Jump to content


Photo

Slow computer with slower internet access


  • This topic is locked This topic is locked
17 replies to this topic

#1 powerhouse

powerhouse

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 13 October 2012 - 08:04 AM

My wife has a laptop with adequate RAM, processing, and hard drive that has slowed to a crawl. Accessing the web via a explorer or firefox is difficult. Processes snag, and downloads halt before completion. She is using Windows 7. Below are logs for Malware bytes, DDS, and Security Check. Thanks so much for taking a look.

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.07.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Glynn :: GLYNN-LPT [administrator]

10/12/2012 5:30:09 PM
mbam-log-2012-10-12 (22-55-52).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 473547
Time elapsed: 1 hour(s), 38 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Downloads\Software\dvdburning_1810.exe (PUP.BundleOffers.IIQ) -> No action taken.

(end)

DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Glynn at 23:00:29 on 2012-10-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3956.2765 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Windows\SysWOW64\vsnapvss.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://msn.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: springboardsandmore.com\www
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://forsythe.webex.com/client/T27LD/support/ieatgpc1.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4F432672-E559-4FF5-BE7C-DD822DC59A83} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4F432672-E559-4FF5-BE7C-DD822DC59A83}\2375942554137353 : DhcpNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Glynn\AppData\Roaming\Mozilla\Firefox\Profiles\4mgnidu4.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
.
============= SERVICES / DRIVERS ===============
.
R0 stcvsm;StorageCraft Volume Snapshot Driver;C:\Windows\system32\DRIVERS\stcvsm.sys --> C:\Windows\system32\DRIVERS\stcvsm.sys [?]
R1 sbmount;StorageCraft Image Mount Driver;C:\Windows\system32\drivers\sbmount.sys --> C:\Windows\system32\drivers\sbmount.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-6-16 134456]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-2-25 325200]
R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2012-7-2 14528]
R2 ShadowProtectSvc;ShadowProtect Service;C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [2011-12-19 3644200]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]
R2 VSNAPVSS;StorageCraft Shadow Copy Provider;C:\Windows\SysWOW64\vsnapvss.exe [2011-12-19 72488]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-14 138912]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 k57nd;Broadcom NetLink Gigabit Ethernet;C:\Windows\system32\DRIVERS\k57amd64.sys --> C:\Windows\system32\DRIVERS\k57amd64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-20 2320920]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-25 250808]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-20 114144]
S3 Spyder4;Datacolor Spyder4;C:\Windows\system32\DRIVERS\dccmtr.sys --> C:\Windows\system32\DRIVERS\dccmtr.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-10-12 21:26:35 -------- d-----w- C:\Users\Glynn\AppData\Roaming\Malwarebytes
2012-10-12 21:26:26 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-12 21:26:25 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-12 21:26:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-12 13:43:20 -------- d-----w- C:\Users\Glynn\AppData\Local\{E02330EE-66BD-468B-A089-7E0A4BA1755B}
2012-10-12 01:42:43 -------- d-----w- C:\Users\Glynn\AppData\Local\{DA531415-C3EA-4EFD-A361-D8D2A0467C76}
2012-10-11 13:42:19 -------- d-----w- C:\Users\Glynn\AppData\Local\{D918E456-AE31-42DB-8AB5-889C557BFB28}
2012-10-11 01:41:56 -------- d-----w- C:\Users\Glynn\AppData\Local\{765CC727-2A72-44F1-807F-CEFB56E810CC}
2012-10-10 13:41:33 -------- d-----w- C:\Users\Glynn\AppData\Local\{A65E71CD-ABF3-4328-B0E6-3FBA9151AFCC}
2012-10-10 05:59:56 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-10 05:59:56 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-10 05:59:21 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 05:59:21 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 05:58:59 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 05:58:59 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 05:58:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 05:58:37 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 05:58:37 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 05:58:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 05:58:37 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 05:58:37 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-10 01:40:57 -------- d-----w- C:\Users\Glynn\AppData\Local\{592BE239-01D5-4129-B58E-15F0020ECD9A}
2012-10-09 13:40:34 -------- d-----w- C:\Users\Glynn\AppData\Local\{85CC7A09-7241-48F8-B274-88599612F61F}
2012-10-09 01:40:10 -------- d-----w- C:\Users\Glynn\AppData\Local\{B2332B06-F54D-4DD7-A76E-8A759E2DE444}
2012-10-08 13:39:37 -------- d-----w- C:\Users\Glynn\AppData\Local\{81175117-AF82-46DC-9A53-A46979453483}
2012-10-08 01:39:03 -------- d-----w- C:\Users\Glynn\AppData\Local\{7AC17D8B-4C1D-40D9-A50C-D935FD814FC4}
2012-10-07 14:20:43 -------- d-----w- C:\Users\Glynn\AppData\Local\{A22A9F10-1A4E-4C7A-AF96-DFFDB2448E55}
2012-10-05 13:58:25 -------- d-----w- C:\Users\Glynn\AppData\Local\{544EC673-82F5-4918-ACB3-944661C8C67C}
2012-10-05 01:57:52 -------- d-----w- C:\Users\Glynn\AppData\Local\{B3551C73-51C9-4467-AE08-90632C1B4C65}
2012-10-04 13:57:32 -------- d-----w- C:\Users\Glynn\AppData\Local\{07E9848C-8F1C-4505-B966-41EBAD0787CF}
2012-10-04 01:56:59 -------- d-----w- C:\Users\Glynn\AppData\Local\{13E0474C-0B14-478F-BB94-02B832BB2B04}
2012-10-03 13:56:39 -------- d-----w- C:\Users\Glynn\AppData\Local\{950E24F8-34C1-4EC3-B35C-54375908ED8D}
2012-10-03 01:17:19 -------- d-----w- C:\Users\Glynn\AppData\Local\{C40F2F1C-6093-4BD9-AF78-117B5BDC9372}
2012-10-02 13:16:59 -------- d-----w- C:\Users\Glynn\AppData\Local\{C12117EE-2C25-46BF-A01B-788AF6A613B7}
2012-10-01 22:14:32 -------- d-----w- C:\Users\Glynn\AppData\Local\{94078179-2E00-4A9C-B6FC-7864F9A571C3}
2012-09-30 18:37:48 -------- d-----w- C:\Users\Glynn\AppData\Local\{E0B6F5C0-C7A7-4E76-9063-72C3B0F43F22}
2012-09-28 11:13:56 -------- d-----w- C:\Users\Glynn\AppData\Local\{2D140817-3D15-4EFD-9338-2679771CE23D}
2012-09-27 23:13:32 -------- d-----w- C:\Users\Glynn\AppData\Local\{DD93F3A8-0A5E-4B95-B35A-2AED6CFBCF36}
2012-09-27 11:13:08 -------- d-----w- C:\Users\Glynn\AppData\Local\{99A9014A-03D2-4BB2-A75A-8B2A9E62ADA7}
2012-09-26 23:12:45 -------- d-----w- C:\Users\Glynn\AppData\Local\{9432B793-0A1C-435A-9C86-D3DD1C7FF096}
2012-09-26 11:12:18 -------- d-----w- C:\Users\Glynn\AppData\Local\{FF8B3304-3116-4148-944D-72085557B3DB}
2012-09-25 23:11:53 -------- d-----w- C:\Users\Glynn\AppData\Local\{DA8FBA32-9030-41D6-B21D-F4DE96E5D31C}
2012-09-25 21:24:10 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-25 11:11:30 -------- d-----w- C:\Users\Glynn\AppData\Local\{7C847F07-8AFD-45FA-AE35-73F5B44697B2}
2012-09-25 05:15:52 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-24 23:11:07 -------- d-----w- C:\Users\Glynn\AppData\Local\{4E6B64C7-8245-4280-A1AA-69C812ABF6A2}
2012-09-24 11:10:40 -------- d-----w- C:\Users\Glynn\AppData\Local\{81D37826-12F0-4FAA-AFFF-D90E8CEF2340}
2012-09-23 23:06:24 -------- d-----w- C:\Users\Glynn\AppData\Local\{0C410259-7451-4DCC-80D3-3A5524D28926}
2012-09-23 11:06:10 -------- d-----w- C:\Users\Glynn\AppData\Local\{CBAAB5EB-841D-45BD-9FFF-D755C948986C}
2012-09-22 23:05:47 -------- d-----w- C:\Users\Glynn\AppData\Local\{8E700BCB-93D8-43A8-AB53-87C4E0B48534}
2012-09-22 19:19:55 -------- d-----w- C:\Users\Glynn\AppData\Local\Seagate_Technology_LLC
2012-09-22 19:19:42 -------- d-----w- C:\Users\Glynn\My Online Documents
2012-09-22 19:13:42 -------- d-----w- C:\ProgramData\Nero
2012-09-22 19:13:36 -------- d-----w- C:\Program Files (x86)\Seagate
2012-09-22 19:00:50 -------- d-----w- C:\ProgramData\Seagate
2012-09-22 19:00:49 -------- d-----w- C:\Users\Glynn\AppData\Roaming\Seagate
2012-09-22 11:05:24 -------- d-----w- C:\Users\Glynn\AppData\Local\{324E31F2-9302-441F-B193-655DBD97AE76}
2012-09-21 23:04:48 -------- d-----w- C:\Users\Glynn\AppData\Local\{1C9D2050-D735-45F5-9FF1-C9BE20973F27}
2012-09-21 11:04:24 -------- d-----w- C:\Users\Glynn\AppData\Local\{DE9000A7-DE95-4009-8816-87A9D5920FF8}
2012-09-20 23:03:48 -------- d-----w- C:\Users\Glynn\AppData\Local\{697965D3-DD57-434C-9805-065596F18706}
2012-09-20 11:03:23 -------- d-----w- C:\Users\Glynn\AppData\Local\{E687C505-DC22-44EF-9D28-434C7F832D9E}
2012-09-19 23:02:46 -------- d-----w- C:\Users\Glynn\AppData\Local\{02B34D4C-BDD1-4141-AF3C-7876360A160A}
2012-09-19 11:02:23 -------- d-----w- C:\Users\Glynn\AppData\Local\{D3178DDA-E227-4B40-914B-8B3685B4412F}
2012-09-18 23:02:00 -------- d-----w- C:\Users\Glynn\AppData\Local\{389986FA-6AA0-4A79-90DB-D0CE8608A757}
2012-09-18 11:01:33 -------- d-----w- C:\Users\Glynn\AppData\Local\{FE22E559-18B1-4D60-88EC-F1A66B57DA60}
2012-09-17 23:01:10 -------- d-----w- C:\Users\Glynn\AppData\Local\{8E2E497C-69D3-4F04-8F85-B935F4E37ED5}
2012-09-17 22:34:08 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-17 22:33:05 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-17 22:33:05 -------- d-----w- C:\Program Files\iTunes
2012-09-17 22:33:05 -------- d-----w- C:\Program Files\iPod
2012-09-17 22:33:05 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-17 22:15:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-09-17 22:15:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-09-17 22:15:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-09-17 22:15:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-09-17 22:15:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-09-17 22:15:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-09-17 22:15:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-09-17 11:00:34 -------- d-----w- C:\Users\Glynn\AppData\Local\{57988CB2-117A-44DB-B530-CD519C7EFB05}
2012-09-16 23:00:10 -------- d-----w- C:\Users\Glynn\AppData\Local\{910DD742-4F2E-444F-9E5F-E08E8349D236}
2012-09-16 10:59:46 -------- d-----w- C:\Users\Glynn\AppData\Local\{F16D622F-B87B-454D-B38A-7F85DC116D8A}
2012-09-15 22:59:23 -------- d-----w- C:\Users\Glynn\AppData\Local\{DFDF50A5-8716-4A1A-925A-FD4E26C7CE92}
2012-09-15 10:59:00 -------- d-----w- C:\Users\Glynn\AppData\Local\{3223B759-1047-490B-8461-4221AC1F1C90}
2012-09-14 22:58:37 -------- d-----w- C:\Users\Glynn\AppData\Local\{52FFB6BC-5B01-46C4-8894-D620AF2EE805}
2012-09-14 10:58:13 -------- d-----w- C:\Users\Glynn\AppData\Local\{B04355DB-C5E2-4083-9D49-81FB956FEE1D}
2012-09-13 22:57:49 -------- d-----w- C:\Users\Glynn\AppData\Local\{C27A2773-3068-4589-A29D-5325E94065B3}
2012-09-13 10:57:25 -------- d-----w- C:\Users\Glynn\AppData\Local\{DDFF3CA3-6908-4CE1-9E08-29A343741AE7}
.
==================== Find3M ====================
.
2012-10-09 04:06:20 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 04:06:20 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-28 03:55:40 233120 ----a-w- C:\Windows\System32\drivers\wpshelper.sys
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 23:02:27.77 ===============

Security check

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spyder4Express
Malwarebytes Anti-Malware version 1.65.0.1400
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Glynn Desktop Malware programs SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#2 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 14 October 2012 - 11:15 AM

Hello powerhouse.

You appear to have a keylogger (C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll).

Our keylogger has unique remote installation feature. You can create a pre-configured package for instant and stealth installation on the target computer.

If you didn't install it yourself I strongly suggest uninstalling it and then changing any sensitive passwords.

You also may have a trojan - have you noticed any browser redirects?

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Please post the ESET log, and let me know if the PC is still slow.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#3 powerhouse

powerhouse

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 15 October 2012 - 07:26 PM

Thanks for your response. First, how would I delete this keylogger? Secondly, I can not get the ESET online scanner to download to that computer. It locks up in midstream. I downloaded the exe file to my jump drive from a different computer, loaded the exe file to the laptop. However, it locks when it tries to execute. She does not remember any browser redirects.

Thanks again.

#4 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 15 October 2012 - 07:55 PM

Only that one file suggests keylogger. Let's check it out.

Please go to http://www.virustotal.com click on 'Choose file', and send the following file for analysis:

C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

After you click 'Send file', allow the file to be scanned, and then please post a link to the results page here for me.

See if you can do this:
Download these to the Desktop:

Download Rkill by Grinler from each of these links:

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Download TDSSKiller


Double-click on Rkill to run it.

Note: If the first one does not run successfully, try the other copies (with different file extensions) and see if one of them will run.

Once Rkill has successfully run:
Do not reboot
Immediately run TDSSKiller
  • Double-click on TDSSKiller.exe to run the application.
  • Click "Change Parameters" and check "Detect TDLFS file system"; Hit; OK
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply. If it is very long use more than one reply.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#5 powerhouse

powerhouse

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 16 October 2012 - 09:45 PM

OK, thanks again. Here are some logs. TDSSKiller found no threats.

https://www.virustot...f459c/analysis/


Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 10/16/2012 11:27:50 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\PLFSetI.exe (PID: 2460) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Glynn\Desktop\rkill\rkill-10-16-2012-11-27-55.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 10/16/2012 11:28:05 PM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)

--------------------------------------



23:29:09.0031 8088 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
23:29:09.0998 8088 ============================================================
23:29:09.0998 8088 Current date / time: 2012/10/16 23:29:09.0998
23:29:09.0998 8088 SystemInfo:
23:29:09.0998 8088
23:29:09.0998 8088 OS Version: 6.1.7601 ServicePack: 1.0
23:29:09.0998 8088 Product type: Workstation
23:29:09.0998 8088 ComputerName: GLYNN-LPT
23:29:09.0998 8088 UserName: Glynn
23:29:09.0998 8088 Windows directory: C:\Windows
23:29:09.0998 8088 System windows directory: C:\Windows
23:29:09.0998 8088 Running under WOW64
23:29:09.0998 8088 Processor architecture: Intel x64
23:29:09.0998 8088 Number of processors: 4
23:29:09.0998 8088 Page size: 0x1000
23:29:09.0998 8088 Boot type: Normal boot
23:29:09.0998 8088 ============================================================
23:29:11.0262 8088 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:29:11.0262 8088 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:29:11.0589 8088 ============================================================
23:29:11.0589 8088 \Device\Harddisk0\DR0:
23:29:11.0589 8088 MBR partitions:
23:29:11.0589 8088 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:29:11.0589 8088 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000
23:29:11.0589 8088 \Device\Harddisk1\DR1:
23:29:11.0589 8088 MBR partitions:
23:29:11.0589 8088 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A380D41
23:29:11.0589 8088 ============================================================
23:29:11.0620 8088 C: <-> \Device\Harddisk0\DR0\Partition2
23:29:11.0620 8088 F: <-> \Device\Harddisk1\DR1\Partition1
23:29:11.0620 8088 ============================================================
23:29:11.0620 8088 Initialize success
23:29:11.0620 8088 ============================================================
23:29:15.0973 7376 ============================================================
23:29:15.0973 7376 Scan started
23:29:15.0973 7376 Mode: Manual;
23:29:15.0973 7376 ============================================================
23:29:17.0268 7376 ================ Scan system memory ========================
23:29:17.0268 7376 System memory - ok
23:29:17.0268 7376 ================ Scan services =============================
23:29:17.0580 7376 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:29:17.0595 7376 1394ohci - ok
23:29:17.0626 7376 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:29:17.0626 7376 ACPI - ok
23:29:17.0658 7376 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:29:17.0658 7376 AcpiPmi - ok
23:29:17.0814 7376 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:29:17.0845 7376 AdobeARMservice - ok
23:29:18.0001 7376 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:29:18.0001 7376 AdobeFlashPlayerUpdateSvc - ok
23:29:18.0048 7376 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:29:18.0079 7376 adp94xx - ok
23:29:18.0126 7376 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:29:18.0141 7376 adpahci - ok
23:29:18.0172 7376 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:29:18.0204 7376 adpu320 - ok
23:29:18.0235 7376 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:29:18.0235 7376 AeLookupSvc - ok
23:29:18.0313 7376 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys
23:29:18.0313 7376 Afc - ok
23:29:18.0375 7376 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:29:18.0375 7376 AFD - ok
23:29:18.0406 7376 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:29:18.0406 7376 agp440 - ok
23:29:18.0438 7376 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:29:18.0453 7376 ALG - ok
23:29:18.0469 7376 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:29:18.0484 7376 aliide - ok
23:29:18.0531 7376 [ 032A35825822355FBBCCC63A62AA7728 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:29:18.0547 7376 AMD External Events Utility - ok
23:29:18.0562 7376 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:29:18.0578 7376 amdide - ok
23:29:18.0609 7376 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:29:18.0625 7376 AmdK8 - ok
23:29:18.0796 7376 [ 658054E8D273CE65F4B0B4462C8A7E95 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:29:18.0952 7376 amdkmdag - ok
23:29:18.0999 7376 [ 035CB45C674D05E1330790F36E6BC07C ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:29:18.0999 7376 amdkmdap - ok
23:29:19.0030 7376 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
23:29:19.0046 7376 AmdPPM - ok
23:29:19.0077 7376 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:29:19.0093 7376 amdsata - ok
23:29:19.0140 7376 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
23:29:19.0155 7376 amdsbs - ok
23:29:19.0171 7376 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:29:19.0171 7376 amdxata - ok
23:29:19.0186 7376 ApfiltrService - ok
23:29:19.0233 7376 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:29:19.0233 7376 AppID - ok
23:29:19.0264 7376 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:29:19.0280 7376 AppIDSvc - ok
23:29:19.0311 7376 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:29:19.0327 7376 Appinfo - ok
23:29:19.0405 7376 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:29:19.0436 7376 Apple Mobile Device - ok
23:29:19.0452 7376 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
23:29:19.0467 7376 arc - ok
23:29:19.0483 7376 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:29:19.0498 7376 arcsas - ok
23:29:19.0514 7376 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:29:19.0514 7376 AsyncMac - ok
23:29:19.0545 7376 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:29:19.0545 7376 atapi - ok
23:29:19.0639 7376 [ 3CC3E7786FFD8AF358C40B9CE592F321 ] atashost C:\Windows\SysWOW64\atashost.exe
23:29:19.0639 7376 atashost - ok
23:29:19.0717 7376 [ 03BB038D436FAD08A71FB97AD7F7ADE5 ] athr C:\Windows\system32\DRIVERS\athrx.sys
23:29:19.0732 7376 athr - ok
23:29:19.0779 7376 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:29:19.0826 7376 AudioEndpointBuilder - ok
23:29:19.0842 7376 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:29:19.0842 7376 AudioSrv - ok
23:29:19.0888 7376 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:29:19.0904 7376 AxInstSV - ok
23:29:19.0935 7376 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
23:29:19.0951 7376 b06bdrv - ok
23:29:19.0998 7376 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:29:20.0013 7376 b57nd60a - ok
23:29:20.0060 7376 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:29:20.0060 7376 BDESVC - ok
23:29:20.0091 7376 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:29:20.0091 7376 Beep - ok
23:29:20.0138 7376 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:29:20.0169 7376 BFE - ok
23:29:20.0200 7376 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
23:29:20.0216 7376 BITS - ok
23:29:20.0247 7376 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:29:20.0247 7376 blbdrive - ok
23:29:20.0325 7376 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:29:20.0341 7376 Bonjour Service - ok
23:29:20.0388 7376 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:29:20.0388 7376 bowser - ok
23:29:20.0419 7376 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
23:29:20.0434 7376 BrFiltLo - ok
23:29:20.0450 7376 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
23:29:20.0466 7376 BrFiltUp - ok
23:29:20.0512 7376 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:29:20.0512 7376 Browser - ok
23:29:20.0528 7376 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:29:20.0559 7376 Brserid - ok
23:29:20.0575 7376 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:29:20.0575 7376 BrSerWdm - ok
23:29:20.0606 7376 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:29:20.0606 7376 BrUsbMdm - ok
23:29:20.0653 7376 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:29:20.0653 7376 BrUsbSer - ok
23:29:20.0668 7376 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:29:20.0684 7376 BTHMODEM - ok
23:29:20.0731 7376 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:29:20.0746 7376 bthserv - ok
23:29:20.0824 7376 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccEvtMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
23:29:20.0840 7376 ccEvtMgr - ok
23:29:20.0856 7376 [ 27D036FB3D22CA8A6662FE960D1A937D ] ccSetMgr C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
23:29:20.0856 7376 ccSetMgr - ok
23:29:20.0887 7376 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:29:20.0887 7376 cdfs - ok
23:29:20.0934 7376 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:29:20.0934 7376 cdrom - ok
23:29:20.0965 7376 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:29:20.0980 7376 CertPropSvc - ok
23:29:21.0012 7376 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
23:29:21.0012 7376 circlass - ok
23:29:21.0058 7376 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:29:21.0058 7376 CLFS - ok
23:29:21.0121 7376 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:29:21.0121 7376 clr_optimization_v2.0.50727_32 - ok
23:29:21.0168 7376 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:29:21.0183 7376 clr_optimization_v2.0.50727_64 - ok
23:29:21.0277 7376 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:29:21.0292 7376 clr_optimization_v4.0.30319_32 - ok
23:29:21.0324 7376 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:29:21.0324 7376 clr_optimization_v4.0.30319_64 - ok
23:29:21.0370 7376 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:29:21.0370 7376 CmBatt - ok
23:29:21.0386 7376 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:29:21.0402 7376 cmdide - ok
23:29:21.0464 7376 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
23:29:21.0464 7376 CNG - ok
23:29:21.0495 7376 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:29:21.0495 7376 Compbatt - ok
23:29:21.0511 7376 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:29:21.0511 7376 CompositeBus - ok
23:29:21.0526 7376 COMSysApp - ok
23:29:21.0542 7376 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:29:21.0558 7376 crcdisk - ok
23:29:21.0604 7376 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:29:21.0604 7376 CryptSvc - ok
23:29:21.0636 7376 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:29:21.0651 7376 DcomLaunch - ok
23:29:21.0682 7376 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:29:21.0698 7376 defragsvc - ok
23:29:21.0714 7376 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:29:21.0714 7376 DfsC - ok
23:29:21.0776 7376 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:29:21.0792 7376 Dhcp - ok
23:29:21.0838 7376 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:29:21.0838 7376 discache - ok
23:29:21.0854 7376 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
23:29:21.0870 7376 Disk - ok
23:29:21.0901 7376 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:29:21.0932 7376 Dnscache - ok
23:29:21.0963 7376 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:29:21.0979 7376 dot3svc - ok
23:29:21.0994 7376 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:29:21.0994 7376 DPS - ok
23:29:22.0026 7376 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:29:22.0026 7376 drmkaud - ok
23:29:22.0088 7376 [ 55F6F3E0DF82E0113082852347BF2C16 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
23:29:22.0119 7376 DsiWMIService - ok
23:29:22.0135 7376 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:29:22.0150 7376 DXGKrnl - ok
23:29:22.0166 7376 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:29:22.0182 7376 EapHost - ok
23:29:22.0260 7376 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
23:29:22.0322 7376 ebdrv - ok
23:29:22.0400 7376 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
23:29:22.0431 7376 eeCtrl - ok
23:29:22.0478 7376 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:29:22.0478 7376 EFS - ok
23:29:22.0572 7376 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:29:22.0618 7376 ehRecvr - ok
23:29:22.0665 7376 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:29:22.0681 7376 ehSched - ok
23:29:22.0728 7376 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:29:22.0759 7376 elxstor - ok
23:29:22.0806 7376 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:29:22.0821 7376 EraserUtilRebootDrv - ok
23:29:22.0837 7376 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:29:22.0852 7376 ErrDev - ok
23:29:22.0899 7376 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:29:22.0899 7376 EventSystem - ok
23:29:22.0930 7376 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:29:22.0930 7376 exfat - ok
23:29:22.0962 7376 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:29:22.0962 7376 fastfat - ok
23:29:22.0993 7376 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:29:23.0008 7376 Fax - ok
23:29:23.0024 7376 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
23:29:23.0024 7376 fdc - ok
23:29:23.0055 7376 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:29:23.0071 7376 fdPHost - ok
23:29:23.0086 7376 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:29:23.0102 7376 FDResPub - ok
23:29:23.0118 7376 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:29:23.0118 7376 FileInfo - ok
23:29:23.0133 7376 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:29:23.0133 7376 Filetrace - ok
23:29:23.0180 7376 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
23:29:23.0180 7376 flpydisk - ok
23:29:23.0196 7376 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:29:23.0196 7376 FltMgr - ok
23:29:23.0258 7376 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
23:29:23.0289 7376 FontCache - ok
23:29:23.0336 7376 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:29:23.0336 7376 FontCache3.0.0.0 - ok
23:29:23.0367 7376 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:29:23.0383 7376 FsDepends - ok
23:29:23.0445 7376 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:29:23.0445 7376 Fs_Rec - ok
23:29:23.0476 7376 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:29:23.0476 7376 fvevol - ok
23:29:23.0508 7376 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:29:23.0523 7376 gagp30kx - ok
23:29:23.0554 7376 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:29:23.0554 7376 GEARAspiWDM - ok
23:29:23.0632 7376 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:29:23.0710 7376 gpsvc - ok
23:29:23.0773 7376 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:29:23.0788 7376 gusvc - ok
23:29:23.0804 7376 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:29:23.0820 7376 hcw85cir - ok
23:29:23.0866 7376 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:29:23.0866 7376 HdAudAddService - ok
23:29:23.0898 7376 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:29:23.0898 7376 HDAudBus - ok
23:29:23.0944 7376 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
23:29:23.0944 7376 HECIx64 - ok
23:29:23.0960 7376 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
23:29:23.0960 7376 HidBatt - ok
23:29:23.0976 7376 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:29:23.0991 7376 HidBth - ok
23:29:24.0007 7376 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
23:29:24.0022 7376 HidIr - ok
23:29:24.0038 7376 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
23:29:24.0054 7376 hidserv - ok
23:29:24.0085 7376 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:29:24.0085 7376 HidUsb - ok
23:29:24.0132 7376 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:29:24.0147 7376 hkmsvc - ok
23:29:24.0163 7376 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:29:24.0178 7376 HomeGroupListener - ok
23:29:24.0210 7376 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:29:24.0225 7376 HomeGroupProvider - ok
23:29:24.0367 7376 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
23:29:24.0367 7376 hpqcxs08 - ok
23:29:24.0398 7376 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
23:29:24.0413 7376 hpqddsvc - ok
23:29:24.0445 7376 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:29:24.0460 7376 HpSAMD - ok
23:29:24.0538 7376 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
23:29:24.0554 7376 HPSLPSVC - ok
23:29:24.0601 7376 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:29:24.0601 7376 HTTP - ok
23:29:24.0632 7376 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:29:24.0632 7376 hwpolicy - ok
23:29:24.0647 7376 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:29:24.0647 7376 i8042prt - ok
23:29:24.0694 7376 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:29:24.0725 7376 iaStorV - ok
23:29:24.0788 7376 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:29:24.0819 7376 idsvc - ok
23:29:24.0850 7376 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:29:24.0866 7376 iirsp - ok
23:29:24.0897 7376 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:29:24.0928 7376 IKEEXT - ok
23:29:24.0959 7376 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:29:24.0959 7376 intelide - ok
23:29:24.0975 7376 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:29:24.0975 7376 intelppm - ok
23:29:25.0006 7376 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:29:25.0022 7376 IPBusEnum - ok
23:29:25.0053 7376 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:29:25.0053 7376 IpFilterDriver - ok
23:29:25.0100 7376 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:29:25.0131 7376 iphlpsvc - ok
23:29:25.0147 7376 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:29:25.0162 7376 IPMIDRV - ok
23:29:25.0178 7376 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:29:25.0178 7376 IPNAT - ok
23:29:25.0256 7376 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:29:25.0271 7376 iPod Service - ok
23:29:25.0303 7376 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:29:25.0303 7376 IRENUM - ok
23:29:25.0318 7376 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:29:25.0318 7376 isapnp - ok
23:29:25.0334 7376 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:29:25.0349 7376 iScsiPrt - ok
23:29:25.0427 7376 [ D51DECFEE26EEB855D065A2B87713BC6 ] k57nd C:\Windows\system32\DRIVERS\k57amd64.sys
23:29:25.0427 7376 k57nd - ok
23:29:25.0459 7376 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:29:25.0459 7376 kbdclass - ok
23:29:25.0490 7376 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
23:29:25.0505 7376 kbdhid - ok
23:29:25.0521 7376 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:29:25.0521 7376 KeyIso - ok
23:29:25.0568 7376 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:29:25.0568 7376 KSecDD - ok
23:29:25.0583 7376 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:29:25.0583 7376 KSecPkg - ok
23:29:25.0615 7376 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:29:25.0615 7376 ksthunk - ok
23:29:25.0661 7376 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:29:25.0677 7376 KtmRm - ok
23:29:25.0739 7376 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:29:25.0755 7376 LanmanServer - ok
23:29:25.0786 7376 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:29:25.0802 7376 LanmanWorkstation - ok
23:29:25.0911 7376 [ E34152D03CAAAAA81DD66D803F392522 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
23:29:25.0958 7376 LiveUpdate - ok
23:29:26.0005 7376 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:29:26.0005 7376 lltdio - ok
23:29:26.0020 7376 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:29:26.0051 7376 lltdsvc - ok
23:29:26.0083 7376 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:29:26.0098 7376 lmhosts - ok
23:29:26.0207 7376 [ 7485FBCEF9136F530953575E2977859D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:29:26.0223 7376 LMS - ok
23:29:26.0254 7376 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:29:26.0270 7376 LSI_FC - ok
23:29:26.0317 7376 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:29:26.0332 7376 LSI_SAS - ok
23:29:26.0348 7376 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
23:29:26.0363 7376 LSI_SAS2 - ok
23:29:26.0395 7376 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:29:26.0395 7376 LSI_SCSI - ok
23:29:26.0426 7376 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:29:26.0426 7376 luafv - ok
23:29:26.0473 7376 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:29:26.0488 7376 Mcx2Svc - ok
23:29:26.0504 7376 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
23:29:26.0519 7376 megasas - ok
23:29:26.0551 7376 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
23:29:26.0582 7376 MegaSR - ok
23:29:26.0597 7376 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:29:26.0613 7376 MMCSS - ok
23:29:26.0629 7376 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:29:26.0629 7376 Modem - ok
23:29:26.0644 7376 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:29:26.0644 7376 monitor - ok
23:29:26.0660 7376 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:29:26.0660 7376 mouclass - ok
23:29:26.0675 7376 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:29:26.0675 7376 mouhid - ok
23:29:26.0707 7376 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:29:26.0707 7376 mountmgr - ok
23:29:26.0769 7376 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:29:26.0816 7376 MozillaMaintenance - ok
23:29:26.0831 7376 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:29:26.0847 7376 mpio - ok
23:29:26.0878 7376 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:29:26.0878 7376 mpsdrv - ok
23:29:26.0925 7376 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:29:26.0987 7376 MpsSvc - ok
23:29:27.0003 7376 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:29:27.0003 7376 MRxDAV - ok
23:29:27.0050 7376 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:29:27.0050 7376 mrxsmb - ok
23:29:27.0081 7376 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:29:27.0081 7376 mrxsmb10 - ok
23:29:27.0097 7376 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:29:27.0097 7376 mrxsmb20 - ok
23:29:27.0128 7376 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:29:27.0128 7376 msahci - ok
23:29:27.0143 7376 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:29:27.0159 7376 msdsm - ok
23:29:27.0175 7376 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:29:27.0190 7376 MSDTC - ok
23:29:27.0221 7376 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:29:27.0221 7376 Msfs - ok
23:29:27.0237 7376 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:29:27.0237 7376 mshidkmdf - ok
23:29:27.0253 7376 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:29:27.0253 7376 msisadrv - ok
23:29:27.0284 7376 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:29:27.0299 7376 MSiSCSI - ok
23:29:27.0299 7376 msiserver - ok
23:29:27.0331 7376 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:29:27.0331 7376 MSKSSRV - ok
23:29:27.0346 7376 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:29:27.0346 7376 MSPCLOCK - ok
23:29:27.0362 7376 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:29:27.0362 7376 MSPQM - ok
23:29:27.0393 7376 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:29:27.0393 7376 MsRPC - ok
23:29:27.0409 7376 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:29:27.0409 7376 mssmbios - ok
23:29:27.0424 7376 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:29:27.0440 7376 MSTEE - ok
23:29:27.0455 7376 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
23:29:27.0471 7376 MTConfig - ok
23:29:27.0487 7376 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:29:27.0487 7376 Mup - ok
23:29:27.0518 7376 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:29:27.0533 7376 napagent - ok
23:29:27.0596 7376 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:29:27.0596 7376 NativeWifiP - ok
23:29:27.0767 7376 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121016.009\ENG64.SYS
23:29:27.0783 7376 NAVENG - ok
23:29:27.0877 7376 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20121016.009\EX64.SYS
23:29:27.0908 7376 NAVEX15 - ok
23:29:27.0955 7376 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:29:27.0955 7376 NDIS - ok
23:29:27.0986 7376 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:29:28.0001 7376 NdisCap - ok
23:29:28.0017 7376 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:29:28.0017 7376 NdisTapi - ok
23:29:28.0048 7376 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:29:28.0048 7376 Ndisuio - ok
23:29:28.0064 7376 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:29:28.0064 7376 NdisWan - ok
23:29:28.0079 7376 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:29:28.0079 7376 NDProxy - ok
23:29:28.0111 7376 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:29:28.0126 7376 Net Driver HPZ12 - ok
23:29:28.0142 7376 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:29:28.0142 7376 NetBIOS - ok
23:29:28.0173 7376 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:29:28.0173 7376 NetBT - ok
23:29:28.0189 7376 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:29:28.0189 7376 Netlogon - ok
23:29:28.0235 7376 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:29:28.0235 7376 Netman - ok
23:29:28.0267 7376 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:29:28.0313 7376 netprofm - ok
23:29:28.0345 7376 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:29:28.0360 7376 NetTcpPortSharing - ok
23:29:28.0391 7376 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:29:28.0407 7376 nfrd960 - ok
23:29:28.0454 7376 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:29:28.0469 7376 NlaSvc - ok
23:29:28.0501 7376 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:29:28.0501 7376 Npfs - ok
23:29:28.0532 7376 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:29:28.0532 7376 nsi - ok
23:29:28.0563 7376 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:29:28.0563 7376 nsiproxy - ok
23:29:28.0641 7376 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:29:28.0641 7376 Ntfs - ok
23:29:28.0672 7376 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:29:28.0672 7376 Null - ok
23:29:28.0688 7376 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:29:28.0703 7376 nvraid - ok
23:29:28.0735 7376 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:29:28.0750 7376 nvstor - ok
23:29:28.0766 7376 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:29:28.0781 7376 nv_agp - ok
23:29:28.0875 7376 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:29:28.0922 7376 odserv - ok
23:29:28.0969 7376 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:29:28.0969 7376 ohci1394 - ok
23:29:29.0015 7376 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:29:29.0015 7376 ose - ok
23:29:29.0047 7376 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:29:29.0062 7376 p2pimsvc - ok
23:29:29.0093 7376 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:29:29.0109 7376 p2psvc - ok
23:29:29.0140 7376 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
23:29:29.0140 7376 Parport - ok
23:29:29.0187 7376 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:29:29.0187 7376 partmgr - ok
23:29:29.0203 7376 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:29:29.0218 7376 PcaSvc - ok
23:29:29.0249 7376 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:29:29.0249 7376 pci - ok
23:29:29.0265 7376 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:29:29.0281 7376 pciide - ok
23:29:29.0296 7376 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:29:29.0296 7376 pcmcia - ok
23:29:29.0327 7376 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:29:29.0327 7376 pcw - ok
23:29:29.0343 7376 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:29:29.0359 7376 PEAUTH - ok
23:29:29.0437 7376 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:29:29.0437 7376 PerfHost - ok
23:29:29.0499 7376 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:29:29.0530 7376 pla - ok
23:29:29.0624 7376 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:29:29.0639 7376 PlugPlay - ok
23:29:29.0686 7376 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:29:29.0702 7376 Pml Driver HPZ12 - ok
23:29:29.0717 7376 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:29:29.0733 7376 PNRPAutoReg - ok
23:29:29.0749 7376 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:29:29.0749 7376 PNRPsvc - ok
23:29:29.0780 7376 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:29:29.0795 7376 PolicyAgent - ok
23:29:29.0827 7376 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:29:29.0842 7376 Power - ok
23:29:29.0873 7376 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:29:29.0873 7376 PptpMiniport - ok
23:29:29.0905 7376 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
23:29:29.0905 7376 Processor - ok
23:29:29.0936 7376 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:29:29.0951 7376 ProfSvc - ok
23:29:29.0967 7376 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:29:29.0967 7376 ProtectedStorage - ok
23:29:29.0998 7376 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:29:29.0998 7376 Psched - ok
23:29:30.0045 7376 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:29:30.0092 7376 ql2300 - ok
23:29:30.0123 7376 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:29:30.0139 7376 ql40xx - ok
23:29:30.0170 7376 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:29:30.0185 7376 QWAVE - ok
23:29:30.0217 7376 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:29:30.0217 7376 QWAVEdrv - ok
23:29:30.0232 7376 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:29:30.0232 7376 RasAcd - ok
23:29:30.0279 7376 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:29:30.0279 7376 RasAgileVpn - ok
23:29:30.0326 7376 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:29:30.0326 7376 RasAuto - ok
23:29:30.0357 7376 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:29:30.0373 7376 Rasl2tp - ok
23:29:30.0451 7376 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:29:30.0466 7376 RasMan - ok
23:29:30.0497 7376 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:29:30.0497 7376 RasPppoe - ok
23:29:30.0513 7376 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:29:30.0513 7376 RasSstp - ok
23:29:30.0544 7376 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:29:30.0544 7376 rdbss - ok
23:29:30.0560 7376 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
23:29:30.0560 7376 rdpbus - ok
23:29:30.0591 7376 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:29:30.0591 7376 RDPCDD - ok
23:29:30.0622 7376 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:29:30.0622 7376 RDPENCDD - ok
23:29:30.0638 7376 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:29:30.0638 7376 RDPREFMP - ok
23:29:30.0669 7376 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:29:30.0685 7376 RDPWD - ok
23:29:30.0716 7376 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:29:30.0716 7376 rdyboost - ok
23:29:30.0763 7376 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:29:30.0778 7376 RemoteAccess - ok
23:29:30.0809 7376 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:29:30.0809 7376 RemoteRegistry - ok
23:29:30.0825 7376 RimUsb - ok
23:29:30.0872 7376 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
23:29:30.0872 7376 RimVSerPort - ok
23:29:30.0903 7376 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
23:29:30.0903 7376 ROOTMODEM - ok
23:29:30.0934 7376 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:29:30.0950 7376 RpcEptMapper - ok
23:29:30.0965 7376 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:29:30.0981 7376 RpcLocator - ok
23:29:31.0012 7376 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:29:31.0028 7376 RpcSs - ok
23:29:31.0043 7376 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:29:31.0043 7376 rspndr - ok
23:29:31.0059 7376 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:29:31.0059 7376 SamSs - ok
23:29:31.0121 7376 [ 88F838B86FC72B894370D5F797AC49B4 ] sbmount C:\Windows\system32\drivers\sbmount.sys
23:29:31.0121 7376 sbmount - ok
23:29:31.0137 7376 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:29:31.0153 7376 sbp2port - ok
23:29:31.0184 7376 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:29:31.0199 7376 SCardSvr - ok
23:29:31.0231 7376 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:29:31.0246 7376 scfilter - ok
23:29:31.0277 7376 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:29:31.0293 7376 Schedule - ok
23:29:31.0324 7376 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:29:31.0324 7376 SCPolicySvc - ok
23:29:31.0355 7376 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:29:31.0371 7376 SDRSVC - ok
23:29:31.0465 7376 [ D193CC0B87D550ACBA3E17FFEC8D2D29 ] Seagate Dashboard Services C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
23:29:31.0465 7376 Seagate Dashboard Services - ok
23:29:31.0496 7376 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:29:31.0511 7376 secdrv - ok
23:29:31.0527 7376 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:29:31.0543 7376 seclogon - ok
23:29:31.0605 7376 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
23:29:31.0605 7376 SENS - ok
23:29:31.0636 7376 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:29:31.0652 7376 SensrSvc - ok
23:29:31.0652 7376 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
23:29:31.0667 7376 Serenum - ok
23:29:31.0699 7376 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
23:29:31.0699 7376 Serial - ok
23:29:31.0761 7376 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:29:31.0777 7376 sermouse - ok
23:29:31.0808 7376 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:29:31.0823 7376 SessionEnv - ok
23:29:31.0855 7376 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:29:31.0855 7376 sffdisk - ok
23:29:31.0870 7376 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:29:31.0870 7376 sffp_mmc - ok
23:29:31.0886 7376 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:29:31.0886 7376 sffp_sd - ok
23:29:31.0886 7376 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:29:31.0886 7376 sfloppy - ok
23:29:32.0026 7376 [ BE2C2151EE4CDA656DC10C2B6B3DA95D ] ShadowProtectSvc C:\Program Files (x86)\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
23:29:32.0884 7376 ShadowProtectSvc - ok
23:29:32.0931 7376 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:29:32.0947 7376 SharedAccess - ok
23:29:32.0978 7376 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:29:32.0993 7376 ShellHWDetection - ok
23:29:33.0025 7376 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
23:29:33.0025 7376 SiSRaid2 - ok
23:29:33.0056 7376 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:29:33.0056 7376 SiSRaid4 - ok
23:29:33.0149 7376 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
23:29:33.0149 7376 SkypeUpdate - ok
23:29:33.0181 7376 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:29:33.0196 7376 Smb - ok
23:29:33.0352 7376 [ AD97B711074CF27DA0C00F2C26E1A62C ] SmcService C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
23:29:33.0399 7376 SmcService - ok
23:29:33.0446 7376 [ 91BD8E268D93AAF5F59AAC9DE84A25BB ] SNAC C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
23:29:33.0477 7376 SNAC - ok
23:29:33.0524 7376 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:29:33.0539 7376 SNMPTRAP - ok
23:29:33.0571 7376 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:29:33.0571 7376 spldr - ok
23:29:33.0633 7376 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:29:33.0633 7376 Spooler - ok
23:29:33.0742 7376 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:29:34.0085 7376 sppsvc - ok
23:29:34.0085 7376 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:29:34.0101 7376 sppuinotify - ok
23:29:34.0163 7376 [ 1D437579B9E02829011BE00E482C63A0 ] Spyder4 C:\Windows\system32\DRIVERS\dccmtr.sys
23:29:34.0179 7376 Spyder4 - ok
23:29:34.0210 7376 [ 32900AC9CFDC578531279886CA16A4DF ] SRTSP C:\Windows\system32\Drivers\SRTSP64.SYS
23:29:34.0226 7376 SRTSP - ok
23:29:34.0257 7376 [ 8929566D1F14685FD78EAF25BEE3ECC7 ] SRTSPL C:\Windows\system32\Drivers\SRTSPL64.SYS
23:29:34.0273 7376 SRTSPL - ok
23:29:34.0304 7376 [ CB2FDF47EE67F8CCA5362ED9B94FE955 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX64.SYS
23:29:34.0304 7376 SRTSPX - ok
23:29:34.0351 7376 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:29:34.0366 7376 srv - ok
23:29:34.0382 7376 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:29:34.0382 7376 srv2 - ok
23:29:34.0397 7376 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:29:34.0397 7376 srvnet - ok
23:29:34.0444 7376 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:29:34.0444 7376 SSDPSRV - ok
23:29:34.0460 7376 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:29:34.0475 7376 SstpSvc - ok
23:29:34.0522 7376 [ 2ECD9052F893A17C1C2953D457BBE701 ] stcvsm C:\Windows\system32\DRIVERS\stcvsm.sys
23:29:34.0538 7376 stcvsm - ok
23:29:34.0569 7376 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
23:29:34.0585 7376 stexstor - ok
23:29:34.0616 7376 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
23:29:34.0631 7376 StillCam - ok
23:29:34.0663 7376 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:29:34.0663 7376 stisvc - ok
23:29:34.0694 7376 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:29:34.0694 7376 swenum - ok
23:29:34.0741 7376 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:29:34.0756 7376 swprv - ok
23:29:34.0850 7376 [ BA2FB8F8AB24D0279CAA98A4C118150E ] Symantec AntiVirus C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
23:29:34.0865 7376 Symantec AntiVirus - ok
23:29:34.0943 7376 [ 7E4D281982E19ABD06728C7EE9AC40A8 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
23:29:34.0959 7376 SymEvent - ok
23:29:35.0021 7376 [ ED6D1424E5B0C21A57B28DD8508D6843 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:29:35.0021 7376 SynTP - ok
23:29:35.0084 7376 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:29:35.0131 7376 SysMain - ok
23:29:35.0146 7376 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:29:35.0162 7376 TabletInputService - ok
23:29:35.0177 7376 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:29:35.0193 7376 TapiSrv - ok
23:29:35.0209 7376 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:29:35.0209 7376 TBS - ok
23:29:35.0302 7376 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:29:35.0318 7376 Tcpip - ok
23:29:35.0365 7376 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:29:35.0380 7376 TCPIP6 - ok
23:29:35.0411 7376 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:29:35.0411 7376 tcpipreg - ok
23:29:35.0427 7376 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:29:35.0427 7376 TDPIPE - ok
23:29:35.0474 7376 [ 51C5ECEB1CDEE2468A1

#6 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 16 October 2012 - 09:52 PM

No rootkit, good. More scans:

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

Then:
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Check all the boxes.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#7 powerhouse

powerhouse

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 17 October 2012 - 07:59 PM

OK,here are the logs. Thanks again.

# AdwCleaner v2.005 - Logfile created 10/17/2012 at 21:53:53
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Glynn - GLYNN-LPT
# Boot Mode : Normal
# Running from : C:\Users\Glynn\Desktop\Malware programs\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-2144748444-2647456217-1623159717-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Glynn\AppData\Roaming\Mozilla\Firefox\Profiles\4mgnidu4.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Glynn\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1443 octets] - [17/10/2012 21:53:53]

########## EOF - C:\AdwCleaner[R1].txt - [1503 octets] ##########


________________________


Farbar Service Scanner Version: 07-10-2012
Ran by Glynn (administrator) on 17-10-2012 at 21:55:23
Running from "C:\Users\Glynn\Desktop\Malware programs"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

#8 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 17 October 2012 - 09:00 PM

Not finding any malware. The corrections made by AdwCleaner may possibly have helped with IE slowness.

Please download ComboFix.exe to your Desktop. Visit this webpage for download links, and instructions for running the tool:
how-to-use-combofix. Be sure to read the whole page and note the graphics so you know what to expect.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review, and let me know what problems remain.
If ComboFix caused any error message about "scheduled for deletion", reboot again should fix it.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#9 powerhouse

powerhouse

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 21 October 2012 - 08:27 PM

OK, here is the combofix log. Thank you again. Still slow on the web before the scan and I had to download combofix to my desktop as it would not download on the laptop.

ComboFix 12-10-21.02 - Glynn 10/21/2012 21:59:54.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3956.2260 [GMT -4:00]
Running from: c:\users\Glynn\Desktop\Malware programs\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Glynn\AppData\Local\Microsoft\Windows\Temporary Internet Files\.desktop.ini.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.~$lhoun Essay3b.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.~$ory Scholars Essay Re-Do 2.docx.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.~$U Honors Essay.docx.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.03 Spring.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.03 Spring@2011-09-18T22;17;11.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.03_Pre Ceremony.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.03_Pre Ceremony@2011-09-18T22;06;47.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.07 13 July Beach.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.08 Charlie and T.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.08 M & T Anniversary.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.08 Summer.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.08 T Graduation Pictures.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.08 T Graduation Pictures@2011-09-20T03;02;17.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.08 T Graduation Pictures@2011-09-27T20;54;13.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.08 World of C.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.086-2(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.09 ECU Recruiting Trip.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.09 Homecoming Proposal.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.09 Homecoming Proposal@2011-09-19T17;35;13.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.09 T & C Homecoming Uneditted.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.09 T & C Homecoming.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.09 T.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.09 T@2011-09-18T19;15;03.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.091(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.091(rev 0)@2011-09-18T22;17;11.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.0a0ff058-45a0-498c-b481-7be2af49821d.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.0f3e070f-f9d9-4b8a-b7de-b621725e63e3.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.0f638705-a055-4cde-bac9-5f95427c8dd8.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.10-12 T's B-Day.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.10-12 T's B-Day@2011-11-06T02;27;17.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.10-12 T's B-Day@2011-11-11T04;37;45.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.10-12 T's Birthday.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.10-15 Diabetes Walk.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.10-15 Diabetes Walk@2011-10-15T18;48;56.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.10 Fall.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.10 FB.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.102NIKON.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.102NIKON@2011-10-01T23;51;16.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.102NIKON@2011-10-25T01;01;02.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.103NIKON.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.103NIKON@2011-10-25T01;00;35.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.105NIKON.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.106NIKON.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.106NIKON@2011-09-18T19;11;36.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.106NIKON@2011-10-01T13;41;27.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.10Things8x8BP.book.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.11-27 Thanksgiving & Grandma's B-Day.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.11995C63-0000070F.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.11X8.5 Harvest.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.12-14-BigDayOutLHS-ShelleyA-P2P.page.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.12x12-4-Page-067.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.150001_443067996105_239043421105_5729820_6039665_n.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.165514_10100192078539910_4944340_59961477_3795037_n.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.166364_1512719581912_1352076995_31108526_6009097_n.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.168156_1788936764817_1281516446_32044462_5786183_n.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.170090_183764248323122_100000686433696_491599_4685884_o.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.170543_10150377480330321_823445320_16583062_5601027_o.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.18ef60d7-31f5-4c03-b4c9-a49fda55c7e7.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.194341_10150433254915046_761960045_17510050_3881226_o.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.1b127f44-9d9f-4c0e-8182-774d5084091b.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.1New Folder.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.2009-11-28 Thanksgiving Week.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.2009 Xmas Card.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.2010-02 P Swim & Dive.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.2010-02 P Swim & Dive@2011-09-17T19;53;48.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.2010-11.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.2010-12.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.2012 Calendar 12x18 Digital Page Layouts.package.ghy63ed.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.201418_1625289476089_1352076995_31277496_159325_o.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.218546_687451714588_49705502_35132239_5293341_o.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.22866d66-0ed8-4817-b833-7308d89c7b27.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.240703_1988688989470_1010677226_2323860_2041554_o.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.242205_10150184351953668_718038667_7069489_3920014_o.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.242585_2044493318146_1418761891_32375463_5621068_o.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.243033_10150194723948879_622863878_6933217_6111849_o.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.2450.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.2451.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.2472.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.261312_10150218244256106_239043421105_7419028_6457988_n.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.271381_2120438056381_1408706459_32458337_5344404_o.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.288523_2262434890178_1527632288_32454634_3649691_o.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.2F850B93-00000711.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.306392_10150295323901106_239043421105_8038058_324483213_n.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.307097_10150263772601106_239043421105_7856885_5917074_n.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.307142_10150382462354204_544514203_8058725_802612058_n.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.313483_10150295323806106_239043421105_8038057_773961509_n.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.315713_10100785652448040_4944340_64876118_846036996_n.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.316629_10150298678471106_239043421105_8054368_2106720307_n.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.330016_2550230593295_1179765924_33059238_1444342075_o.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.338467_10150331080034426_692304425_8052011_1296886750_o.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.35225_406719481105_239043421105_4930364_2761776_n.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.35225_406719481105_239043421105_4930364_2761776_n@2011-09-29T21;06;53.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.38.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.38@2011-10-11T11;16;45.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.39.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.39@2011-10-11T11;17;12.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.3a5050b1-5fe2-42dd-813a-90aeed30937a.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.40.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.40@2011-10-11T11;17;44.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.41.42.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.41.42@2011-10-11T11;20;36.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.4707.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.480260-334981197.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.480260-334981197@2011-09-10T00;34;26.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.480260-334981197@2011-10-05T21;50;25.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.4c0585e8-2d7f-4c7e-938c-3cdb316a7b02.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.4e7ff673-04be-43d5-9353-a7d4d5e8d3d8.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.5053.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.52834_445745403880_714253880_5265303_2353125_o.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.52l6ca3muw9hnzauuf3gufh16.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.52l6ca3muw9hnzauuf3gufh16@2011-10-25T13;58;55.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.56212_457788856105_239043421105_5919933_5243662_o.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.583afdeb-1706-4513-ac12-6e6d783f5132.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.6 x 7 WITH BORDER.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.6a00e54f77ee1388340115708b08d5970b-800wi.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.6a00e54f77ee138834011570a2c21a970c-800wi.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.6a00e54f77ee138834011570a2c236970c-800wi.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.6a00e54f77ee138834011570a2c2ae970c-800wi.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.6a00e54f77ee138834011570a2c2ef970c-800wi.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.6a00e54f77ee138834011570a2c354970c-800wi.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.6a00e54f77ee1388340120a62525ea970c-800wi.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.6a3594d7-ee60-481f-b11c-c64deb6e33d5.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.7484.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.74b9e324-291e-403d-80f5-95c3b950f8ff.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.77C876DE-0000070E.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.7ac144fa-d5ce-445d-b2da-f7e13a6cf20d.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.8.5 X 11 blueprint converter.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.898653e6-5e08-405c-bb32-79e413146980.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.9bdd0050-6065-488b-8f8d-c76e7617fa3c.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.a_morris_line.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.a_morris_line@2011-10-22T12;45;01.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.About the artist.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.aint_nothing_fancy.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.AintNothingFancy.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.AHoney Do .I love you.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.AHoney Do .I love you@2011-10-07T02;34;13.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Album.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.ale_and_wenches.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.ALEAWB__.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.ALEAWBB_.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Alicia 2.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.ALL ABOUT DIGITAL SCRAPBOOKING (2).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.ALL ABOUT DIGITAL SCRAPBOOKING.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.AllAboutMeBP.book.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.AMLTRIAL (2).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.AMLTRIAL.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.AMLTRIAL@2011-10-22T12;45;01.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Anne Banks.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Anne Banks@2011-11-11T00;22;16.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.ArchiveInfo.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.ARHERMANN.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.arts_review2.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Baby Girl Bright Digital Kit.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Backstroke Flags.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Baked Scallops.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.balls.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.balls@2011-10-05T17;37;10.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.balls@2011-10-05T19;10;14.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.bamboo_de_saipan.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.bamboodesaipan.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.beads.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.BENNB___.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.benny_blanco.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.best-halloween-costumes-01.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Black & White Digital Power Palette.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.blueglitter.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.blueglitter@2011-09-20T00;19;28.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.blueglitter@2011-09-20T00;23;57.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Blueprint Sample Pages.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Blueprint Sample Pages@2011-09-29T21;06;18.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Blueprints 12 X 12.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Blueprints 12 X 12@2011-10-25T22;19;11.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Blueprints 8.5 X 11.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Book.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Book@2011-10-11T11;38;46.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Book@2011-10-11T13;37;35.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.BTSsamplepage_JKCPage033.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.bubbles.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.CAA Scoreboard1.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Cal Essay1 About Me.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.CalEssay1 About Me@2011-10-25T20;36;35.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Cal Essay1 About Me@2011-10-26T20;39;32.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Cal Essay1.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Cal Essay2 Jeremiah.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Cal Essay2 Jeremiah@2011-10-19T02;28;23.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Cal Essay2 Jeremiah@2011-10-26T21;11;16.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Cal Essay3.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Cal Essay3@2011-11-06T05;01;00.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Cal Essay3@2011-11-07T02;09;44.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Cal Essay3b.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Cal Essay3b@2011-11-11T01;50;06.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Cats.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Cats@2011-10-26T18;52;19.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.CD Drive (2).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.CD Drive.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.chentenario (2).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Chentenario.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Christmas 2008.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.CIMG8724.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.CIMG8846.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.CIMG8957.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.CIMG8963.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.CIMG9106.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.CIMG9140.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Cinnamon-Blueberry-French-Toast-Casserole-1024x682.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.City Hotel.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.clockTemplate2.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.CM Idea Samples 4.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.CM Idea Samples.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.CM Instructions.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.CM Instructions@2011-10-03T11;21;11.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.CM Instructions@2011-10-03T11;24;08.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.CM Links & Activation Codes 2.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.CM Links & Activation Codes 2@2011-09-12T03;17;20.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.CM Links & Activation Codes 2@2011-09-12T03;32;22.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.CM Links & Activation Codes.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.CM Links & Activation Codes@2011-10-03T11;24;08.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.CMfreebiesSet5.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.coaster.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Combined Wedding List.doc.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.confetti.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.content.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Controlling People.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Cotillion.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Cotillion@2011-09-18T21;13;40.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.cotillion5-2(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Courtney.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Creative Memories Art Kits.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.cschneider-temp-WHH-preview.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.d7882ba0-b6d8-453c-9da0-b58fd6e06cb4.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.data.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Day2Day-page-by-Kylie-Morrissy.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.ddd5ef14-7d97-4832-99cd-7b0b9f7e2848.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.December 2009.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.desktop.ini.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DJ DIGITAL READ ME TEXT_rev.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DJDIGITAL_README.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DJI_art_dragonfly.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dji_digiscrapfree.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dji_spooksborder.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Documents.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Documents@2011-10-26T19;00;53.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Documents@2011-11-18T14;46;26.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.doily.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Doodling Digital Shapes.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Downloads.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Downloads@2011-11-06T16;35;01.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Downloads@2011-11-09T12;40;15.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSC_0001.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSC00694(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSC00697(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSC00711(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSC00711(rev 0)@2011-09-18T21;13;45.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSC00712(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN0131.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn1119.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn1119@2011-09-18T04;11;37.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn1119_1.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN1384.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN1385.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN1394.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN1402.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN1404.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN1429.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN1430.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN1505(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN1509(rev 1).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN1510(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN1512(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN1757(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN1873.JPG.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN1917.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn1922.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn1924.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN1940.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn1941.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN1942.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn1956.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn1959.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn1961.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn1963.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn1964.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn1964@2011-10-06T19;27;07.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn1966.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn1967.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn1968.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn1972.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn1978.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn1981.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn1982.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn1983.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn1991.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2237.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2289.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2293.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2300.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2304.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2316.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2316@2011-09-19T00;17;31.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2441.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2446.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2505.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2527.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2528.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2529.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2530.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2561.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2564.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2565.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2566.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2578.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2596.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2619.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2639(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2640(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2641(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2662.JPG.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2663.JPG.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2664.JPG.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2669.JPG.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2669.JPG@2011-11-11T04;36;23.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2669.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2671.JPG.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2676 - Copy.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2676.JPG.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2830(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2831(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2832(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2833(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2834(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2862(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2863(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2864(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN2875(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN3024.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN3112(rev 1).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN3388(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN3389(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN3404.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN3425.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN3426.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN3429.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN3600(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN3614(rev 0).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN3621(rev 1).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN3630.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN3663(rev 1).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn6202.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN8287.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN8303.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN8315.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN8316.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN8438.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN8440.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN8441.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN8462.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN8477.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN8485.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN8509.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN8520.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN8525.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN8529.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN8530.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN8531.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN8531@2011-10-01T13;42;27.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn8625.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn8646.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn8651.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn8664.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn8666.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn8671.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.dscn8672.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN8846.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN8862.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN8865.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN8873.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.DSCN8875.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.E13.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.E13@2011-09-27T20;54;12.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.E32.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.E5.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.eabdc72b-5cae-4f32-8815-bf53593bed51.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.ECU 2.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.ECU Purple.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.ECU.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Emory Essay1.docx.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Emory Essay1.docx@2011-11-11T04;15;50.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Emory Essay1.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Emory Essay1@2011-10-19T02;28;53.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Emory Essay1@2011-10-25T20;38;56.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Emory Essay2.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Emory Essay2@2011-10-25T20;41;47.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Emory Essay3.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Emory Essay3@2011-10-19T02;29;34.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Emory Essay3@2011-10-25T20;41;54.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Emory Essay3a.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Emory Essay3a@2011-10-18T02;44;23.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Emory Re Do AGAIN.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Emory Re Do AGAIN@2011-10-14T03;41;49.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Emory Re Do AGAIN@2011-10-18T02;55;23.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Emory ReDo Infinity.docx.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Emory ReDo Infinity.docx@2011-11-13T05;03;44.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Emory ReDo Infinity.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Emory ReDo Infinity@2011-10-19T03;26;17.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Emory ReDo Infinity@2011-10-26T21;17;26.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Emory Scholars Essay Re-Do 2.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Emory Scholars Essay Re-Do 2b.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Engagement Photos - Alt.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Export.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Export@2011-10-06T19;18;35.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Export2.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Export2@2011-11-03T17;43;42.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Export2@2011-11-03T17;58;57.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.eyeball.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.f31cb8db-9b36-4616-ac94-ea30d78c4791.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.f3761187-eb45-45f3-918a-0b0a16fb369d.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.f778f432-0b0b-4aaa-9b08-be7414a3d976.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.f778f432-0b0b-4aaa-9b08-be7414a3d976.page@2011-10-11T13;23;44.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Facebook.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.fcc19dff-f3f3-4d53-9336-b31d1a291b1e.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.fd3e4af7-6fac-4a16-b4b3-44af32bba9a8.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.fdd91de4-869d-404e-913f-84550dd4f923.page.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.ferris-wheel.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.FillATemplateChallenge (2).lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.FillATemplateChallenge.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Final Countdown M&T New.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Final Countdown M&T New@2011-10-11T11;41;40.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Finger Font.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.finger.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.flower-border.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Flower Fun.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.FoldedPaper.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.folder.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.forget.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.FReebie Preview copy.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.freebies_11_10_07.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.freebies_11_10_14.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.frightfully.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.game-ticket.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Glynn's Stuff.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Glynn's Stuff@2011-10-26T18;57;41.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Glynn's Stuff@2011-10-30T18;24;58.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Glynn's Wedding Album.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Glynn.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Glynn@2011-08-20T14;34;32.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Glynn@2011-09-09T00;18;36.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.GMU Essay NUmber2.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.GMU Honors Essay rev.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.GMU Honors Essay.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.green_flourish.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Holsted Jewelers.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Homecoming.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Hoover.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Hoover@2011-09-18T22;13;54.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.ImageFiles.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.images.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.IMG_0963.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.img008.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.img009.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.img013.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.img019.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.img020.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.img022.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.img022@2011-09-18T23;45;04.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.img025.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.img028.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.img029.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.img030.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.img031.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.img033.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.img034.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.img035.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Inbox.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Instructions 2 in SB4 - Page 042.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Instructions 2.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Instructions.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.isolating color.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.isolating color@2011-09-13T11;31;46.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Jamie Dell Scraps Pirate Booty Elements.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Jamie Dell Scraps Pirate Booty Papers 1.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Jamie Dell Scraps Pirate Booty Preview.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.Jamie Dell Scraps Pirate Booty TOU.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.janda_fabulous.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.janda_love_and_rain.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.JandaFabulous.lnk.dcm
c:\users\Glynn\AppData\Roaming\Microsoft\Windows\Recent\.jdr

#10 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 21 October 2012 - 09:42 PM

I have to ask you to please be patient while I confer with others.
Is your wife still having the slowness?
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#11 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 21 October 2012 - 11:41 PM

While we're waiting - I forgot to ask you to let AdwCleaner delete everything it found.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#12 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 22 October 2012 - 10:09 PM

OK, onward. We don't see any particular malware but the dcm references are puzzling.

Please download SystemLook from one of the links below and save it to your Desktop on the affected PC.
http://jpshortstuff..../SystemLook.exe
http://images.malwar.../SystemLook.exe
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:filefind
dcm.exe
:dir
$RECYCLE.BIN /S
:regfind
dcm

Click the 'Look' button to start the scan and wait for a few minutes until the "Look" button reappears.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#13 powerhouse

powerhouse

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 24 October 2012 - 07:44 PM

OK,here are the logs from Systemlook and adwcleaner.


SystemLook 30.07.11 by jpshortstuff
Log created at 20:11 on 24/10/2012 by Glynn
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "dcm.exe"
No files found.

========== dir ==========

$RECYCLE.BIN - Unable to find folder.

========== regfind ==========

Searching for "dcm"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcm]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\4D299035ABDD86F4B8D0FF05CA7535B1]
"DCMain"="PTPMain"
[HKEY_USERS\S-1-5-21-2144748444-2647456217-1623159717-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcm]

-= EOF =-


Here is the ADW R2 file

# AdwCleaner v2.005 - Logfile created 10/22/2012 at 19:24:28
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Glynn - GLYNN-LPT
# Boot Mode : Normal
# Running from : C:\Users\Glynn\Desktop\Malware programs\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-2144748444-2647456217-1623159717-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Glynn\AppData\Roaming\Mozilla\Firefox\Profiles\4mgnidu4.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Glynn\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1568 octets] - [17/10/2012 21:53:53]
AdwCleaner[R2].txt - [1503 octets] - [22/10/2012 19:24:28]

########## EOF - C:\AdwCleaner[R2].txt - [1563 octets] ##########


And here is the ADW S1 log

# AdwCleaner v2.005 - Logfile created 10/22/2012 at 19:25:20
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Glynn - GLYNN-LPT
# Boot Mode : Normal
# Running from : C:\Users\Glynn\Desktop\Malware programs\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Glynn\AppData\Roaming\Mozilla\Firefox\Profiles\4mgnidu4.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Glynn\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1568 octets] - [17/10/2012 21:53:53]
AdwCleaner[R2].txt - [1628 octets] - [22/10/2012 19:24:28]
AdwCleaner[S1].txt - [1420 octets] - [22/10/2012 19:25:20]

########## EOF - C:\AdwCleaner[S1].txt - [1480 octets] ##########

Thanks again. Otherwise, computer is still slow at times, but web surfing is better. It just may be something native toher machine or programs.

#14 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 24 October 2012 - 07:59 PM

Glad it's looking better.

Is the whole system slow or the browsers only? Or any particular things like word processing? Does it affect all browsers?

Does slowness problem persist in Safe Mode with networking support as well? (Hit F8 several times while booting to get the boot menu).
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#15 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 02 November 2012 - 02:06 PM

Are you still with me, powerhouse?
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#16 powerhouse

powerhouse

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 04 November 2012 - 08:24 AM

Are you still with me, powerhouse?



Yes, sorry, but I was swamped for several days and had out of town company. Here is the story, in some instances there has been improvement, in others not. Overall in my mind, though limited at best, based on your help and suggestions it looks like the machine is pretty clean from the standpoint of trojans, malware, etc. That leaves a potential hardware issue. She is taking it up to some techie folks we know to get that aspect checked out as well. Thank you so much for your help and suggestions. If we bump up against the same problems after hardware checkup then I will be back in touch.

Keep up the great work. It is a tremendous service to many.

powerhouse

#17 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 04 November 2012 - 11:27 AM

No problem. Everyone has a real life. :)

Please clean up our tools now.

Start > Run and enter 'combofix /uninstall'. Note the space after 'combofix'. Among other things your Restore Points will be purged and a new clean one created.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with yes

Delete the DDS files and Security Check folder from your Desktop. Also TDSSKiller and SystemLook.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#18 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 09 November 2012 - 09:21 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of UNITE
Support SpywareInfo Forum - click the button