35 replies to this topic

[moondog90]

My request is somewhat unusual and I hope you will forgive me for jumping over some of the normally prerequisite steps in your procedure. My Mom has the trojan. She lives over 100 miles away. I can only stay about three days and I will have to get rid of the trojan while I am there. So I need to be armed in advance with everything you can give me.

For months now, she has been detecting and automatically "deleting" the win32/comisproc trojan. It is found and "cured" using Microsoft Security Essentials, which is set for automatic updates and scan daily. Her computer is fairly new, Windows 7 64-bit. She opens emails about once a day and may Google something once a week. Yet, every two or three days after being deleted, the comisproc is back. I guess you guys need to tell Microsoft how to beef up their tools!

She does not have Malwarebytes and I cannot possibly tell her how to install it over the phone. I installed the free version on my XP computer here at my home and found four Adware.Minibug registry entries, and one PUM.Hijack.Help. These were missed by Ad-Aware Total Security, Spybot, MSE, and Microsoft Safety Scanner. Needless to say I am impressed! Mom has Ad Aware and Spybot but does not run them, only MSE runs automatically. I plan to also give her Microsoft Safety Scanner (unless you say otherwise).

So, I will have to go to her house a few days from now and within three days I must download a version of Malwarebytes, and I may not have time to see the trojan come back if it is going to come back!

To help you understand better which version of comisproc she has, I will tell you what MSE says about it. The trojan always hides in C:\Windows\Temp\_avast4_\ and has names like unp251129543.tmp usually only one "Item:" sometimes two. Only recently did I tell her to change the scan to "daily". The "deleted" trojan can come back within a day or two even when the computer is "sleeping". Apparently she wakes it up to a notice that a trojan was found. Clearly there is no point in my tracing her Internet History log. This thing is resurrecting itself!

1. What should I do to prepare for my trip? Mom can barely open up MSE and click on things. She cannot install anything.

2. How much of this could I do by remote control? Which remote control programs that are available to the layman would you recommend? I would be using XP SP-3 or Win7 64-bit. She would be using Win7 64-bit or XP (yes she has an old computer, but she needs help to swap them).

3. Above I have told you my anti-spyware arsenal. At present, I have both Ad-Aware and MSE running real-time protection on my XP. They seem to play fairly well together. How would Malwarebytes fit into this picture?

[MrCharlie]

Welcome to the forum.

This would have to be done on the forum.

--------------------------------------

Please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.
For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
Click Scan to scan the system (don't run any other options, there not all bad!)
Post back the report.

MrC

[moondog90]

Hello MrCharlie, Good to have you in my corner. As I said above, the Trojan is on Mom's computer and I must drive there to do the work. I will be there on Tues, May 1, 05/01/2012. Expect my next post on that day in the evening (PST). As of today (according to Mom), the last time the trojan was deleted by MSE was 04/25/2012. Since MSE has been set to scan daily and Mom uses her computer daily, the trojan has gone into "hiding" again. I suspect that MSE deletes only the file mentioned in my first post, located in C:\Windows\Temp\_avast4_\ Probably, there are other files and registry entries that allow it to "resurrect" itself.

1. I think that MSE deletes the trojan automatically, and currently Mom has instructions to select "delete" if MSE gives her a pop-up. Is this a problem? If the trojan is deleted, what will your tools find?

2. If I read your instructions correctly, you want me to run Malwarebytes free, Quick Scan. Your instructions do not say if I should both apply the suggested actions and report back to you. What sort of report do you want from Malwarebytes?

3. If I read you correctly, I am then to download and run dds.scr and report back the two files DDS.txt and Attach.txt. Exactly how do I specify that the results should go to my desktop, and then how do I move these files to my next Reply box? I will be using Windows 7 64-bit and I have not used this sytem before.

4. Your instructions appear to be contradictory. After running DDS, the instructions say "refrain from using special fix tools". But you say, "after posting the 2 logs", I should "download and run RogueKiller" and "post back the report". Is RogueKiller not a "fix tool"? If RougeKiller makes suggested actions such as deleting or quarantining files, what should I do?

5. There are two other websites that I am not considering using, however I would like to know what you think of them:
http://blog.teesuppo...it-efficiently/
and
http://www.pcthreat....id-16421en.html
Both of these websites give manual removal procedures. What is amusing is that they do not list a single file name that both of them have in common. How do you account for this? Are various versions of Win32/Comisproc really that different?

[MrCharlie]

Quote

1. I think that MSE deletes the trojan automatically, and currently Mom has instructions to select "delete" if MSE gives her a pop-up. Is this a problem? If the trojan is deleted, what will your tools find?

Lets see what's on the system

Quote

2. If I read your instructions correctly, you want me to run Malwarebytes free, Quick Scan. Your instructions do not say if I should both apply the suggested actions and report back to you. What sort of report do you want from Malwarebytes?

Please download Malwarebytes' Anti-Malware Free from Here

or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
Note: -->Do not run a full scan with MBAM. It is not required or needed.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy&Paste the entire report in your next reply

Quote

3. If I read you correctly, I am then to download and run dds.scr and report back the two files DDS.txt and Attach.txt. Exactly how do I specify that the results should go to my desktop, and then how do I move these files to my next Reply box? I will be using Windows 7 64-bit and I have not used this sytem before.

They'll pop-up...copy and paste them in your response.

Quote

4. Your instructions appear to be contradictory. After running DDS, the instructions say "refrain from using special fix tools". But you say, "after posting the 2 logs", I should "download and run RogueKiller" and "post back the report". Is RogueKiller not a "fix tool"? If RougeKiller makes suggested actions such as deleting or quarantining files, what should I do?

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.
For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
Click Scan to scan the system (don't run any other options, there not all bad!)
Post back the report.

Quote

5. There are two other websites that I am not considering using, however I would like to know what you think of them:
http://blog.teesuppo...it-efficiently/
and
http://www.pcthreat....id-16421en.html
Both of these websites give manual removal procedures. What is amusing is that they do not list a single file name that both of them have in common. How do you account for this? Are various versions of Win32/Comisproc really that different?

I know nothing about them.

MrC

[moondog90]

Oops! I accidentally opened another Topic about "Mom's computer". Can we close that one and continue here?

[MrCharlie]

Yes, MrC

[moondog90]

Hello MrCharlie,

I am at Mom's house. I have downloaded and run mbam, DDS.SCR, and RogueKiller.
I will give you the results in a following Reply. Right now, I need to report an apparent attack on your website.


Go here:

http://download.cnet...j=dl&tag=button

Click on "Download Now" and Cnet gives you the correct mbam-setup file.
However, there is an animated arrow at the bottom that temps you to
Click on "Start Download" and you go to:
http://www.sammsoft.com/ (etc.) which offers you the
ARO 2012 downloader (not what we want, please warn your readers!)

I started to install the ARO2012_tbt file, but saw it was not malwarebytes,
and cancelled the install. I tried to get back to the web page to download
the mbam-setup file and somehow, I got hijacked to:

www.malwarbytes.org/forums/index.php?showforum=7

Note the first "e" is missing in "malwarbytes". This is a clever forgery of:

forums.malwarebytes.org//index.php?showforum=7

If you go to the "malwarbytes" website, Microsoft Security Essentials run-time protection will immediately quarantine:

Trojan:JS/IframeRef

MSE pops up a notice, but requires no action from you.

ARE YOU AWARE OF THIS PROBLEM?


I really can't remember how I got to that website, and my Internet History did not help me to repeat how I got there. I will help you by seeing if I can get there again after we have worked on my Mom's problem.

As you may recall, Mom has been getting the Trojan:Win32/Comisproc, not The Trojan:JS/IframeRef (at least, not until now)!

[MrCharlie]

Looks OK to me:

Quote

Home Windows Software Security Software Anti-Spyware Malwarebytes Anti-Malware
Welcome Malwarebytes Anti-Malware users
To complete your download, click on the link below:

Download Now <---click here

Let get with the logs, it's getting late, MrC

[moondog90]

Alright. I will give you the logs, but don't go to:

www.malwarbytes.org/forums/index.php?showforum=7

You will get the Trojan:JS/IframeRef. And if you dont have MSE, you will not know you have got it and you won't be able to get rid of it until you download MSE. Malwarbytes.org (without the "e") may be unaware that they are being used. They seem to have lots of free stuff to download. At the very least, they should be told that their website is infectious. At the most, they should be held responsible. Their name is too close to yours to be a coincidence!


Here is the Mbam output. Nothing was found. Not on 2012-04-16 or 2012-05-01:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.01.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mary :: MARY-PC [administrator]

5/1/2012 1:42:32 PM
mbam-log-2012-05-01 (13-42-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239039
Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Here is DDS.txt:

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Mary at 13:48:56 on 2012-05-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2874 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AV: Ad-Aware Total Security *Enabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Ad-Aware Total Security *Enabled/Updated* {EFCD2318-A544-E9EB-4022-6820AEE79F52}
FW: Ad-Aware Personal Firewall *Enabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtlX64.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvcx64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://emachines.msn.com
uDefault_Page_URL = hxxp://emachines.msn.com
mDefault_Page_URL = hxxp://emachines.msn.com
mStart Page = hxxp://emachines.msn.com
mWinlogon: Userinit=userinit.exe
BHO: Ad-Aware WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\WebFilter\AvkWebIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Ad-Aware WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\WebFilter\AvkWebIE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [QuickGammaLoader] C:\Program Files (x86)\QuickGamma\QuickGammaLoader.exe
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [G Data AntiVirus Tray Application] C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe
mRun: [GDFirewallTray] C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Mary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A33A5EBA-624D-4058-B267-674F0FD4F2DB} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Ad-Aware WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\WebFilter\AvkWebIE.dll
BHO-X64: Ad-Aware WebFilter Class - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Ad-Aware WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\WebFilter\AvkWebIE.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
mRun-x64: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun-x64: [G Data AntiVirus Tray Application] C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe
mRun-x64: [GDFirewallTray] C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\2xs1mble.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 GDBehave;GDBehave;C:\Windows\system32\drivers\GDBehave.sys --> C:\Windows\system32\drivers\GDBehave.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
R1 GDMnIcpt;GDMnIcpt;\??\C:\Windows\system32\drivers\MiniIcpt.sys --> C:\Windows\system32\drivers\MiniIcpt.sys [?]
R1 gdwfpcd;G DATA WFP CD;C:\Windows\system32\drivers\gdwfpcd64.sys --> C:\Windows\system32\drivers\gdwfpcd64.sys [?]
R1 HookCentre;HookCentre;\??\C:\Windows\system32\drivers\HookCentre.sys --> C:\Windows\system32\drivers\HookCentre.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-10-12 3246040]
R2 AVKProxy;Ad-Aware Total Security Proxy;C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-6-29 1081384]
R2 AVKService;Ad-Aware Scheduler;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe [2010-6-29 412944]
R2 AVKWCtl;Ad-Aware Filesystem Monitor;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtlX64.exe [2010-6-23 2170224]
R2 GREGService;GREGService;C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-10-11 290832]
R2 Live Updater Service;Live Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2011-3-28 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-25 1153368]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 GDFwSvc;Ad-Aware Personal Firewall;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvcx64.exe [2010-6-15 1954472]
R3 GDPkIcpt;GDPkIcpt;\??\C:\Windows\system32\drivers\PktIcpt.sys --> C:\Windows\system32\drivers\PktIcpt.sys [?]
R3 GDScan;Ad-Aware Scanner;C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2010-6-29 624064]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 GDBackupSvc;Ad-Aware Backup Service;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe [2010-6-29 911976]
S3 GDTunerSvc;Ad-Aware Tuner Service;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe [2010-6-29 1234896]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 129976]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-01 20:17:26 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B006BBB5-3800-4E80-8F24-D25054939C71}\mpengine.dll
2012-05-01 17:44:27 8917360 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-01 17:44:15 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-28 19:53:10 -------- d-----w- C:\Users\Mary\AppData\Local\{78654581-5E2E-406D-8DF3-2608F040C3AF}
2012-04-28 19:52:49 -------- d-----w- C:\Users\Mary\AppData\Local\{E3DF6BF4-EF8A-4A5C-9409-45F1FC2ECE20}
2012-04-28 16:31:27 -------- d-----w- C:\Users\Mary\AppData\Local\{F62A1149-ED7C-42B3-8F3D-6CDB21E6B142}
2012-04-28 16:31:10 -------- d-----w- C:\Users\Mary\AppData\Local\{AEE74045-C07E-4011-8FA1-53BFC12C1352}
2012-04-28 16:30:08 -------- d-----w- C:\Users\Mary\AppData\Local\{41140B15-230D-4EED-8C81-BBC66BECFEFC}
2012-04-28 16:29:57 -------- d-----w- C:\Users\Mary\AppData\Local\{89BDD6BC-3052-47F0-A575-D3596B6B454A}
2012-04-26 14:50:04 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-26 14:50:01 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 14:50:01 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-16 10:22:21 -------- d-----w- C:\Users\Mary\AppData\Roaming\Malwarebytes
2012-04-16 10:22:09 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-16 10:22:07 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-16 10:22:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-15 23:31:38 -------- d-----w- C:\Users\Mary\AppData\Local\{BD116740-DC9D-4B81-8FDB-721D66F9339D}
2012-04-15 23:31:17 -------- d-----w- C:\Users\Mary\AppData\Local\{AAD26108-6207-4F22-91B2-56C8E677A923}
2012-04-15 23:25:36 -------- d-----w- C:\Users\Mary\AppData\Local\{9292BE9B-0D11-41F3-BE83-FC5ECFAB2FBD}
2012-04-15 23:25:14 -------- d-----w- C:\Users\Mary\AppData\Local\{8BA0AA42-43C2-4797-9985-3206F54B4591}
2012-04-15 23:06:16 -------- d-----w- C:\Users\Mary\AppData\Local\{26907AAF-5B48-46A4-8CF5-33B1BD7D28EA}
2012-04-15 23:06:06 -------- d-----w- C:\Users\Mary\AppData\Local\{26DAC338-8C9D-4D75-9055-70302B395492}
2012-04-15 22:47:05 -------- d-----w- C:\Users\Mary\AppData\Local\{6AE9C654-B872-44EE-8B51-9322A182A43F}
2012-04-15 22:46:44 -------- d-----w- C:\Users\Mary\AppData\Local\{1867290B-5D2D-4BDB-B51E-B159F20A7E2D}
2012-04-15 22:35:37 -------- d-----w- C:\Users\Mary\AppData\Local\{FC63BB67-53EA-40DF-839C-520EE18C9274}
2012-04-15 22:35:15 -------- d-----w- C:\Users\Mary\AppData\Local\{68AECADA-A72C-4991-AF9B-C79ACBEAA20D}
2012-04-15 22:27:36 -------- d-----w- C:\Users\Mary\AppData\Local\{88B43E4A-D0F1-4D69-B593-661FF8E9343C}
2012-04-15 22:27:26 -------- d-----w- C:\Users\Mary\AppData\Local\{BD903C00-84EA-4ADF-B275-B654D80D9E73}
2012-04-15 22:12:14 -------- d-----w- C:\Users\Mary\AppData\Local\{52FDFAE3-E29B-4700-9285-A29FBF660931}
2012-04-15 22:11:52 -------- d-----w- C:\Users\Mary\AppData\Local\{A4A33F9C-C717-43D2-A99D-78058B50EC74}
2012-04-15 03:11:48 -------- d-----w- C:\Users\Mary\AppData\Local\{46E79D4F-9795-4E98-AAAC-2288B517C384}
2012-04-15 03:11:37 -------- d-----w- C:\Users\Mary\AppData\Local\{7EDCD91E-69A4-48F6-B5D3-0E163EF87716}
2012-04-15 03:10:03 -------- d-----w- C:\Users\Mary\AppData\Local\{674C6898-DDE2-491B-8EAD-9491C0751A34}
2012-04-15 03:09:53 -------- d-----w- C:\Users\Mary\AppData\Local\{5B8AD6D4-709A-4F82-A7E5-7C004EA6DBAB}
2012-04-15 02:51:15 -------- d-----w- C:\Users\Mary\AppData\Local\{018F5213-7D12-49C8-AE03-59CE2F670088}
2012-04-15 02:50:51 -------- d-----w- C:\Users\Mary\AppData\Local\{4CC0548C-4A3D-41D6-9F10-2E82EBB355F5}
2012-04-15 00:51:56 -------- d-----w- C:\Users\Mary\AppData\Local\{9752843B-2A1C-4F02-9570-320A6A9F79E9}
2012-04-15 00:51:35 -------- d-----w- C:\Users\Mary\AppData\Local\{0DC6E389-CFCF-4F62-865D-B6B5C49C3052}
2012-04-15 00:34:46 -------- d-----w- C:\Users\Mary\AppData\Local\{8E1620FB-C93C-4E38-953D-424B85630FF0}
2012-04-15 00:34:35 -------- d-----w- C:\Users\Mary\AppData\Local\{35264F12-BABE-43DE-BC11-2590DCD52C1E}
2012-04-15 00:01:39 -------- d-----w- C:\Users\Mary\AppData\Local\{B414BCD6-7DE9-4E96-953F-4D1BD02719E5}
2012-04-14 23:58:58 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-14 23:58:57 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-14 23:58:57 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-14 23:58:52 -------- d-----w- C:\Users\Mary\AppData\Local\{642F2876-87BB-4633-9308-342506AC8E58}
2012-04-14 23:55:52 -------- d-----w- C:\Users\Mary\AppData\Local\{B90765D0-7AB9-4515-ABD9-908BB2C291AE}
2012-04-14 23:55:04 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-14 23:55:04 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-14 23:55:04 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-14 23:55:04 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-14 23:55:04 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-14 23:55:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-14 23:55:04 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-14 23:53:38 -------- d-----w- C:\Users\Mary\AppData\Local\{A62D8D22-534E-4ECF-A6BC-A61ED571541C}
2012-04-11 16:54:22 -------- d-----w- C:\Users\Mary\AppData\Local\{80B5A756-218A-4361-929E-81C26D30B87E}
2012-04-01 21:58:49 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-01 21:58:49 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-04-01 21:25:43 -------- d-----w- C:\Users\Mary\AppData\Local\{24D1C880-D6A7-4B24-B24A-F68F2A4B8703}
.
==================== Find3M ====================
.
2012-04-25 23:42:15 106224 ----a-w- C:\Windows\SysWow64\drivers\GRD.sys
2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-11 22:17:41 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-14 19:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 13:49:50.19 ===============


Here is DDS.attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/11/2011 9:35:21 PM
System Uptime: 5/1/2012 12:48:10 PM (1 hours ago)
.
Motherboard: eMachines | | EL1851
Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz | CPU 1 | 3203/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 914 GiB total, 871.149 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP96: 4/8/2012 5:06:38 PM - Windows Update
RP97: 4/14/2012 4:53:37 PM - Windows Update
RP98: 4/18/2012 3:00:41 PM - Windows Update
RP99: 4/23/2012 11:05:52 AM - Windows Update
RP100: 4/27/2012 10:37:48 AM - Windows Update
RP101: 5/1/2012 10:43:09 AM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Acronis True Image Home 2011
Ad-Aware Total Security
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.2)
Agatha Christie - 4:50 from Paddington
Bejeweled 2 Deluxe
Belltech Greeting Card Designer 5.4.0
Bing Bar
Build-a-lot 2
Chuzzle Deluxe
Contrôle ActiveX Windows Live Mesh pour connexions à distance
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Driver Detective
eBay Worldwide
eMachines Games
eMachines Recovery Management
eMachines Registration
eMachines ScreenSaver
eMachines Updater
Final Drive: Nitro
Galerie de photos Windows Live
Hotkey Utility
HP Photo Creations
Identity Card
IHA_MessageCenter
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Jewel Quest Heritage
Junk Mail filter update
Lavasoft Registry Tuner
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars: PAC-MAN
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NOOK for PC
Penguins!
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
QuickGamma 2.0.0.3
Scrapbook Design Studio 2.2.2
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype™ 5.0
Spybot - Search & Destroy
Times Reader
Torchlight
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Vz In Home Agent
Welcome Center
WildTangent Games App (eMachines Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
5/1/2012 7:17:18 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/1/2012 12:52:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
4/29/2012 11:35:09 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/29/2012 1:18:21 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/28/2012 9:28:22 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/26/2012 7:36:12 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/26/2012 4:33:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
4/24/2012 10:59:38 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================


Here is Rogue Killer:

RogueKiller V7.4.0 [05/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Mary [Admin rights]
Mode: Scan -- Date: 05/01/2012 14:16:49

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADX-22TDHB0 ATA Device +++++
--- User ---
[MBR] d4878dd072de7bff3075c3efce1c67d5
[BSP] 6a1b013ca2da720b215d19241a329ce3 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 36866048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 37070848 | Size: 935767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


That is all for tonight. You can tell me what you think about this stuff tomorrow.
You have been a great help!

Steve

[MrCharlie]

Nothing showing in the logs so far....

Please update Malwarebytes first before you run it:

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

--------------------------

Next...........

Please make sure system restore is running and create a new restore point before continuing.
Instructions here

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.



----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:


If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[moondog90]

Ok, here is the output of TDSSKiller.
Only one supspicious object of medium risk was found:

Unsigned file
Service: HPSLPSVC
Suspicious object, medium risk
Service start: Auto (0x2)
File: C:\Users\Mary\AppData\Local\Temp\7zS0681\hpslpsvc64.dll
MD5: f37882f128efacefe353e0bae2766909


00:10:49.0962 5644 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
00:10:51.0963 5644 ============================================================
00:10:51.0964 5644 Current date / time: 2012/05/02 00:10:51.0963
00:10:51.0964 5644 SystemInfo:
00:10:51.0964 5644
00:10:51.0964 5644 OS Version: 6.1.7601 ServicePack: 1.0
00:10:51.0964 5644 Product type: Workstation
00:10:51.0964 5644 ComputerName: MARY-PC
00:10:51.0965 5644 UserName: Mary
00:10:51.0965 5644 Windows directory: C:\Windows
00:10:51.0965 5644 System windows directory: C:\Windows
00:10:51.0965 5644 Running under WOW64
00:10:51.0965 5644 Processor architecture: Intel x64
00:10:51.0965 5644 Number of processors: 2
00:10:51.0965 5644 Page size: 0x1000
00:10:51.0965 5644 Boot type: Normal boot
00:10:51.0965 5644 ============================================================
00:10:54.0110 5644 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:10:54.0146 5644 ============================================================
00:10:54.0146 5644 \Device\Harddisk0\DR0:
00:10:54.0153 5644 MBR partitions:
00:10:54.0153 5644 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2328800, BlocksNum 0x32000
00:10:54.0153 5644 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x235A800, BlocksNum 0x723ABDB0
00:10:54.0153 5644 ============================================================
00:10:54.0184 5644 C: <-> \Device\Harddisk0\DR0\Partition1
00:10:54.0185 5644 ============================================================
00:10:54.0185 5644 Initialize success
00:10:54.0185 5644 ============================================================
00:11:02.0553 4536 ============================================================
00:11:02.0553 4536 Scan started
00:11:02.0553 4536 Mode: Manual; SigCheck; TDLFS;
00:11:02.0553 4536 ============================================================
00:11:06.0031 4536 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:11:06.0238 4536 1394ohci - ok
00:11:06.0388 4536 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:11:06.0437 4536 ACPI - ok
00:11:06.0446 4536 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:11:06.0489 4536 AcpiPmi - ok
00:11:07.0192 4536 AcrSch2Svc (ad1ee24224f770e598794ecaba26e8f3) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
00:11:07.0359 4536 AcrSch2Svc - ok
00:11:07.0544 4536 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:11:08.0116 4536 AdobeARMservice - ok
00:11:11.0445 4536 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:11:11.0657 4536 AdobeFlashPlayerUpdateSvc - ok
00:11:13.0322 4536 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
00:11:13.0436 4536 adp94xx - ok
00:11:14.0795 4536 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
00:11:14.0874 4536 adpahci - ok
00:11:15.0314 4536 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
00:11:15.0357 4536 adpu320 - ok
00:11:15.0771 4536 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:11:15.0868 4536 AeLookupSvc - ok
00:11:16.0547 4536 afcdp (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
00:11:16.0788 4536 afcdp - ok
00:11:19.0177 4536 afcdpsrv (af44f7e027037628f1fac3c13cde73e6) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
00:11:19.0357 4536 afcdpsrv - ok
00:11:20.0771 4536 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:11:21.0041 4536 AFD - ok
00:11:21.0111 4536 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:11:21.0170 4536 agp440 - ok
00:11:21.0218 4536 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:11:21.0250 4536 ALG - ok
00:11:21.0278 4536 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:11:21.0306 4536 aliide - ok
00:11:21.0751 4536 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:11:21.0816 4536 amdide - ok
00:11:22.0396 4536 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
00:11:22.0465 4536 AmdK8 - ok
00:11:23.0008 4536 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
00:11:23.0065 4536 AmdPPM - ok
00:11:23.0108 4536 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:11:23.0143 4536 amdsata - ok
00:11:23.0154 4536 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
00:11:23.0203 4536 amdsbs - ok
00:11:23.0216 4536 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:11:23.0244 4536 amdxata - ok
00:11:23.0273 4536 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:11:23.0319 4536 AppID - ok
00:11:23.0343 4536 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:11:23.0388 4536 AppIDSvc - ok
00:11:23.0404 4536 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:11:23.0449 4536 Appinfo - ok
00:11:23.0455 4536 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
00:11:23.0487 4536 arc - ok
00:11:23.0686 4536 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
00:11:23.0758 4536 arcsas - ok
00:11:23.0915 4536 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:11:23.0977 4536 AsyncMac - ok
00:11:24.0035 4536 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:11:24.0084 4536 atapi - ok
00:11:24.0382 4536 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:11:24.0521 4536 AudioEndpointBuilder - ok
00:11:24.0528 4536 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:11:24.0600 4536 AudioSrv - ok
00:11:24.0734 4536 AVKProxy (58c87ab02276b1999265ff3f6434df7e) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
00:11:24.0885 4536 AVKProxy - ok
00:11:24.0945 4536 AVKService (ea4eedff67dbcfb5a49b8fef38575ad7) C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe
00:11:25.0037 4536 AVKService - ok
00:11:25.0180 4536 AVKWCtl (5987ad5c18d0fb21ef21684257917477) C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtlX64.exe
00:11:25.0340 4536 AVKWCtl - ok
00:11:25.0470 4536 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:11:25.0538 4536 AxInstSV - ok
00:11:26.0143 4536 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
00:11:26.0216 4536 b06bdrv - ok
00:11:26.0267 4536 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:11:26.0315 4536 b57nd60a - ok
00:11:26.0414 4536 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
00:11:26.0483 4536 BBSvc - ok
00:11:26.0575 4536 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:11:26.0626 4536 BDESVC - ok
00:11:26.0663 4536 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:11:26.0723 4536 Beep - ok
00:11:26.0808 4536 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:11:26.0929 4536 BFE - ok
00:11:27.0001 4536 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
00:11:27.0150 4536 BITS - ok
00:11:27.0192 4536 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
00:11:27.0223 4536 blbdrive - ok
00:11:27.0270 4536 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:11:27.0314 4536 bowser - ok
00:11:27.0371 4536 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
00:11:27.0424 4536 BrFiltLo - ok
00:11:27.0428 4536 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
00:11:27.0459 4536 BrFiltUp - ok
00:11:27.0468 4536 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:11:27.0519 4536 Browser - ok
00:11:28.0941 4536 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:11:29.0067 4536 Brserid - ok
00:11:29.0535 4536 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:11:29.0669 4536 BrSerWdm - ok
00:11:29.0730 4536 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:11:29.0784 4536 BrUsbMdm - ok
00:11:29.0845 4536 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:11:29.0942 4536 BrUsbSer - ok
00:11:30.0162 4536 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
00:11:30.0262 4536 BTHMODEM - ok
00:11:30.0325 4536 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:11:30.0373 4536 bthserv - ok
00:11:30.0423 4536 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:11:30.0472 4536 cdfs - ok
00:11:30.0593 4536 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:11:30.0654 4536 cdrom - ok
00:11:30.0699 4536 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:11:30.0746 4536 CertPropSvc - ok
00:11:30.0799 4536 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
00:11:30.0849 4536 circlass - ok
00:11:30.0884 4536 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:11:30.0939 4536 CLFS - ok
00:11:31.0027 4536 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:11:31.0089 4536 clr_optimization_v2.0.50727_32 - ok
00:11:31.0127 4536 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:11:31.0176 4536 clr_optimization_v2.0.50727_64 - ok
00:11:31.0286 4536 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:11:31.0342 4536 clr_optimization_v4.0.30319_32 - ok
00:11:31.0394 4536 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:11:31.0427 4536 clr_optimization_v4.0.30319_64 - ok
00:11:31.0457 4536 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
00:11:31.0507 4536 CmBatt - ok
00:11:31.0681 4536 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:11:31.0785 4536 cmdide - ok
00:11:32.0008 4536 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:11:32.0089 4536 CNG - ok
00:11:32.0093 4536 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
00:11:32.0121 4536 Compbatt - ok
00:11:32.0152 4536 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:11:32.0183 4536 CompositeBus - ok
00:11:32.0212 4536 COMSysApp - ok
00:11:32.0219 4536 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
00:11:32.0246 4536 crcdisk - ok
00:11:32.0307 4536 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
00:11:32.0383 4536 CryptSvc - ok
00:11:32.0438 4536 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:11:32.0512 4536 DcomLaunch - ok
00:11:32.0553 4536 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:11:32.0612 4536 defragsvc - ok
00:11:32.0620 4536 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:11:32.0668 4536 DfsC - ok
00:11:32.0685 4536 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:11:32.0745 4536 Dhcp - ok
00:11:32.0750 4536 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:11:32.0796 4536 discache - ok
00:11:32.0803 4536 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
00:11:32.0833 4536 Disk - ok
00:11:32.0906 4536 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:11:32.0963 4536 Dnscache - ok
00:11:32.0985 4536 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:11:33.0042 4536 dot3svc - ok
00:11:33.0058 4536 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:11:33.0109 4536 DPS - ok
00:11:33.0124 4536 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:11:33.0154 4536 drmkaud - ok
00:11:33.0194 4536 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:11:33.0274 4536 DXGKrnl - ok
00:11:33.0304 4536 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:11:33.0355 4536 EapHost - ok
00:11:33.0490 4536 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
00:11:33.0660 4536 ebdrv - ok
00:11:33.0756 4536 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:11:33.0807 4536 EFS - ok
00:11:33.0880 4536 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:11:34.0008 4536 ehRecvr - ok
00:11:34.0057 4536 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:11:34.0096 4536 ehSched - ok
00:11:34.0167 4536 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
00:11:34.0249 4536 elxstor - ok
00:11:34.0253 4536 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:11:34.0282 4536 ErrDev - ok
00:11:34.0354 4536 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:11:34.0417 4536 EventSystem - ok
00:11:34.0434 4536 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:11:34.0490 4536 exfat - ok
00:11:34.0502 4536 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:11:34.0557 4536 fastfat - ok
00:11:34.0648 4536 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:11:34.0727 4536 Fax - ok
00:11:34.0735 4536 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
00:11:34.0766 4536 fdc - ok
00:11:34.0774 4536 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:11:34.0818 4536 fdPHost - ok
00:11:34.0824 4536 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:11:34.0870 4536 FDResPub - ok
00:11:34.0883 4536 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:11:34.0916 4536 FileInfo - ok
00:11:34.0928 4536 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:11:34.0973 4536 Filetrace - ok
00:11:34.0977 4536 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
00:11:35.0007 4536 flpydisk - ok
00:11:35.0021 4536 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:11:35.0066 4536 FltMgr - ok
00:11:35.0138 4536 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:11:35.0234 4536 FontCache - ok
00:11:35.0279 4536 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:11:35.0341 4536 FontCache3.0.0.0 - ok
00:11:35.0358 4536 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:11:35.0390 4536 FsDepends - ok
00:11:35.0419 4536 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
00:11:35.0447 4536 Fs_Rec - ok
00:11:35.0474 4536 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:11:35.0517 4536 fvevol - ok
00:11:35.0565 4536 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
00:11:35.0597 4536 gagp30kx - ok
00:11:35.0699 4536 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
00:11:35.0781 4536 GamesAppService - ok
00:11:35.0850 4536 GDBackupSvc (77bc6030e46017f6d6d19fc4934b9fa1) C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe
00:11:35.0991 4536 GDBackupSvc - ok
00:11:36.0026 4536 GDBehave (c419f569a5fb2864631abed41d385a23) C:\Windows\system32\drivers\GDBehave.sys
00:11:36.0053 4536 GDBehave - ok
00:11:36.0158 4536 GDFwSvc (458a81928beee84461a02bbfb33474c0) C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvcx64.exe
00:11:36.0253 4536 GDFwSvc - ok
00:11:36.0386 4536 GDMnIcpt (75beec7d90e1af541e0675b05d0fed07) C:\Windows\system32\drivers\MiniIcpt.sys
00:11:36.0436 4536 GDMnIcpt - ok
00:11:36.0460 4536 GDPkIcpt (9dcebdca3a06d3af83553634c04dfa53) C:\Windows\system32\drivers\PktIcpt.sys
00:11:36.0489 4536 GDPkIcpt - ok
00:11:36.0579 4536 GDScan (0512fbdbe21e2ff411f8622b2c88070c) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
00:11:36.0669 4536 GDScan - ok
00:11:36.0756 4536 GDTunerSvc (33812434cc3431646fc7ec68c2001794) C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe
00:11:36.0884 4536 GDTunerSvc - ok
00:11:36.0926 4536 gdwfpcd (b6b09af9e081aaa825fe06286d43b22a) C:\Windows\system32\drivers\gdwfpcd64.sys
00:11:36.0967 4536 gdwfpcd - ok
00:11:37.0027 4536 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:11:37.0132 4536 gpsvc - ok
00:11:37.0155 4536 GRD - ok
00:11:37.0204 4536 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
00:11:37.0235 4536 GREGService - ok
00:11:37.0257 4536 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:11:37.0286 4536 hcw85cir - ok
00:11:37.0302 4536 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:11:37.0348 4536 HdAudAddService - ok
00:11:37.0394 4536 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:11:37.0435 4536 HDAudBus - ok
00:11:37.0443 4536 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
00:11:37.0472 4536 HidBatt - ok
00:11:37.0479 4536 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
00:11:37.0515 4536 HidBth - ok
00:11:37.0628 4536 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
00:11:37.0706 4536 HidIr - ok
00:11:37.0761 4536 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
00:11:37.0882 4536 hidserv - ok
00:11:38.0005 4536 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:11:38.0061 4536 HidUsb - ok
00:11:38.0105 4536 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:11:38.0152 4536 hkmsvc - ok
00:11:38.0190 4536 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:11:38.0238 4536 HomeGroupListener - ok
00:11:38.0292 4536 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:11:38.0345 4536 HomeGroupProvider - ok
00:11:38.0400 4536 HookCentre (bc986a06e4b1e03ca5bb34c7f36a86d6) C:\Windows\system32\drivers\HookCentre.sys
00:11:38.0444 4536 HookCentre - ok
00:11:38.0455 4536 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:11:38.0487 4536 HpSAMD - ok
00:11:38.0683 4536 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Users\Mary\AppData\Local\Temp\7zS0681\hpslpsvc64.dll
00:11:38.0837 4536 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
00:11:38.0837 4536 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
00:11:38.0914 4536 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:11:39.0050 4536 HTTP - ok
00:11:39.0055 4536 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:11:39.0081 4536 hwpolicy - ok
00:11:39.0107 4536 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:11:39.0140 4536 i8042prt - ok
00:11:39.0186 4536 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:11:39.0233 4536 iaStorV - ok
00:11:39.0363 4536 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:11:39.0448 4536 idsvc - ok
00:11:40.0365 4536 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:11:40.0733 4536 igfx - ok
00:11:40.0895 4536 IHA_MessageCenter (c135bff15563592b8ea070ea109967f7) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
00:11:40.0967 4536 IHA_MessageCenter - ok
00:11:41.0098 4536 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
00:11:41.0139 4536 iirsp - ok
00:11:41.0211 4536 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:11:41.0339 4536 IKEEXT - ok
00:11:42.0093 4536 IntcAzAudAddService (2e3b99e8c23be2bf32ebe1db5261f275) C:\Windows\system32\drivers\RTKVHD64.sys
00:11:42.0291 4536 IntcAzAudAddService - ok
00:11:42.0401 4536 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:11:42.0447 4536 intelide - ok
00:11:42.0475 4536 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:11:42.0508 4536 intelppm - ok
00:11:42.0549 4536 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:11:42.0598 4536 IPBusEnum - ok
00:11:42.0623 4536 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:11:42.0670 4536 IpFilterDriver - ok
00:11:42.0739 4536 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:11:42.0910 4536 iphlpsvc - ok
00:11:42.0916 4536 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:11:42.0948 4536 IPMIDRV - ok
00:11:42.0959 4536 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:11:43.0008 4536 IPNAT - ok
00:11:43.0055 4536 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:11:43.0086 4536 IRENUM - ok
00:11:43.0090 4536 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:11:43.0119 4536 isapnp - ok
00:11:43.0207 4536 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:11:43.0271 4536 iScsiPrt - ok
00:11:43.0300 4536 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:11:43.0328 4536 kbdclass - ok
00:11:43.0334 4536 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
00:11:43.0364 4536 kbdhid - ok
00:11:43.0401 4536 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:11:43.0449 4536 KeyIso - ok
00:11:43.0471 4536 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:11:43.0503 4536 KSecDD - ok
00:11:43.0786 4536 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:11:43.0841 4536 KSecPkg - ok
00:11:43.0886 4536 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:11:43.0932 4536 ksthunk - ok
00:11:44.0008 4536 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:11:44.0105 4536 KtmRm - ok
00:11:44.0177 4536 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
00:11:44.0258 4536 LanmanServer - ok
00:11:44.0301 4536 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:11:44.0370 4536 LanmanWorkstation - ok
00:11:44.0483 4536 Live Updater Service (6bcee9c766815bfff89de7d81af34ce1) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
00:11:44.0557 4536 Live Updater Service - ok
00:11:44.0592 4536 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:11:44.0638 4536 lltdio - ok
00:11:44.0679 4536 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:11:44.0745 4536 lltdsvc - ok
00:11:44.0761 4536 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:11:44.0806 4536 lmhosts - ok
00:11:44.0823 4536 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
00:11:44.0855 4536 LSI_FC - ok
00:11:44.0862 4536 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
00:11:44.0894 4536 LSI_SAS - ok
00:11:44.0900 4536 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
00:11:44.0932 4536 LSI_SAS2 - ok
00:11:44.0940 4536 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
00:11:44.0974 4536 LSI_SCSI - ok
00:11:44.0999 4536 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:11:45.0049 4536 luafv - ok
00:11:45.0069 4536 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:11:45.0101 4536 Mcx2Svc - ok
00:11:45.0106 4536 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
00:11:45.0136 4536 megasas - ok
00:11:45.0150 4536 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
00:11:45.0192 4536 MegaSR - ok
00:11:45.0240 4536 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:11:45.0286 4536 MMCSS - ok
00:11:45.0291 4536 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:11:45.0337 4536 Modem - ok
00:11:45.0346 4536 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:11:45.0377 4536 monitor - ok
00:11:45.0382 4536 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:11:45.0412 4536 mouclass - ok
00:11:45.0417 4536 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:11:45.0447 4536 mouhid - ok
00:11:45.0453 4536 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:11:45.0487 4536 mountmgr - ok
00:11:45.0692 4536 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:11:45.0756 4536 MozillaMaintenance - ok
00:11:45.0835 4536 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
00:11:45.0901 4536 MpFilter - ok
00:11:45.0925 4536 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:11:45.0960 4536 mpio - ok
00:11:45.0968 4536 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:11:46.0016 4536 mpsdrv - ok
00:11:46.0092 4536 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:11:46.0207 4536 MpsSvc - ok
00:11:46.0217 4536 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:11:46.0256 4536 MRxDAV - ok
00:11:46.0319 4536 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:11:46.0380 4536 mrxsmb - ok
00:11:46.0411 4536 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:11:46.0457 4536 mrxsmb10 - ok
00:11:46.0481 4536 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:11:46.0516 4536 mrxsmb20 - ok
00:11:46.0520 4536 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:11:46.0548 4536 msahci - ok
00:11:46.0557 4536 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:11:46.0591 4536 msdsm - ok
00:11:46.0608 4536 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:11:46.0644 4536 MSDTC - ok
00:11:46.0666 4536 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:11:46.0712 4536 Msfs - ok
00:11:46.0784 4536 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:11:46.0849 4536 mshidkmdf - ok
00:11:46.0854 4536 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:11:46.0881 4536 msisadrv - ok
00:11:46.0930 4536 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:11:46.0991 4536 MSiSCSI - ok
00:11:46.0995 4536 msiserver - ok
00:11:47.0013 4536 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:11:47.0058 4536 MSKSSRV - ok
00:11:47.0108 4536 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
00:11:47.0133 4536 MsMpSvc - ok
00:11:47.0157 4536 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:11:47.0203 4536 MSPCLOCK - ok
00:11:47.0207 4536 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:11:47.0251 4536 MSPQM - ok
00:11:47.0268 4536 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:11:47.0313 4536 MsRPC - ok
00:11:47.0321 4536 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:11:47.0349 4536 mssmbios - ok
00:11:47.0361 4536 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:11:47.0404 4536 MSTEE - ok
00:11:47.0408 4536 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
00:11:47.0437 4536 MTConfig - ok
00:11:47.0443 4536 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:11:47.0474 4536 Mup - ok
00:11:47.0517 4536 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:11:47.0587 4536 napagent - ok
00:11:47.0639 4536 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:11:47.0685 4536 NativeWifiP - ok
00:11:47.0760 4536 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
00:11:47.0855 4536 NAUpdate - ok
00:11:47.0940 4536 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:11:48.0041 4536 NDIS - ok
00:11:48.0073 4536 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:11:48.0118 4536 NdisCap - ok
00:11:48.0138 4536 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:11:48.0182 4536 NdisTapi - ok
00:11:48.0194 4536 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:11:48.0241 4536 Ndisuio - ok
00:11:48.0251 4536 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:11:48.0304 4536 NdisWan - ok
00:11:48.0310 4536 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:11:48.0355 4536 NDProxy - ok
00:11:48.0360 4536 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:11:48.0406 4536 NetBIOS - ok
00:11:48.0419 4536 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:11:48.0477 4536 NetBT - ok
00:11:48.0511 4536 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:11:48.0540 4536 Netlogon - ok
00:11:48.0611 4536 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:11:48.0694 4536 Netman - ok
00:11:48.0715 4536 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:11:48.0781 4536 netprofm - ok
00:11:48.0825 4536 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:11:48.0864 4536 NetTcpPortSharing - ok
00:11:48.0872 4536 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
00:11:48.0901 4536 nfrd960 - ok
00:11:48.0965 4536 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:11:49.0011 4536 NisDrv - ok
00:11:49.0035 4536 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
00:11:49.0078 4536 NisSrv - ok
00:11:49.0130 4536 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:11:49.0195 4536 NlaSvc - ok
00:11:49.0211 4536 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:11:49.0257 4536 Npfs - ok
00:11:49.0261 4536 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:11:49.0306 4536 nsi - ok
00:11:49.0311 4536 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:11:49.0356 4536 nsiproxy - ok
00:11:49.0453 4536 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:11:49.0581 4536 Ntfs - ok
00:11:49.0646 4536 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:11:49.0698 4536 Null - ok
00:11:49.0728 4536 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:11:49.0764 4536 nvraid - ok
00:11:49.0780 4536 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:11:49.0815 4536 nvstor - ok
00:11:49.0830 4536 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:11:49.0863 4536 nv_agp - ok
00:11:49.0869 4536 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:11:49.0901 4536 ohci1394 - ok
00:11:49.0975 4536 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:11:50.0027 4536 ose - ok
00:11:50.0245 4536 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:11:50.0378 4536 osppsvc - ok
00:11:50.0455 4536 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:11:50.0518 4536 p2pimsvc - ok
00:11:50.0569 4536 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:11:50.0620 4536 p2psvc - ok
00:11:50.0638 4536 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
00:11:50.0669 4536 Parport - ok
00:11:50.0686 4536 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
00:11:50.0715 4536 partmgr - ok
00:11:50.0726 4536 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:11:50.0767 4536 PcaSvc - ok
00:11:50.0778 4536 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:11:50.0813 4536 pci - ok
00:11:50.0818 4536 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:11:50.0843 4536 pciide - ok
00:11:50.0855 4536 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
00:11:50.0908 4536 pcmcia - ok
00:11:50.0913 4536 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:11:50.0941 4536 pcw - ok
00:11:50.0968 4536 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:11:51.0040 4536 PEAUTH - ok
00:11:51.0090 4536 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:11:51.0137 4536 PerfHost - ok
00:11:51.0218 4536 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:11:51.0326 4536 pla - ok
00:11:51.0400 4536 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:11:51.0475 4536 PlugPlay - ok
00:11:51.0500 4536 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:11:51.0528 4536 PNRPAutoReg - ok
00:11:51.0577 4536 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:11:51.0620 4536 PNRPsvc - ok
00:11:51.0664 4536 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:11:51.0733 4536 PolicyAgent - ok
00:11:51.0767 4536 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:11:51.0821 4536 Power - ok
00:11:51.0892 4536 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:11:51.0968 4536 PptpMiniport - ok
00:11:51.0984 4536 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
00:11:52.0016 4536 Processor - ok
00:11:52.0068 4536 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
00:11:52.0124 4536 ProfSvc - ok
00:11:52.0145 4536 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:11:52.0173 4536 ProtectedStorage - ok
00:11:52.0210 4536 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:11:52.0262 4536 Psched - ok
00:11:52.0352 4536 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
00:11:52.0435 4536 ql2300 - ok
00:11:52.0522 4536 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
00:11:52.0568 4536 ql40xx - ok
00:11:52.0596 4536 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:11:52.0643 4536 QWAVE - ok
00:11:52.0655 4536 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:11:52.0690 4536 QWAVEdrv - ok
00:11:52.0695 4536 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:11:52.0739 4536 RasAcd - ok
00:11:52.0773 4536 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:11:52.0819 4536 RasAgileVpn - ok
00:11:52.0835 4536 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:11:52.0883 4536 RasAuto - ok
00:11:52.0892 4536 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:11:52.0940 4536 Rasl2tp - ok
00:11:52.0961 4536 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:11:53.0021 4536 RasMan - ok
00:11:53.0051 4536 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:11:53.0097 4536 RasPppoe - ok
00:11:53.0126 4536 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:11:53.0172 4536 RasSstp - ok
00:11:53.0189 4536 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:11:53.0245 4536 rdbss - ok
00:11:53.0250 4536 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
00:11:53.0282 4536 rdpbus - ok
00:11:53.0286 4536 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:11:53.0328 4536 RDPCDD - ok
00:11:53.0354 4536 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:11:53.0396 4536 RDPENCDD - ok
00:11:53.0402 4536 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:11:53.0445 4536 RDPREFMP - ok
00:11:53.0499 4536 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
00:11:53.0551 4536 RDPWD - ok
00:11:53.0563 4536 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:11:53.0599 4536 rdyboost - ok
00:11:53.0627 4536 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:11:53.0675 4536 RemoteAccess - ok
00:11:53.0695 4536 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:11:53.0748 4536 RemoteRegistry - ok
00:11:53.0794 4536 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:11:53.0840 4536 RpcEptMapper - ok
00:11:53.0868 4536 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:11:53.0895 4536 RpcLocator - ok
00:11:53.0917 4536 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:11:53.0984 4536 RpcSs - ok
00:11:53.0991 4536 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:11:54.0039 4536 rspndr - ok
00:11:54.0071 4536 RTL8167 (365ed58b47b46de8b1c5fa759b6fcd6e) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:11:54.0137 4536 RTL8167 - ok
00:11:54.0167 4536 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:11:54.0195 4536 SamSs - ok
00:11:54.0212 4536 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:11:54.0242 4536 sbp2port - ok
00:11:54.0429 4536 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
00:11:54.0744 4536 SBSDWSCService - ok
00:11:54.0777 4536 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:11:54.0830 4536 SCardSvr - ok
00:11:54.0860 4536 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:11:54.0904 4536 scfilter - ok
00:11:54.0955 4536 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:11:55.0076 4536 Schedule - ok
00:11:55.0110 4536 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:11:55.0155 4536 SCPolicySvc - ok
00:11:55.0165 4536 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:11:55.0213 4536 SDRSVC - ok
00:11:55.0284 4536 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
00:11:55.0369 4536 SeaPort - ok
00:11:55.0408 4536 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:11:55.0451 4536 secdrv - ok
00:11:55.0465 4536 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:11:55.0510 4536 seclogon - ok
00:11:55.0541 4536 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
00:11:55.0591 4536 SENS - ok
00:11:55.0606 4536 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:11:55.0639 4536 SensrSvc - ok
00:11:55.0647 4536 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
00:11:55.0675 4536 Serenum - ok
00:11:55.0682 4536 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
00:11:55.0713 4536 Serial - ok
00:11:55.0718 4536 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
00:11:55.0746 4536 sermouse - ok
00:11:55.0776 4536 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:11:55.0826 4536 SessionEnv - ok
00:11:55.0830 4536 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:11:55.0860 4536 sffdisk - ok
00:11:55.0864 4536 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:11:55.0893 4536 sffp_mmc - ok
00:11:55.0898 4536 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:11:55.0927 4536 sffp_sd - ok
00:11:55.0931 4536 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
00:11:55.0959 4536 sfloppy - ok
00:11:56.0000 4536 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:11:56.0067 4536 SharedAccess - ok
00:11:56.0099 4536 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:11:56.0159 4536 ShellHWDetection - ok
00:11:56.0182 4536 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
00:11:56.0209 4536 SiSRaid2 - ok
00:11:56.0215 4536 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
00:11:56.0245 4536 SiSRaid4 - ok
00:11:56.0252 4536 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:11:56.0299 4536 Smb - ok
00:11:56.0338 4536 snapman (10450f432811d7fda60a97fcc674d7b2) C:\Windows\system32\DRIVERS\snapman.sys
00:11:56.0375 4536 snapman - ok
00:11:56.0400 4536 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:11:56.0428 4536 SNMPTRAP - ok
00:11:56.0433 4536 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:11:56.0459 4536 spldr - ok
00:11:56.0520 4536 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:11:56.0623 4536 Spooler - ok
00:11:56.0750 4536 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:11:56.0866 4536 sppsvc - ok
00:11:56.0958 4536 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:11:57.0022 4536 sppuinotify - ok
00:11:57.0074 4536 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:11:57.0133 4536 srv - ok
00:11:57.0176 4536 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:11:57.0224 4536 srv2 - ok
00:11:57.0243 4536 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:11:57.0278 4536 srvnet - ok
00:11:57.0319 4536 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:11:57.0373 4536 SSDPSRV - ok
00:11:57.0380 4536 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:11:57.0427 4536 SstpSvc - ok
00:11:57.0443 4536 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
00:11:57.0469 4536 stexstor - ok
00:11:57.0540 4536 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:11:57.0699 4536 stisvc - ok
00:11:57.0713 4536 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:11:57.0750 4536 swenum - ok
00:11:57.0807 4536 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:11:57.0874 4536 swprv - ok
00:11:57.0960 4536 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:11:58.0072 4536 SysMain - ok
00:11:58.0165 4536 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:11:58.0212 4536 TabletInputService - ok
00:11:58.0243 4536 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:11:58.0307 4536 TapiSrv - ok
00:11:58.0320 4536 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:11:58.0367 4536 TBS - ok
00:11:58.0474 4536 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
00:11:58.0577 4536 Tcpip - ok
00:11:58.0728 4536 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
00:11:58.0845 4536 TCPIP6 - ok
00:11:58.0892 4536 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:11:58.0941 4536 tcpipreg - ok
00:11:58.0954 4536 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:11:58.0990 4536 TDPIPE - ok
00:11:59.0099 4536 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
00:11:59.0174 4536 tdrpman273 - ok
00:11:59.0199 4536 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:11:59.0225 4536 TDTCP - ok
00:11:59.0253 4536 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:11:59.0300 4536 tdx - ok
00:11:59.0306 4536 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:11:59.0335 4536 TermDD - ok
00:11:59.0387 4536 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:11:59.0494 4536 TermService - ok
00:11:59.0520 4536 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:11:59.0554 4536 Themes - ok
00:11:59.0596 4536 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:11:59.0664 4536 THREADORDER - ok
00:11:59.0728 4536 timounter (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys
00:11:59.0796 4536 timounter - ok
00:11:59.0817 4536 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:11:59.0868 4536 TrkWks - ok
00:11:59.0913 4536 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:11:59.0965 4536 TrustedInstaller - ok
00:11:59.0982 4536 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:12:00.0024 4536 tssecsrv - ok
00:12:00.0060 4536 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:12:00.0089 4536 TsUsbFlt - ok
00:12:00.0094 4536 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
00:12:00.0122 4536 TsUsbGD - ok
00:12:00.0145 4536 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:12:00.0193 4536 tunnel - ok
00:12:00.0199 4536 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
00:12:00.0228 4536 uagp35 - ok
00:12:00.0244 4536 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:12:00.0301 4536 udfs - ok
00:12:00.0326 4536 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:12:00.0357 4536 UI0Detect - ok
00:12:00.0363 4536 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:12:00.0392 4536 uliagpkx - ok
00:12:00.0418 4536 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
00:12:00.0446 4536 umbus - ok
00:12:00.0451 4536 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
00:12:00.0479 4536 UmPass - ok
00:12:00.0529 4536 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:12:00.0610 4536 upnphost - ok
00:12:00.0636 4536 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
00:12:00.0666 4536 usbccgp - ok
00:12:00.0694 4536 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:12:00.0727 4536 usbcir - ok
00:12:00.0755 4536 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
00:12:00.0782 4536 usbehci - ok
00:12:00.0807 4536 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:12:00.0851 4536 usbhub - ok
00:12:00.0875 4536 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:12:00.0902 4536 usbohci - ok
00:12:00.0915 4536 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:12:00.0944 4536 usbprint - ok
00:12:01.0010 4536 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:12:01.0057 4536 usbscan - ok
00:12:01.0099 4536 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:12:01.0166 4536 USBSTOR - ok
00:12:01.0178 4536 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:12:01.0205 4536 usbuhci - ok
00:12:01.0221 4536 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:12:01.0266 4536 UxSms - ok
00:12:01.0289 4536 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:12:01.0318 4536 VaultSvc - ok
00:12:01.0351 4536 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:12:01.0377 4536 vdrvroot - ok
00:12:01.0435 4536 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:12:01.0506 4536 vds - ok
00:12:01.0556 4536 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:12:01.0614 4536 vga - ok
00:12:01.0619 4536 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:12:01.0664 4536 VgaSave - ok
00:12:01.0675 4536 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:12:01.0712 4536 vhdmp - ok
00:12:01.0717 4536 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:12:01.0743 4536 viaide - ok
00:12:01.0750 4536 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:12:01.0779 4536 volmgr - ok
00:12:01.0799 4536 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:12:01.0853 4536 volmgrx - ok
00:12:01.0871 4536 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:12:01.0912 4536 volsnap - ok
00:12:01.0963 4536 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
00:12:01.0997 4536 vsmraid - ok
00:12:02.0080 4536 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:12:02.0199 4536 VSS - ok
00:12:02.0298 4536 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
00:12:02.0347 4536 vwifibus - ok
00:12:02.0365 4536 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:12:02.0426 4536 W32Time - ok
00:12:02.0434 4536 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
00:12:02.0462 4536 WacomPen - ok
00:12:02.0499 4536 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:12:02.0545 4536 WANARP - ok
00:12:02.0581 4536 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:12:02.0628 4536 Wanarpv6 - ok
00:12:02.0744 4536 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:12:02.0842 4536 WatAdminSvc - ok
00:12:02.0918 4536 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:12:03.0007 4536 wbengine - ok
00:12:03.0071 4536 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:12:03.0127 4536 WbioSrvc - ok
00:12:03.0162 4536 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:12:03.0216 4536 wcncsvc - ok
00:12:03.0232 4536 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:12:03.0271 4536 WcsPlugInService - ok
00:12:03.0296 4536 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
00:12:03.0323 4536 Wd - ok
00:12:03.0365 4536 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:12:03.0420 4536 Wdf01000 - ok
00:12:03.0428 4536 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:12:03.0463 4536 WdiServiceHost - ok
00:12:03.0466 4536 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:12:03.0504 4536 WdiSystemHost - ok
00:12:03.0537 4536 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:12:03.0581 4536 WebClient - ok
00:12:03.0604 4536 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:12:03.0659 4536 Wecsvc - ok
00:12:03.0681 4536 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:12:03.0729 4536 wercplsupport - ok
00:12:03.0756 4536 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:12:03.0804 4536 WerSvc - ok
00:12:03.0820 4536 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:12:03.0863 4536 WfpLwf - ok
00:12:03.0868 4536 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:12:03.0897 4536 WIMMount - ok
00:12:03.0934 4536 WinDefend - ok
00:12:03.0943 4536 WinHttpAutoProxySvc - ok
00:12:04.0009 4536 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:12:04.0090 4536 Winmgmt - ok
00:12:04.0187 4536 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:12:04.0286 4536 WinRM - ok
00:12:04.0399 4536 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:12:04.0455 4536 WinUsb - ok
00:12:04.0509 4536 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:12:04.0583 4536 Wlansvc - ok
00:12:04.0629 4536 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:12:04.0654 4536 wlcrasvc - ok
00:12:04.0828 4536 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:12:04.0953 4536 wlidsvc - ok
00:12:05.0023 4536 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:12:05.0068 4536 WmiAcpi - ok
00:12:05.0120 4536 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:12:05.0177 4536 wmiApSrv - ok
00:12:05.0199 4536 WMPNetworkSvc - ok
00:12:05.0217 4536 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:12:05.0252 4536 WPCSvc - ok
00:12:05.0268 4536 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:12:05.0301 4536 WPDBusEnum - ok
00:12:05.0317 4536 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:12:05.0361 4536 ws2ifsl - ok
00:12:05.0368 4536 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
00:12:05.0405 4536 wscsvc - ok
00:12:05.0409 4536 WSearch - ok
00:12:05.0542 4536 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
00:12:05.0659 4536 wuauserv - ok
00:12:05.0750 4536 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:12:05.0807 4536 WudfPf - ok
00:12:05.0837 4536 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:12:05.0887 4536 WUDFRd - ok
00:12:05.0894 4536 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:12:05.0942 4536 wudfsvc - ok
00:12:05.0955 4536 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:12:05.0997 4536 WwanSvc - ok
00:12:06.0021 4536 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:12:06.0180 4536 \Device\Harddisk0\DR0 - ok
00:12:06.0187 4536 Boot (0x1200) (4831db8892bb992461affe3a7b8ae636) \Device\Harddisk0\DR0\Partition0
00:12:06.0189 4536 \Device\Harddisk0\DR0\Partition0 - ok
00:12:06.0217 4536 Boot (0x1200) (b84b23e9cd553fed433b9a81d589a44d) \Device\Harddisk0\DR0\Partition1
00:12:06.0219 4536 \Device\Harddisk0\DR0\Partition1 - ok
00:12:06.0221 4536 ============================================================
00:12:06.0221 4536 Scan finished
00:12:06.0221 4536 ============================================================
00:12:06.0239 4512 Detected object count: 1
00:12:06.0239 4512 Actual detected object count: 1
00:12:12.0608 4512 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
00:12:12.0608 4512 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:12:19.0373 3068 Deinitialize success

[MrCharlie]

That file is OK....

Please download and run ComboFix.
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.
MrC

[moondog90]

I am still reading how to download and use ComboFix. But you have reminded me of something I did not know or have forgotten - to disable my other antivirus stuff. I assume you mean only the run-time protection. I have not been doing this up until now. Is there anything we should go back and run again?

Accordingly, I have just turned off Ad-Adware Total Security, firewall and web prtection. Is that OK?
I also turned off Microsoft Securtiy Essentials, real-time protection. Is that OK?

Normally, these seem to work OK together. I am pretty sure that the Ad-Aware personal firewall is the same as the Microsoft firewall. I don't think I have any other real-time protection running. However, when I try to run any program, I get an annoying pop-up that says "User Account Control" "Do you want to allow the following program to make changes to this computer?" This is still happening so I assume it is part of the Windows 7 operating system. Call this behaviour "Annoying pop-up".

What causes "Annoying pop-up"? Do you want it turned off for your tests? I want to turn it off permanently. Mom does not understand the difference between allowing a program to run that you have just commanded to run and allowing a dangerous program to do something you did not ask for. I cannot seem to teach her this. Therefore "Annoying pop-up serves no purpose for her. How do I turn it off permanently?

[MrCharlie]

You have to disable any realtime protection before you run ComboFix.

Here's how to turn UAC on and off:

http://www.howtogeek...-windows-vista/

MrC

[moondog90]

Hello. Please disregard my personal message to you MrC. I had to "reload" the replay window. Now I can type in it again. This never happened before. I am a new user. What warning should I have read?

[MrCharlie]

Can you post the log from ComboFix...Please

MrC

[moondog90]

You are a man of few words, Sir.
"Less is sometimes more, but usually less is just less."

Well, that was fun! ComboFix (CF) stopped and prompted me to turn off more stuff in Ad-Aware.
So I just wrote down the settings and unchecked and disabled everything. CF continued.
CF finished and did an auto reboot. I did not interfere, except to select "User Mary".
When the reboot finished, CF produced a pop-up log. As I have done with every tool so far,
I had prepared in advance a blank text file in which to place my personal copy of the report.

When I tried to open the empty .txt file, I got "Illegal operation attempted on a registry key
that has been marked for deletion." I tried to open Ad-Aware (to turn it back on). Same msg.
I tried to open Firefox (to Reply to you). Same msg. I did a manual reboot. CF log went away.
Ran CF again. Same problem. Printed out the CF log on paper.

Did another manual reboot but did not run CF. Things open OK (was worried I was going to have to
try a Windows boot to safe mode and a restore point. Pobably would not have worked, I have not
used Windows 7 before).

Went to this topic to cry to you and found that I could not type anything in the "Reply" box to
this topic! Opened a new topic to complain about this topic, but could not type anything into
the Reply box for the new topic! Eventually discovered that I had to right-click on the Reply
box and select "Refresh" or something like that. Why was I not warned, as new member, that I
might have to know how to do this?

So, I have the log for CF on paper. Should only take me about two hours to figure out how to scan
this on Mom's computer, put the scanned pages into a .txt file, and the paste the file into my
Reply to you. If I run CF again, I will get stuck again. If I manually reboot, the CF output
on notepad will disappear again.

Any suggestions?

[MrCharlie]

Quote

When I tried to open the empty .txt file, I got "Illegal operation attempted on a registry key
that has been marked for deletion." I tried to open Ad-Aware (to turn it back on). Same msg.
I tried to open Firefox (to Reply to you). Same msg. I did a manual reboot. CF log went away.
Ran CF again. Same problem. Printed out the CF log on paper.

Did another manual reboot but did not run CF. Things open OK (was worried I was going to have to
try a Windows boot to safe mode and a restore point. Pobably would not have worked, I have not
used Windows 7 before).

It's right in my instructions to run ComboFix:

Note:
If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed
.
------------------------

Just copy and paste the C:\ComboFix.txt into your post.

MrC

[moondog90]

Sorry if I sound like a neophyte, but when I did the manual reboot the log, I think it was on notepad, disappeared. If it somehow survives the reboot, how do I get it?

[moondog90]

Oh, OK. Found it. Thank you, I did miss your warning to reboot. What I was referring to was why was I not warned about having to "refresh" the Reply box?

here is ComboFix output:

ComboFix 12-05-02.03 - Mary 05/02/2012 13:01:48.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2636 [GMT -7:00]
Running from: c:\users\Mary\Desktop\ComboFix.exe
AV: Ad-Aware Total Security *Disabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: Ad-Aware Personal Firewall *Disabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}
SP: Ad-Aware Total Security *Disabled/Updated* {EFCD2318-A544-E9EB-4022-6820AEE79F52}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-02 20:09 . 2012-05-02 20:09 -------- d-----w- c:\users\Steve\AppData\Local\temp
2012-05-02 20:09 . 2012-05-02 20:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-02 20:09 . 2012-05-02 20:09 -------- d-----w- c:\users\Carol\AppData\Local\temp
2012-05-02 06:38 . 2012-05-02 06:38 116016 ----a-w- c:\windows\system32\drivers\21426115.sys
2012-05-02 06:26 . 2012-05-02 06:26 116016 ----a-w- c:\windows\system32\drivers\62644338.sys
2012-05-02 03:11 . 2012-05-02 03:11 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-02 03:02 . 2012-05-02 03:11 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-01 22:26 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94AFD1D7-2FA2-4D24-8B83-30B594BDA168}\mpengine.dll
2012-05-01 20:17 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-01 17:44 . 2012-05-01 17:44 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-26 14:50 . 2012-04-26 14:50 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-26 14:50 . 2012-04-26 14:50 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 14:50 . 2012-04-26 14:50 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-16 10:22 . 2012-04-16 10:22 -------- d-----w- c:\users\Mary\AppData\Roaming\Malwarebytes
2012-04-16 10:22 . 2012-04-16 10:22 -------- d-----w- c:\programdata\Malwarebytes
2012-04-16 10:22 . 2012-05-01 20:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-16 10:22 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-14 23:58 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-14 23:58 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-14 23:58 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-14 23:58 . 2012-04-14 23:58 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-14 23:55 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-14 23:55 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-14 23:55 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-14 23:55 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-14 23:55 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-14 23:55 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-14 23:55 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-02 03:37 . 2011-10-13 20:08 106224 ----a-w- c:\windows\SysWow64\drivers\GRD.sys
2012-05-02 03:11 . 2011-10-12 18:00 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-21 03:44 . 2011-04-27 22:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2011-04-18 20:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-02-26 18:17 . 2012-02-26 18:18 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0417F7A9-CE38-43E5-A3E9-CC79375849F0}\gapaengine.dll
2012-02-17 06:38 . 2012-03-17 00:29 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-17 00:29 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-17 00:29 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-17 00:29 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-17 00:29 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-17 00:29 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-17 00:29 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-02_19.42.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-05-02 20:00 51908 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-02 20:00 48418 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-12 04:37 . 2012-05-02 20:00 12408 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-874174280-269866361-546167079-1000_UserData.bin
- 2012-05-02 19:41 . 2012-05-02 19:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-02 20:10 . 2012-05-02 20:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-02 19:41 . 2012-05-02 19:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-02 20:10 . 2012-05-02 20:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-05-02 19:40 317292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-02 20:09 317292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-12 14940040]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"QuickGammaLoader"="c:\program files (x86)\QuickGamma\QuickGammaLoader.exe" [2005-03-28 68096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]
"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-09-22 2536760]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-23 5550984]
"G Data AntiVirus Tray Application"="c:\program files (x86)\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe" [2010-06-30 981504]
"GDFirewallTray"="c:\program files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe" [2010-06-30 1550576]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.