gcgoebel

Google redirect virus

13 posts in this topic

I've been infected with the google redirect virus for a while now. I've been trying to get rid of it, but the guides I've found have been over my head or have elements in them that don't apply to me. I'd really appreciate some help on this one, thanks!

Share this post


Link to post
Share on other sites

Thanks a lot! You guys helped me with something before, I really love that this place exists and that people like you are there to help.

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30

Run by G. C. Goebel at 22:40:50 on 2012-04-10

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2661 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe

C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe

C:\Windows\SysWOW64\NLSSRV32.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/?pc=Z006&form=ZGAPHP

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173604102206p0365v1i5r4711s27q

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [AdobeBridge]

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin

mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

StartupFolder: C:\Users\GC56B8~1.GOE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

StartupFolder: C:\Users\GC56B8~1.GOE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{779EF85F-5EBC-4983-890F-88A938B8659A} : DhcpNameServer = 75.75.76.76 75.75.75.75

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll

BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

BHO-X64: uTorrentBar - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll

TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

mRun-x64: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun-x64: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\G. C. Goebel\AppData\Roaming\Mozilla\Firefox\Profiles\fvmzrwak.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: network.proxy.ftp - :0

FF - prefs.js: network.proxy.http - :0

FF - prefs.js: network.proxy.socks - :0

FF - prefs.js: network.proxy.ssl - :0

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll

FF - plugin: C:\Program Files (x86)\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\G. C. Goebel\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]

R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-6-4 1150496]

R2 HMuKstOr;Kensington TrackballWorks Orbit USB HID Device Filter Driver;C:\Windows\system32\DRIVERS\HMuKstOr.sys --> C:\Windows\system32\DRIVERS\HMuKstOr.sys [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-12 652360]

R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2010-10-1 341312]

R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2010-10-1 67904]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-12 1153368]

R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-8-14 240160]

R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-13 136176]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]

S2 RapportMgmtService;Rapport Management Service;"C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" --> C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-13 136176]

S3 RapportLaunService;Rapport Launching Service;"C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe" --> C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-03-30 03:25:07 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-30 03:25:07 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

.

==================== Find3M ====================

.

.

============= FINISH: 22:42:11.59 ===============

ATTACH:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 5/28/2010 8:34:04 PM

System Uptime: 4/3/2012 2:25:09 AM (188 hours ago)

.

Motherboard: eMachines | | EMCP73VT-PM

Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz | CPU 1 | 2603/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 684 GiB total, 493.807 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is FIXED (NTFS) - 1397 GiB total, 1223.947 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&EABE7E6&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&EABE7E6&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP179: 3/30/2012 3:10:35 AM - Scheduled Checkpoint

RP180: 4/7/2012 12:00:19 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

2007 Microsoft Office Suite Service Pack 2 (SP2)

Adobe AIR

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Community Help

Adobe Flash Player 10 ActiveX

Adobe Help Center 2.0

Adobe Illustrator CS5

Adobe Media Player

Adobe Photoshop CS5

Adobe Premiere Pro 2.0

Adobe Reader X (10.1.1)

Adobe Stock Photos 1.0

Advertising Center

Apple Application Support

Apple Software Update

AVG Security Toolbar

CanoScan Toolbox Ver4.9

CDisplay 1.8

Comcast High-Speed Internet Install Wizard

Compatibility Pack for the 2007 Office system

D3DX10

DivX Setup

DropToCD (DataCD/DVD) v3.5

DVD Flick 1.3.0.7

eBay Worldwide

eMachines Games

eMachines Recovery Management

eMachines Registration

eMachines ScreenSaver

eMachines Updater

FontCreator 5.6

Free RAR Extract Frog

Google Earth

Google Update Helper

ImagXpress

Java Auto Updater

Java 6 Update 22

Java 6 Update 30

Junk Mail filter update

Magic ISO Maker v5.5 (build 0281)

Malwarebytes Anti-Malware version 1.60.1.1000

Manual CanoScan LiDE 25

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox 11.0 (x86 en-US)

MpcStar 4.5

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 9 Essentials

Nero ControlCenter

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

NeroExpress

neroxml

OpenOffice.org 3.3

Opera 11.52

PDF Settings CS5

PSE10 STI Installer

PxMergeModule

QuickTime

Rapport

Realtek High Definition Audio Driver

ScanSoft OmniPage SE 4.0

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Sid Meier's Civilization 4 Complete

Spybot - Search & Destroy

Synfig Studio

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 (KB974631)

Update for Microsoft Office Word 2007 Help (KB963665)

uTorrentBar Toolbar

VC80CRTRedist - 8.0.50727.4053

Visual Studio 2008 x64 Redistributables

VLC media player 1.1.7

Welcome Center

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Yahoo! BrowserPlus 2.9.8

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Share this post


Link to post
Share on other sites

RogueKiller V7.3.2 [03/20/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: G. C. Goebel [Admin rights]

Mode: Scan -- Date: 04/12/2012 21:33:38

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (:0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

127.0.0.1 activate.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 adobe-dns-2.adobe.com

127.0.0.1 adobe-dns-3.adobe.com

127.0.0.1 ereg.wip3.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 wip3.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 ereg.adobe.com

127.0.0.1 activate.wip3.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 adobe-dns.adobe.com

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST375052 8AS SCSI Disk Device +++++

--- User ---

[MBR] ed901f0165c1f4fc827850f7acf7d823

[bSP] ab39d269876e95b2d4c1e038d272bb99 : Acer tatooed MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 699942 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

Please make sure system restore is running and create a new restore point before continuing.

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Share this post


Link to post
Share on other sites

00:50:29.0090 1108 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

00:50:29.0449 1108 ============================================================

00:50:29.0449 1108 Current date / time: 2012/04/14 00:50:29.0449

00:50:29.0449 1108 SystemInfo:

00:50:29.0449 1108

00:50:29.0449 1108 OS Version: 6.1.7601 ServicePack: 1.0

00:50:29.0449 1108 Product type: Workstation

00:50:29.0449 1108 ComputerName: SUSAN

00:50:29.0449 1108 UserName: G. C. Goebel

00:50:29.0449 1108 Windows directory: C:\Windows

00:50:29.0449 1108 System windows directory: C:\Windows

00:50:29.0449 1108 Running under WOW64

00:50:29.0449 1108 Processor architecture: Intel x64

00:50:29.0449 1108 Number of processors: 2

00:50:29.0449 1108 Page size: 0x1000

00:50:29.0449 1108 Boot type: Normal boot

00:50:29.0449 1108 ============================================================

00:50:30.0900 1108 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

00:50:30.0916 1108 Drive \Device\Harddisk6\DR7 - Size: 0x15D50F65E00 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

00:50:36.0578 1108 \Device\Harddisk0\DR0:

00:50:36.0578 1108 MBR used

00:50:36.0578 1108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000

00:50:36.0578 1108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x55713000

00:50:36.0578 1108 \Device\Harddisk6\DR7:

00:50:36.0594 1108 MBR used

00:50:36.0594 1108 \Device\Harddisk6\DR7\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA86741

00:50:36.0672 1108 Initialize success

00:50:36.0672 1108 ============================================================

00:51:16.0436 4068 ============================================================

00:51:16.0436 4068 Scan started

00:51:16.0436 4068 Mode: Manual; SigCheck; TDLFS;

00:51:16.0436 4068 ============================================================

00:51:17.0638 4068 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

00:51:17.0903 4068 1394ohci - ok

00:51:17.0934 4068 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

00:51:17.0950 4068 ACPI - ok

00:51:17.0996 4068 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

00:51:18.0074 4068 AcpiPmi - ok

00:51:18.0121 4068 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys

00:51:18.0199 4068 adfs - ok

00:51:18.0277 4068 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

00:51:18.0293 4068 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning

00:51:18.0293 4068 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)

00:51:18.0355 4068 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

00:51:18.0386 4068 AdobeARMservice - ok

00:51:18.0433 4068 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

00:51:18.0464 4068 adp94xx - ok

00:51:18.0480 4068 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

00:51:18.0511 4068 adpahci - ok

00:51:18.0527 4068 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

00:51:18.0542 4068 adpu320 - ok

00:51:18.0574 4068 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

00:51:18.0698 4068 AeLookupSvc - ok

00:51:18.0745 4068 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

00:51:18.0808 4068 AFD - ok

00:51:18.0886 4068 AgereSoftModem (2173e070647ac68c16b8214fe5c05ec3) C:\Windows\system32\DRIVERS\agrsm64.sys

00:51:18.0979 4068 AgereSoftModem - ok

00:51:19.0010 4068 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

00:51:19.0042 4068 agp440 - ok

00:51:19.0088 4068 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

00:51:19.0120 4068 ALG - ok

00:51:19.0151 4068 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

00:51:19.0166 4068 aliide - ok

00:51:19.0166 4068 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

00:51:19.0182 4068 amdide - ok

00:51:19.0213 4068 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

00:51:19.0276 4068 AmdK8 - ok

00:51:19.0291 4068 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

00:51:19.0307 4068 AmdPPM - ok

00:51:19.0354 4068 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

00:51:19.0369 4068 amdsata - ok

00:51:19.0400 4068 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

00:51:19.0416 4068 amdsbs - ok

00:51:19.0447 4068 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

00:51:19.0463 4068 amdxata - ok

00:51:19.0510 4068 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

00:51:19.0666 4068 AppID - ok

00:51:19.0697 4068 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

00:51:19.0759 4068 AppIDSvc - ok

00:51:19.0806 4068 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

00:51:19.0915 4068 Appinfo - ok

00:51:20.0024 4068 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

00:51:20.0056 4068 Apple Mobile Device - ok

00:51:20.0102 4068 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

00:51:20.0118 4068 arc - ok

00:51:20.0149 4068 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

00:51:20.0165 4068 arcsas - ok

00:51:20.0212 4068 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

00:51:20.0274 4068 AsyncMac - ok

00:51:20.0414 4068 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

00:51:20.0477 4068 atapi - ok

00:51:20.0524 4068 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

00:51:20.0602 4068 AudioEndpointBuilder - ok

00:51:20.0617 4068 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

00:51:20.0664 4068 AudioSrv - ok

00:51:20.0789 4068 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

00:51:20.0929 4068 AVGIDSAgent - ok

00:51:20.0960 4068 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

00:51:20.0976 4068 AVGIDSDriver - ok

00:51:21.0007 4068 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

00:51:21.0023 4068 AVGIDSEH - ok

00:51:21.0038 4068 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

00:51:21.0054 4068 AVGIDSFilter - ok

00:51:21.0085 4068 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys

00:51:21.0101 4068 Avgldx64 - ok

00:51:21.0148 4068 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys

00:51:21.0163 4068 Avgmfx64 - ok

00:51:21.0226 4068 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys

00:51:21.0241 4068 Avgrkx64 - ok

00:51:21.0272 4068 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys

00:51:21.0288 4068 Avgtdia - ok

00:51:21.0319 4068 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

00:51:21.0335 4068 avgwd - ok

00:51:21.0382 4068 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

00:51:21.0475 4068 AxInstSV - ok

00:51:21.0522 4068 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

00:51:21.0584 4068 b06bdrv - ok

00:51:21.0616 4068 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

00:51:21.0694 4068 b57nd60a - ok

00:51:21.0725 4068 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

00:51:21.0803 4068 BDESVC - ok

00:51:21.0803 4068 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

00:51:21.0881 4068 Beep - ok

00:51:21.0943 4068 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

00:51:22.0021 4068 BFE - ok

00:51:22.0084 4068 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

00:51:22.0162 4068 BITS - ok

00:51:22.0193 4068 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

00:51:22.0224 4068 blbdrive - ok

00:51:22.0318 4068 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

00:51:22.0349 4068 Bonjour Service - ok

00:51:22.0380 4068 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

00:51:22.0458 4068 bowser - ok

00:51:22.0474 4068 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

00:51:22.0505 4068 BrFiltLo - ok

00:51:22.0520 4068 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

00:51:22.0552 4068 BrFiltUp - ok

00:51:22.0583 4068 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

00:51:22.0645 4068 Browser - ok

00:51:22.0661 4068 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

00:51:22.0723 4068 Brserid - ok

00:51:22.0739 4068 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

00:51:22.0770 4068 BrSerWdm - ok

00:51:22.0801 4068 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

00:51:22.0832 4068 BrUsbMdm - ok

00:51:22.0864 4068 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

00:51:22.0879 4068 BrUsbSer - ok

00:51:22.0926 4068 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

00:51:22.0957 4068 BTHMODEM - ok

00:51:22.0988 4068 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

00:51:23.0051 4068 bthserv - ok

00:51:23.0066 4068 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

00:51:23.0098 4068 cdfs - ok

00:51:23.0144 4068 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

00:51:23.0160 4068 cdrom - ok

00:51:23.0207 4068 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

00:51:23.0254 4068 CertPropSvc - ok

00:51:23.0300 4068 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

00:51:23.0316 4068 circlass - ok

00:51:23.0347 4068 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

00:51:23.0363 4068 CLFS - ok

00:51:23.0410 4068 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

00:51:23.0441 4068 clr_optimization_v2.0.50727_32 - ok

00:51:23.0472 4068 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

00:51:23.0488 4068 clr_optimization_v2.0.50727_64 - ok

00:51:23.0550 4068 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

00:51:23.0581 4068 clr_optimization_v4.0.30319_32 - ok

00:51:23.0612 4068 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

00:51:23.0628 4068 clr_optimization_v4.0.30319_64 - ok

00:51:23.0644 4068 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

00:51:23.0690 4068 CmBatt - ok

00:51:23.0737 4068 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

00:51:23.0768 4068 cmdide - ok

00:51:23.0815 4068 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

00:51:23.0846 4068 CNG - ok

00:51:23.0862 4068 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

00:51:23.0878 4068 Compbatt - ok

00:51:23.0924 4068 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

00:51:23.0956 4068 CompositeBus - ok

00:51:23.0971 4068 COMSysApp - ok

00:51:24.0002 4068 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

00:51:24.0018 4068 crcdisk - ok

00:51:24.0065 4068 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

00:51:24.0127 4068 CryptSvc - ok

00:51:24.0158 4068 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

00:51:24.0236 4068 DcomLaunch - ok

00:51:24.0283 4068 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

00:51:24.0314 4068 defragsvc - ok

00:51:24.0361 4068 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

00:51:24.0486 4068 DfsC - ok

00:51:24.0517 4068 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

00:51:24.0580 4068 Dhcp - ok

00:51:24.0595 4068 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

00:51:24.0626 4068 discache - ok

00:51:24.0658 4068 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

00:51:24.0673 4068 Disk - ok

00:51:24.0720 4068 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

00:51:24.0782 4068 Dnscache - ok

00:51:24.0814 4068 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

00:51:24.0876 4068 dot3svc - ok

00:51:24.0907 4068 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

00:51:25.0001 4068 DPS - ok

00:51:25.0032 4068 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

00:51:25.0063 4068 drmkaud - ok

00:51:25.0094 4068 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

00:51:25.0126 4068 DXGKrnl - ok

00:51:25.0157 4068 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

00:51:25.0219 4068 EapHost - ok

00:51:25.0313 4068 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

00:51:25.0453 4068 ebdrv - ok

00:51:25.0516 4068 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

00:51:25.0594 4068 EFS - ok

00:51:25.0625 4068 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

00:51:25.0656 4068 ehRecvr - ok

00:51:25.0672 4068 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

00:51:25.0703 4068 ehSched - ok

00:51:25.0781 4068 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

00:51:25.0812 4068 elxstor - ok

00:51:25.0843 4068 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

00:51:25.0874 4068 ErrDev - ok

00:51:25.0937 4068 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

00:51:25.0984 4068 EventSystem - ok

00:51:26.0015 4068 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

00:51:26.0077 4068 exfat - ok

00:51:26.0077 4068 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

00:51:26.0124 4068 fastfat - ok

00:51:26.0171 4068 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

00:51:26.0233 4068 Fax - ok

00:51:26.0249 4068 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

00:51:26.0280 4068 fdc - ok

00:51:26.0311 4068 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

00:51:26.0342 4068 fdPHost - ok

00:51:26.0358 4068 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

00:51:26.0389 4068 FDResPub - ok

00:51:26.0420 4068 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

00:51:26.0436 4068 FileInfo - ok

00:51:26.0452 4068 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

00:51:26.0498 4068 Filetrace - ok

00:51:26.0514 4068 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

00:51:26.0530 4068 flpydisk - ok

00:51:26.0561 4068 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

00:51:26.0592 4068 FltMgr - ok

00:51:26.0654 4068 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

00:51:26.0701 4068 FontCache - ok

00:51:26.0764 4068 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

00:51:26.0779 4068 FontCache3.0.0.0 - ok

00:51:26.0810 4068 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

00:51:26.0826 4068 FsDepends - ok

00:51:26.0857 4068 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

00:51:26.0873 4068 Fs_Rec - ok

00:51:26.0935 4068 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

00:51:26.0966 4068 fvevol - ok

00:51:26.0998 4068 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

00:51:27.0013 4068 gagp30kx - ok

00:51:27.0122 4068 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe

00:51:27.0138 4068 GameConsoleService - ok

00:51:27.0169 4068 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

00:51:27.0185 4068 GEARAspiWDM - ok

00:51:27.0200 4068 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

00:51:27.0263 4068 gpsvc - ok

00:51:27.0310 4068 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe

00:51:27.0356 4068 Greg_Service - ok

00:51:27.0419 4068 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

00:51:27.0450 4068 gupdate - ok

00:51:27.0466 4068 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

00:51:27.0497 4068 gupdatem - ok

00:51:27.0512 4068 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

00:51:27.0575 4068 hcw85cir - ok

00:51:27.0622 4068 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

00:51:27.0653 4068 HdAudAddService - ok

00:51:27.0715 4068 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

00:51:27.0762 4068 HDAudBus - ok

00:51:27.0778 4068 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

00:51:27.0793 4068 HidBatt - ok

00:51:27.0809 4068 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

00:51:27.0856 4068 HidBth - ok

00:51:27.0871 4068 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

00:51:27.0902 4068 HidIr - ok

00:51:27.0934 4068 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

00:51:27.0996 4068 hidserv - ok

00:51:28.0058 4068 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

00:51:28.0074 4068 HidUsb - ok

00:51:28.0105 4068 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

00:51:28.0152 4068 hkmsvc - ok

00:51:28.0183 4068 HMuKstOr (44660c841490a0a0d8b6af0a45c46f77) C:\Windows\system32\DRIVERS\HMuKstOr.sys

00:51:28.0214 4068 HMuKstOr - ok

00:51:28.0246 4068 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

00:51:28.0292 4068 HomeGroupListener - ok

00:51:28.0339 4068 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

00:51:28.0370 4068 HomeGroupProvider - ok

00:51:28.0386 4068 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

00:51:28.0402 4068 HpSAMD - ok

00:51:28.0464 4068 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

00:51:28.0542 4068 HTTP - ok

00:51:28.0573 4068 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

00:51:28.0589 4068 hwpolicy - ok

00:51:28.0620 4068 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

00:51:28.0636 4068 i8042prt - ok

00:51:28.0682 4068 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

00:51:28.0698 4068 iaStorV - ok

00:51:28.0760 4068 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

00:51:28.0792 4068 idsvc - ok

00:51:28.0823 4068 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

00:51:28.0838 4068 iirsp - ok

00:51:28.0901 4068 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

00:51:28.0948 4068 IKEEXT - ok

00:51:29.0026 4068 IntcAzAudAddService (13089f31aa37cde1ce3784ee01a48484) C:\Windows\system32\drivers\RTKVHD64.sys

00:51:29.0135 4068 IntcAzAudAddService - ok

00:51:29.0182 4068 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

00:51:29.0197 4068 intelide - ok

00:51:29.0213 4068 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

00:51:29.0244 4068 intelppm - ok

00:51:29.0275 4068 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

00:51:29.0338 4068 IPBusEnum - ok

00:51:29.0369 4068 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

00:51:29.0431 4068 IpFilterDriver - ok

00:51:29.0478 4068 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

00:51:29.0540 4068 iphlpsvc - ok

00:51:29.0572 4068 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

00:51:29.0587 4068 IPMIDRV - ok

00:51:29.0603 4068 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

00:51:29.0665 4068 IPNAT - ok

00:51:29.0759 4068 iPod Service (e94503089df8976f5c4c9d5168e9765f) C:\Program Files\iPod\bin\iPodService.exe

00:51:29.0790 4068 iPod Service - ok

00:51:29.0806 4068 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

00:51:29.0852 4068 IRENUM - ok

00:51:29.0868 4068 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

00:51:29.0884 4068 isapnp - ok

00:51:29.0899 4068 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

00:51:29.0930 4068 iScsiPrt - ok

00:51:29.0946 4068 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

00:51:29.0962 4068 kbdclass - ok

00:51:29.0977 4068 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

00:51:29.0993 4068 kbdhid - ok

00:51:30.0024 4068 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:51:30.0040 4068 KeyIso - ok

00:51:30.0055 4068 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

00:51:30.0071 4068 KSecDD - ok

00:51:30.0102 4068 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

00:51:30.0118 4068 KSecPkg - ok

00:51:30.0133 4068 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

00:51:30.0180 4068 ksthunk - ok

00:51:30.0227 4068 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

00:51:30.0289 4068 KtmRm - ok

00:51:30.0320 4068 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

00:51:30.0383 4068 LanmanServer - ok

00:51:30.0414 4068 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

00:51:30.0461 4068 LanmanWorkstation - ok

00:51:30.0492 4068 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

00:51:30.0554 4068 lltdio - ok

00:51:30.0601 4068 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

00:51:30.0632 4068 lltdsvc - ok

00:51:30.0648 4068 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

00:51:30.0679 4068 lmhosts - ok

00:51:30.0710 4068 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

00:51:30.0726 4068 LSI_FC - ok

00:51:30.0742 4068 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

00:51:30.0757 4068 LSI_SAS - ok

00:51:30.0773 4068 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

00:51:30.0788 4068 LSI_SAS2 - ok

00:51:30.0835 4068 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

00:51:30.0851 4068 LSI_SCSI - ok

00:51:30.0882 4068 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

00:51:30.0944 4068 luafv - ok

00:51:31.0007 4068 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

00:51:31.0038 4068 MBAMProtector - ok

00:51:31.0132 4068 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

00:51:31.0163 4068 MBAMService - ok

00:51:31.0178 4068 McAfee SiteAdvisor Service - ok

00:51:31.0241 4068 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

00:51:31.0272 4068 Mcx2Svc - ok

00:51:31.0303 4068 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

00:51:31.0319 4068 megasas - ok

00:51:31.0334 4068 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

00:51:31.0350 4068 MegaSR - ok

00:51:31.0381 4068 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

00:51:31.0428 4068 MMCSS - ok

00:51:31.0459 4068 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

00:51:31.0506 4068 Modem - ok

00:51:31.0553 4068 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

00:51:31.0584 4068 monitor - ok

00:51:31.0631 4068 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

00:51:31.0631 4068 mouclass - ok

00:51:31.0646 4068 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

00:51:31.0678 4068 mouhid - ok

00:51:31.0724 4068 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

00:51:31.0740 4068 mountmgr - ok

00:51:31.0771 4068 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

00:51:31.0787 4068 mpio - ok

00:51:31.0818 4068 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

00:51:31.0849 4068 mpsdrv - ok

00:51:31.0912 4068 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

00:51:31.0958 4068 MpsSvc - ok

00:51:32.0005 4068 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

00:51:32.0052 4068 MRxDAV - ok

00:51:32.0083 4068 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

00:51:32.0114 4068 mrxsmb - ok

00:51:32.0161 4068 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

00:51:32.0192 4068 mrxsmb10 - ok

00:51:32.0224 4068 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

00:51:32.0255 4068 mrxsmb20 - ok

00:51:32.0286 4068 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

00:51:32.0302 4068 msahci - ok

00:51:32.0333 4068 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

00:51:32.0348 4068 msdsm - ok

00:51:32.0380 4068 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

00:51:32.0395 4068 MSDTC - ok

00:51:32.0426 4068 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

00:51:32.0458 4068 Msfs - ok

00:51:32.0473 4068 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

00:51:32.0520 4068 mshidkmdf - ok

00:51:32.0551 4068 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

00:51:32.0567 4068 msisadrv - ok

00:51:32.0598 4068 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

00:51:32.0645 4068 MSiSCSI - ok

00:51:32.0645 4068 msiserver - ok

00:51:32.0676 4068 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

00:51:32.0738 4068 MSKSSRV - ok

00:51:32.0770 4068 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

00:51:32.0816 4068 MSPCLOCK - ok

00:51:32.0848 4068 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

00:51:32.0894 4068 MSPQM - ok

00:51:32.0941 4068 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

00:51:32.0957 4068 MsRPC - ok

00:51:32.0972 4068 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

00:51:32.0988 4068 mssmbios - ok

00:51:33.0004 4068 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

00:51:33.0050 4068 MSTEE - ok

00:51:33.0082 4068 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

00:51:33.0097 4068 MTConfig - ok

00:51:33.0128 4068 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

00:51:33.0144 4068 Mup - ok

00:51:33.0191 4068 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

00:51:33.0238 4068 napagent - ok

00:51:33.0284 4068 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

00:51:33.0316 4068 NativeWifiP - ok

00:51:33.0394 4068 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

00:51:33.0425 4068 NDIS - ok

00:51:33.0456 4068 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

00:51:33.0503 4068 NdisCap - ok

00:51:33.0518 4068 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

00:51:33.0565 4068 NdisTapi - ok

00:51:33.0628 4068 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

00:51:33.0674 4068 Ndisuio - ok

00:51:33.0721 4068 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

00:51:33.0784 4068 NdisWan - ok

00:51:33.0830 4068 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

00:51:33.0877 4068 NDProxy - ok

00:51:33.0971 4068 Nero BackItUp Scheduler 4.0 (b90e093e7a7250906f1054418b5339c0) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

00:51:34.0018 4068 Nero BackItUp Scheduler 4.0 - ok

00:51:34.0033 4068 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

00:51:34.0080 4068 NetBIOS - ok

00:51:34.0111 4068 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

00:51:34.0174 4068 NetBT - ok

00:51:34.0220 4068 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:51:34.0236 4068 Netlogon - ok

00:51:34.0267 4068 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

00:51:34.0314 4068 Netman - ok

00:51:34.0345 4068 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

00:51:34.0408 4068 netprofm - ok

00:51:34.0470 4068 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

00:51:34.0470 4068 NetTcpPortSharing - ok

00:51:34.0517 4068 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

00:51:34.0532 4068 nfrd960 - ok

00:51:34.0626 4068 NitroDriverReadSpool (2e64eb9d4bd5b3aecd30513f8cf4ee2b) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe

00:51:34.0642 4068 NitroDriverReadSpool - ok

00:51:34.0704 4068 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

00:51:34.0766 4068 NlaSvc - ok

00:51:34.0844 4068 nlsX86cc (a9ab333fc9ab1ea17fcd81a97c5af467) C:\Windows\SysWOW64\NLSSRV32.EXE

00:51:34.0860 4068 nlsX86cc - ok

00:51:34.0891 4068 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

00:51:34.0922 4068 Npfs - ok

00:51:34.0954 4068 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

00:51:35.0000 4068 nsi - ok

00:51:35.0016 4068 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

00:51:35.0047 4068 nsiproxy - ok

00:51:35.0125 4068 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

00:51:35.0188 4068 Ntfs - ok

00:51:35.0203 4068 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

00:51:35.0234 4068 Null - ok

00:51:35.0515 4068 nvlddmkm (18a79fde9658d77a37ec163aa24f107d) C:\Windows\system32\DRIVERS\nvlddmkm.sys

00:51:35.0858 4068 nvlddmkm - ok

00:51:35.0905 4068 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

00:51:35.0921 4068 nvraid - ok

00:51:35.0936 4068 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

00:51:35.0952 4068 nvstor - ok

00:51:35.0983 4068 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys

00:51:35.0999 4068 nvstor64 - ok

00:51:36.0077 4068 nvsvc (65de9567ed7985876900f3c3f0b8967f) C:\Windows\system32\nvvsvc.exe

00:51:36.0092 4068 nvsvc - ok

00:51:36.0139 4068 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

00:51:36.0155 4068 nv_agp - ok

00:51:36.0233 4068 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

00:51:36.0264 4068 odserv - ok

00:51:36.0280 4068 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

00:51:36.0311 4068 ohci1394 - ok

00:51:36.0342 4068 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

00:51:36.0358 4068 ose - ok

00:51:36.0389 4068 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

00:51:36.0451 4068 p2pimsvc - ok

00:51:36.0467 4068 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

00:51:36.0498 4068 p2psvc - ok

00:51:36.0545 4068 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

00:51:36.0592 4068 Parport - ok

00:51:36.0623 4068 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

00:51:36.0654 4068 partmgr - ok

00:51:36.0654 4068 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

00:51:36.0701 4068 PcaSvc - ok

00:51:36.0732 4068 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

00:51:36.0748 4068 pci - ok

00:51:36.0779 4068 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

00:51:36.0794 4068 pciide - ok

00:51:36.0810 4068 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

00:51:36.0826 4068 pcmcia - ok

00:51:36.0872 4068 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

00:51:36.0888 4068 pcw - ok

00:51:36.0904 4068 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

00:51:36.0966 4068 PEAUTH - ok

00:51:37.0013 4068 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

00:51:37.0044 4068 PerfHost - ok

00:51:37.0122 4068 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

00:51:37.0200 4068 pla - ok

00:51:37.0262 4068 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

00:51:37.0325 4068 PlugPlay - ok

00:51:37.0340 4068 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

00:51:37.0356 4068 PNRPAutoReg - ok

00:51:37.0387 4068 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

00:51:37.0403 4068 PNRPsvc - ok

00:51:37.0450 4068 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys

00:51:37.0465 4068 Point64 - ok

00:51:37.0512 4068 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

00:51:37.0543 4068 PolicyAgent - ok

00:51:37.0590 4068 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

00:51:37.0637 4068 Power - ok

00:51:37.0668 4068 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

00:51:37.0715 4068 PptpMiniport - ok

00:51:37.0746 4068 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

00:51:37.0777 4068 Processor - ok

00:51:37.0840 4068 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

00:51:37.0918 4068 ProfSvc - ok

00:51:37.0964 4068 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:51:37.0980 4068 ProtectedStorage - ok

00:51:38.0058 4068 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

00:51:38.0089 4068 Psched - ok

00:51:38.0136 4068 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

00:51:38.0152 4068 PxHlpa64 - ok

00:51:38.0198 4068 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

00:51:38.0261 4068 ql2300 - ok

00:51:38.0292 4068 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

00:51:38.0308 4068 ql40xx - ok

00:51:38.0339 4068 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

00:51:38.0354 4068 QWAVE - ok

00:51:38.0370 4068 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

00:51:38.0417 4068 QWAVEdrv - ok

00:51:38.0448 4068 RapportKE64 - ok

00:51:38.0448 4068 RapportLaunService - ok

00:51:38.0464 4068 RapportMgmtService - ok

00:51:38.0479 4068 RapportPG64 - ok

00:51:38.0495 4068 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

00:51:38.0542 4068 RasAcd - ok

00:51:38.0573 4068 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

00:51:38.0620 4068 RasAgileVpn - ok

00:51:38.0635 4068 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

00:51:38.0698 4068 RasAuto - ok

00:51:38.0744 4068 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

00:51:38.0791 4068 Rasl2tp - ok

00:51:38.0822 4068 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

00:51:38.0869 4068 RasMan - ok

00:51:38.0885 4068 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

00:51:38.0947 4068 RasPppoe - ok

00:51:38.0963 4068 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

00:51:39.0010 4068 RasSstp - ok

00:51:39.0025 4068 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

00:51:39.0072 4068 rdbss - ok

00:51:39.0088 4068 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

00:51:39.0103 4068 rdpbus - ok

00:51:39.0134 4068 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

00:51:39.0181 4068 RDPCDD - ok

00:51:39.0212 4068 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

00:51:39.0259 4068 RDPENCDD - ok

00:51:39.0290 4068 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

00:51:39.0322 4068 RDPREFMP - ok

00:51:39.0353 4068 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

00:51:39.0400 4068 RDPWD - ok

00:51:39.0446 4068 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

00:51:39.0462 4068 rdyboost - ok

00:51:39.0493 4068 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

00:51:39.0540 4068 RemoteAccess - ok

00:51:39.0571 4068 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

00:51:39.0618 4068 RemoteRegistry - ok

00:51:39.0665 4068 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

00:51:39.0696 4068 RpcEptMapper - ok

00:51:39.0712 4068 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

00:51:39.0743 4068 RpcLocator - ok

00:51:39.0774 4068 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

00:51:39.0821 4068 RpcSs - ok

00:51:39.0852 4068 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

00:51:39.0899 4068 rspndr - ok

00:51:39.0946 4068 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys

00:51:40.0039 4068 RTL8167 - ok

00:51:40.0070 4068 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:51:40.0086 4068 SamSs - ok

00:51:40.0133 4068 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

00:51:40.0148 4068 sbp2port - ok

00:51:40.0242 4068 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

00:51:40.0304 4068 SBSDWSCService - ok

00:51:40.0351 4068 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

00:51:40.0382 4068 SCardSvr - ok

00:51:40.0414 4068 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

00:51:40.0492 4068 scfilter - ok

00:51:40.0538 4068 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

00:51:40.0601 4068 Schedule - ok

00:51:40.0648 4068 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

00:51:40.0694 4068 SCPolicySvc - ok

00:51:40.0741 4068 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

00:51:40.0772 4068 SDRSVC - ok

00:51:40.0788 4068 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

00:51:40.0835 4068 secdrv - ok

00:51:40.0850 4068 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

00:51:40.0897 4068 seclogon - ok

00:51:40.0913 4068 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

00:51:40.0960 4068 SENS - ok

00:51:40.0975 4068 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

00:51:41.0022 4068 SensrSvc - ok

00:51:41.0038 4068 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

00:51:41.0069 4068 Serenum - ok

00:51:41.0116 4068 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

00:51:41.0131 4068 Serial - ok

00:51:41.0194 4068 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

00:51:41.0225 4068 sermouse - ok

00:51:41.0272 4068 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

00:51:41.0334 4068 SessionEnv - ok

00:51:41.0350 4068 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

00:51:41.0365 4068 sffdisk - ok

00:51:41.0396 4068 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

00:51:41.0412 4068 sffp_mmc - ok

00:51:41.0428 4068 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

00:51:41.0459 4068 sffp_sd - ok

00:51:41.0490 4068 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

00:51:41.0506 4068 sfloppy - ok

00:51:41.0552 4068 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

00:51:41.0584 4068 SharedAccess - ok

00:51:41.0630 4068 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

00:51:41.0693 4068 ShellHWDetection - ok

00:51:41.0724 4068 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

00:51:41.0740 4068 SiSRaid2 - ok

00:51:41.0771 4068 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

00:51:41.0771 4068 SiSRaid4 - ok

00:51:41.0818 4068 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

00:51:41.0849 4068 Smb - ok

00:51:41.0896 4068 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

00:51:41.0927 4068 SNMPTRAP - ok

00:51:41.0958 4068 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

00:51:41.0974 4068 spldr - ok

00:51:42.0020 4068 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

00:51:42.0067 4068 Spooler - ok

00:51:42.0176 4068 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

00:51:42.0301 4068 sppsvc - ok

00:51:42.0332 4068 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

00:51:42.0364 4068 sppuinotify - ok

00:51:42.0410 4068 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

00:51:42.0488 4068 srv - ok

00:51:42.0551 4068 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

00:51:42.0598 4068 srv2 - ok

00:51:42.0629 4068 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

00:51:42.0660 4068 srvnet - ok

00:51:42.0722 4068 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

00:51:42.0754 4068 SSDPSRV - ok

00:51:42.0769 4068 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

00:51:42.0816 4068 SstpSvc - ok

00:51:42.0832 4068 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

00:51:42.0847 4068 stexstor - ok

00:51:42.0894 4068 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

00:51:42.0941 4068 stisvc - ok

00:51:42.0972 4068 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

00:51:42.0988 4068 swenum - ok

00:51:43.0097 4068 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

00:51:43.0128 4068 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning

00:51:43.0128 4068 SwitchBoard - detected UnsignedFile.Multi.Generic (1)

00:51:43.0175 4068 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

00:51:43.0237 4068 swprv - ok

00:51:43.0315 4068 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

00:51:43.0409 4068 SysMain - ok

00:51:43.0440 4068 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

00:51:43.0471 4068 TabletInputService - ok

00:51:43.0518 4068 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

00:51:43.0565 4068 TapiSrv - ok

00:51:43.0612 4068 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

00:51:43.0658 4068 TBS - ok

00:51:43.0721 4068 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

00:51:43.0783 4068 Tcpip - ok

00:51:43.0830 4068 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

00:51:43.0877 4068 TCPIP6 - ok

00:51:43.0924 4068 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

00:51:43.0955 4068 tcpipreg - ok

00:51:44.0002 4068 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

00:51:44.0033 4068 TDPIPE - ok

00:51:44.0080 4068 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

00:51:44.0080 4068 TDTCP - ok

00:51:44.0126 4068 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

00:51:44.0158 4068 tdx - ok

00:51:44.0204 4068 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

00:51:44.0236 4068 TermDD - ok

00:51:44.0282 4068 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

00:51:44.0329 4068 TermService - ok

00:51:44.0345 4068 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

00:51:44.0376 4068 Themes - ok

00:51:44.0423 4068 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

00:51:44.0454 4068 THREADORDER - ok

00:51:44.0470 4068 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

00:51:44.0516 4068 TrkWks - ok

00:51:44.0579 4068 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

00:51:44.0626 4068 TrustedInstaller - ok

00:51:44.0672 4068 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

00:51:44.0719 4068 tssecsrv - ok

00:51:44.0750 4068 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

00:51:44.0797 4068 TsUsbFlt - ok

00:51:44.0844 4068 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

00:51:44.0875 4068 tunnel - ok

00:51:44.0906 4068 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

00:51:44.0922 4068 uagp35 - ok

00:51:44.0969 4068 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

00:51:45.0016 4068 udfs - ok

00:51:45.0062 4068 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

00:51:45.0094 4068 UI0Detect - ok

00:51:45.0125 4068 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

00:51:45.0140 4068 uliagpkx - ok

00:51:45.0172 4068 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

00:51:45.0203 4068 umbus - ok

00:51:45.0234 4068 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

00:51:45.0250 4068 UmPass - ok

00:51:45.0312 4068 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

00:51:45.0343 4068 Updater Service - ok

00:51:45.0359 4068 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

00:51:45.0406 4068 upnphost - ok

00:51:45.0421 4068 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys

00:51:45.0452 4068 usbccgp - ok

00:51:45.0484 4068 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

00:51:45.0515 4068 usbcir - ok

00:51:45.0530 4068 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

00:51:45.0546 4068 usbehci - ok

00:51:45.0577 4068 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

00:51:45.0608 4068 usbhub - ok

00:51:45.0640 4068 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

00:51:45.0671 4068 usbohci - ok

00:51:45.0686 4068 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

00:51:45.0733 4068 usbprint - ok

00:51:45.0764 4068 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

00:51:45.0780 4068 usbscan - ok

00:51:45.0827 4068 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

00:51:45.0858 4068 USBSTOR - ok

00:51:45.0874 4068 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

00:51:45.0905 4068 usbuhci - ok

00:51:45.0936 4068 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

00:51:45.0983 4068 UxSms - ok

00:51:46.0014 4068 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:51:46.0030 4068 VaultSvc - ok

00:51:46.0076 4068 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys

00:51:46.0123 4068 VClone - ok

00:51:46.0139 4068 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

00:51:46.0154 4068 vdrvroot - ok

00:51:46.0201 4068 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

00:51:46.0248 4068 vds - ok

00:51:46.0279 4068 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

00:51:46.0295 4068 vga - ok

00:51:46.0326 4068 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

00:51:46.0373 4068 VgaSave - ok

00:51:46.0404 4068 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

00:51:46.0420 4068 vhdmp - ok

00:51:46.0451 4068 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

00:51:46.0451 4068 viaide - ok

00:51:46.0482 4068 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

00:51:46.0498 4068 volmgr - ok

00:51:46.0544 4068 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

00:51:46.0560 4068 volmgrx - ok

00:51:46.0576 4068 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

00:51:46.0591 4068 volsnap - ok

00:51:46.0638 4068 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

00:51:46.0654 4068 vsmraid - ok

00:51:46.0716 4068 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

00:51:46.0810 4068 VSS - ok

00:51:46.0934 4068 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

00:51:46.0981 4068 vToolbarUpdater10.2.0 - ok

00:51:46.0997 4068 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

00:51:47.0028 4068 vwifibus - ok

00:51:47.0090 4068 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

00:51:47.0122 4068 W32Time - ok

00:51:47.0153 4068 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

00:51:47.0168 4068 WacomPen - ok

00:51:47.0215 4068 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

00:51:47.0278 4068 WANARP - ok

00:51:47.0278 4068 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

00:51:47.0309 4068 Wanarpv6 - ok

00:51:47.0402 4068 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

00:51:47.0465 4068 WatAdminSvc - ok

00:51:47.0512 4068 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

00:51:47.0590 4068 wbengine - ok

00:51:47.0605 4068 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

00:51:47.0636 4068 WbioSrvc - ok

00:51:47.0683 4068 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

00:51:47.0714 4068 wcncsvc - ok

00:51:47.0746 4068 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

00:51:47.0761 4068 WcsPlugInService - ok

00:51:47.0777 4068 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

00:51:47.0792 4068 Wd - ok

00:51:47.0824 4068 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

00:51:47.0855 4068 Wdf01000 - ok

00:51:47.0870 4068 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

00:51:47.0964 4068 WdiServiceHost - ok

00:51:47.0980 4068 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

00:51:47.0995 4068 WdiSystemHost - ok

00:51:48.0026 4068 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

00:51:48.0058 4068 WebClient - ok

00:51:48.0089 4068 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

00:51:48.0136 4068 Wecsvc - ok

00:51:48.0182 4068 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

00:51:48.0229 4068 wercplsupport - ok

00:51:48.0276 4068 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

00:51:48.0323 4068 WerSvc - ok

00:51:48.0338 4068 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

00:51:48.0385 4068 WfpLwf - ok

00:51:48.0401 4068 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

00:51:48.0416 4068 WIMMount - ok

00:51:48.0463 4068 WinDefend - ok

00:51:48.0479 4068 WinHttpAutoProxySvc - ok

00:51:48.0541 4068 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

00:51:48.0604 4068 Winmgmt - ok

00:51:48.0682 4068 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

00:51:48.0744 4068 WinRM - ok

00:51:48.0806 4068 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

00:51:48.0838 4068 Wlansvc - ok

00:51:48.0962 4068 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

00:51:49.0056 4068 wlidsvc - ok

00:51:49.0103 4068 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

00:51:49.0134 4068 WmiAcpi - ok

00:51:49.0165 4068 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

00:51:49.0196 4068 wmiApSrv - ok

00:51:49.0212 4068 WMPNetworkSvc - ok

00:51:49.0259 4068 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

00:51:49.0274 4068 WPCSvc - ok

00:51:49.0306 4068 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

00:51:49.0352 4068 WPDBusEnum - ok

00:51:49.0384 4068 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

00:51:49.0415 4068 ws2ifsl - ok

00:51:49.0430 4068 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

00:51:49.0462 4068 wscsvc - ok

00:51:49.0462 4068 WSearch - ok

00:51:49.0540 4068 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

00:51:49.0649 4068 wuauserv - ok

00:51:49.0680 4068 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

00:51:49.0742 4068 WudfPf - ok

00:51:49.0758 4068 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

00:51:49.0805 4068 WUDFRd - ok

00:51:49.0820 4068 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

00:51:49.0867 4068 wudfsvc - ok

00:51:49.0898 4068 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

00:51:49.0945 4068 WwanSvc - ok

00:51:49.0976 4068 MBR (0x1B8) (70e629b51c16b3c007730c6ae57144c9) \Device\Harddisk0\DR0

00:51:52.0160 4068 \Device\Harddisk0\DR0 - ok

00:51:52.0160 4068 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR7

00:51:52.0301 4068 \Device\Harddisk6\DR7 - ok

00:51:52.0332 4068 Boot (0x1200) (1949e67fc19e0ee5a732aa6d6c547bee) \Device\Harddisk0\DR0\Partition0

00:51:52.0332 4068 \Device\Harddisk0\DR0\Partition0 - ok

00:51:52.0348 4068 Boot (0x1200) (71a650232cbb77b99fea37ce2286b0ca) \Device\Harddisk0\DR0\Partition1

00:51:52.0348 4068 \Device\Harddisk0\DR0\Partition1 - ok

00:51:52.0348 4068 Boot (0x1200) (7f03e5dce0728544f050e33ddabd1bd1) \Device\Harddisk6\DR7\Partition0

00:51:52.0348 4068 \Device\Harddisk6\DR7\Partition0 - ok

00:51:52.0348 4068 ============================================================

00:51:52.0348 4068 Scan finished

00:51:52.0348 4068 ============================================================

00:51:52.0379 1964 Detected object count: 2

00:51:52.0379 1964 Actual detected object count: 2

00:52:09.0929 1964 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user

00:52:09.0929 1964 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:52:09.0929 1964 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

00:52:09.0929 1964 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

Share this post


Link to post
Share on other sites

Next.......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Share this post


Link to post
Share on other sites

ComboFix 12-04-15.02 - G. C. Goebel 04/16/2012 0:21.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2841 [GMT -5:00]

Running from: c:\users\G. C. Goebel\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\G. C. Goebel\AppData\Roaming\Mozilla\Firefox\Profiles\fvmzrwak.default\extensions\{425fe507-fdac-485e-bcf4-c2bb89a07ad0}

c:\users\G. C. Goebel\AppData\Roaming\Mozilla\Firefox\Profiles\fvmzrwak.default\extensions\{425fe507-fdac-485e-bcf4-c2bb89a07ad0}\chrome.manifest

c:\users\G. C. Goebel\AppData\Roaming\Mozilla\Firefox\Profiles\fvmzrwak.default\extensions\{425fe507-fdac-485e-bcf4-c2bb89a07ad0}\chrome\xulcache.jar

c:\users\G. C. Goebel\AppData\Roaming\Mozilla\Firefox\Profiles\fvmzrwak.default\extensions\{425fe507-fdac-485e-bcf4-c2bb89a07ad0}\defaults\preferences\xulcache.js

c:\users\G. C. Goebel\AppData\Roaming\Mozilla\Firefox\Profiles\fvmzrwak.default\extensions\{425fe507-fdac-485e-bcf4-c2bb89a07ad0}\install.rdf

c:\users\G. C. Goebel\AppData\Roaming\Mozilla\Firefox\Profiles\fvmzrwak.default\extensions\{6aaac17f-0cae-47e2-86b6-7f87a2fb63f8}

c:\users\G. C. Goebel\AppData\Roaming\Mozilla\Firefox\Profiles\fvmzrwak.default\extensions\{6aaac17f-0cae-47e2-86b6-7f87a2fb63f8}\chrome.manifest

c:\users\G. C. Goebel\AppData\Roaming\Mozilla\Firefox\Profiles\fvmzrwak.default\extensions\{6aaac17f-0cae-47e2-86b6-7f87a2fb63f8}\chrome\xulcache.jar

c:\users\G. C. Goebel\AppData\Roaming\Mozilla\Firefox\Profiles\fvmzrwak.default\extensions\{6aaac17f-0cae-47e2-86b6-7f87a2fb63f8}\defaults\preferences\xulcache.js

c:\users\G. C. Goebel\AppData\Roaming\Mozilla\Firefox\Profiles\fvmzrwak.default\extensions\{6aaac17f-0cae-47e2-86b6-7f87a2fb63f8}\install.rdf

.

.

((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))

.

.

2012-04-16 05:26 . 2012-04-16 05:26 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-04-16 05:26 . 2012-04-16 05:26 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-04-16 05:26 . 2012-04-16 05:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-11 04:08 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 04:08 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-11 04:08 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-11 04:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-11 04:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-11 04:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-11 04:06 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-11 04:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-11 04:06 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-11 04:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-11 04:00 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-04-11 04:00 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-03-30 03:25 . 2012-03-30 03:25 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-30 03:25 . 2012-03-30 03:25 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-04 20:56 . 2011-09-29 08:03 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-07 16:02 . 2012-02-07 16:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-03-13 02:29 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]

"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]

"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-13 982880]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096]

.

c:\users\G. C. Goebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 RapportKE64;RapportKE64;c:\program files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [x]

R1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\RapportPG64.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-13 136176]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]

R2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]

R3 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-13 136176]

R3 RapportLaunService;Rapport Launching Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-06-04 1150496]

S2 HMuKstOr;Kensington TrackballWorks Orbit USB HID Device Filter Driver;c:\windows\system32\DRIVERS\HMuKstOr.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2010-10-01 341312]

S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2010-10-01 67904]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]

S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-13 918880]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-13 09:41]

.

2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-13 09:41]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-19 11775592]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.bing.com/?pc=Z006&form=ZGAPHP

mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1831&r=173604102206p0365v1i5r4711s27q

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll

FF - ProfilePath - c:\users\G. C. Goebel\AppData\Roaming\Mozilla\Firefox\Profiles\fvmzrwak.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: network.proxy.ftp - :0

FF - prefs.js: network.proxy.http - :0

FF - prefs.js: network.proxy.socks - :0

FF - prefs.js: network.proxy.ssl - :0

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2503381363-1545987336-47177814-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2503381363-1545987336-47177814-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Premiere Pro\2.0\DefaultPreset]

@DACL=(02 0000)

@="DV - NTSC\\Standard 48kHz.prpreset"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe\Premiere Pro\2.0\Help]

@DACL=(02 0000)

"Support"="http://www.adobe.com/support/products/premiere.html"

"Search"="c:\\Program Files (x86)\\Adobe\\Adobe Premiere Pro 2.0\\Help\\search.html"

"Keyboard"="c:\\Program Files (x86)\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_21_0_0.html"

"HowToUse"="c:\\Program Files (x86)\\Adobe\\Adobe Premiere Pro 2.0\\Help\\0_0_0_0.html"

"ExportToDVD"="c:\\Program Files (x86)\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_19_2_0.html"

"AdobeMediaEncoder"="c:\\Program Files (x86)\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"

"Contents"="c:\\Program Files (x86)\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"

"Registration"="\"http://store.adobe.com/cgi-bin/WebObjects/WEC?pageID=RegMp1\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

.

**************************************************************************

.

Completion time: 2012-04-16 00:33:06 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-16 05:33

.

Pre-Run: 525,975,797,760 bytes free

Post-Run: 525,836,636,160 bytes free

.

- - End Of File - - BE1AAD15C8898C51B7408A09618F5374

Share this post


Link to post
Share on other sites

Please do this:

Download
to your
desktop

Close any open windows.

Double click the
TFC
icon to run the program

TFC
will close all open programs itself in order to run,

Click the Start button to begin the process.

Allow
TFC
to run uninterrupted.

The program should not take long to finish it's job

Once its finished it should automatically reboot your machine,

if it doesn't, manually reboot to ensure a complete clean

------------------------------

Then.......

Please
Update
and run a
Quick Scan
with
MBAM
, post the report.

Make sure that
everything is checked
, and click
Remove Selected
.

Please
let me know how it is
, MrC

Share this post


Link to post
Share on other sites

Everything's done and all seems to be well. MBAM found no threats, I didn't have to check or remove anything. Thanks a lot for all the help, I've been recommending you guys all week!

Share this post


Link to post
Share on other sites

OK...Good

A little clean up to do.

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------

You have out date Java on the system, older versions are vulnerable to malware.

Please go to your control panel > Java > Update Tab > Update Now

Java™ 6 Update 30 <---should be 31

http://www.java.com/...d/installed.jsp <---verify your Java

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.