:\ProgramData\blekkotb_soc d------ [16:36 03/04/2012]
C:\Users\All Users\blekko toolbars d------ [02:12 29/03/2012]
C:\Users\All Users\blekkotb_soc d------ [16:36 03/04/2012]
C:\Users\Valued Customer\AppData\Local\blekkotb_005 d------ [02:16 29/03/2012]
C:\Users\Valued Customer\AppData\LocalLow\blekkotb_019 d------ [02:12 29/03/2012]

Searching for "*Conduit*"
C:\Program Files (x86)\Conduit d------ [17:59 23/09/2012]
C:\Users\Valued Customer\AppData\Local\Conduit d------ [17:59 23/09/2012]
C:\Users\Valued Customer\AppData\LocalLow\Conduit d------ [17:59 23/09/2012]

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "alotappbar"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Blekko"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\blekkotb_005]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\blekkotb_005]
"AutoSearchURL"="http://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_005&u=USERGUID&q=%s"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\blekkotb_soc]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\blekkotb_soc]
"AutoSearchURL"="http://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_soc&u=USERGUID&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6ae05d6f_0]
@="{0.0.0.00000000}.{dd454f68-36e5-4665-b51b-7eb27a73f340}|\Device\HarddiskVolume1\Program Files (x86)\blekkotb_soc\dtuser.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\blekko.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://blekko.com/ws/?source=f45f13b3&toolbarid=blekkotb_005&u=20120329C8B44B34B89409EA27A0F6B1&tbp=homepage"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="blekko.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}]
"URL"="http://blekko.com/ws/?source=f45f13b3&tbp=rbox&toolbarid=blekkotb_005&u=20120329C8B44B34B89409EA27A0F6B1&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}]
"DisplayName"="blekko"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}]
"FaviconPath"="C:\Program Files (x86)\blekkotb_005\search.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ce808f4-c861-4392-b55e-c97a89fbe2dd}]
@="Blekko Search Bar 005"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ce808f4-c861-4392-b55e-c97a89fbe2dd}\InprocServer32]
@="C:\Program Files (x86)\blekkotb_005\blekkotb_005X.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy]
"AppPath"="C:\Program Files (x86)\blekkotb_soc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20120329-DA39-4227-956F-4E28A63D9B99}]
"AppPath"="C:\Program Files (x86)\blekkotb_soc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Blekko Search Bar 005 uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Blekko Search Bar 005 uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Blekko search bar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Blekko search bar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\blekkotb_005_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\blekkotb_005_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\blekko_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\blekko_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5ce808f4-c861-4392-b55e-c97a89fbe2dd}]
@="Blekko Search Bar 005"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5ce808f4-c861-4392-b55e-c97a89fbe2dd}\InprocServer32]
@="C:\Program Files (x86)\blekkotb_005\blekkotb_005X.dll"
[HKEY_USERS\S-1-5-21-3693265637-4016262142-2087571041-1000\Software\AppDataLow\Software\blekkotb_005]
[HKEY_USERS\S-1-5-21-3693265637-4016262142-2087571041-1000\Software\AppDataLow\Software\blekkotb_005]
"AutoSearchURL"="http://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_005&u=USERGUID&q=%s"
[HKEY_USERS\S-1-5-21-3693265637-4016262142-2087571041-1000\Software\AppDataLow\Software\blekkotb_soc]
[HKEY_USERS\S-1-5-21-3693265637-4016262142-2087571041-1000\Software\AppDataLow\Software\blekkotb_soc]
"AutoSearchURL"="http://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_soc&u=USERGUID&q=%s"
[HKEY_USERS\S-1-5-21-3693265637-4016262142-2087571041-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\6ae05d6f_0]
@="{0.0.0.00000000}.{dd454f68-36e5-4665-b51b-7eb27a73f340}|\Device\HarddiskVolume1\Program Files (x86)\blekkotb_soc\dtuser.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-3693265637-4016262142-2087571041-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\blekko.com]
[HKEY_USERS\S-1-5-21-3693265637-4016262142-2087571041-1000\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://blekko.com/ws/?source=f45f13b3&toolbarid=blekkotb_005&u=20120329C8B44B34B89409EA27A0F6B1&tbp=homepage"
[HKEY_USERS\S-1-5-21-3693265637-4016262142-2087571041-1000\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="blekko.com"
[HKEY_USERS\S-1-5-21-3693265637-4016262142-2087571041-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}]
"URL"="http://blekko.com/ws/?source=f45f13b3&tbp=rbox&toolbarid=blekkotb_005&u=20120329C8B44B34B89409EA27A0F6B1&q={searchTerms}"
[HKEY_USERS\S-1-5-21-3693265637-4016262142-2087571041-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}]
"DisplayName"="blekko"
[HKEY_USERS\S-1-5-21-3693265637-4016262142-2087571041-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}]
"FaviconPath"="C:\Program Files (x86)\blekkotb_005\search.ico"

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Community Alerts]
"Path"="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_USERS\S-1-5-21-3693265637-4016262142-2087571041-1000\Software\Conduit]

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "IObit"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "trolltech"
No data found.

Searching for "Yontoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-0CB8_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-0CB8_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-0E24_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-Silent-0E24_RASMANCS]

-= EOF =-
eacerda23
Active Member
 
Posts: 9
Joined: September 22nd, 2012, 1:42 pm

Re: computer running slow and browser closes randomly

Unread postby pgmigg » September 24th, 2012, 11:46 am

Hello eacerda23,

Good job! :) Lets continue...

Step 1.
Online Virus Total file scan
  1. Please go to Virus Total to upload the following files one by one for scanning:

    C:\Windows\system32\mutex-Threads.exe
    C:\Windows\system32\idle-Threads.exe
    C:\Windows\system32\latch-Threads.exe
    C:\Windows\system32\semaphore-Threads.exe
    C:\Windows\system32\Drivers\usbmp364.sys
    C:\Windows\system32\Drivers\usbvox64.sys
    C:\Windows\system32\Drivers\usbwav64.sys

  2. Press the Choose File button and navigate to the file in the list.
  3. Double click the located file name... The file name should now appear in the online scanner's text entry box.
  4. Click on Scan it! button.
  5. The file will be queued, uploaded and scanned by various antivirus scanners - this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse button, so your file will be scanned.
  6. When all scans have completed... the results page is displayed
  7. Please highlight and copy the page web address link from your browser window.
    Example of web address:
    Image
  8. Paste the Web address link for the scan results in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. The resulting web links (7) after online file scan by Virus Total.
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: computer running slow and browser closes randomly

Unread postby eacerda23 » September 24th, 2012, 7:56 pm

Can't seem to find the files in the specified folder. Tried to do a search for the file and still nothing.
eacerda23
Active Member
 
Posts: 9
Joined: September 22nd, 2012, 1:42 pm

Re: computer running slow and browser closes randomly

Unread postby pgmigg » September 25th, 2012, 1:13 am

Hello eacerda23,
Can't seem to find the files in the specified folder. Tried to do a search for the file and still nothing.
Yes, you are right - all of them are hidden and/or system files. Please try again but in different way now...

Step 1.
Show Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value, in the open text entry box:
    change search options for files and folders
    then press Enter button
  5. Click on the View tab, then under the "Hidden files and folders" section please
    • SELECT...button Show hidden files and folders
  6. Find below and
    • remove check mark from check box... Hide extensions for known file types
    • remove check mark from check box... Hide protected operating system files
  7. Press the Apply button...then the OK button.

Step 2.
Online Virus Total file scan
  1. Please go to Virus Total to upload the following files one by one for scanning:

    C:\Windows\system32\mutex-Threads.exe
    C:\Windows\system32\idle-Threads.exe
    C:\Windows\system32\latch-Threads.exe
    C:\Windows\system32\semaphore-Threads.exe
    C:\Windows\system32\Drivers\usbmp364.sys
    C:\Windows\system32\Drivers\usbvox64.sys
    C:\Windows\system32\Drivers\usbwav64.sys

  2. Press the Choose File button and navigate to the file in the list.
  3. Double click the located file name... The file name should now appear in the online scanner's text entry box.
  4. Click on Scan it! button.
  5. The file will be queued, uploaded and scanned by various antivirus scanners - this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse button, so your file will be scanned.
  6. When all scans have completed... the results page is displayed
  7. Please highlight and copy the page web address link from your browser window.
    Example of web address:
    Image
  8. Paste the Web address link for the scan results in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. The resulting web links (7) after online file scan by Virus Total.
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: computer running slow and browser closes randomly

Unread postby eacerda23 » September 26th, 2012, 9:12 am

Ok, even after being able to view hidden files, when I use the Online Virus Total scan to choose file, the files are not there. I can access them when I do a regular search on my computer, but not when I use that online tool
eacerda23
Active Member
 
Posts: 9
Joined: September 22nd, 2012, 1:42 pm

Re: computer running slow and browser closes randomly

Unread postby pgmigg » September 26th, 2012, 10:03 am

Hello eacerda23,
Ok, even after being able to view hidden files, when I use the Online Virus Total scan to choose file, the files are not there. I can access them when I do a regular search on my computer, but not when I use that online tool
Well... In such case please do the following:

ComboFix
Image
Please download ComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .
If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated.

The first thing you need to do is print out How-To-Use-ComboFix. Read these instructions thoroughly.
You will not have Internet access when you execute ComboFix.

Please disable any Antivirus or Firewall you have active, as shown in this topic. <<--- IMPORTANT!! .

Close all open application windows.

  1. Double click the ComboFix.exe icon on your desktop to begin execution. If you receive the "Open File - Security Warning"... press Run.
  2. Press Yes to the Disclaimer prompt.
    ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
    ComboFix may restart your computer during processing - please be patient... When finished... Notepad will open ... ComboFix will produce a log file called "ComboFix.txt".
  3. Please copy/paste the contents of ComboFix.txt... in your next reply.
Do NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read Combofix's Disclaimer.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the most recent ComboFix.txt file.
  3. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware