[gringo_pr]

Hello

There are some minor things in your online scan that should be removed.


delete files

• Copy all text in the quote box (below)...to Notepad.
  

  @echo off
  del /f /s /q "C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll"
  del /f /s /q "C:\Program Files (x86)\Coupon Companion\Uninstall.exe"
  del %0

• Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
  It should look like this: <--XP<--vista
• Double click on delfile.bat to execute it.
  A black CMD window will flash, then disappear...this is normal.
• The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

• To re-enable your Emulation drivers, double click DeFogger to run the tool.
  
• The application window will appear
• Click the Re-enable button to re-enable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK.

Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

• turn off all active protection software
• push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
• please copy and past the following into the box ComboFix /Uninstall and click OK.
• Note the space between the X and the /Uninstall, it needs to be there.
• 

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

• Double-click OTCleanIt.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.
• If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

• Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  
• WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  
• Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
  totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)
  
  
  Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Gringo

[Advertisements]

Thank you very much for all the help, it is greatly appreciated.

[GoTexansGo]

Thank you very much for all the help, it is greatly appreciated.

[gringo_pr]

you are more than welcome



gringo

[GoTexansGo]

ok so kids got on here while I was at work and now the problem is back again....same thing as before..

[gringo_pr]

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

• Please download AdwCleaner by Xplode onto your desktop.
  
• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

• Download & SAVE to your Desktop RogueKiller or from here
  
• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select "Run as Administrator to start"
• For Windows XP, double-click to start.
• Wait until Prescan has finished ...
• Then Click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• click on "delete"
• Wait until the Status box shows "Deleting Finished"
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
• Exit/Close RogueKiller+

Gringo

[GoTexansGo]

# AdwCleaner v2.011 - Logfile created 12/08/2012 at 17:02:59
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tim - TIM-PC
# Boot Mode : Normal
# Running from : C:\Users\Tim\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default [Profil par défaut]
File : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\t1nf6cgh.default\prefs.js

Deleted : user_pref("extensions.crossriderapp19866.19866.InstallationTime", 1354851279);
Deleted : user_pref("extensions.crossriderapp19866.19866.active", true);
Deleted : user_pref("extensions.crossriderapp19866.19866.addressbar", "");
Deleted : user_pref("extensions.crossriderapp19866.19866.addressbarenhanced", "");
Deleted : user_pref("extensions.crossriderapp19866.19866.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.backgroundver", 3);
Deleted : user_pref("extensions.crossriderapp19866.19866.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp19866.19866.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp19866.19866.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie.InstallationTime.value", "1354851279");
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_aoi.value", "1354851279");
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_blocklist.expiration", "Sat Dec 08 2012 1[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_blocklist.value", "%22nonexistantdomain.c[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_country_code.expiration", "Thu Dec 13 201[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_crr.value", "1354988947");
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_installer_params.value", "%7B%22source_id[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_parent_zoneid.value", "%22106778%22");
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_pc_20120828.value", "1354851509510");
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_product_id.value", "%221341%22");
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_zoneid.value", "%22116089%22");
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp19866.19866.cookie.dbtest.value", "1354851302270");
Deleted : user_pref("extensions.crossriderapp19866.19866.description", "Deal Vault");
Deleted : user_pref("extensions.crossriderapp19866.19866.domain", "");
Deleted : user_pref("extensions.crossriderapp19866.19866.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp19866.19866.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp19866.19866.group", 0);
Deleted : user_pref("extensions.crossriderapp19866.19866.homepage", "");
Deleted : user_pref("extensions.crossriderapp19866.19866.iframe", false);
Deleted : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_appVer.value", "6");
Deleted : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_lastVersion.value", "2");
Deleted : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_nextCheck.expiration", "Sat Dec [...]
Deleted : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp19866.19866.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp19866.19866.name", "Deal Vault");
Deleted : user_pref("extensions.crossriderapp19866.19866.newtab", "");
Deleted : user_pref("extensions.crossriderapp19866.19866.opensearch", "");
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1000014.ver", 7);
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},r[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1000015.ver", 4);
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_15.code", "(function(f){var u={};var e[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_16.ver", 4);
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins_lists.plugins_0", "17,14,16,47,1000015");
Deleted : user_pref("extensions.crossriderapp19866.19866.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,1[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
Deleted : user_pref("extensions.crossriderapp19866.19866.pluginsversion", 3);
Deleted : user_pref("extensions.crossriderapp19866.19866.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp19866.19866.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp19866.19866.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp19866.19866.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp19866.19866.thankyou", "");
Deleted : user_pref("extensions.crossriderapp19866.19866.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp19866.19866.ver", 6);
Deleted : user_pref("extensions.crossriderapp19866.apps", "19866");
Deleted : user_pref("extensions.crossriderapp19866.bic", "13b59ba20bc929273cb556275ab8c5d6");
Deleted : user_pref("extensions.crossriderapp19866.cid", 19866);
Deleted : user_pref("extensions.crossriderapp19866.firstrun", false);
Deleted : user_pref("extensions.crossriderapp19866.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp19866.installationdate", 1354851279);
Deleted : user_pref("extensions.crossriderapp19866.lastcheck", 22582967);
Deleted : user_pref("extensions.crossriderapp19866.lastcheckitem", 22583154);
Deleted : user_pref("extensions.crossriderapp19866.modetype", "production");
Deleted : user_pref("extensions.crossriderapp19866.reportInstall", true);

Profile name : Tim
File : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l7sj3uuk.Tim\prefs.js

[OK] File is clean.

-\\ Opera v [Unable to get version]

File : C:\Users\Tim\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [14673 octets] - [03/12/2012 16:00:10]
AdwCleaner[S3].txt - [15810 octets] - [06/12/2012 22:32:20]
AdwCleaner[S4].txt - [12257 octets] - [08/12/2012 17:02:59]

########## EOF - C:\AdwCleaner[S4].txt - [12318 octets] ##########



RogueKiller V8.3.2 [Dec 7 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tim [Admin rights]
Mode : Remove -- Date : 12/08/2012 17:07:23

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST332041 8AS SCSI Disk Device +++++
--- User ---
[MBR] 6b11e2e5d27d768beb761608fb8adcdb
[BSP] 97308fc8d0b08878c88c55ba7c434aac : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 290807 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_12082012_02d1707.txt >>
RKreport[1]_S_12082012_02d1706.txt ; RKreport[2]_D_12082012_02d1707.txt

[gringo_pr]

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

[GoTexansGo]

ComboFix 12-12-07.01 - Tim 12/08/2012 20:16:23.4.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.895 [GMT -5:00]
Running from: c:\users\Tim\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-09 to 2012-12-09 )))))))))))))))))))))))))))))))
.
.
2012-12-09 01:23 . 2012-12-09 01:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-08 03:46 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C610D92-AF74-497A-85FB-3B51F9C7D90C}\mpengine.dll
2012-12-07 01:24 . 2012-12-07 01:44 -------- d-----w- c:\program files (x86)\FrostWire 5
2012-12-06 22:08 . 2012-12-06 22:08 -------- d-----w- c:\users\Tim\AppData\Roaming\WinPatrol
2012-12-06 22:07 . 2012-12-06 22:07 -------- d-----w- c:\program files (x86)\BillP Studios
2012-12-06 21:55 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-06 01:11 . 2012-12-06 01:11 -------- d-----w- c:\program files\CCleaner
2012-12-06 01:09 . 2012-12-06 01:09 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-06 01:08 . 2012-12-06 01:08 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-06 01:08 . 2012-12-06 01:08 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-06 01:08 . 2012-12-06 01:08 -------- d-----w- c:\programdata\McAfee
2012-12-06 00:52 . 2012-12-06 00:52 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-12-02 03:43 . 2012-12-02 03:48 -------- d-----w- c:\users\Tim\AppData\Local\DriverHound
2012-11-28 08:49 . 2012-11-28 08:49 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A32C1FA8-5DE1-4596-8918-8B4C8641A3F6}\gapaengine.dll
2012-11-16 08:14 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 08:14 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 08:14 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-16 08:14 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 08:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 08:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 08:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 08:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 08:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 08:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-16 08:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-06 01:08 . 2010-05-09 16:22 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-16 22:40 . 2012-04-14 01:13 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-16 22:40 . 2011-12-31 01:20 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-16 08:02 . 2009-12-31 17:05 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-11-28 06:19 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 06:19 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 06:19 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-03 08:12 . 2012-02-10 07:45 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-30 00:54 . 2009-12-31 23:14 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 19:19 . 2012-10-10 09:46 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 09:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2012-09-20 363752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-14 1255736]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 22:40]
.
2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-06 22:58]
.
2012-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-06 22:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2012-09-20 363752]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cbssports.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331g&r=173612093103p0334v1k5r4821s23n
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1331g&r=173612093103p0334v1k5r4821s23n
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: cbssports.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\t1nf6cgh.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.cbssports.com/
FF - ExtSQL: 2012-12-06 20:22; [email protected]; c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\t1nf6cgh.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-DHAgent - c:\program files (x86)\DriverHound\DHAgent.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2817996265-3878658517-3989995371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2817996265-3878658517-3989995371-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-08 20:26:46
ComboFix-quarantined-files.txt 2012-12-09 01:26
.
Pre-Run: 60,649,930,752 bytes free
Post-Run: 60,365,852,672 bytes free
.
- - End Of File - - 5AE5B681E83533CFD5EFB474366E9DA9

[gringo_pr]

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
• it will ask to download extra definitions - ALLOW IT
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

[GoTexansGo]

01:48:56.0086 3852 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
01:48:56.0536 3852 ============================================================
01:48:56.0536 3852 Current date / time: 2012/12/09 01:48:56.0536
01:48:56.0536 3852 SystemInfo:
01:48:56.0536 3852
01:48:56.0536 3852 OS Version: 6.1.7601 ServicePack: 1.0
01:48:56.0536 3852 Product type: Workstation
01:48:56.0536 3852 ComputerName: TIM-PC
01:48:56.0536 3852 UserName: Tim
01:48:56.0536 3852 Windows directory: C:\Windows
01:48:56.0536 3852 System windows directory: C:\Windows
01:48:56.0536 3852 Running under WOW64
01:48:56.0536 3852 Processor architecture: Intel x64
01:48:56.0536 3852 Number of processors: 1
01:48:56.0536 3852 Page size: 0x1000
01:48:56.0536 3852 Boot type: Normal boot
01:48:56.0536 3852 ============================================================
01:48:57.0456 3852 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:48:57.0476 3852 ============================================================
01:48:57.0476 3852 \Device\Harddisk0\DR0:
01:48:57.0476 3852 MBR partitions:
01:48:57.0476 3852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
01:48:57.0476 3852 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x237FBAB0
01:48:57.0476 3852 ============================================================
01:48:57.0496 3852 C: <-> \Device\Harddisk0\DR0\Partition2
01:48:57.0496 3852 ============================================================
01:48:57.0496 3852 Initialize success
01:48:57.0496 3852 ============================================================
01:49:06.0799 2508 ============================================================
01:49:06.0799 2508 Scan started
01:49:06.0799 2508 Mode: Manual;
01:49:06.0799 2508 ============================================================
01:49:07.0532 2508 ================ Scan system memory ========================
01:49:07.0532 2508 System memory - ok
01:49:07.0548 2508 ================ Scan services =============================
01:49:07.0688 2508 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:49:07.0688 2508 1394ohci - ok
01:49:07.0751 2508 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:49:07.0751 2508 ACPI - ok
01:49:07.0797 2508 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:49:07.0797 2508 AcpiPmi - ok
01:49:07.0891 2508 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:49:07.0891 2508 AdobeARMservice - ok
01:49:07.0985 2508 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:49:07.0985 2508 AdobeFlashPlayerUpdateSvc - ok
01:49:08.0047 2508 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
01:49:08.0047 2508 adp94xx - ok
01:49:08.0078 2508 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
01:49:08.0078 2508 adpahci - ok
01:49:08.0094 2508 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
01:49:08.0109 2508 adpu320 - ok
01:49:08.0141 2508 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:49:08.0141 2508 AeLookupSvc - ok
01:49:08.0203 2508 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
01:49:08.0219 2508 AFD - ok
01:49:08.0265 2508 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:49:08.0265 2508 agp440 - ok
01:49:08.0297 2508 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
01:49:08.0297 2508 ALG - ok
01:49:08.0312 2508 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
01:49:08.0312 2508 aliide - ok
01:49:08.0343 2508 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
01:49:08.0343 2508 amdide - ok
01:49:08.0359 2508 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
01:49:08.0359 2508 AmdK8 - ok
01:49:08.0390 2508 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
01:49:08.0390 2508 AmdPPM - ok
01:49:08.0437 2508 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
01:49:08.0437 2508 amdsata - ok
01:49:08.0468 2508 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
01:49:08.0468 2508 amdsbs - ok
01:49:08.0499 2508 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:49:08.0499 2508 amdxata - ok
01:49:08.0546 2508 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
01:49:08.0546 2508 AppID - ok
01:49:08.0609 2508 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:49:08.0609 2508 AppIDSvc - ok
01:49:08.0671 2508 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
01:49:08.0671 2508 Appinfo - ok
01:49:08.0718 2508 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
01:49:08.0718 2508 arc - ok
01:49:08.0733 2508 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
01:49:08.0733 2508 arcsas - ok
01:49:08.0796 2508 aspnet_state - ok
01:49:08.0843 2508 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:49:08.0843 2508 AsyncMac - ok
01:49:08.0905 2508 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
01:49:08.0905 2508 atapi - ok
01:49:08.0983 2508 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:49:09.0014 2508 AudioEndpointBuilder - ok
01:49:09.0061 2508 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:49:09.0061 2508 AudioSrv - ok
01:49:09.0123 2508 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:49:09.0123 2508 AxInstSV - ok
01:49:09.0170 2508 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
01:49:09.0186 2508 b06bdrv - ok
01:49:09.0217 2508 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:49:09.0233 2508 b57nd60a - ok
01:49:09.0279 2508 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
01:49:09.0279 2508 BDESVC - ok
01:49:09.0295 2508 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
01:49:09.0295 2508 Beep - ok
01:49:09.0357 2508 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
01:49:09.0357 2508 BFE - ok
01:49:09.0420 2508 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
01:49:09.0451 2508 BITS - ok
01:49:09.0482 2508 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
01:49:09.0482 2508 blbdrive - ok
01:49:09.0638 2508 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:49:09.0638 2508 bowser - ok
01:49:09.0685 2508 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:49:09.0685 2508 BrFiltLo - ok
01:49:09.0701 2508 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:49:09.0716 2508 BrFiltUp - ok
01:49:09.0732 2508 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
01:49:09.0732 2508 BridgeMP - ok
01:49:09.0763 2508 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
01:49:09.0779 2508 Browser - ok
01:49:09.0810 2508 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:49:09.0810 2508 Brserid - ok
01:49:09.0841 2508 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:49:09.0841 2508 BrSerWdm - ok
01:49:09.0857 2508 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:49:09.0857 2508 BrUsbMdm - ok
01:49:09.0872 2508 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:49:09.0872 2508 BrUsbSer - ok
01:49:09.0888 2508 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
01:49:09.0903 2508 BTHMODEM - ok
01:49:09.0950 2508 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
01:49:09.0950 2508 bthserv - ok
01:49:09.0966 2508 catchme - ok
01:49:09.0997 2508 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:49:09.0997 2508 cdfs - ok
01:49:10.0044 2508 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
01:49:10.0059 2508 cdrom - ok
01:49:10.0137 2508 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
01:49:10.0153 2508 CertPropSvc - ok
01:49:10.0200 2508 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
01:49:10.0200 2508 circlass - ok
01:49:10.0215 2508 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
01:49:10.0231 2508 CLFS - ok
01:49:10.0262 2508 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:49:10.0262 2508 clr_optimization_v2.0.50727_32 - ok
01:49:10.0325 2508 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:49:10.0325 2508 clr_optimization_v2.0.50727_64 - ok
01:49:10.0403 2508 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:49:10.0403 2508 clr_optimization_v4.0.30319_32 - ok
01:49:10.0434 2508 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:49:10.0434 2508 clr_optimization_v4.0.30319_64 - ok
01:49:10.0465 2508 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:49:10.0465 2508 CmBatt - ok
01:49:10.0481 2508 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:49:10.0481 2508 cmdide - ok
01:49:10.0527 2508 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
01:49:10.0543 2508 CNG - ok
01:49:10.0574 2508 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
01:49:10.0574 2508 Compbatt - ok
01:49:10.0621 2508 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
01:49:10.0621 2508 CompositeBus - ok
01:49:10.0652 2508 COMSysApp - ok
01:49:10.0668 2508 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
01:49:10.0668 2508 crcdisk - ok
01:49:10.0730 2508 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:49:10.0730 2508 CryptSvc - ok
01:49:10.0793 2508 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:49:10.0793 2508 DcomLaunch - ok
01:49:10.0839 2508 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
01:49:10.0839 2508 defragsvc - ok
01:49:10.0886 2508 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:49:10.0886 2508 DfsC - ok
01:49:10.0949 2508 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
01:49:10.0964 2508 Dhcp - ok
01:49:10.0995 2508 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
01:49:10.0995 2508 discache - ok
01:49:11.0042 2508 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
01:49:11.0042 2508 Disk - ok
01:49:11.0089 2508 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:49:11.0105 2508 Dnscache - ok
01:49:11.0151 2508 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:49:11.0151 2508 dot3svc - ok
01:49:11.0229 2508 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
01:49:11.0229 2508 Dot4 - ok
01:49:11.0245 2508 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
01:49:11.0245 2508 Dot4Print - ok
01:49:11.0276 2508 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
01:49:11.0276 2508 dot4usb - ok
01:49:11.0307 2508 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
01:49:11.0307 2508 DPS - ok
01:49:11.0354 2508 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:49:11.0354 2508 drmkaud - ok
01:49:11.0417 2508 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:49:11.0432 2508 DXGKrnl - ok
01:49:11.0463 2508 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
01:49:11.0463 2508 EapHost - ok
01:49:11.0588 2508 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
01:49:11.0651 2508 ebdrv - ok
01:49:11.0697 2508 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
01:49:11.0697 2508 EFS - ok
01:49:11.0760 2508 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:49:11.0760 2508 ehRecvr - ok
01:49:11.0807 2508 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
01:49:11.0807 2508 ehSched - ok
01:49:11.0838 2508 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
01:49:11.0838 2508 elxstor - ok
01:49:11.0885 2508 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:49:11.0900 2508 ErrDev - ok
01:49:11.0947 2508 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
01:49:11.0963 2508 EventSystem - ok
01:49:11.0994 2508 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
01:49:11.0994 2508 exfat - ok
01:49:12.0025 2508 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:49:12.0025 2508 fastfat - ok
01:49:12.0087 2508 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
01:49:12.0087 2508 Fax - ok
01:49:12.0119 2508 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:49:12.0119 2508 fdc - ok
01:49:12.0150 2508 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
01:49:12.0150 2508 fdPHost - ok
01:49:12.0165 2508 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
01:49:12.0181 2508 FDResPub - ok
01:49:12.0197 2508 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:49:12.0197 2508 FileInfo - ok
01:49:12.0228 2508 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:49:12.0228 2508 Filetrace - ok
01:49:12.0243 2508 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:49:12.0243 2508 flpydisk - ok
01:49:12.0275 2508 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:49:12.0290 2508 FltMgr - ok
01:49:12.0353 2508 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
01:49:12.0368 2508 FontCache - ok
01:49:12.0431 2508 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:49:12.0431 2508 FontCache3.0.0.0 - ok
01:49:12.0524 2508 [ A9FF65EA14E4CABFCC1BB8ECE111A249 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
01:49:12.0540 2508 ForceWare Intelligent Application Manager (IAM) - ok
01:49:12.0587 2508 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:49:12.0602 2508 FsDepends - ok
01:49:12.0633 2508 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:49:12.0649 2508 Fs_Rec - ok
01:49:12.0711 2508 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:49:12.0711 2508 fvevol - ok
01:49:12.0743 2508 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
01:49:12.0743 2508 gagp30kx - ok
01:49:12.0821 2508 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe
01:49:12.0821 2508 GameConsoleService - ok
01:49:12.0883 2508 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
01:49:12.0883 2508 gpsvc - ok
01:49:12.0977 2508 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
01:49:12.0992 2508 Greg_Service - ok
01:49:13.0070 2508 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:49:13.0070 2508 gupdate - ok
01:49:13.0117 2508 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:49:13.0117 2508 gupdatem - ok
01:49:13.0179 2508 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:49:13.0179 2508 hcw85cir - ok
01:49:13.0242 2508 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:49:13.0242 2508 HdAudAddService - ok
01:49:13.0273 2508 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
01:49:13.0289 2508 HDAudBus - ok
01:49:13.0304 2508 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
01:49:13.0304 2508 HidBatt - ok
01:49:13.0335 2508 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
01:49:13.0335 2508 HidBth - ok
01:49:13.0351 2508 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
01:49:13.0351 2508 HidIr - ok
01:49:13.0398 2508 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
01:49:13.0398 2508 hidserv - ok
01:49:13.0429 2508 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:49:13.0429 2508 HidUsb - ok
01:49:13.0476 2508 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:49:13.0476 2508 hkmsvc - ok
01:49:13.0523 2508 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:49:13.0523 2508 HomeGroupListener - ok
01:49:13.0569 2508 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:49:13.0585 2508 HomeGroupProvider - ok
01:49:13.0601 2508 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:49:13.0616 2508 HpSAMD - ok
01:49:13.0694 2508 [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
01:49:13.0725 2508 HPSLPSVC - ok
01:49:13.0819 2508 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:49:13.0835 2508 HTTP - ok
01:49:13.0850 2508 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:49:13.0850 2508 hwpolicy - ok
01:49:13.0881 2508 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
01:49:13.0881 2508 i8042prt - ok
01:49:13.0913 2508 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:49:13.0928 2508 iaStorV - ok
01:49:13.0975 2508 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:49:13.0975 2508 idsvc - ok
01:49:14.0006 2508 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
01:49:14.0022 2508 iirsp - ok
01:49:14.0069 2508 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
01:49:14.0084 2508 IKEEXT - ok
01:49:14.0162 2508 [ BC64B75E8E0A0B8982AB773483164E72 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:49:14.0193 2508 IntcAzAudAddService - ok
01:49:14.0256 2508 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
01:49:14.0256 2508 intelide - ok
01:49:14.0318 2508 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:49:14.0318 2508 intelppm - ok
01:49:14.0365 2508 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:49:14.0381 2508 IPBusEnum - ok
01:49:14.0412 2508 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:49:14.0427 2508 IpFilterDriver - ok
01:49:14.0474 2508 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:49:14.0474 2508 iphlpsvc - ok
01:49:14.0521 2508 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:49:14.0521 2508 IPMIDRV - ok
01:49:14.0552 2508 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:49:14.0552 2508 IPNAT - ok
01:49:14.0583 2508 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:49:14.0583 2508 IRENUM - ok
01:49:14.0615 2508 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:49:14.0615 2508 isapnp - ok
01:49:14.0646 2508 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:49:14.0646 2508 iScsiPrt - ok
01:49:14.0677 2508 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
01:49:14.0677 2508 kbdclass - ok
01:49:14.0724 2508 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
01:49:14.0724 2508 kbdhid - ok
01:49:14.0739 2508 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
01:49:14.0755 2508 KeyIso - ok
01:49:14.0786 2508 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:49:14.0802 2508 KSecDD - ok
01:49:14.0880 2508 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:49:14.0880 2508 KSecPkg - ok
01:49:14.0911 2508 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:49:14.0911 2508 ksthunk - ok
01:49:14.0958 2508 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
01:49:14.0973 2508 KtmRm - ok
01:49:15.0036 2508 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
01:49:15.0036 2508 LanmanServer - ok
01:49:15.0083 2508 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:49:15.0083 2508 LanmanWorkstation - ok
01:49:15.0129 2508 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:49:15.0129 2508 lltdio - ok
01:49:15.0161 2508 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:49:15.0161 2508 lltdsvc - ok
01:49:15.0192 2508 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:49:15.0192 2508 lmhosts - ok
01:49:15.0254 2508 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
01:49:15.0254 2508 LSI_FC - ok
01:49:15.0285 2508 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
01:49:15.0285 2508 LSI_SAS - ok
01:49:15.0317 2508 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:49:15.0317 2508 LSI_SAS2 - ok
01:49:15.0332 2508 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:49:15.0332 2508 LSI_SCSI - ok
01:49:15.0379 2508 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
01:49:15.0379 2508 luafv - ok
01:49:15.0426 2508 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:49:15.0426 2508 Mcx2Svc - ok
01:49:15.0457 2508 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
01:49:15.0457 2508 megasas - ok
01:49:15.0473 2508 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
01:49:15.0473 2508 MegaSR - ok
01:49:15.0504 2508 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
01:49:15.0504 2508 MMCSS - ok
01:49:15.0519 2508 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
01:49:15.0519 2508 Modem - ok
01:49:15.0551 2508 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:49:15.0551 2508 monitor - ok
01:49:15.0582 2508 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:49:15.0582 2508 mouclass - ok
01:49:15.0613 2508 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:49:15.0613 2508 mouhid - ok
01:49:15.0660 2508 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:49:15.0660 2508 mountmgr - ok
01:49:15.0722 2508 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:49:15.0722 2508 MozillaMaintenance - ok
01:49:15.0800 2508 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
01:49:15.0800 2508 MpFilter - ok
01:49:15.0816 2508 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
01:49:15.0831 2508 mpio - ok
01:49:15.0847 2508 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:49:15.0847 2508 mpsdrv - ok
01:49:15.0925 2508 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
01:49:15.0972 2508 MpsSvc - ok
01:49:16.0019 2508 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:49:16.0029 2508 MRxDAV - ok
01:49:16.0069 2508 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:49:16.0079 2508 mrxsmb - ok
01:49:16.0099 2508 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:49:16.0109 2508 mrxsmb10 - ok
01:49:16.0129 2508 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:49:16.0139 2508 mrxsmb20 - ok
01:49:16.0159 2508 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
01:49:16.0159 2508 msahci - ok
01:49:16.0209 2508 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:49:16.0209 2508 msdsm - ok
01:49:16.0249 2508 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
01:49:16.0259 2508 MSDTC - ok
01:49:16.0309 2508 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:49:16.0309 2508 Msfs - ok
01:49:16.0329 2508 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:49:16.0339 2508 mshidkmdf - ok
01:49:16.0349 2508 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:49:16.0349 2508 msisadrv - ok
01:49:16.0389 2508 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:49:16.0389 2508 MSiSCSI - ok
01:49:16.0409 2508 msiserver - ok
01:49:16.0439 2508 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:49:16.0439 2508 MSKSSRV - ok
01:49:16.0519 2508 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
01:49:16.0519 2508 MsMpSvc - ok
01:49:16.0539 2508 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:49:16.0539 2508 MSPCLOCK - ok
01:49:16.0559 2508 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:49:16.0569 2508 MSPQM - ok
01:49:16.0609 2508 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:49:16.0619 2508 MsRPC - ok
01:49:16.0669 2508 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
01:49:16.0669 2508 mssmbios - ok
01:49:16.0689 2508 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:49:16.0689 2508 MSTEE - ok
01:49:16.0709 2508 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
01:49:16.0719 2508 MTConfig - ok
01:49:16.0759 2508 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
01:49:16.0759 2508 Mup - ok
01:49:16.0809 2508 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
01:49:16.0819 2508 napagent - ok
01:49:16.0859 2508 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:49:16.0859 2508 NativeWifiP - ok
01:49:16.0929 2508 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:49:16.0949 2508 NDIS - ok
01:49:16.0999 2508 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:49:17.0009 2508 NdisCap - ok
01:49:17.0049 2508 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:49:17.0049 2508 NdisTapi - ok
01:49:17.0089 2508 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:49:17.0089 2508 Ndisuio - ok
01:49:17.0139 2508 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:49:17.0139 2508 NdisWan - ok
01:49:17.0189 2508 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:49:17.0189 2508 NDProxy - ok
01:49:17.0269 2508 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
01:49:17.0279 2508 Nero BackItUp Scheduler 4.0 - ok
01:49:17.0319 2508 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
01:49:17.0319 2508 Net Driver HPZ12 - ok
01:49:17.0359 2508 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:49:17.0359 2508 NetBIOS - ok
01:49:17.0419 2508 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:49:17.0419 2508 NetBT - ok
01:49:17.0439 2508 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
01:49:17.0439 2508 Netlogon - ok
01:49:17.0479 2508 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
01:49:17.0489 2508 Netman - ok
01:49:17.0509 2508 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
01:49:17.0519 2508 netprofm - ok
01:49:17.0559 2508 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:49:17.0559 2508 NetTcpPortSharing - ok
01:49:17.0589 2508 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
01:49:17.0589 2508 nfrd960 - ok
01:49:17.0649 2508 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
01:49:17.0649 2508 NisDrv - ok
01:49:17.0679 2508 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
01:49:17.0679 2508 NisSrv - ok
01:49:17.0719 2508 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:49:17.0729 2508 NlaSvc - ok
01:49:17.0749 2508 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:49:17.0749 2508 Npfs - ok
01:49:17.0779 2508 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
01:49:17.0779 2508 nsi - ok
01:49:17.0809 2508 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:49:17.0809 2508 nsiproxy - ok
01:49:17.0849 2508 [ C04F5DEF37E55F6A34428B050F44D3D6 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
01:49:17.0849 2508 nSvcIp - ok
01:49:17.0929 2508 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:49:17.0949 2508 Ntfs - ok
01:49:17.0979 2508 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
01:49:17.0979 2508 Null - ok
01:49:18.0009 2508 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
01:49:18.0019 2508 NVENETFD - ok
01:49:18.0299 2508 [ E55CAB397F77D5208DB18A78B1B7C0D5 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:49:18.0529 2508 nvlddmkm - ok
01:49:18.0579 2508 [ 956A1F47826514C1EA0C295FE13C7377 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
01:49:18.0589 2508 NVNET - ok
01:49:18.0639 2508 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:49:18.0649 2508 nvraid - ok
01:49:18.0669 2508 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:49:18.0669 2508 nvstor - ok
01:49:18.0709 2508 [ 7C7EEF51979658CE15BBC04F96A77D56 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
01:49:18.0709 2508 nvstor64 - ok
01:49:18.0749 2508 [ 43BC8151893AE6AFE42E149D663C2221 ] nvsvc C:\Windows\system32\nvvsvc.exe
01:49:18.0749 2508 nvsvc - ok
01:49:18.0779 2508 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:49:18.0789 2508 nv_agp - ok
01:49:18.0879 2508 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:49:18.0899 2508 odserv - ok
01:49:18.0959 2508 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:49:18.0959 2508 ohci1394 - ok
01:49:19.0005 2508 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:49:19.0005 2508 ose - ok
01:49:19.0052 2508 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:49:19.0052 2508 p2pimsvc - ok
01:49:19.0099 2508 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
01:49:19.0115 2508 p2psvc - ok
01:49:19.0130 2508 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
01:49:19.0130 2508 Parport - ok
01:49:19.0177 2508 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:49:19.0177 2508 partmgr - ok
01:49:19.0208 2508 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
01:49:19.0224 2508 PcaSvc - ok
01:49:19.0239 2508 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
01:49:19.0255 2508 pci - ok
01:49:19.0271 2508 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
01:49:19.0271 2508 pciide - ok
01:49:19.0302 2508 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
01:49:19.0317 2508 pcmcia - ok
01:49:19.0333 2508 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
01:49:19.0333 2508 pcw - ok
01:49:19.0395 2508 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:49:19.0395 2508 PEAUTH - ok
01:49:19.0473 2508 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:49:19.0473 2508 PerfHost - ok
01:49:19.0567 2508 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
01:49:19.0598 2508 pla - ok
01:49:19.0645 2508 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:49:19.0645 2508 PlugPlay - ok
01:49:19.0692 2508 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
01:49:19.0692 2508 Pml Driver HPZ12 - ok
01:49:19.0723 2508 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:49:19.0739 2508 PNRPAutoReg - ok
01:49:19.0770 2508 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:49:19.0770 2508 PNRPsvc - ok
01:49:19.0832 2508 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:49:19.0848 2508 PolicyAgent - ok
01:49:19.0941 2508 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
01:49:19.0941 2508 Power - ok
01:49:20.0004 2508 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:49:20.0004 2508 PptpMiniport - ok
01:49:20.0035 2508 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
01:49:20.0035 2508 Processor - ok
01:49:20.0082 2508 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
01:49:20.0082 2508 ProfSvc - ok
01:49:20.0113 2508 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:49:20.0113 2508 ProtectedStorage - ok
01:49:20.0160 2508 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:49:20.0160 2508 Psched - ok
01:49:20.0207 2508 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
01:49:20.0238 2508 ql2300 - ok
01:49:20.0253 2508 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
01:49:20.0253 2508 ql40xx - ok
01:49:20.0300 2508 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
01:49:20.0300 2508 QWAVE - ok
01:49:20.0316 2508 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:49:20.0316 2508 QWAVEdrv - ok
01:49:20.0347 2508 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:49:20.0347 2508 RasAcd - ok
01:49:20.0378 2508 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:49:20.0378 2508 RasAgileVpn - ok
01:49:20.0394 2508 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
01:49:20.0409 2508 RasAuto - ok
01:49:20.0456 2508 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:49:20.0472 2508 Rasl2tp - ok
01:49:20.0534 2508 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
01:49:20.0550 2508 RasMan - ok
01:49:20.0597 2508 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:49:20.0597 2508 RasPppoe - ok
01:49:20.0628 2508 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:49:20.0628 2508 RasSstp - ok
01:49:20.0675 2508 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:49:20.0675 2508 rdbss - ok
01:49:20.0706 2508 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
01:49:20.0706 2508 rdpbus - ok
01:49:20.0737 2508 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:49:20.0737 2508 RDPCDD - ok
01:49:20.0768 2508 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:49:20.0768 2508 RDPENCDD - ok
01:49:20.0799 2508 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:49:20.0799 2508 RDPREFMP - ok
01:49:20.0831 2508 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:49:20.0846 2508 RDPWD - ok
01:49:20.0893 2508 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:49:20.0893 2508 rdyboost - ok
01:49:20.0924 2508 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:49:20.0940 2508 RemoteAccess - ok
01:49:20.0971 2508 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:49:20.0971 2508 RemoteRegistry - ok
01:49:21.0002 2508 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:49:21.0002 2508 RpcEptMapper - ok
01:49:21.0033 2508 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
01:49:21.0033 2508 RpcLocator - ok
01:49:21.0080 2508 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
01:49:21.0096 2508 RpcSs - ok
01:49:21.0127 2508 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:49:21.0127 2508 rspndr - ok
01:49:21.0143 2508 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
01:49:21.0143 2508 SamSs - ok
01:49:21.0189 2508 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:49:21.0189 2508 sbp2port - ok
01:49:21.0221 2508 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:49:21.0236 2508 SCardSvr - ok
01:49:21.0283 2508 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:49:21.0283 2508 scfilter - ok
01:49:21.0361 2508 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
01:49:21.0361 2508 Schedule - ok
01:49:21.0408 2508 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
01:49:21.0408 2508 SCPolicySvc - ok
01:49:21.0423 2508 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:49:21.0439 2508 SDRSVC - ok
01:49:21.0455 2508 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:49:21.0455 2508 secdrv - ok
01:49:21.0501 2508 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
01:49:21.0501 2508 seclogon - ok
01:49:21.0533 2508 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
01:49:21.0533 2508 SENS - ok
01:49:21.0564 2508 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:49:21.0564 2508 SensrSvc - ok
01:49:21.0595 2508 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
01:49:21.0595 2508 Serenum - ok
01:49:21.0642 2508 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
01:49:21.0657 2508 Serial - ok
01:49:21.0720 2508 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
01:49:21.0720 2508 sermouse - ok
01:49:21.0813 2508 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
01:49:21.0813 2508 SessionEnv - ok
01:49:21.0860 2508 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:49:21.0860 2508 sffdisk - ok
01:49:21.0891 2508 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:49:21.0891 2508 sffp_mmc - ok
01:49:21.0907 2508 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:49:21.0907 2508 sffp_sd - ok
01:49:21.0938 2508 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
01:49:21.0938 2508 sfloppy - ok
01:49:21.0969 2508 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:49:21.0969 2508 SharedAccess - ok
01:49:22.0032 2508 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:49:22.0032 2508 ShellHWDetection - ok
01:49:22.0063 2508 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:49:22.0063 2508 SiSRaid2 - ok
01:49:22.0094 2508 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
01:49:22.0094 2508 SiSRaid4 - ok
01:49:22.0141 2508 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:49:22.0141 2508 Smb - ok
01:49:22.0188 2508 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:49:22.0188 2508 SNMPTRAP - ok
01:49:22.0219 2508 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
01:49:22.0219 2508 spldr - ok
01:49:22.0281 2508 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
01:49:22.0281 2508 Spooler - ok
01:49:22.0422 2508 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
01:49:22.0484 2508 sppsvc - ok
01:49:22.0515 2508 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:49:22.0515 2508 sppuinotify - ok
01:49:22.0562 2508 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
01:49:22.0578 2508 srv - ok
01:49:22.0625 2508 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:49:22.0640 2508 srv2 - ok
01:49:22.0671 2508 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:49:22.0671 2508 srvnet - ok
01:49:22.0703 2508 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:49:22.0718 2508 SSDPSRV - ok
01:49:22.0734 2508 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:49:22.0734 2508 SstpSvc - ok
01:49:22.0781 2508 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
01:49:22.0781 2508 stexstor - ok
01:49:22.0843 2508 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
01:49:22.0859 2508 stisvc - ok
01:49:22.0905 2508 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
01:49:22.0905 2508 swenum - ok
01:49:22.0937 2508 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
01:49:22.0937 2508 swprv - ok
01:49:23.0061 2508 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
01:49:23.0124 2508 SysMain - ok
01:49:23.0171 2508 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:49:23.0186 2508 TabletInputService - ok
01:49:23.0236 2508 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:49:23.0236 2508 TapiSrv - ok
01:49:23.0266 2508 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
01:49:23.0266 2508 TBS - ok
01:49:23.0346 2508 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:49:23.0356 2508 Tcpip - ok
01:49:23.0426 2508 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:49:23.0446 2508 TCPIP6 - ok
01:49:23.0476 2508 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:49:23.0476 2508 tcpipreg - ok
01:49:23.0516 2508 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:49:23.0516 2508 TDPIPE - ok
01:49:23.0556 2508 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:49:23.0556 2508 TDTCP - ok
01:49:23.0616 2508 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:49:23.0626 2508 tdx - ok
01:49:23.0646 2508 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
01:49:23.0646 2508 TermDD - ok
01:49:23.0706 2508 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
01:49:23.0706 2508 TermService - ok
01:49:23.0736 2508 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
01:49:23.0736 2508 Themes - ok
01:49:23.0766 2508 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
01:49:23.0766 2508 THREADORDER - ok
01:49:23.0796 2508 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
01:49:23.0796 2508 TrkWks - ok
01:49:23.0856 2508 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:49:23.0856 2508 TrustedInstaller - ok
01:49:23.0942 2508 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:49:23.0942 2508 tssecsrv - ok
01:49:23.0989 2508 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:49:23.0989 2508 TsUsbFlt - ok
01:49:24.0051 2508 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:49:24.0051 2508 tunnel - ok
01:49:24.0082 2508 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
01:49:24.0082 2508 uagp35 - ok
01:49:24.0129 2508 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:49:24.0145 2508 udfs - ok
01:49:24.0176 2508 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:49:24.0191 2508 UI0Detect - ok
01:49:24.0223 2508 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:49:24.0223 2508 uliagpkx - ok
01:49:24.0285 2508 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
01:49:24.0285 2508 umbus - ok
01:49:24.0301 2508 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
01:49:24.0301 2508 UmPass - ok
01:49:24.0363 2508 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
01:49:24.0379 2508 Updater Service - ok
01:49:24.0425 2508 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
01:49:24.0441 2508 upnphost - ok
01:49:24.0503 2508 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
01:49:24.0503 2508 usbaudio - ok
01:49:24.0566 2508 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:49:24.0566 2508 usbccgp - ok
01:49:24.0613 2508 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:49:24.0628 2508 usbcir - ok
01:49:24.0659 2508 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:49:24.0675 2508 usbehci - ok
01:49:24.0706 2508 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:49:24.0722 2508 usbhub - ok
01:49:24.0737 2508 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
01:49:24.0737 2508 usbohci - ok
01:49:24.0769 2508 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:49:24.0769 2508 usbprint - ok
01:49:24.0800 2508 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:49:24.0800 2508 USBSTOR - ok
01:49:24.0831 2508 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
01:49:24.0831 2508 usbuhci - ok
01:49:24.0862 2508 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
01:49:24.0862 2508 UxSms - ok
01:49:24.0878 2508 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
01:49:24.0893 2508 VaultSvc - ok
01:49:24.0925 2508 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:49:24.0925 2508 vdrvroot - ok
01:49:24.0987 2508 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
01:49:24.0987 2508 vds - ok
01:49:25.0018 2508 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:49:25.0018 2508 vga - ok
01:49:25.0049 2508 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
01:49:25.0049 2508 VgaSave - ok
01:49:25.0081 2508 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:49:25.0081 2508 vhdmp - ok
01:49:25.0112 2508 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
01:49:25.0112 2508 viaide - ok
01:49:25.0127 2508 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:49:25.0143 2508 volmgr - ok
01:49:25.0190 2508 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:49:25.0190 2508 volmgrx - ok
01:49:25.0221 2508 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:49:25.0221 2508 volsnap - ok
01:49:25.0268 2508 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
01:49:25.0268 2508 vsmraid - ok
01:49:25.0361 2508 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
01:49:25.0408 2508 VSS - ok
01:49:25.0455 2508 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
01:49:25.0455 2508 vwifibus - ok
01:49:25.0502 2508 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
01:49:25.0517 2508 W32Time - ok
01:49:25.0533 2508 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
01:49:25.0533 2508 WacomPen - ok
01:49:25.0595 2508 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:49:25.0611 2508 WANARP - ok
01:49:25.0627 2508 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:49:25.0627 2508 Wanarpv6 - ok
01:49:25.0720 2508 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
01:49:25.0736 2508 WatAdminSvc - ok
01:49:25.0829 2508 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
01:49:25.0876 2508 wbengine - ok
01:49:25.0923 2508 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:49:25.0939 2508 WbioSrvc - ok
01:49:25.0985 2508 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:49:25.0985 2508 wcncsvc - ok
01:49:26.0017 2508 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:49:26.0017 2508 WcsPlugInService - ok
01:49:26.0048 2508 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
01:49:26.0048 2508 Wd - ok
01:49:26.0079 2508 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:49:26.0095 2508 Wdf01000 - ok
01:49:26.0126 2508 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:49:26.0126 2508 WdiServiceHost - ok
01:49:26.0141 2508 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:49:26.0141 2508 WdiSystemHost - ok
01:49:26.0188 2508 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
01:49:26.0204 2508 WebClient - ok
01:49:26.0219 2508 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:49:26.0235 2508 Wecsvc - ok
01:49:26.0251 2508 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:49:26.0266 2508 wercplsupport - ok
01:49:26.0282 2508 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
01:49:26.0282 2508 WerSvc - ok
01:49:26.0313 2508 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:49:26.0313 2508 WfpLwf - ok
01:49:26.0344 2508 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:49:26.0344 2508 WIMMount - ok
01:49:26.0360 2508 WinDefend - ok
01:49:26.0375 2508 WinHttpAutoProxySvc - ok
01:49:26.0438 2508 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:49:26.0438 2508 Winmgmt - ok
01:49:26.0547 2508 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
01:49:26.0609 2508 WinRM - ok
01:49:26.0672 2508 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
01:49:26.0687 2508 Wlansvc - ok
01:49:26.0812 2508 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:49:26.0828 2508 wlidsvc - ok
01:49:26.0875 2508 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:49:26.0875 2508 WmiAcpi - ok
01:49:26.0906 2508 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:49:26.0921 2508 wmiApSrv - ok
01:49:26.0953 2508 WMPNetworkSvc - ok
01:49:26.0984 2508 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:49:26.0984 2508 WPCSvc - ok
01:49:27.0031 2508 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:49:27.0046 2508 WPDBusEnum - ok
01:49:27.0077 2508 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:49:27.0077 2508 ws2ifsl - ok
01:49:27.0124 2508 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
01:49:27.0140 2508 wscsvc - ok
01:49:27.0171 2508 WSearch - ok
01:49:27.0280 2508 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:49:27.0296 2508 wuauserv - ok
01:49:27.0343 2508 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:49:27.0343 2508 WudfPf - ok
01:49:27.0389 2508 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:49:27.0389 2508 WUDFRd - ok
01:49:27.0405 2508 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:49:27.0421 2508 wudfsvc - ok
01:49:27.0436 2508 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
01:49:27.0436 2508 WwanSvc - ok
01:49:27.0467 2508 ================ Scan global ===============================
01:49:27.0499 2508 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:49:27.0545 2508 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
01:49:27.0577 2508 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
01:49:27.0608 2508 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:49:27.0639 2508 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:49:27.0639 2508 [Global] - ok
01:49:27.0639 2508 ================ Scan MBR ==================================
01:49:27.0655 2508 [ 70E629B51C16B3C007730C6AE57144C9 ] \Device\Harddisk0\DR0
01:49:32.0316 2508 \Device\Harddisk0\DR0 - ok
01:49:32.0332 2508 ================ Scan VBR ==================================
01:49:32.0332 2508 [ C29F1137403F0F35CA18480337812D19 ] \Device\Harddisk0\DR0\Partition1
01:49:32.0332 2508 \Device\Harddisk0\DR0\Partition1 - ok
01:49:32.0363 2508 [ FACFA17456198DCD97EA37FA346E85B7 ] \Device\Harddisk0\DR0\Partition2
01:49:32.0363 2508 \Device\Harddisk0\DR0\Partition2 - ok
01:49:32.0363 2508 ============================================================
01:49:32.0363 2508 Scan finished
01:49:32.0363 2508 ============================================================
01:49:32.0379 0920 Detected object count: 0
01:49:32.0379 0920 Actual detected object count: 0



aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-09 01:50:31
-----------------------------
01:50:31.229 OS Version: Windows x64 6.1.7601 Service Pack 1
01:50:31.229 Number of processors: 1 586 0x7F02
01:50:31.229 ComputerName: TIM-PC UserName: Tim
01:50:33.067 Initialize success
01:52:18.979 AVAST engine defs: 12120900
01:52:33.831 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
01:52:33.851 Disk 0 Vendor: ST332041 CC44 Size: 305245MB BusType: 3
01:52:33.871 Disk 0 MBR read successfully
01:52:33.871 Disk 0 MBR scan
01:52:33.911 Disk 0 unknown MBR code
01:52:33.931 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
01:52:33.951 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176
01:52:33.961 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290807 MB offset 29566976
01:52:33.991 Disk 0 scanning C:\Windows\system32\drivers
01:52:45.726 Service scanning
01:53:11.955 Modules scanning
01:53:11.987 Disk 0 trace - called modules:
01:53:12.033 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
01:53:12.533 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80022a0570]
01:53:12.548 3 CLASSPNP.SYS[fffff8800198043f] -> nt!IofCallDriver -> [0xfffffa8001f90e40]
01:53:12.564 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\00000056[0xfffffa8001fa29c0]
01:53:15.855 AVAST engine scan C:\Windows
01:53:18.527 AVAST engine scan C:\Windows\system32
01:56:55.729 AVAST engine scan C:\Windows\system32\drivers
01:57:10.941 AVAST engine scan C:\Users\Tim
02:00:08.142 AVAST engine scan C:\ProgramData
02:01:34.307 Scan finished successfully
02:02:02.535 Disk 0 MBR has been saved successfully to "C:\Users\Tim\Desktop\MBR.dat"
02:02:02.545 The log file has been saved successfully to "C:\Users\Tim\Desktop\aswMBR.txt"

[gringo_pr]

how are things doing now?

[GoTexansGo]

still the same issues, ad's and links on just about every site.

[gringo_pr]

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
• Under Output, ensure that Minimal Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened and the that I need posted back here
  • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
• Please post the contents of OTL.txt in your next reply.

Gringo

[GoTexansGo]

OTL logfile created on: 12/9/2012 3:07:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tim\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 46.28% Memory free
3.50 Gb Paging File | 2.11 Gb Available in Paging File | 60.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.99 Gb Total Space | 55.88 Gb Free Space | 19.68% Space Free | Partition Type: NTFS

Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Tim\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer)
SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (GameConsoleService) -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...34v1k5r4821s23n
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...34v1k5r4821s23n
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...34v1k5r4821s23n
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2817996265-3878658517-3989995371-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cbssports.com
IE - HKU\S-1-5-21-2817996265-3878658517-3989995371-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2817996265-3878658517-3989995371-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2817996265-3878658517-3989995371-1000\..\SearchScopes\{5E9C96DB-67C7-4CC8-98AE-34EEE86F4664}: "URL" = http://search.yahoo....rtPage?}&fr=ie8
IE - HKU\S-1-5-21-2817996265-3878658517-3989995371-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACEW_enUS360
IE - HKU\S-1-5-21-2817996265-3878658517-3989995371-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2817996265-3878658517-3989995371-1000\..\SearchScopes\{7E9F58B3-A23D-4340-BE12-BF56F3A7E6F5}: "URL" = http://websearch.ask...F2-DFCE3C9137C7
IE - HKU\S-1-5-21-2817996265-3878658517-3989995371-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.cbssports.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.2.4
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/06 17:17:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/05 20:08:59 | 000,000,000 | ---D | M]

[2009/12/31 12:44:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Extensions
[2012/12/06 20:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l7sj3uuk.Tim\extensions
[2012/12/06 20:22:56 | 000,000,000 | ---D | M] ("Deal Vault") -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l7sj3uuk.Tim\extensions\[email protected]
[2012/12/06 20:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l7sj3uuk.Tim\extensions\[email protected]\chrome\content\extensionCode
[2012/12/06 20:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\t1nf6cgh.default\extensions
[2012/10/02 22:35:41 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\t1nf6cgh.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/12/06 20:22:55 | 000,000,000 | ---D | M] ("Deal Vault") -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\t1nf6cgh.default\extensions\[email protected]
[2012/12/06 20:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\t1nf6cgh.default\extensions\[email protected]\chrome\content\extensionCode
[2012/04/23 22:11:15 | 000,081,104 | ---- | M] () (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\t1nf6cgh.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi
[2012/12/04 22:20:52 | 000,531,070 | ---- | M] () (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\t1nf6cgh.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/11/26 14:43:17 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\t1nf6cgh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/12/06 22:32:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/06 17:13:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2012/12/06 17:14:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/11/29 03:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/29 03:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/29 03:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/12/05 18:47:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [DHAgent] C:\Program Files (x86)\DriverHound\DHAgent.exe File not found
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2817996265-3878658517-3989995371-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2817996265-3878658517-3989995371-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2817996265-3878658517-3989995371-1000\..Trusted Domains: cbssports.com ([www] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55B2968B-8C5F-42A5-B010-150AE880B294}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/09 15:06:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2012/12/09 01:48:02 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Tim\Desktop\aswMBR.exe
[2012/12/09 01:47:43 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tim\Desktop\tdsskiller.exe
[2012/12/08 20:14:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/08 20:14:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/08 20:14:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/08 20:14:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/08 20:12:39 | 005,010,414 | R--- | C] (Swearware) -- C:\Users\Tim\Desktop\ComboFix.exe
[2012/12/08 17:05:29 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\RK_Quarantine
[2012/12/06 20:44:52 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
[2012/12/06 20:24:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FrostWire 5
[2012/12/06 17:08:00 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\WinPatrol
[2012/12/06 17:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2012/12/06 17:07:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2012/12/05 20:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/12/05 20:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/12/05 20:08:59 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/12/05 20:08:59 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/12/05 20:08:38 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/12/05 20:08:38 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/12/05 20:08:38 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/12/05 20:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/12/05 19:52:24 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/12/05 19:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/12/03 19:20:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/02 22:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012/12/02 22:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2012/12/01 22:43:34 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\DriverHound
[2012/11/16 03:14:14 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/16 03:14:14 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/16 03:01:22 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/16 03:01:20 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/16 03:01:20 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/16 03:01:20 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/16 02:58:32 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/11/16 02:58:32 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/16 02:58:32 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/11/16 02:58:27 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/16 02:58:27 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/16 02:58:09 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/11/16 02:58:09 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/16 02:58:08 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/11/16 02:58:08 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/16 02:58:07 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/16 02:58:07 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll

========== Files - Modified Within 30 Days ==========

[2012/12/09 15:06:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2012/12/09 15:01:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/09 14:28:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/09 06:28:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/09 02:02:02 | 000,000,512 | ---- | M] () -- C:\Users\Tim\Desktop\MBR.dat
[2012/12/09 01:48:42 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Tim\Desktop\aswMBR.exe
[2012/12/09 01:47:47 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tim\Desktop\tdsskiller.exe
[2012/12/08 20:13:26 | 005,010,414 | R--- | M] (Swearware) -- C:\Users\Tim\Desktop\ComboFix.exe
[2012/12/08 17:52:14 | 000,739,918 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/08 17:52:14 | 000,632,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/08 17:52:14 | 000,110,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/08 17:11:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/08 17:11:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/08 17:04:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/08 17:04:03 | 1408,098,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/08 17:00:50 | 000,753,152 | ---- | M] () -- C:\Users\Tim\Desktop\RogueKiller.exe
[2012/12/08 17:00:13 | 000,540,743 | ---- | M] () -- C:\Users\Tim\Desktop\adwcleaner.exe
[2012/12/06 20:44:52 | 000,001,250 | ---- | M] () -- C:\Users\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.5.0.lnk
[2012/12/06 20:44:52 | 000,001,226 | ---- | M] () -- C:\Users\Tim\Desktop\FrostWire 5.5.0.lnk
[2012/12/06 17:18:12 | 000,002,057 | ---- | M] () -- C:\Users\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/12/06 17:18:12 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/12/05 20:08:29 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/12/05 20:08:27 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/12/05 20:08:27 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/12/05 20:08:27 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/12/05 20:08:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/12/05 20:08:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/12/05 18:47:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/03 16:02:09 | 000,347,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/16 17:40:43 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/16 17:40:43 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/12/09 02:02:02 | 000,000,512 | ---- | C] () -- C:\Users\Tim\Desktop\MBR.dat
[2012/12/08 20:14:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/08 20:14:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/08 20:14:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/08 20:14:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/08 20:14:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/08 17:00:34 | 000,753,152 | ---- | C] () -- C:\Users\Tim\Desktop\RogueKiller.exe
[2012/12/08 16:59:59 | 000,540,743 | ---- | C] () -- C:\Users\Tim\Desktop\adwcleaner.exe
[2012/12/06 20:44:52 | 000,001,250 | ---- | C] () -- C:\Users\Tim\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.5.0.lnk
[2012/12/06 20:44:52 | 000,001,226 | ---- | C] () -- C:\Users\Tim\Desktop\FrostWire 5.5.0.lnk
[2012/12/05 20:05:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/12/02 22:57:47 | 000,001,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
[2012/11/16 03:14:19 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/16 03:01:19 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/01/03 00:05:03 | 000,145,520 | ---- | C] () -- C:\Windows\hpwins37.dat
[2012/01/03 00:05:03 | 000,000,376 | ---- | C] () -- C:\Windows\hpwmdl37.dat
[2010/12/17 14:36:23 | 000,000,091 | ---- | C] () -- C:\Users\Tim\AppData\Local\fusioncache.dat
[2010/12/17 10:27:25 | 000,756,804 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/01 08:55:46 | 000,000,000 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

[gringo_pr]

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

• Double-click OTL.exe to start the program.
• Copy and Paste the following code into the textbox. Do not include the word Code
  

  :OTL
  FF - user.js - File not found
  FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
  FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O4:64bit: - HKLM..\Run: [DHAgent] C:\Program Files (x86)\DriverHound\DHAgent.exe File not found
  O18:64bit: - Protocol\Handler\livecall - No CLSID value found
  O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
  O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
  O18:64bit: - Protocol\Handler\msnim - No CLSID value found
  O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
  O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
  O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  IE - HKU\S-1-5-21-2817996265-3878658517-3989995371-1000\..\SearchScopes\{7E9F58B3-A23D-4340-BE12-BF56F3A7E6F5}: "URL" = http://websearch.ask...F2-DFCE3C9137C7
  [2012/12/06 20:22:56 | 000,000,000 | ---D | M] ("Deal Vault") -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l7sj3uuk.Tim\extensions\[email protected]
  [2012/12/06 20:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\l7sj3uuk.Tim\extensions\[email protected]\chrome\content\extensionCode
  [2012/12/06 20:22:55 | 000,000,000 | ---D | M] ("Deal Vault") -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\t1nf6cgh.default\extensions\[email protected]
  [2012/12/06 20:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\t1nf6cgh.default\extensions\[email protected]\chrome\content\extensionCode
  
  :Files
  ipconfig /flushdns /c
  :Commands
  [PURITY]
  [emptyjava]
  [EMPTYFLASH]
  

• Then click the Run Fix button at the top.
• Click .
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo