Jump to content

Recommended Posts

My request is somewhat unusual and I hope you will forgive me for jumping over some of the normally prerequisite steps in your procedure. My Mom has the trojan. She lives over 100 miles away. I can only stay about three days and I will have to get rid of the trojan while I am there. So I need to be armed in advance with everything you can give me.

For months now, she has been detecting and automatically "deleting" the win32/comisproc trojan. It is found and "cured" using Microsoft Security Essentials, which is set for automatic updates and scan daily. Her computer is fairly new, Windows 7 64-bit. She opens emails about once a day and may Google something once a week. Yet, every two or three days after being deleted, the comisproc is back. I guess you guys need to tell Microsoft how to beef up their tools!

She does not have Malwarebytes and I cannot possibly tell her how to install it over the phone. I installed the free version on my XP computer here at my home and found four Adware.Minibug registry entries, and one PUM.Hijack.Help. These were missed by Ad-Aware Total Security, Spybot, MSE, and Microsoft Safety Scanner. Needless to say I am impressed! Mom has Ad Aware and Spybot but does not run them, only MSE runs automatically. I plan to also give her Microsoft Safety Scanner (unless you say otherwise).

So, I will have to go to her house a few days from now and within three days I must download a version of Malwarebytes, and I may not have time to see the trojan come back if it is going to come back!

To help you understand better which version of comisproc she has, I will tell you what MSE says about it. The trojan always hides in C:\Windows\Temp\_avast4_\ and has names like unp251129543.tmp usually only one "Item:" sometimes two. Only recently did I tell her to change the scan to "daily". The "deleted" trojan can come back within a day or two even when the computer is "sleeping". Apparently she wakes it up to a notice that a trojan was found. Clearly there is no point in my tracing her Internet History log. This thing is resurrecting itself!

1. What should I do to prepare for my trip? Mom can barely open up MSE and click on things. She cannot install anything.

2. How much of this could I do by remote control? Which remote control programs that are available to the layman would you recommend? I would be using XP SP-3 or Win7 64-bit. She would be using Win7 64-bit or XP (yes she has an old computer, but she needs help to swap them).

3. Above I have told you my anti-spyware arsenal. At present, I have both Ad-Aware and MSE running real-time protection on my XP. They seem to play fairly well together. How would Malwarebytes fit into this picture?

Link to post
Share on other sites

Welcome to the forum.

This would have to be done on the forum.

--------------------------------------

Please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, there not all bad!)

Post back the report.

MrC

Link to post
Share on other sites

Hello MrCharlie, Good to have you in my corner. As I said above, the Trojan is on Mom's computer and I must drive there to do the work. I will be there on Tues, May 1, 05/01/2012. Expect my next post on that day in the evening (PST). As of today (according to Mom), the last time the trojan was deleted by MSE was 04/25/2012. Since MSE has been set to scan daily and Mom uses her computer daily, the trojan has gone into "hiding" again. I suspect that MSE deletes only the file mentioned in my first post, located in C:\Windows\Temp\_avast4_\ Probably, there are other files and registry entries that allow it to "resurrect" itself.

1. I think that MSE deletes the trojan automatically, and currently Mom has instructions to select "delete" if MSE gives her a pop-up. Is this a problem? If the trojan is deleted, what will your tools find?

2. If I read your instructions correctly, you want me to run Malwarebytes free, Quick Scan. Your instructions do not say if I should both apply the suggested actions and report back to you. What sort of report do you want from Malwarebytes?

3. If I read you correctly, I am then to download and run dds.scr and report back the two files DDS.txt and Attach.txt. Exactly how do I specify that the results should go to my desktop, and then how do I move these files to my next Reply box? I will be using Windows 7 64-bit and I have not used this sytem before.

4. Your instructions appear to be contradictory. After running DDS, the instructions say "refrain from using special fix tools". But you say, "after posting the 2 logs", I should "download and run RogueKiller" and "post back the report". Is RogueKiller not a "fix tool"? If RougeKiller makes suggested actions such as deleting or quarantining files, what should I do?

5. There are two other websites that I am not considering using, however I would like to know what you think of them:

http://blog.teesupport.com/cant-delete-trojanwin32comisproc-from-my-pc-how-to-get-rid-of-it-efficiently/

and

http://www.pcthreat.com/parasitebyid-16421en.html

Both of these websites give manual removal procedures. What is amusing is that they do not list a single file name that both of them have in common. How do you account for this? Are various versions of Win32/Comisproc really that different?

Link to post
Share on other sites

1. I think that MSE deletes the trojan automatically, and currently Mom has instructions to select "delete" if MSE gives her a pop-up. Is this a problem? If the trojan is deleted, what will your tools find?

Lets see what's on the system

2. If I read your instructions correctly, you want me to run Malwarebytes free, Quick Scan. Your instructions do not say if I should both apply the suggested actions and report back to you. What sort of report do you want from Malwarebytes?

Please download Malwarebytes' Anti-Malware Free from Here

or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan", then click Scan.

Note: -->Do not run a full scan with MBAM. It is not required or needed.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy&Paste the entire report in your next reply

3. If I read you correctly, I am then to download and run dds.scr and report back the two files DDS.txt and Attach.txt. Exactly how do I specify that the results should go to my desktop, and then how do I move these files to my next Reply box? I will be using Windows 7 64-bit and I have not used this sytem before.

They'll pop-up...copy and paste them in your response.

4. Your instructions appear to be contradictory. After running DDS, the instructions say "refrain from using special fix tools". But you say, "after posting the 2 logs", I should "download and run RogueKiller" and "post back the report". Is RogueKiller not a "fix tool"? If RougeKiller makes suggested actions such as deleting or quarantining files, what should I do?

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, there not all bad!)

Post back the report.

5. There are two other websites that I am not considering using, however I would like to know what you think of them:

http://blog.teesuppo...it-efficiently/

and

http://www.pcthreat....id-16421en.html

Both of these websites give manual removal procedures. What is amusing is that they do not list a single file name that both of them have in common. How do you account for this? Are various versions of Win32/Comisproc really that different?

I know nothing about them.

MrC

Link to post
Share on other sites

Hello MrCharlie,

I am at Mom's house. I have downloaded and run mbam, DDS.SCR, and RogueKiller.

I will give you the results in a following Reply. Right now, I need to report an apparent attack on your website.

Go here:

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

Click on "Download Now" and Cnet gives you the correct mbam-setup file.

However, there is an animated arrow at the bottom that temps you to

Click on "Start Download" and you go to:

http://www.sammsoft.com/ (etc.) which offers you the

ARO 2012 downloader (not what we want, please warn your readers!)

I started to install the ARO2012_tbt file, but saw it was not malwarebytes,

and cancelled the install. I tried to get back to the web page to download

the mbam-setup file and somehow, I got hijacked to:

www.malwarbytes.org/forums/index.php?showforum=7

Note the first "e" is missing in "malwarbytes". This is a clever forgery of:

forums.malwarebytes.org//index.php?showforum=7

If you go to the "malwarbytes" website, Microsoft Security Essentials run-time protection will immediately quarantine:

Trojan:JS/IframeRef

MSE pops up a notice, but requires no action from you.

ARE YOU AWARE OF THIS PROBLEM?

I really can't remember how I got to that website, and my Internet History did not help me to repeat how I got there. I will help you by seeing if I can get there again after we have worked on my Mom's problem.

As you may recall, Mom has been getting the Trojan:Win32/Comisproc, not The Trojan:JS/IframeRef (at least, not until now)!

Link to post
Share on other sites

Looks OK to me:

Home Windows Software Security Software Anti-Spyware Malwarebytes Anti-Malware

Welcome Malwarebytes Anti-Malware users

To complete your download, click on the link below:

Download Now <---click here

Let get with the logs, it's getting late, MrC

Link to post
Share on other sites

Alright. I will give you the logs, but don't go to:

www.malwarbytes.org/forums/index.php?showforum=7

You will get the Trojan:JS/IframeRef. And if you dont have MSE, you will not know you have got it and you won't be able to get rid of it until you download MSE. Malwarbytes.org (without the "e") may be unaware that they are being used. They seem to have lots of free stuff to download. At the very least, they should be told that their website is infectious. At the most, they should be held responsible. Their name is too close to yours to be a coincidence!

Here is the Mbam output. Nothing was found. Not on 2012-04-16 or 2012-05-01:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.01.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Mary :: MARY-PC [administrator]

5/1/2012 1:42:32 PM

mbam-log-2012-05-01 (13-42-32).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 239039

Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Here is DDS.txt:

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Mary at 13:48:56 on 2012-05-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2874 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

AV: Ad-Aware Total Security *Enabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Ad-Aware Total Security *Enabled/Updated* {EFCD2318-A544-E9EB-4022-6820AEE79F52}

FW: Ad-Aware Personal Firewall *Enabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtlX64.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe

C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvcx64.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://emachines.msn.com

uDefault_Page_URL = hxxp://emachines.msn.com

mDefault_Page_URL = hxxp://emachines.msn.com

mStart Page = hxxp://emachines.msn.com

mWinlogon: Userinit=userinit.exe

BHO: Ad-Aware WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\WebFilter\AvkWebIE.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Ad-Aware WebFilter: {0124123d-61b4-456f-af86-78c53a0790c5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\WebFilter\AvkWebIE.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [QuickGammaLoader] C:\Program Files (x86)\QuickGamma\QuickGammaLoader.exe

mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

mRun: [sAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe

mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

mRun: [G Data AntiVirus Tray Application] C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe

mRun: [GDFirewallTray] C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

StartupFolder: C:\Users\Mary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{A33A5EBA-624D-4058-B267-674F0FD4F2DB} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Ad-Aware WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\WebFilter\AvkWebIE.dll

BHO-X64: Ad-Aware WebFilter Class - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Ad-Aware WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\WebFilter\AvkWebIE.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

mRun-x64: [sAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe

mRun-x64: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

mRun-x64: [G Data AntiVirus Tray Application] C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe

mRun-x64: [GDFirewallTray] C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\2xs1mble.default\

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 GDBehave;GDBehave;C:\Windows\system32\drivers\GDBehave.sys --> C:\Windows\system32\drivers\GDBehave.sys [?]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]

R1 GDMnIcpt;GDMnIcpt;\??\C:\Windows\system32\drivers\MiniIcpt.sys --> C:\Windows\system32\drivers\MiniIcpt.sys [?]

R1 gdwfpcd;G DATA WFP CD;C:\Windows\system32\drivers\gdwfpcd64.sys --> C:\Windows\system32\drivers\gdwfpcd64.sys [?]

R1 HookCentre;HookCentre;\??\C:\Windows\system32\drivers\HookCentre.sys --> C:\Windows\system32\drivers\HookCentre.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-10-12 3246040]

R2 AVKProxy;Ad-Aware Total Security Proxy;C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-6-29 1081384]

R2 AVKService;Ad-Aware Scheduler;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe [2010-6-29 412944]

R2 AVKWCtl;Ad-Aware Filesystem Monitor;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtlX64.exe [2010-6-23 2170224]

R2 GREGService;GREGService;C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2010-1-8 23584]

R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-10-11 290832]

R2 Live Updater Service;Live Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2011-3-28 244624]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-25 1153368]

R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]

R3 GDFwSvc;Ad-Aware Personal Firewall;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvcx64.exe [2010-6-15 1954472]

R3 GDPkIcpt;GDPkIcpt;\??\C:\Windows\system32\drivers\PktIcpt.sys --> C:\Windows\system32\drivers\PktIcpt.sys [?]

R3 GDScan;Ad-Aware Scanner;C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2010-6-29 624064]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 GDBackupSvc;Ad-Aware Backup Service;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe [2010-6-29 911976]

S3 GDTunerSvc;Ad-Aware Tuner Service;C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe [2010-6-29 1234896]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 129976]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-05-01 20:17:26 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B006BBB5-3800-4E80-8F24-D25054939C71}\mpengine.dll

2012-05-01 17:44:27 8917360 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-01 17:44:15 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-04-28 19:53:10 -------- d-----w- C:\Users\Mary\AppData\Local\{78654581-5E2E-406D-8DF3-2608F040C3AF}

2012-04-28 19:52:49 -------- d-----w- C:\Users\Mary\AppData\Local\{E3DF6BF4-EF8A-4A5C-9409-45F1FC2ECE20}

2012-04-28 16:31:27 -------- d-----w- C:\Users\Mary\AppData\Local\{F62A1149-ED7C-42B3-8F3D-6CDB21E6B142}

2012-04-28 16:31:10 -------- d-----w- C:\Users\Mary\AppData\Local\{AEE74045-C07E-4011-8FA1-53BFC12C1352}

2012-04-28 16:30:08 -------- d-----w- C:\Users\Mary\AppData\Local\{41140B15-230D-4EED-8C81-BBC66BECFEFC}

2012-04-28 16:29:57 -------- d-----w- C:\Users\Mary\AppData\Local\{89BDD6BC-3052-47F0-A575-D3596B6B454A}

2012-04-26 14:50:04 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-04-26 14:50:01 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-26 14:50:01 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-04-16 10:22:21 -------- d-----w- C:\Users\Mary\AppData\Roaming\Malwarebytes

2012-04-16 10:22:09 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-16 10:22:07 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-16 10:22:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-15 23:31:38 -------- d-----w- C:\Users\Mary\AppData\Local\{BD116740-DC9D-4B81-8FDB-721D66F9339D}

2012-04-15 23:31:17 -------- d-----w- C:\Users\Mary\AppData\Local\{AAD26108-6207-4F22-91B2-56C8E677A923}

2012-04-15 23:25:36 -------- d-----w- C:\Users\Mary\AppData\Local\{9292BE9B-0D11-41F3-BE83-FC5ECFAB2FBD}

2012-04-15 23:25:14 -------- d-----w- C:\Users\Mary\AppData\Local\{8BA0AA42-43C2-4797-9985-3206F54B4591}

2012-04-15 23:06:16 -------- d-----w- C:\Users\Mary\AppData\Local\{26907AAF-5B48-46A4-8CF5-33B1BD7D28EA}

2012-04-15 23:06:06 -------- d-----w- C:\Users\Mary\AppData\Local\{26DAC338-8C9D-4D75-9055-70302B395492}

2012-04-15 22:47:05 -------- d-----w- C:\Users\Mary\AppData\Local\{6AE9C654-B872-44EE-8B51-9322A182A43F}

2012-04-15 22:46:44 -------- d-----w- C:\Users\Mary\AppData\Local\{1867290B-5D2D-4BDB-B51E-B159F20A7E2D}

2012-04-15 22:35:37 -------- d-----w- C:\Users\Mary\AppData\Local\{FC63BB67-53EA-40DF-839C-520EE18C9274}

2012-04-15 22:35:15 -------- d-----w- C:\Users\Mary\AppData\Local\{68AECADA-A72C-4991-AF9B-C79ACBEAA20D}

2012-04-15 22:27:36 -------- d-----w- C:\Users\Mary\AppData\Local\{88B43E4A-D0F1-4D69-B593-661FF8E9343C}

2012-04-15 22:27:26 -------- d-----w- C:\Users\Mary\AppData\Local\{BD903C00-84EA-4ADF-B275-B654D80D9E73}

2012-04-15 22:12:14 -------- d-----w- C:\Users\Mary\AppData\Local\{52FDFAE3-E29B-4700-9285-A29FBF660931}

2012-04-15 22:11:52 -------- d-----w- C:\Users\Mary\AppData\Local\{A4A33F9C-C717-43D2-A99D-78058B50EC74}

2012-04-15 03:11:48 -------- d-----w- C:\Users\Mary\AppData\Local\{46E79D4F-9795-4E98-AAAC-2288B517C384}

2012-04-15 03:11:37 -------- d-----w- C:\Users\Mary\AppData\Local\{7EDCD91E-69A4-48F6-B5D3-0E163EF87716}

2012-04-15 03:10:03 -------- d-----w- C:\Users\Mary\AppData\Local\{674C6898-DDE2-491B-8EAD-9491C0751A34}

2012-04-15 03:09:53 -------- d-----w- C:\Users\Mary\AppData\Local\{5B8AD6D4-709A-4F82-A7E5-7C004EA6DBAB}

2012-04-15 02:51:15 -------- d-----w- C:\Users\Mary\AppData\Local\{018F5213-7D12-49C8-AE03-59CE2F670088}

2012-04-15 02:50:51 -------- d-----w- C:\Users\Mary\AppData\Local\{4CC0548C-4A3D-41D6-9F10-2E82EBB355F5}

2012-04-15 00:51:56 -------- d-----w- C:\Users\Mary\AppData\Local\{9752843B-2A1C-4F02-9570-320A6A9F79E9}

2012-04-15 00:51:35 -------- d-----w- C:\Users\Mary\AppData\Local\{0DC6E389-CFCF-4F62-865D-B6B5C49C3052}

2012-04-15 00:34:46 -------- d-----w- C:\Users\Mary\AppData\Local\{8E1620FB-C93C-4E38-953D-424B85630FF0}

2012-04-15 00:34:35 -------- d-----w- C:\Users\Mary\AppData\Local\{35264F12-BABE-43DE-BC11-2590DCD52C1E}

2012-04-15 00:01:39 -------- d-----w- C:\Users\Mary\AppData\Local\{B414BCD6-7DE9-4E96-953F-4D1BD02719E5}

2012-04-14 23:58:58 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-14 23:58:57 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-04-14 23:58:57 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-14 23:58:52 -------- d-----w- C:\Users\Mary\AppData\Local\{642F2876-87BB-4633-9308-342506AC8E58}

2012-04-14 23:55:52 -------- d-----w- C:\Users\Mary\AppData\Local\{B90765D0-7AB9-4515-ABD9-908BB2C291AE}

2012-04-14 23:55:04 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-14 23:55:04 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-14 23:55:04 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-14 23:55:04 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-14 23:55:04 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-14 23:55:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-14 23:55:04 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-14 23:53:38 -------- d-----w- C:\Users\Mary\AppData\Local\{A62D8D22-534E-4ECF-A6BC-A61ED571541C}

2012-04-11 16:54:22 -------- d-----w- C:\Users\Mary\AppData\Local\{80B5A756-218A-4361-929E-81C26D30B87E}

2012-04-01 21:58:49 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-04-01 21:58:49 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-04-01 21:25:43 -------- d-----w- C:\Users\Mary\AppData\Local\{24D1C880-D6A7-4B24-B24A-F68F2A4B8703}

.

==================== Find3M ====================

.

2012-04-25 23:42:15 106224 ----a-w- C:\Windows\SysWow64\drivers\GRD.sys

2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2012-03-11 22:17:41 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-14 19:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 13:49:50.19 ===============

Here is DDS.attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 10/11/2011 9:35:21 PM

System Uptime: 5/1/2012 12:48:10 PM (1 hours ago)

.

Motherboard: eMachines | | EL1851

Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz | CPU 1 | 3203/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 914 GiB total, 871.149 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP96: 4/8/2012 5:06:38 PM - Windows Update

RP97: 4/14/2012 4:53:37 PM - Windows Update

RP98: 4/18/2012 3:00:41 PM - Windows Update

RP99: 4/23/2012 11:05:52 AM - Windows Update

RP100: 4/27/2012 10:37:48 AM - Windows Update

RP101: 5/1/2012 10:43:09 AM - Windows Update

.

==== Installed Programs ======================

.

Acrobat.com

Acronis True Image Home 2011

Ad-Aware Total Security

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader X (10.1.2)

Agatha Christie - 4:50 from Paddington

Bejeweled 2 Deluxe

Belltech Greeting Card Designer 5.4.0

Bing Bar

Build-a-lot 2

Chuzzle Deluxe

Contrôle ActiveX Windows Live Mesh pour connexions à distance

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Diner Dash 2 Restaurant Rescue

Dora's World Adventure

Driver Detective

eBay Worldwide

eMachines Games

eMachines Recovery Management

eMachines Registration

eMachines ScreenSaver

eMachines Updater

Final Drive: Nitro

Galerie de photos Windows Live

Hotkey Utility

HP Photo Creations

Identity Card

IHA_MessageCenter

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Jewel Quest Heritage

Junk Mail filter update

Lavasoft Registry Tuner

Malwarebytes Anti-Malware version 1.61.0.1400

Mesh Runtime

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery P.I. - Stolen in San Francisco

Namco All-Stars: PAC-MAN

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero DiscSpeed 10

Nero DiscSpeed 10 Help (CHM)

Nero Express 10

Nero Express 10 Help (CHM)

Nero Multimedia Suite 10 Essentials

Nero StartSmart 10

Nero StartSmart 10 Help (CHM)

Nero Update

NOOK for PC

Penguins!

Plants vs. Zombies - Game of the Year

Poker Superstars III

Polar Bowler

Polar Golfer

QuickGamma 2.0.0.3

Scrapbook Design Studio 2.2.2

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

Skype™ 5.0

Spybot - Search & Destroy

Times Reader

Torchlight

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update Installer for WildTangent Games App

Virtual Villagers 4 - The Tree of Life

Vz In Home Agent

Welcome Center

WildTangent Games App (eMachines Games)

Windows Live

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

5/1/2012 7:17:18 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

5/1/2012 12:52:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

4/29/2012 11:35:09 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/29/2012 1:18:21 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/28/2012 9:28:22 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/26/2012 7:36:12 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/26/2012 4:33:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

4/24/2012 10:59:38 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

.

==== End Of File ===========================

Here is Rogue Killer:

RogueKiller V7.4.0 [05/01/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Mary [Admin rights]

Mode: Scan -- Date: 05/01/2012 14:16:49

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADX-22TDHB0 ATA Device +++++

--- User ---

[MBR] d4878dd072de7bff3075c3efce1c67d5

[bSP] 6a1b013ca2da720b215d19241a329ce3 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18000 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 36866048 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 37070848 | Size: 935767 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

That is all for tonight. You can tell me what you think about this stuff tomorrow.

You have been a great help!

Steve

Link to post
Share on other sites

Nothing showing in the logs so far....

Please update Malwarebytes first before you run it:

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

--------------------------

Next...........

Please make sure system restore is running and create a new restore point before continuing.

Instructions here

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

Ok, here is the output of TDSSKiller.

Only one supspicious object of medium risk was found:

Unsigned file

Service: HPSLPSVC

Suspicious object, medium risk

Service start: Auto (0x2)

File: C:\Users\Mary\AppData\Local\Temp\7zS0681\hpslpsvc64.dll

MD5: f37882f128efacefe353e0bae2766909

00:10:49.0962 5644 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43

00:10:51.0963 5644 ============================================================

00:10:51.0964 5644 Current date / time: 2012/05/02 00:10:51.0963

00:10:51.0964 5644 SystemInfo:

00:10:51.0964 5644

00:10:51.0964 5644 OS Version: 6.1.7601 ServicePack: 1.0

00:10:51.0964 5644 Product type: Workstation

00:10:51.0964 5644 ComputerName: MARY-PC

00:10:51.0965 5644 UserName: Mary

00:10:51.0965 5644 Windows directory: C:\Windows

00:10:51.0965 5644 System windows directory: C:\Windows

00:10:51.0965 5644 Running under WOW64

00:10:51.0965 5644 Processor architecture: Intel x64

00:10:51.0965 5644 Number of processors: 2

00:10:51.0965 5644 Page size: 0x1000

00:10:51.0965 5644 Boot type: Normal boot

00:10:51.0965 5644 ============================================================

00:10:54.0110 5644 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

00:10:54.0146 5644 ============================================================

00:10:54.0146 5644 \Device\Harddisk0\DR0:

00:10:54.0153 5644 MBR partitions:

00:10:54.0153 5644 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2328800, BlocksNum 0x32000

00:10:54.0153 5644 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x235A800, BlocksNum 0x723ABDB0

00:10:54.0153 5644 ============================================================

00:10:54.0184 5644 C: <-> \Device\Harddisk0\DR0\Partition1

00:10:54.0185 5644 ============================================================

00:10:54.0185 5644 Initialize success

00:10:54.0185 5644 ============================================================

00:11:02.0553 4536 ============================================================

00:11:02.0553 4536 Scan started

00:11:02.0553 4536 Mode: Manual; SigCheck; TDLFS;

00:11:02.0553 4536 ============================================================

00:11:06.0031 4536 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

00:11:06.0238 4536 1394ohci - ok

00:11:06.0388 4536 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

00:11:06.0437 4536 ACPI - ok

00:11:06.0446 4536 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

00:11:06.0489 4536 AcpiPmi - ok

00:11:07.0192 4536 AcrSch2Svc (ad1ee24224f770e598794ecaba26e8f3) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

00:11:07.0359 4536 AcrSch2Svc - ok

00:11:07.0544 4536 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

00:11:08.0116 4536 AdobeARMservice - ok

00:11:11.0445 4536 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

00:11:11.0657 4536 AdobeFlashPlayerUpdateSvc - ok

00:11:13.0322 4536 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

00:11:13.0436 4536 adp94xx - ok

00:11:14.0795 4536 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

00:11:14.0874 4536 adpahci - ok

00:11:15.0314 4536 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

00:11:15.0357 4536 adpu320 - ok

00:11:15.0771 4536 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

00:11:15.0868 4536 AeLookupSvc - ok

00:11:16.0547 4536 afcdp (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys

00:11:16.0788 4536 afcdp - ok

00:11:19.0177 4536 afcdpsrv (af44f7e027037628f1fac3c13cde73e6) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

00:11:19.0357 4536 afcdpsrv - ok

00:11:20.0771 4536 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

00:11:21.0041 4536 AFD - ok

00:11:21.0111 4536 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

00:11:21.0170 4536 agp440 - ok

00:11:21.0218 4536 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

00:11:21.0250 4536 ALG - ok

00:11:21.0278 4536 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

00:11:21.0306 4536 aliide - ok

00:11:21.0751 4536 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

00:11:21.0816 4536 amdide - ok

00:11:22.0396 4536 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

00:11:22.0465 4536 AmdK8 - ok

00:11:23.0008 4536 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

00:11:23.0065 4536 AmdPPM - ok

00:11:23.0108 4536 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

00:11:23.0143 4536 amdsata - ok

00:11:23.0154 4536 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

00:11:23.0203 4536 amdsbs - ok

00:11:23.0216 4536 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

00:11:23.0244 4536 amdxata - ok

00:11:23.0273 4536 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

00:11:23.0319 4536 AppID - ok

00:11:23.0343 4536 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

00:11:23.0388 4536 AppIDSvc - ok

00:11:23.0404 4536 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

00:11:23.0449 4536 Appinfo - ok

00:11:23.0455 4536 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

00:11:23.0487 4536 arc - ok

00:11:23.0686 4536 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

00:11:23.0758 4536 arcsas - ok

00:11:23.0915 4536 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

00:11:23.0977 4536 AsyncMac - ok

00:11:24.0035 4536 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

00:11:24.0084 4536 atapi - ok

00:11:24.0382 4536 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

00:11:24.0521 4536 AudioEndpointBuilder - ok

00:11:24.0528 4536 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

00:11:24.0600 4536 AudioSrv - ok

00:11:24.0734 4536 AVKProxy (58c87ab02276b1999265ff3f6434df7e) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

00:11:24.0885 4536 AVKProxy - ok

00:11:24.0945 4536 AVKService (ea4eedff67dbcfb5a49b8fef38575ad7) C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe

00:11:25.0037 4536 AVKService - ok

00:11:25.0180 4536 AVKWCtl (5987ad5c18d0fb21ef21684257917477) C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtlX64.exe

00:11:25.0340 4536 AVKWCtl - ok

00:11:25.0470 4536 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

00:11:25.0538 4536 AxInstSV - ok

00:11:26.0143 4536 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

00:11:26.0216 4536 b06bdrv - ok

00:11:26.0267 4536 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

00:11:26.0315 4536 b57nd60a - ok

00:11:26.0414 4536 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

00:11:26.0483 4536 BBSvc - ok

00:11:26.0575 4536 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

00:11:26.0626 4536 BDESVC - ok

00:11:26.0663 4536 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

00:11:26.0723 4536 Beep - ok

00:11:26.0808 4536 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

00:11:26.0929 4536 BFE - ok

00:11:27.0001 4536 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

00:11:27.0150 4536 BITS - ok

00:11:27.0192 4536 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

00:11:27.0223 4536 blbdrive - ok

00:11:27.0270 4536 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

00:11:27.0314 4536 bowser - ok

00:11:27.0371 4536 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

00:11:27.0424 4536 BrFiltLo - ok

00:11:27.0428 4536 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

00:11:27.0459 4536 BrFiltUp - ok

00:11:27.0468 4536 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

00:11:27.0519 4536 Browser - ok

00:11:28.0941 4536 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

00:11:29.0067 4536 Brserid - ok

00:11:29.0535 4536 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

00:11:29.0669 4536 BrSerWdm - ok

00:11:29.0730 4536 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

00:11:29.0784 4536 BrUsbMdm - ok

00:11:29.0845 4536 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

00:11:29.0942 4536 BrUsbSer - ok

00:11:30.0162 4536 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

00:11:30.0262 4536 BTHMODEM - ok

00:11:30.0325 4536 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

00:11:30.0373 4536 bthserv - ok

00:11:30.0423 4536 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

00:11:30.0472 4536 cdfs - ok

00:11:30.0593 4536 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

00:11:30.0654 4536 cdrom - ok

00:11:30.0699 4536 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

00:11:30.0746 4536 CertPropSvc - ok

00:11:30.0799 4536 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

00:11:30.0849 4536 circlass - ok

00:11:30.0884 4536 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

00:11:30.0939 4536 CLFS - ok

00:11:31.0027 4536 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

00:11:31.0089 4536 clr_optimization_v2.0.50727_32 - ok

00:11:31.0127 4536 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

00:11:31.0176 4536 clr_optimization_v2.0.50727_64 - ok

00:11:31.0286 4536 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

00:11:31.0342 4536 clr_optimization_v4.0.30319_32 - ok

00:11:31.0394 4536 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

00:11:31.0427 4536 clr_optimization_v4.0.30319_64 - ok

00:11:31.0457 4536 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

00:11:31.0507 4536 CmBatt - ok

00:11:31.0681 4536 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

00:11:31.0785 4536 cmdide - ok

00:11:32.0008 4536 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

00:11:32.0089 4536 CNG - ok

00:11:32.0093 4536 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

00:11:32.0121 4536 Compbatt - ok

00:11:32.0152 4536 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

00:11:32.0183 4536 CompositeBus - ok

00:11:32.0212 4536 COMSysApp - ok

00:11:32.0219 4536 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

00:11:32.0246 4536 crcdisk - ok

00:11:32.0307 4536 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

00:11:32.0383 4536 CryptSvc - ok

00:11:32.0438 4536 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

00:11:32.0512 4536 DcomLaunch - ok

00:11:32.0553 4536 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

00:11:32.0612 4536 defragsvc - ok

00:11:32.0620 4536 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

00:11:32.0668 4536 DfsC - ok

00:11:32.0685 4536 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

00:11:32.0745 4536 Dhcp - ok

00:11:32.0750 4536 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

00:11:32.0796 4536 discache - ok

00:11:32.0803 4536 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

00:11:32.0833 4536 Disk - ok

00:11:32.0906 4536 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

00:11:32.0963 4536 Dnscache - ok

00:11:32.0985 4536 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

00:11:33.0042 4536 dot3svc - ok

00:11:33.0058 4536 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

00:11:33.0109 4536 DPS - ok

00:11:33.0124 4536 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

00:11:33.0154 4536 drmkaud - ok

00:11:33.0194 4536 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

00:11:33.0274 4536 DXGKrnl - ok

00:11:33.0304 4536 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

00:11:33.0355 4536 EapHost - ok

00:11:33.0490 4536 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

00:11:33.0660 4536 ebdrv - ok

00:11:33.0756 4536 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

00:11:33.0807 4536 EFS - ok

00:11:33.0880 4536 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

00:11:34.0008 4536 ehRecvr - ok

00:11:34.0057 4536 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

00:11:34.0096 4536 ehSched - ok

00:11:34.0167 4536 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

00:11:34.0249 4536 elxstor - ok

00:11:34.0253 4536 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

00:11:34.0282 4536 ErrDev - ok

00:11:34.0354 4536 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

00:11:34.0417 4536 EventSystem - ok

00:11:34.0434 4536 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

00:11:34.0490 4536 exfat - ok

00:11:34.0502 4536 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

00:11:34.0557 4536 fastfat - ok

00:11:34.0648 4536 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

00:11:34.0727 4536 Fax - ok

00:11:34.0735 4536 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

00:11:34.0766 4536 fdc - ok

00:11:34.0774 4536 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

00:11:34.0818 4536 fdPHost - ok

00:11:34.0824 4536 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

00:11:34.0870 4536 FDResPub - ok

00:11:34.0883 4536 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

00:11:34.0916 4536 FileInfo - ok

00:11:34.0928 4536 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

00:11:34.0973 4536 Filetrace - ok

00:11:34.0977 4536 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

00:11:35.0007 4536 flpydisk - ok

00:11:35.0021 4536 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

00:11:35.0066 4536 FltMgr - ok

00:11:35.0138 4536 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

00:11:35.0234 4536 FontCache - ok

00:11:35.0279 4536 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

00:11:35.0341 4536 FontCache3.0.0.0 - ok

00:11:35.0358 4536 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

00:11:35.0390 4536 FsDepends - ok

00:11:35.0419 4536 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

00:11:35.0447 4536 Fs_Rec - ok

00:11:35.0474 4536 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

00:11:35.0517 4536 fvevol - ok

00:11:35.0565 4536 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

00:11:35.0597 4536 gagp30kx - ok

00:11:35.0699 4536 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

00:11:35.0781 4536 GamesAppService - ok

00:11:35.0850 4536 GDBackupSvc (77bc6030e46017f6d6d19fc4934b9fa1) C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe

00:11:35.0991 4536 GDBackupSvc - ok

00:11:36.0026 4536 GDBehave (c419f569a5fb2864631abed41d385a23) C:\Windows\system32\drivers\GDBehave.sys

00:11:36.0053 4536 GDBehave - ok

00:11:36.0158 4536 GDFwSvc (458a81928beee84461a02bbfb33474c0) C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvcx64.exe

00:11:36.0253 4536 GDFwSvc - ok

00:11:36.0386 4536 GDMnIcpt (75beec7d90e1af541e0675b05d0fed07) C:\Windows\system32\drivers\MiniIcpt.sys

00:11:36.0436 4536 GDMnIcpt - ok

00:11:36.0460 4536 GDPkIcpt (9dcebdca3a06d3af83553634c04dfa53) C:\Windows\system32\drivers\PktIcpt.sys

00:11:36.0489 4536 GDPkIcpt - ok

00:11:36.0579 4536 GDScan (0512fbdbe21e2ff411f8622b2c88070c) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

00:11:36.0669 4536 GDScan - ok

00:11:36.0756 4536 GDTunerSvc (33812434cc3431646fc7ec68c2001794) C:\Program Files (x86)\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe

00:11:36.0884 4536 GDTunerSvc - ok

00:11:36.0926 4536 gdwfpcd (b6b09af9e081aaa825fe06286d43b22a) C:\Windows\system32\drivers\gdwfpcd64.sys

00:11:36.0967 4536 gdwfpcd - ok

00:11:37.0027 4536 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

00:11:37.0132 4536 gpsvc - ok

00:11:37.0155 4536 GRD - ok

00:11:37.0204 4536 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe

00:11:37.0235 4536 GREGService - ok

00:11:37.0257 4536 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

00:11:37.0286 4536 hcw85cir - ok

00:11:37.0302 4536 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

00:11:37.0348 4536 HdAudAddService - ok

00:11:37.0394 4536 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

00:11:37.0435 4536 HDAudBus - ok

00:11:37.0443 4536 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

00:11:37.0472 4536 HidBatt - ok

00:11:37.0479 4536 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

00:11:37.0515 4536 HidBth - ok

00:11:37.0628 4536 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

00:11:37.0706 4536 HidIr - ok

00:11:37.0761 4536 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

00:11:37.0882 4536 hidserv - ok

00:11:38.0005 4536 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

00:11:38.0061 4536 HidUsb - ok

00:11:38.0105 4536 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

00:11:38.0152 4536 hkmsvc - ok

00:11:38.0190 4536 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

00:11:38.0238 4536 HomeGroupListener - ok

00:11:38.0292 4536 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

00:11:38.0345 4536 HomeGroupProvider - ok

00:11:38.0400 4536 HookCentre (bc986a06e4b1e03ca5bb34c7f36a86d6) C:\Windows\system32\drivers\HookCentre.sys

00:11:38.0444 4536 HookCentre - ok

00:11:38.0455 4536 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

00:11:38.0487 4536 HpSAMD - ok

00:11:38.0683 4536 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Users\Mary\AppData\Local\Temp\7zS0681\hpslpsvc64.dll

00:11:38.0837 4536 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning

00:11:38.0837 4536 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)

00:11:38.0914 4536 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

00:11:39.0050 4536 HTTP - ok

00:11:39.0055 4536 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

00:11:39.0081 4536 hwpolicy - ok

00:11:39.0107 4536 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

00:11:39.0140 4536 i8042prt - ok

00:11:39.0186 4536 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

00:11:39.0233 4536 iaStorV - ok

00:11:39.0363 4536 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

00:11:39.0448 4536 idsvc - ok

00:11:40.0365 4536 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys

00:11:40.0733 4536 igfx - ok

00:11:40.0895 4536 IHA_MessageCenter (c135bff15563592b8ea070ea109967f7) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

00:11:40.0967 4536 IHA_MessageCenter - ok

00:11:41.0098 4536 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

00:11:41.0139 4536 iirsp - ok

00:11:41.0211 4536 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

00:11:41.0339 4536 IKEEXT - ok

00:11:42.0093 4536 IntcAzAudAddService (2e3b99e8c23be2bf32ebe1db5261f275) C:\Windows\system32\drivers\RTKVHD64.sys

00:11:42.0291 4536 IntcAzAudAddService - ok

00:11:42.0401 4536 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

00:11:42.0447 4536 intelide - ok

00:11:42.0475 4536 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

00:11:42.0508 4536 intelppm - ok

00:11:42.0549 4536 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

00:11:42.0598 4536 IPBusEnum - ok

00:11:42.0623 4536 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

00:11:42.0670 4536 IpFilterDriver - ok

00:11:42.0739 4536 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

00:11:42.0910 4536 iphlpsvc - ok

00:11:42.0916 4536 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

00:11:42.0948 4536 IPMIDRV - ok

00:11:42.0959 4536 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

00:11:43.0008 4536 IPNAT - ok

00:11:43.0055 4536 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

00:11:43.0086 4536 IRENUM - ok

00:11:43.0090 4536 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

00:11:43.0119 4536 isapnp - ok

00:11:43.0207 4536 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

00:11:43.0271 4536 iScsiPrt - ok

00:11:43.0300 4536 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

00:11:43.0328 4536 kbdclass - ok

00:11:43.0334 4536 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

00:11:43.0364 4536 kbdhid - ok

00:11:43.0401 4536 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:11:43.0449 4536 KeyIso - ok

00:11:43.0471 4536 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

00:11:43.0503 4536 KSecDD - ok

00:11:43.0786 4536 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

00:11:43.0841 4536 KSecPkg - ok

00:11:43.0886 4536 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

00:11:43.0932 4536 ksthunk - ok

00:11:44.0008 4536 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

00:11:44.0105 4536 KtmRm - ok

00:11:44.0177 4536 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

00:11:44.0258 4536 LanmanServer - ok

00:11:44.0301 4536 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

00:11:44.0370 4536 LanmanWorkstation - ok

00:11:44.0483 4536 Live Updater Service (6bcee9c766815bfff89de7d81af34ce1) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

00:11:44.0557 4536 Live Updater Service - ok

00:11:44.0592 4536 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

00:11:44.0638 4536 lltdio - ok

00:11:44.0679 4536 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

00:11:44.0745 4536 lltdsvc - ok

00:11:44.0761 4536 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

00:11:44.0806 4536 lmhosts - ok

00:11:44.0823 4536 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

00:11:44.0855 4536 LSI_FC - ok

00:11:44.0862 4536 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

00:11:44.0894 4536 LSI_SAS - ok

00:11:44.0900 4536 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

00:11:44.0932 4536 LSI_SAS2 - ok

00:11:44.0940 4536 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

00:11:44.0974 4536 LSI_SCSI - ok

00:11:44.0999 4536 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

00:11:45.0049 4536 luafv - ok

00:11:45.0069 4536 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

00:11:45.0101 4536 Mcx2Svc - ok

00:11:45.0106 4536 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

00:11:45.0136 4536 megasas - ok

00:11:45.0150 4536 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

00:11:45.0192 4536 MegaSR - ok

00:11:45.0240 4536 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

00:11:45.0286 4536 MMCSS - ok

00:11:45.0291 4536 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

00:11:45.0337 4536 Modem - ok

00:11:45.0346 4536 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

00:11:45.0377 4536 monitor - ok

00:11:45.0382 4536 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

00:11:45.0412 4536 mouclass - ok

00:11:45.0417 4536 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

00:11:45.0447 4536 mouhid - ok

00:11:45.0453 4536 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

00:11:45.0487 4536 mountmgr - ok

00:11:45.0692 4536 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

00:11:45.0756 4536 MozillaMaintenance - ok

00:11:45.0835 4536 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

00:11:45.0901 4536 MpFilter - ok

00:11:45.0925 4536 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

00:11:45.0960 4536 mpio - ok

00:11:45.0968 4536 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

00:11:46.0016 4536 mpsdrv - ok

00:11:46.0092 4536 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

00:11:46.0207 4536 MpsSvc - ok

00:11:46.0217 4536 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

00:11:46.0256 4536 MRxDAV - ok

00:11:46.0319 4536 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

00:11:46.0380 4536 mrxsmb - ok

00:11:46.0411 4536 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

00:11:46.0457 4536 mrxsmb10 - ok

00:11:46.0481 4536 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

00:11:46.0516 4536 mrxsmb20 - ok

00:11:46.0520 4536 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

00:11:46.0548 4536 msahci - ok

00:11:46.0557 4536 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

00:11:46.0591 4536 msdsm - ok

00:11:46.0608 4536 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

00:11:46.0644 4536 MSDTC - ok

00:11:46.0666 4536 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

00:11:46.0712 4536 Msfs - ok

00:11:46.0784 4536 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

00:11:46.0849 4536 mshidkmdf - ok

00:11:46.0854 4536 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

00:11:46.0881 4536 msisadrv - ok

00:11:46.0930 4536 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

00:11:46.0991 4536 MSiSCSI - ok

00:11:46.0995 4536 msiserver - ok

00:11:47.0013 4536 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

00:11:47.0058 4536 MSKSSRV - ok

00:11:47.0108 4536 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe

00:11:47.0133 4536 MsMpSvc - ok

00:11:47.0157 4536 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

00:11:47.0203 4536 MSPCLOCK - ok

00:11:47.0207 4536 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

00:11:47.0251 4536 MSPQM - ok

00:11:47.0268 4536 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

00:11:47.0313 4536 MsRPC - ok

00:11:47.0321 4536 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

00:11:47.0349 4536 mssmbios - ok

00:11:47.0361 4536 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

00:11:47.0404 4536 MSTEE - ok

00:11:47.0408 4536 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

00:11:47.0437 4536 MTConfig - ok

00:11:47.0443 4536 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

00:11:47.0474 4536 Mup - ok

00:11:47.0517 4536 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

00:11:47.0587 4536 napagent - ok

00:11:47.0639 4536 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

00:11:47.0685 4536 NativeWifiP - ok

00:11:47.0760 4536 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe

00:11:47.0855 4536 NAUpdate - ok

00:11:47.0940 4536 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

00:11:48.0041 4536 NDIS - ok

00:11:48.0073 4536 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

00:11:48.0118 4536 NdisCap - ok

00:11:48.0138 4536 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

00:11:48.0182 4536 NdisTapi - ok

00:11:48.0194 4536 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

00:11:48.0241 4536 Ndisuio - ok

00:11:48.0251 4536 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

00:11:48.0304 4536 NdisWan - ok

00:11:48.0310 4536 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

00:11:48.0355 4536 NDProxy - ok

00:11:48.0360 4536 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

00:11:48.0406 4536 NetBIOS - ok

00:11:48.0419 4536 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

00:11:48.0477 4536 NetBT - ok

00:11:48.0511 4536 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:11:48.0540 4536 Netlogon - ok

00:11:48.0611 4536 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

00:11:48.0694 4536 Netman - ok

00:11:48.0715 4536 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

00:11:48.0781 4536 netprofm - ok

00:11:48.0825 4536 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

00:11:48.0864 4536 NetTcpPortSharing - ok

00:11:48.0872 4536 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

00:11:48.0901 4536 nfrd960 - ok

00:11:48.0965 4536 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

00:11:49.0011 4536 NisDrv - ok

00:11:49.0035 4536 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

00:11:49.0078 4536 NisSrv - ok

00:11:49.0130 4536 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

00:11:49.0195 4536 NlaSvc - ok

00:11:49.0211 4536 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

00:11:49.0257 4536 Npfs - ok

00:11:49.0261 4536 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

00:11:49.0306 4536 nsi - ok

00:11:49.0311 4536 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

00:11:49.0356 4536 nsiproxy - ok

00:11:49.0453 4536 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

00:11:49.0581 4536 Ntfs - ok

00:11:49.0646 4536 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

00:11:49.0698 4536 Null - ok

00:11:49.0728 4536 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

00:11:49.0764 4536 nvraid - ok

00:11:49.0780 4536 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

00:11:49.0815 4536 nvstor - ok

00:11:49.0830 4536 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

00:11:49.0863 4536 nv_agp - ok

00:11:49.0869 4536 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

00:11:49.0901 4536 ohci1394 - ok

00:11:49.0975 4536 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

00:11:50.0027 4536 ose - ok

00:11:50.0245 4536 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

00:11:50.0378 4536 osppsvc - ok

00:11:50.0455 4536 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

00:11:50.0518 4536 p2pimsvc - ok

00:11:50.0569 4536 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

00:11:50.0620 4536 p2psvc - ok

00:11:50.0638 4536 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

00:11:50.0669 4536 Parport - ok

00:11:50.0686 4536 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

00:11:50.0715 4536 partmgr - ok

00:11:50.0726 4536 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

00:11:50.0767 4536 PcaSvc - ok

00:11:50.0778 4536 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

00:11:50.0813 4536 pci - ok

00:11:50.0818 4536 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

00:11:50.0843 4536 pciide - ok

00:11:50.0855 4536 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

00:11:50.0908 4536 pcmcia - ok

00:11:50.0913 4536 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

00:11:50.0941 4536 pcw - ok

00:11:50.0968 4536 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

00:11:51.0040 4536 PEAUTH - ok

00:11:51.0090 4536 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

00:11:51.0137 4536 PerfHost - ok

00:11:51.0218 4536 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

00:11:51.0326 4536 pla - ok

00:11:51.0400 4536 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

00:11:51.0475 4536 PlugPlay - ok

00:11:51.0500 4536 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

00:11:51.0528 4536 PNRPAutoReg - ok

00:11:51.0577 4536 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

00:11:51.0620 4536 PNRPsvc - ok

00:11:51.0664 4536 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

00:11:51.0733 4536 PolicyAgent - ok

00:11:51.0767 4536 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

00:11:51.0821 4536 Power - ok

00:11:51.0892 4536 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

00:11:51.0968 4536 PptpMiniport - ok

00:11:51.0984 4536 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

00:11:52.0016 4536 Processor - ok

00:11:52.0068 4536 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

00:11:52.0124 4536 ProfSvc - ok

00:11:52.0145 4536 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:11:52.0173 4536 ProtectedStorage - ok

00:11:52.0210 4536 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

00:11:52.0262 4536 Psched - ok

00:11:52.0352 4536 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

00:11:52.0435 4536 ql2300 - ok

00:11:52.0522 4536 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

00:11:52.0568 4536 ql40xx - ok

00:11:52.0596 4536 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

00:11:52.0643 4536 QWAVE - ok

00:11:52.0655 4536 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

00:11:52.0690 4536 QWAVEdrv - ok

00:11:52.0695 4536 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

00:11:52.0739 4536 RasAcd - ok

00:11:52.0773 4536 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

00:11:52.0819 4536 RasAgileVpn - ok

00:11:52.0835 4536 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

00:11:52.0883 4536 RasAuto - ok

00:11:52.0892 4536 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

00:11:52.0940 4536 Rasl2tp - ok

00:11:52.0961 4536 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

00:11:53.0021 4536 RasMan - ok

00:11:53.0051 4536 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

00:11:53.0097 4536 RasPppoe - ok

00:11:53.0126 4536 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

00:11:53.0172 4536 RasSstp - ok

00:11:53.0189 4536 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

00:11:53.0245 4536 rdbss - ok

00:11:53.0250 4536 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

00:11:53.0282 4536 rdpbus - ok

00:11:53.0286 4536 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

00:11:53.0328 4536 RDPCDD - ok

00:11:53.0354 4536 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

00:11:53.0396 4536 RDPENCDD - ok

00:11:53.0402 4536 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

00:11:53.0445 4536 RDPREFMP - ok

00:11:53.0499 4536 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

00:11:53.0551 4536 RDPWD - ok

00:11:53.0563 4536 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

00:11:53.0599 4536 rdyboost - ok

00:11:53.0627 4536 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

00:11:53.0675 4536 RemoteAccess - ok

00:11:53.0695 4536 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

00:11:53.0748 4536 RemoteRegistry - ok

00:11:53.0794 4536 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

00:11:53.0840 4536 RpcEptMapper - ok

00:11:53.0868 4536 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

00:11:53.0895 4536 RpcLocator - ok

00:11:53.0917 4536 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

00:11:53.0984 4536 RpcSs - ok

00:11:53.0991 4536 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

00:11:54.0039 4536 rspndr - ok

00:11:54.0071 4536 RTL8167 (365ed58b47b46de8b1c5fa759b6fcd6e) C:\Windows\system32\DRIVERS\Rt64win7.sys

00:11:54.0137 4536 RTL8167 - ok

00:11:54.0167 4536 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:11:54.0195 4536 SamSs - ok

00:11:54.0212 4536 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

00:11:54.0242 4536 sbp2port - ok

00:11:54.0429 4536 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

00:11:54.0744 4536 SBSDWSCService - ok

00:11:54.0777 4536 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

00:11:54.0830 4536 SCardSvr - ok

00:11:54.0860 4536 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

00:11:54.0904 4536 scfilter - ok

00:11:54.0955 4536 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

00:11:55.0076 4536 Schedule - ok

00:11:55.0110 4536 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

00:11:55.0155 4536 SCPolicySvc - ok

00:11:55.0165 4536 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

00:11:55.0213 4536 SDRSVC - ok

00:11:55.0284 4536 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

00:11:55.0369 4536 SeaPort - ok

00:11:55.0408 4536 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

00:11:55.0451 4536 secdrv - ok

00:11:55.0465 4536 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

00:11:55.0510 4536 seclogon - ok

00:11:55.0541 4536 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

00:11:55.0591 4536 SENS - ok

00:11:55.0606 4536 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

00:11:55.0639 4536 SensrSvc - ok

00:11:55.0647 4536 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

00:11:55.0675 4536 Serenum - ok

00:11:55.0682 4536 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

00:11:55.0713 4536 Serial - ok

00:11:55.0718 4536 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

00:11:55.0746 4536 sermouse - ok

00:11:55.0776 4536 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

00:11:55.0826 4536 SessionEnv - ok

00:11:55.0830 4536 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

00:11:55.0860 4536 sffdisk - ok

00:11:55.0864 4536 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

00:11:55.0893 4536 sffp_mmc - ok

00:11:55.0898 4536 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

00:11:55.0927 4536 sffp_sd - ok

00:11:55.0931 4536 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

00:11:55.0959 4536 sfloppy - ok

00:11:56.0000 4536 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

00:11:56.0067 4536 SharedAccess - ok

00:11:56.0099 4536 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

00:11:56.0159 4536 ShellHWDetection - ok

00:11:56.0182 4536 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

00:11:56.0209 4536 SiSRaid2 - ok

00:11:56.0215 4536 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

00:11:56.0245 4536 SiSRaid4 - ok

00:11:56.0252 4536 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

00:11:56.0299 4536 Smb - ok

00:11:56.0338 4536 snapman (10450f432811d7fda60a97fcc674d7b2) C:\Windows\system32\DRIVERS\snapman.sys

00:11:56.0375 4536 snapman - ok

00:11:56.0400 4536 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

00:11:56.0428 4536 SNMPTRAP - ok

00:11:56.0433 4536 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

00:11:56.0459 4536 spldr - ok

00:11:56.0520 4536 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

00:11:56.0623 4536 Spooler - ok

00:11:56.0750 4536 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

00:11:56.0866 4536 sppsvc - ok

00:11:56.0958 4536 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

00:11:57.0022 4536 sppuinotify - ok

00:11:57.0074 4536 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

00:11:57.0133 4536 srv - ok

00:11:57.0176 4536 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

00:11:57.0224 4536 srv2 - ok

00:11:57.0243 4536 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

00:11:57.0278 4536 srvnet - ok

00:11:57.0319 4536 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

00:11:57.0373 4536 SSDPSRV - ok

00:11:57.0380 4536 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

00:11:57.0427 4536 SstpSvc - ok

00:11:57.0443 4536 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

00:11:57.0469 4536 stexstor - ok

00:11:57.0540 4536 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

00:11:57.0699 4536 stisvc - ok

00:11:57.0713 4536 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

00:11:57.0750 4536 swenum - ok

00:11:57.0807 4536 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

00:11:57.0874 4536 swprv - ok

00:11:57.0960 4536 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

00:11:58.0072 4536 SysMain - ok

00:11:58.0165 4536 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

00:11:58.0212 4536 TabletInputService - ok

00:11:58.0243 4536 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

00:11:58.0307 4536 TapiSrv - ok

00:11:58.0320 4536 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

00:11:58.0367 4536 TBS - ok

00:11:58.0474 4536 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

00:11:58.0577 4536 Tcpip - ok

00:11:58.0728 4536 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

00:11:58.0845 4536 TCPIP6 - ok

00:11:58.0892 4536 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

00:11:58.0941 4536 tcpipreg - ok

00:11:58.0954 4536 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

00:11:58.0990 4536 TDPIPE - ok

00:11:59.0099 4536 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys

00:11:59.0174 4536 tdrpman273 - ok

00:11:59.0199 4536 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

00:11:59.0225 4536 TDTCP - ok

00:11:59.0253 4536 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

00:11:59.0300 4536 tdx - ok

00:11:59.0306 4536 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

00:11:59.0335 4536 TermDD - ok

00:11:59.0387 4536 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

00:11:59.0494 4536 TermService - ok

00:11:59.0520 4536 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

00:11:59.0554 4536 Themes - ok

00:11:59.0596 4536 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

00:11:59.0664 4536 THREADORDER - ok

00:11:59.0728 4536 timounter (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys

00:11:59.0796 4536 timounter - ok

00:11:59.0817 4536 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

00:11:59.0868 4536 TrkWks - ok

00:11:59.0913 4536 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

00:11:59.0965 4536 TrustedInstaller - ok

00:11:59.0982 4536 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

00:12:00.0024 4536 tssecsrv - ok

00:12:00.0060 4536 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

00:12:00.0089 4536 TsUsbFlt - ok

00:12:00.0094 4536 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

00:12:00.0122 4536 TsUsbGD - ok

00:12:00.0145 4536 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

00:12:00.0193 4536 tunnel - ok

00:12:00.0199 4536 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

00:12:00.0228 4536 uagp35 - ok

00:12:00.0244 4536 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

00:12:00.0301 4536 udfs - ok

00:12:00.0326 4536 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

00:12:00.0357 4536 UI0Detect - ok

00:12:00.0363 4536 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

00:12:00.0392 4536 uliagpkx - ok

00:12:00.0418 4536 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

00:12:00.0446 4536 umbus - ok

00:12:00.0451 4536 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

00:12:00.0479 4536 UmPass - ok

00:12:00.0529 4536 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

00:12:00.0610 4536 upnphost - ok

00:12:00.0636 4536 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys

00:12:00.0666 4536 usbccgp - ok

00:12:00.0694 4536 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

00:12:00.0727 4536 usbcir - ok

00:12:00.0755 4536 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

00:12:00.0782 4536 usbehci - ok

00:12:00.0807 4536 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

00:12:00.0851 4536 usbhub - ok

00:12:00.0875 4536 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

00:12:00.0902 4536 usbohci - ok

00:12:00.0915 4536 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

00:12:00.0944 4536 usbprint - ok

00:12:01.0010 4536 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

00:12:01.0057 4536 usbscan - ok

00:12:01.0099 4536 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

00:12:01.0166 4536 USBSTOR - ok

00:12:01.0178 4536 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

00:12:01.0205 4536 usbuhci - ok

00:12:01.0221 4536 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

00:12:01.0266 4536 UxSms - ok

00:12:01.0289 4536 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

00:12:01.0318 4536 VaultSvc - ok

00:12:01.0351 4536 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

00:12:01.0377 4536 vdrvroot - ok

00:12:01.0435 4536 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

00:12:01.0506 4536 vds - ok

00:12:01.0556 4536 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

00:12:01.0614 4536 vga - ok

00:12:01.0619 4536 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

00:12:01.0664 4536 VgaSave - ok

00:12:01.0675 4536 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

00:12:01.0712 4536 vhdmp - ok

00:12:01.0717 4536 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

00:12:01.0743 4536 viaide - ok

00:12:01.0750 4536 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

00:12:01.0779 4536 volmgr - ok

00:12:01.0799 4536 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

00:12:01.0853 4536 volmgrx - ok

00:12:01.0871 4536 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

00:12:01.0912 4536 volsnap - ok

00:12:01.0963 4536 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

00:12:01.0997 4536 vsmraid - ok

00:12:02.0080 4536 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

00:12:02.0199 4536 VSS - ok

00:12:02.0298 4536 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

00:12:02.0347 4536 vwifibus - ok

00:12:02.0365 4536 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

00:12:02.0426 4536 W32Time - ok

00:12:02.0434 4536 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

00:12:02.0462 4536 WacomPen - ok

00:12:02.0499 4536 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

00:12:02.0545 4536 WANARP - ok

00:12:02.0581 4536 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

00:12:02.0628 4536 Wanarpv6 - ok

00:12:02.0744 4536 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

00:12:02.0842 4536 WatAdminSvc - ok

00:12:02.0918 4536 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

00:12:03.0007 4536 wbengine - ok

00:12:03.0071 4536 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

00:12:03.0127 4536 WbioSrvc - ok

00:12:03.0162 4536 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

00:12:03.0216 4536 wcncsvc - ok

00:12:03.0232 4536 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

00:12:03.0271 4536 WcsPlugInService - ok

00:12:03.0296 4536 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

00:12:03.0323 4536 Wd - ok

00:12:03.0365 4536 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

00:12:03.0420 4536 Wdf01000 - ok

00:12:03.0428 4536 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

00:12:03.0463 4536 WdiServiceHost - ok

00:12:03.0466 4536 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

00:12:03.0504 4536 WdiSystemHost - ok

00:12:03.0537 4536 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

00:12:03.0581 4536 WebClient - ok

00:12:03.0604 4536 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

00:12:03.0659 4536 Wecsvc - ok

00:12:03.0681 4536 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

00:12:03.0729 4536 wercplsupport - ok

00:12:03.0756 4536 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

00:12:03.0804 4536 WerSvc - ok

00:12:03.0820 4536 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

00:12:03.0863 4536 WfpLwf - ok

00:12:03.0868 4536 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

00:12:03.0897 4536 WIMMount - ok

00:12:03.0934 4536 WinDefend - ok

00:12:03.0943 4536 WinHttpAutoProxySvc - ok

00:12:04.0009 4536 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

00:12:04.0090 4536 Winmgmt - ok

00:12:04.0187 4536 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

00:12:04.0286 4536 WinRM - ok

00:12:04.0399 4536 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

00:12:04.0455 4536 WinUsb - ok

00:12:04.0509 4536 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

00:12:04.0583 4536 Wlansvc - ok

00:12:04.0629 4536 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

00:12:04.0654 4536 wlcrasvc - ok

00:12:04.0828 4536 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

00:12:04.0953 4536 wlidsvc - ok

00:12:05.0023 4536 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

00:12:05.0068 4536 WmiAcpi - ok

00:12:05.0120 4536 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

00:12:05.0177 4536 wmiApSrv - ok

00:12:05.0199 4536 WMPNetworkSvc - ok

00:12:05.0217 4536 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

00:12:05.0252 4536 WPCSvc - ok

00:12:05.0268 4536 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

00:12:05.0301 4536 WPDBusEnum - ok

00:12:05.0317 4536 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

00:12:05.0361 4536 ws2ifsl - ok

00:12:05.0368 4536 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

00:12:05.0405 4536 wscsvc - ok

00:12:05.0409 4536 WSearch - ok

00:12:05.0542 4536 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

00:12:05.0659 4536 wuauserv - ok

00:12:05.0750 4536 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

00:12:05.0807 4536 WudfPf - ok

00:12:05.0837 4536 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

00:12:05.0887 4536 WUDFRd - ok

00:12:05.0894 4536 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

00:12:05.0942 4536 wudfsvc - ok

00:12:05.0955 4536 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

00:12:05.0997 4536 WwanSvc - ok

00:12:06.0021 4536 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

00:12:06.0180 4536 \Device\Harddisk0\DR0 - ok

00:12:06.0187 4536 Boot (0x1200) (4831db8892bb992461affe3a7b8ae636) \Device\Harddisk0\DR0\Partition0

00:12:06.0189 4536 \Device\Harddisk0\DR0\Partition0 - ok

00:12:06.0217 4536 Boot (0x1200) (b84b23e9cd553fed433b9a81d589a44d) \Device\Harddisk0\DR0\Partition1

00:12:06.0219 4536 \Device\Harddisk0\DR0\Partition1 - ok

00:12:06.0221 4536 ============================================================

00:12:06.0221 4536 Scan finished

00:12:06.0221 4536 ============================================================

00:12:06.0239 4512 Detected object count: 1

00:12:06.0239 4512 Actual detected object count: 1

00:12:12.0608 4512 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user

00:12:12.0608 4512 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

00:12:19.0373 3068 Deinitialize success

Link to post
Share on other sites

That file is OK....

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I am still reading how to download and use ComboFix. But you have reminded me of something I did not know or have forgotten - to disable my other antivirus stuff. I assume you mean only the run-time protection. I have not been doing this up until now. Is there anything we should go back and run again?

Accordingly, I have just turned off Ad-Adware Total Security, firewall and web prtection. Is that OK?

I also turned off Microsoft Securtiy Essentials, real-time protection. Is that OK?

Normally, these seem to work OK together. I am pretty sure that the Ad-Aware personal firewall is the same as the Microsoft firewall. I don't think I have any other real-time protection running. However, when I try to run any program, I get an annoying pop-up that says "User Account Control" "Do you want to allow the following program to make changes to this computer?" This is still happening so I assume it is part of the Windows 7 operating system. Call this behaviour "Annoying pop-up".

What causes "Annoying pop-up"? Do you want it turned off for your tests? I want to turn it off permanently. Mom does not understand the difference between allowing a program to run that you have just commanded to run and allowing a dangerous program to do something you did not ask for. I cannot seem to teach her this. Therefore "Annoying pop-up serves no purpose for her. How do I turn it off permanently?

Link to post
Share on other sites

You are a man of few words, Sir.

"Less is sometimes more, but usually less is just less."

Well, that was fun! ComboFix (CF) stopped and prompted me to turn off more stuff in Ad-Aware.

So I just wrote down the settings and unchecked and disabled everything. CF continued.

CF finished and did an auto reboot. I did not interfere, except to select "User Mary".

When the reboot finished, CF produced a pop-up log. As I have done with every tool so far,

I had prepared in advance a blank text file in which to place my personal copy of the report.

When I tried to open the empty .txt file, I got "Illegal operation attempted on a registry key

that has been marked for deletion." I tried to open Ad-Aware (to turn it back on). Same msg.

I tried to open Firefox (to Reply to you). Same msg. I did a manual reboot. CF log went away.

Ran CF again. Same problem. Printed out the CF log on paper.

Did another manual reboot but did not run CF. Things open OK (was worried I was going to have to

try a Windows boot to safe mode and a restore point. Pobably would not have worked, I have not

used Windows 7 before).

Went to this topic to cry to you and found that I could not type anything in the "Reply" box to

this topic! Opened a new topic to complain about this topic, but could not type anything into

the Reply box for the new topic! Eventually discovered that I had to right-click on the Reply

box and select "Refresh" or something like that. Why was I not warned, as new member, that I

might have to know how to do this?

So, I have the log for CF on paper. Should only take me about two hours to figure out how to scan

this on Mom's computer, put the scanned pages into a .txt file, and the paste the file into my

Reply to you. If I run CF again, I will get stuck again. If I manually reboot, the CF output

on notepad will disappear again.

Any suggestions?

Link to post
Share on other sites

When I tried to open the empty .txt file, I got "Illegal operation attempted on a registry key

that has been marked for deletion." I tried to open Ad-Aware (to turn it back on). Same msg.

I tried to open Firefox (to Reply to you). Same msg. I did a manual reboot. CF log went away.

Ran CF again. Same problem. Printed out the CF log on paper.

Did another manual reboot but did not run CF. Things open OK (was worried I was going to have to

try a Windows boot to safe mode and a restore point. Pobably would not have worked, I have not

used Windows 7 before).

It's right in my instructions to run ComboFix:

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed

.

------------------------

Just copy and paste the C:\ComboFix.txt into your post.

MrC

Link to post
Share on other sites

Oh, OK. Found it. Thank you, I did miss your warning to reboot. What I was referring to was why was I not warned about having to "refresh" the Reply box?

here is ComboFix output:

ComboFix 12-05-02.03 - Mary 05/02/2012 13:01:48.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2636 [GMT -7:00]

Running from: c:\users\Mary\Desktop\ComboFix.exe

AV: Ad-Aware Total Security *Disabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

FW: Ad-Aware Personal Firewall *Disabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}

SP: Ad-Aware Total Security *Disabled/Updated* {EFCD2318-A544-E9EB-4022-6820AEE79F52}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))

.

.

2012-05-02 20:09 . 2012-05-02 20:09 -------- d-----w- c:\users\Steve\AppData\Local\temp

2012-05-02 20:09 . 2012-05-02 20:09 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-02 20:09 . 2012-05-02 20:09 -------- d-----w- c:\users\Carol\AppData\Local\temp

2012-05-02 06:38 . 2012-05-02 06:38 116016 ----a-w- c:\windows\system32\drivers\21426115.sys

2012-05-02 06:26 . 2012-05-02 06:26 116016 ----a-w- c:\windows\system32\drivers\62644338.sys

2012-05-02 03:11 . 2012-05-02 03:11 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-05-02 03:02 . 2012-05-02 03:11 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-01 22:26 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{94AFD1D7-2FA2-4D24-8B83-30B594BDA168}\mpengine.dll

2012-05-01 20:17 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-01 17:44 . 2012-05-01 17:44 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-04-26 14:50 . 2012-04-26 14:50 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-04-26 14:50 . 2012-04-26 14:50 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-26 14:50 . 2012-04-26 14:50 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-04-16 10:22 . 2012-04-16 10:22 -------- d-----w- c:\users\Mary\AppData\Roaming\Malwarebytes

2012-04-16 10:22 . 2012-04-16 10:22 -------- d-----w- c:\programdata\Malwarebytes

2012-04-16 10:22 . 2012-05-01 20:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-16 10:22 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-14 23:58 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-14 23:58 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-14 23:58 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-14 23:58 . 2012-04-14 23:58 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2012-04-14 23:55 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-14 23:55 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-14 23:55 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-14 23:55 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-14 23:55 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-14 23:55 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-14 23:55 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-02 03:37 . 2011-10-13 20:08 106224 ----a-w- c:\windows\SysWow64\drivers\GRD.sys

2012-05-02 03:11 . 2011-10-12 18:00 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-21 03:44 . 2011-04-27 22:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 03:44 . 2011-04-18 20:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-02-26 18:17 . 2012-02-26 18:18 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0417F7A9-CE38-43E5-A3E9-CC79375849F0}\gapaengine.dll

2012-02-17 06:38 . 2012-03-17 00:29 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-17 00:29 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-17 00:29 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-17 00:29 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-10 06:36 . 2012-03-17 00:29 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-17 00:29 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-03 04:34 . 2012-03-17 00:29 3145728 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-02_19.42.39 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-21 03:09 . 2012-05-02 20:00 51908 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-05-02 20:00 48418 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-10-12 04:37 . 2012-05-02 20:00 12408 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-874174280-269866361-546167079-1000_UserData.bin

- 2012-05-02 19:41 . 2012-05-02 19:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-05-02 20:10 . 2012-05-02 20:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-05-02 19:41 . 2012-05-02 19:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-05-02 20:10 . 2012-05-02 20:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2012-05-02 19:40 317292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-05-02 20:09 317292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-12 14940040]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

"QuickGammaLoader"="c:\program files (x86)\QuickGamma\QuickGammaLoader.exe" [2005-03-28 68096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]

"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-09-22 2536760]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-23 5550984]

"G Data AntiVirus Tray Application"="c:\program files (x86)\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe" [2010-06-30 981504]

"GDFirewallTray"="c:\program files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe" [2010-06-30 1550576]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

c:\users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

Link to post
Share on other sites

Hello MrCharlie,

Many thanks for all your help. I have learned how to watch you service various people on this subforum.

You do the work of three people!

This will be my swan song. I have time to run one or two more programs for you and post the results.

Then I will have to return home and leave Mom's computer for about a month. I will read the forum but

will not be able to experiment on Mom's computer. So...

1. Tell me what you think of the ComboFix output.

2. Tell me what to run next and I will give you output before I go home.

3. Tell me your conclusions given all of the outputs taken together.

4. Later, read the short novel below and tell me later what you think of it (BestSeller? KeepTheDayJob?)

Something to Consider!

The detection of Trojan:Win32/Comisproc by Microsoft Security Essentials (MSE) may be a "false positive".

It is almost certainly "interference" between antiviruses. It may be "synergy" between AVs!

In my first post to this Forum, paragraph 5, I said:

"To help you understand better which version of comisproc [Mom] has, I will tell you what MSE says about it.

The trojan always hides in C:\Windows\Temp\_avast4_\ and has names like unp251129543.tmp".

This is according to the MSE History.

When I go to C:\Windows\Temp\_avast4_\ it is always empty. (OK I thought, so MSE has deleted it...)

If I delete the folder _avast4_ it comes back! What is creating and using the _avast4_ folder?

Avast is an antivirus I never installed. Under C:Program Files (x86)\Common Files\G Data\AVKScanP\

I find folders AdAware and Avast (containing a compressed folder of the Avast Engine).

I find processes running such as GDFirewallTray.exe (the G-Data Personal Firewall) and AVKTray.exe.

Holy Crap! A little research turns up that G-Data uses the Avast (and bitdefender) engines.

Ad-Aware Total Security (the version I have repeatedly mentioned that I use) is an OEM version of GDATA,

and uses the G-DATA engine! I am now pretty sure that Ad-Aware Total Security's "Personal Firewall" is not

Microsoft Firewall but is the G-Data Personal Firewall (hence the running process GDFirewallTray.exe).

Is G-Data Personal Firewall the same as Microsoft Firewall?

Well, Microsoft says not to use any other security tool with MSE. Mom bought her computer with Windows 7

pre-intalled. I did not even know what MSE was until it started reporting trojans. I installed Ad-Aware T. S.

because I use it on my XP computer at home and it finds more stuff than anything else I have tried.

So the question is: Is Ad-Aware finding a real Trojan:Win32/Comisproc, and putting it in the _avast4_ folder?

I believe this is the folder where Avast unpacks and scans files, so if Avast unpacks a file into that folder,

might it be discovered and deleted by MSE?

Or perhaps, is MSE seeing a "false positive" of something that the Ad-Aware real-time protection is putting

in the _avast4_ folder?

(When I command Ad-Aware to "scan the computer" it never finds any trojans. Ad-Aware real-time protection

comes on boot-up, but it scans only on command, no schedule. MSE scans on daily schedule.)

Should I un-install Ad-Aware and MSE and then re-install MSE (I am sure that is what Microsoft would say).

But is MSE capable of finding trojans without Ad-Aware's "help"? To answer this question read the next paragraph!

In #9, Posted 01 May 2012 - 07:26 PM, I say that MSE detected Trojan:JS/IframeRef on a website

whose name is similar to yours (www.malwarbytes.org). This is probably true, but the question remains:

did Ad-Adware (using the Avast engine) find it and then have it "stolen" from its scaning folder by MSE?

MSE reports the trojan found: C:\Windows\Temp\AvkHttp02EB1919.tmp (note, this one was in Temp not Temp\_avast4_)

I told MSE to exclude C:\Windows\Temp. Neither MSE nor Ad-Aware reported the trojan (Ad-Aware virus monitor set to

"query desired action", firewall: Auto, Normal Security). I removed the exclusion from MSE, and MSE again found it.

I disable Ad-Aware's "Web protection". Nobody finds the trojan. I re-enable Ad-Aware Web protection,

MSE finds the trojan! Synergy?

What do you make of that???

At the end of my post for DDS.attach you will see some entries for: "Error: Microsoft Antimalware [3002]".

This also sounds like a conflict between run-time protections. Ad-Aware and MSE? Solution?

Link to post
Share on other sites

Hello MrCharlie,

Many thanks all your help. I have learned how to watch you service various people on the subforum.

You do the work of 3 people!

This will be my swan song. I have time to run one or two more programs and post the results. Then I will have to return home

and leave Mom's computer for about a month. I will read the forum but will not be able to experiment. So...

1. Tell me what you think of the ComboFix output.

2. Tell me what to run next and I will give the output before I go home.

3. Tell me your conclusions given all of the outputs taken together.

4. Later, read the short novel below and tell me what you think (BestSeller? KeepTheDayJob?)

Something to Consider!

The detection of Trojan:Win32/Comisproc by Microsoft Security Essentials (MSE) may be a false positive.

It is almost certainly "interference" between antiviruses. It may be "synergy" between AVs!

In my first post to this Forum, paragraph 5, I said:

"To help you understand better which version of comisproc [Mom] has, I will tell you what MSE says about it.

The trojan always hides in C:\Windows\Temp\_avast4_\ and has names like unp251129543.tmp".

This is according to the MSE History.

When I go to C:\Windows\Temp\_avast4_\ it is always empty. (OK I thought, so MSE has deleted it...)

If I delete the folder _avast4_ it comes back! What is creating and using the _avast4_ folder?

Avast is an antivirus I never installed. Under C:Program Files (x86)\Common Files\G Data\AVKScanP\

I find folders AdAware and Avast (containing a compressed folder of the Avast Engine).

I find processes running such as GDFirewallTray.exe (the G-Data Personal Firewall) and AVKTray.exe.

Holy Crap! A little research turns up that G-Data uses the Avast (and bitdefender) engines.

Ad-Aware Total Security (the version I have repeatedly mentioned that I use) is an OEM version of GDATA,

and uses the G-DATA engine! I am now pretty sure that Ad-Aware Total Security's "Personal Firewall" is not

Microsoft Firewall but is the G-Data Personal Firewall (hence the running process GDFirewallTray.exe).

Is G-Data Personal Firewall the same as Microsoft Firewall?

Well, Microsoft says not to use any other security tool with MSE. Mom bought her computer with Windows 7

pre-intalled. I did not even know what MSE was until it started reporting trojans. I installed Ad-Aware T. S.

because I use it on my XP computer at home and it finds more stuff than anything else I have tried.

So the question is: Is Ad-Aware finding a real Trojan:Win32/Comisproc, and putting it in the _avast4_ folder?

I believe this is the folder where Avast unpacks and scans files, so if Avast unpacks a file into that folder,

might it be discovered and deleted by MSE?

Or perhaps, is MSE seeing a "false positive" of something that the Ad-Aware real-time protection is putting

in the _avast4_ folder?

(When I command Ad-Aware to "scan the computer" it never finds any trojans. Ad-Aware real-time protection

comes on boot-up, but it scans only on command, no schedule. MSE scans on daily schedule.)

Should I un-install Ad-Aware and MSE and then re-install MSE (I am sure that is what Microsoft would say).

But is MSE capable of finding trojans without Ad-Aware's "help"? To answer this question read the next paragraph!

In #9, Posted 01 May 2012 - 07:26 PM, I say that MSE detected Trojan:JS/IframeRef on a website

whose name is similar to yours (www.malwarbytes.org). This is probably true, but the question remains:

did Ad-Adware (using the Avast engine) find it and then have it "stolen" from its scaning folder by MSE?

MSE reports the trojan found: C:\Windows\Temp\AvkHttp02EB1919.tmp (note, this one was in Temp not Temp\_avast4_)

I told MSE to exclude C:\Windows\Temp. Neither MSE nor Ad-Aware reported the trojan (Ad-Aware virus monitor set to

"query desired action", firewall: Auto, Normal Security). I removed the exclusion from MSE, and MSE again found the trojan.

I disable Ad-Aware's "Web protection". Nobody finds the trojan. I re-enable Ad-Aware Web protection,

MSE finds the trojan! Synergy?

What do you make of that???

At the end of my post for DDS.attach you will see some entries for: "Error: Microsoft Antimalware [3002]".

This also sounds like a conflict between run-time protections. Ad-Aware and MSE? Solution?

Link to post
Share on other sites

ComboFix 12-05-03.02 - Mary 05/03/2012 12:43:42.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.3127 [GMT -7:00]

Running from: c:\users\Mary\Desktop\ComboFix.exe

AV: Ad-Aware Total Security *Disabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

FW: Ad-Aware Personal Firewall *Disabled* {6C9743D9-C911-E73D-51CD-FA672BB39294}

SP: Ad-Aware Total Security *Disabled/Updated* {EFCD2318-A544-E9EB-4022-6820AEE79F52}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-04-03 to 2012-05-03 )))))))))))))))))))))))))))))))

.

.

2012-05-03 19:52 . 2012-05-03 19:52 -------- d-----w- c:\users\Steve\AppData\Local\temp

2012-05-03 19:52 . 2012-05-03 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-03 19:52 . 2012-05-03 19:52 -------- d-----w- c:\users\Carol\AppData\Local\temp

2012-05-03 14:54 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6D5769D-5EA5-4893-9BA6-D31C53F71099}\mpengine.dll

2012-05-03 00:13 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-02 06:38 . 2012-05-02 06:38 116016 ----a-w- c:\windows\system32\drivers\21426115.sys

2012-05-02 06:26 . 2012-05-02 06:26 116016 ----a-w- c:\windows\system32\drivers\62644338.sys

2012-05-02 03:11 . 2012-05-02 03:11 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-05-02 03:02 . 2012-05-02 03:11 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-01 17:44 . 2012-05-01 17:44 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-04-26 14:50 . 2012-04-26 14:50 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-04-26 14:50 . 2012-04-26 14:50 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-26 14:50 . 2012-04-26 14:50 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-04-16 10:22 . 2012-04-16 10:22 -------- d-----w- c:\users\Mary\AppData\Roaming\Malwarebytes

2012-04-16 10:22 . 2012-04-16 10:22 -------- d-----w- c:\programdata\Malwarebytes

2012-04-16 10:22 . 2012-05-01 20:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-16 10:22 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-14 23:58 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-14 23:58 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-14 23:58 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-14 23:58 . 2012-04-14 23:58 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2012-04-14 23:55 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-14 23:55 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-14 23:55 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-14 23:55 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-14 23:55 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-14 23:55 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-14 23:55 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-03 14:07 . 2011-10-13 20:08 106224 ----a-w- c:\windows\SysWow64\drivers\GRD.sys

2012-05-02 03:11 . 2011-10-12 18:00 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-21 03:44 . 2011-04-27 22:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 03:44 . 2011-04-18 20:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-02-26 18:17 . 2012-02-26 18:18 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0417F7A9-CE38-43E5-A3E9-CC79375849F0}\gapaengine.dll

2012-02-17 06:38 . 2012-03-17 00:29 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-17 00:29 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-17 00:29 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-17 00:29 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-14 19:09 . 2012-02-14 19:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-10 06:36 . 2012-03-17 00:29 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-17 00:29 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-02_19.42.39 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2012-05-03 19:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-05-02 19:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-05-02 19:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-03 19:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-02 19:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-03 19:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-21 03:09 . 2012-05-03 19:54 52898 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-05-03 19:54 48610 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-10-12 04:37 . 2012-05-03 19:54 12680 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-874174280-269866361-546167079-1000_UserData.bin

- 2011-06-13 00:18 . 2012-05-02 04:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-06-13 00:18 . 2012-05-03 14:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-04-23 20:49 . 2012-05-02 04:50 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2012-04-23 20:49 . 2012-05-03 14:00 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-03 14:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-02 04:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2012-05-03 05:28 95984 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2012-05-02 19:41 . 2012-05-02 19:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-05-03 19:52 . 2012-05-03 19:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-05-03 19:52 . 2012-05-03 19:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-05-02 19:41 . 2012-05-02 19:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-10-12 16:20 . 2012-05-03 19:03 243370 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

+ 2009-07-14 05:01 . 2012-05-03 19:52 317292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-05-02 19:40 317292 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-10-12 18:07 . 2012-05-03 19:52 7070696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-874174280-269866361-546167079-1000-12288.dat

+ 2011-10-12 07:53 . 2012-05-03 00:01 13616928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-874174280-269866361-546167079-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-12 14940040]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

"QuickGammaLoader"="c:\program files (x86)\QuickGamma\QuickGammaLoader.exe" [2005-03-28 68096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]

"SAOB Monitor"="c:\program files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-09-22 2536760]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-09-23 5550984]

"G Data AntiVirus Tray Application"="c:\program files (x86)\Lavasoft\Ad-Aware Total Security\AVKTray\AVKTray.exe" [2010-06-30 981504]

"GDFirewallTray"="c:\program files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFirewallTray.exe" [2010-06-30 1550576]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

c:\users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 253088]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 GDBackupSvc;Ad-Aware Backup Service;c:\program files (x86)\Lavasoft\Ad-Aware Total Security\AVKBackup\AVKBackupService.exe [2010-06-30 911976]

R3 GDTunerSvc;Ad-Aware Tuner Service;c:\program files (x86)\Lavasoft\Ad-Aware Total Security\AVKTuner\AVKTunerService.exe [2010-06-30 1234896]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [x]

S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]

S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [x]

S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [x]

S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-10-13 3246040]

S2 AVKProxy;Ad-Aware Total Security Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-06-30 1081384]

S2 AVKService;Ad-Aware Scheduler;c:\program files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKService.exe [2010-06-30 412944]

S2 AVKWCtl;Ad-Aware Filesystem Monitor;c:\program files (x86)\Lavasoft\Ad-Aware Total Security\AVK\AVKWCtlX64.exe [2010-06-23 2170224]

S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [2010-01-08 23584]

S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 290832]

S2 Live Updater Service;Live Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2011-01-31 244624]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]

S3 GDFwSvc;Ad-Aware Personal Firewall;c:\program files (x86)\Lavasoft\Ad-Aware Total Security\Firewall\GDFwSvcx64.exe [2010-06-15 1954472]

S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x]

S3 GDScan;Ad-Aware Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2010-06-30 624064]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 03:11]

.

2012-05-03 c:\windows\Tasks\HP Photo Creations Communicator.job

- c:\programdata\HP Photo Creations\MessageCheck.exe [2012-03-12 04:03]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-09-23 394832]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://emachines.msn.com

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://emachines.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\2xs1mble.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

.

**************************************************************************

.

Completion time: 2012-05-03 12:57:25 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-03 19:57

ComboFix2.txt 2012-05-02 20:14

ComboFix3.txt 2012-05-02 19:47

.

Pre-Run: 936,762,818,560 bytes free

Post-Run: 936,450,097,152 bytes free

.

- - End Of File - - 91E8F3365FDAEABA95D493EF447B9B20

Hope that is right. Sorry for the delay. I have no idea how a PM is supposed to signal me. I am registered on this forum by

my home email which is somehow inaccessible. I saw no postings after my first download of ComboFix. I looked at the forum

repeatedly after restarting my computer, etc. I had great difficulty typing anything in the reply box. I had to "reload" the box repeatedly. Finally, I saw a message about ComboFix output being incomplete. It flashed by. then I could not see it anymore.

Still cannot see it. Hope this clears up. What do you suggest?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.