Jump to content

Loric

Members
 View Profile  See their activity

  • Posts

    15

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Loric
    New events blocked by malware bytes: 2012/04/03 18:50:04 -0400 ROBERT-PC Robert IP-BLOCK 50.62.128.121 (Type: outgoing, Port: 50426, Process: firefox.exe) 2012/04/03 18:50:04 -0400 ROBERT-PC Robert IP-BLOCK 50.62.128.39 (Type: outgoing, Port: 50427, Process: firefox.exe)
  2. Loric
    Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.03.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Robert :: ROBERT-PC [administrator] Protection: Enabled 4/3/2012 10:29:18 AM mbam-log-2012-04-03 (10-29-18).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 233570 Time elapsed: 1 minute(s), 22 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Anything else?
  3. Loric
    ComboFix uninstalled, next?
  4. Loric
    ComboFix 12-04-02.01 - Robert 04/03/2012 9:47.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16286.13986 [GMT -4:00] Running from: c:\users\Robert\Desktop\ComboFix.exe Command switches used :: c:\users\Robert\Desktop\CFScript.txt AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 ))))))))))))))))))))))))))))))) . . 2012-04-03 13:51 . 2012-04-03 13:51 -------- d-----w- c:\users\Mcx1-ROBERT-PC\AppData\Local\temp 2012-04-03 13:51 . 2012-04-03 13:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-01 16:15 . 2012-04-01 23:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-04-01 16:15 . 2012-04-01 16:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-04-01 09:39 . 2012-04-01 09:39 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-03-29 12:18 . 2012-03-29 12:18 -------- d-----w- c:\users\Administrator 2012-03-29 11:50 . 2012-03-29 11:50 -------- d-----w- c:\users\Robert\AppData\Roaming\AVG2012 2012-03-29 11:49 . 2012-03-29 11:49 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-03-29 11:49 . 2012-04-03 12:04 -------- d-----w- c:\windows\system32\drivers\AVG 2012-03-29 11:49 . 2012-03-29 12:23 -------- d-----w- c:\programdata\AVG2012 2012-03-29 11:49 . 2012-03-29 11:49 -------- d-----w- C:\$AVG 2012-03-29 11:48 . 2012-03-29 11:48 -------- d-----w- c:\program files (x86)\AVG 2012-03-29 11:45 . 2012-03-29 11:45 -------- d--h--w- c:\programdata\Common Files 2012-03-29 11:44 . 2012-04-03 12:04 -------- d-----w- c:\programdata\MFAData 2012-03-29 01:00 . 2012-03-29 01:00 -------- d-----w- c:\users\Robert\AppData\Local\twitter 2012-03-29 00:59 . 2012-03-29 00:59 612888 ----a-r- c:\users\Robert\AppData\Roaming\Microsoft\Installer\{2DCD0543-22F6-4E54-80D3-B4EFB9AC4943}\TweetDeck.exe 2012-03-29 00:59 . 2012-03-29 00:59 -------- d-----w- c:\program files (x86)\Twitter 2012-03-27 01:30 . 2012-03-27 01:30 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-27 01:30 . 2012-03-27 01:30 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-03-27 01:27 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe 2012-03-27 01:27 . 2012-03-29 12:43 -------- d-----w- c:\programdata\AVAST Software 2012-03-27 01:27 . 2012-03-27 01:27 -------- d-----w- c:\program files\AVAST Software 2012-03-27 01:01 . 2012-03-27 01:01 -------- d-----w- c:\users\Robert\AppData\Roaming\Malwarebytes 2012-03-27 01:01 . 2012-03-27 01:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-27 01:01 . 2012-03-27 01:01 -------- d-----w- c:\programdata\Malwarebytes 2012-03-27 01:01 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-22 22:58 . 2012-03-22 22:58 -------- d-----w- c:\users\Robert\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2012-03-22 22:58 . 2012-03-22 22:58 -------- d-----w- c:\users\Robert\AppData\Roaming\Adobe Mini Bridge CS5.1 2012-03-15 07:02 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-15 07:02 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-15 07:02 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-14 12:40 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 12:40 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 12:40 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 12:39 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 12:39 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 12:39 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 12:39 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 12:39 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-14 12:39 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 12:39 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-13 13:29 . 2012-03-13 14:46 -------- d-----w- C:\Images 2012-03-13 13:28 . 2012-03-13 13:28 -------- d-----w- c:\program files (x86)\ScreenGrab 2012-03-11 23:29 . 2011-09-16 15:24 778088 ------w- c:\windows\system32\HPDiscoPMa111.dll 2012-03-11 23:28 . 2012-03-11 23:28 -------- d-----w- c:\program files\HP . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-01 09:39 . 2011-11-23 00:54 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-22 09:25 . 2012-02-22 09:25 382032 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2012-02-22 09:25 . 2012-02-22 09:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2012-01-31 08:46 . 2012-01-31 08:46 36944 ----a-w- c:\windows\system32\drivers\avgrkx64.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-04-03_12.30.13 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-21 03:09 . 2012-04-03 12:50 39500 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-04-03 12:50 42924 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-11-24 01:51 . 2012-04-03 12:50 6904 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3830033066-2622805820-2840220525-1000_UserData.bin - 2012-04-03 12:29 . 2012-04-03 12:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-04-03 13:52 . 2012-04-03 13:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-04-03 12:29 . 2012-04-03 12:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-04-03 13:52 . 2012-04-03 13:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-04-03 12:28 479984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-04-03 13:51 479984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-11-24 01:47 . 2012-04-03 12:28 42001740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3830033066-2622805820-2840220525-1000-8192.dat + 2011-11-24 01:47 . 2012-04-03 13:51 42001740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3830033066-2622805820-2840220525-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}] 2012-02-20 09:04 898912 ----a-w- c:\program files (x86)\AVG\AVG2012\avgdtiex.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-04-22 2363392] "Akamai NetSession Interface"="c:\users\Robert\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872] "HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336] "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-28 75048] "UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408] "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712] . c:\users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] hueyTray.lnk - c:\program files (x86)\Pantone\huey\hueyTray.exe [2011-11-24 901120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/09/29 13:35;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-18 240112] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600] R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidseha.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-02-14 2316624] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - CLKMDRV10_9EC60124 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-04-22 20:09 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 09:39] . 2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3830033066-2622805820-2840220525-1000Core.job - c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 18:07] . 2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3830033066-2622805820-2840220525-1000UA.job - c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 18:07] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}] 2012-02-20 09:04 1321824 ----a-w- c:\program files (x86)\AVG\AVG2012\avgdtiea.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-04 6602856] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 68.238.112.12 FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\63aqw56l.default\ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-04-03 09:55:21 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-03 13:55 ComboFix2.txt 2012-04-03 12:33 . Pre-Run: 1,852,266,856,448 bytes free Post-Run: 1,852,191,006,720 bytes free . - - End Of File - - A88BBD2C8ADD5A210C13E4F64D2A3E9B Had to re-reboot again, but otherwise nothing exciting happened. Checked a few major programs, they all seemed to work. Turned the firewall and antivirus back on again. Poking around message boards, not getting any redirects currently - but that didnt work on demand before either. Does the log look ok?
  5. Loric
    And a quick look through my browsers - Firefox is the only one that lists/sees the proxy. In the Connection Settings it's set to "use system proxy settings" and then greyed out below is "no proxy for: localhost, 127.0.0.1"
  6. Loric
    When I went into IE in step 3 there was no box checked for "Use proxy server" Do you still want me to follow the steps after that?
  7. Loric
    I don't recognize that at all. I have a fairly basic into the wall FiOS connection.
  8. Loric
    Yes, i'm back - was trying t fix a tyo in the last post but you had gotten the point. Rebooting worked. Log: ComboFix 12-04-02.01 - Robert 04/03/2012 8:21.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16286.12642 [GMT -4:00] Running from: c:\users\Robert\Desktop\ComboFix.exe AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\1.bat c:\windows\system32\2.bat c:\windows\system32\s.bat . . ((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 ))))))))))))))))))))))))))))))) . . 2012-04-01 16:15 . 2012-04-01 23:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-04-01 16:15 . 2012-04-01 16:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-04-01 09:39 . 2012-04-01 09:39 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-03-29 12:18 . 2012-03-29 12:18 -------- d-----w- c:\users\Administrator 2012-03-29 11:50 . 2012-03-29 11:50 -------- d-----w- c:\users\Robert\AppData\Roaming\AVG2012 2012-03-29 11:49 . 2012-03-29 11:49 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-03-29 11:49 . 2012-04-03 12:04 -------- d-----w- c:\windows\system32\drivers\AVG 2012-03-29 11:49 . 2012-03-29 12:23 -------- d-----w- c:\programdata\AVG2012 2012-03-29 11:49 . 2012-03-29 11:49 -------- d-----w- C:\$AVG 2012-03-29 11:48 . 2012-03-29 11:48 -------- d-----w- c:\program files (x86)\AVG 2012-03-29 11:45 . 2012-03-29 11:45 -------- d--h--w- c:\programdata\Common Files 2012-03-29 11:44 . 2012-04-03 12:04 -------- d-----w- c:\programdata\MFAData 2012-03-29 01:00 . 2012-03-29 01:00 -------- d-----w- c:\users\Robert\AppData\Local\twitter 2012-03-29 00:59 . 2012-03-29 00:59 612888 ----a-r- c:\users\Robert\AppData\Roaming\Microsoft\Installer\{2DCD0543-22F6-4E54-80D3-B4EFB9AC4943}\TweetDeck.exe 2012-03-29 00:59 . 2012-03-29 00:59 -------- d-----w- c:\program files (x86)\Twitter 2012-03-27 01:30 . 2012-03-27 01:30 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-27 01:30 . 2012-03-27 01:30 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-03-27 01:27 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe 2012-03-27 01:27 . 2012-03-29 12:43 -------- d-----w- c:\programdata\AVAST Software 2012-03-27 01:27 . 2012-03-27 01:27 -------- d-----w- c:\program files\AVAST Software 2012-03-27 01:01 . 2012-03-27 01:01 -------- d-----w- c:\users\Robert\AppData\Roaming\Malwarebytes 2012-03-27 01:01 . 2012-03-27 01:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-27 01:01 . 2012-03-27 01:01 -------- d-----w- c:\programdata\Malwarebytes 2012-03-27 01:01 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-22 22:58 . 2012-03-22 22:58 -------- d-----w- c:\users\Robert\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2012-03-22 22:58 . 2012-03-22 22:58 -------- d-----w- c:\users\Robert\AppData\Roaming\Adobe Mini Bridge CS5.1 2012-03-15 07:02 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-15 07:02 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-15 07:02 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-14 12:40 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 12:40 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 12:40 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 12:39 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 12:39 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 12:39 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 12:39 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 12:39 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-14 12:39 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 12:39 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-13 13:29 . 2012-03-13 14:46 -------- d-----w- C:\Images 2012-03-13 13:28 . 2012-03-13 13:28 -------- d-----w- c:\program files (x86)\ScreenGrab 2012-03-11 23:29 . 2011-09-16 15:24 778088 ------w- c:\windows\system32\HPDiscoPMa111.dll 2012-03-11 23:28 . 2012-03-11 23:28 -------- d-----w- c:\program files\HP . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-01 09:39 . 2011-11-23 00:54 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-22 09:25 . 2012-02-22 09:25 382032 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2012-02-22 09:25 . 2012-02-22 09:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2012-01-31 08:46 . 2012-01-31 08:46 36944 ----a-w- c:\windows\system32\drivers\avgrkx64.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}] 2012-02-20 09:04 898912 ----a-w- c:\program files (x86)\AVG\AVG2012\avgdtiex.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-04-22 2363392] "Akamai NetSession Interface"="c:\users\Robert\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872] "HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336] "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-28 75048] "UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408] "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408] "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712] . c:\users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] hueyTray.lnk - c:\program files (x86)\Pantone\huey\hueyTray.exe [2011-11-24 901120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/09/29 13:35;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-18 240112] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600] R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidseha.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-02-14 2316624] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - CLKMDRV10_9EC60124 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-04-22 20:09 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 09:39] . 2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3830033066-2622805820-2840220525-1000Core.job - c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 18:07] . 2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3830033066-2622805820-2840220525-1000UA.job - c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 18:07] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}] 2012-02-20 09:04 1321824 ----a-w- c:\program files (x86)\AVG\AVG2012\avgdtiea.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-04 6602856] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 68.238.112.12 FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\63aqw56l.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-AdobeBridge - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-04-03 08:33:56 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-03 12:33 . Pre-Run: 1,847,323,148,288 bytes free Post-Run: 1,852,414,738,432 bytes free . - - End Of File - - 1D18262B2B27B09826485679638E176C
  9. Loric
    Markets=marked. Yay for autocorrect.
  10. Loric
    Greetings from my iPhone! I can't open any browsers after running combofix. Get a message for all of them saying they refer to illegal operation on a registry key markets for deletion. Combofix seemed to have run as normal and rebooted. So now what?
  11. Loric
    It only found 5 suspicious objects, skipped them all, and then didn't try to cure anything and didn't ask for a reboot. Here's the log: 07:33:21.0630 5804 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48 07:33:22.0633 5804 ============================================================ 07:33:22.0633 5804 Current date / time: 2012/04/03 07:33:22.0633 07:33:22.0633 5804 SystemInfo: 07:33:22.0633 5804 07:33:22.0633 5804 OS Version: 6.1.7601 ServicePack: 1.0 07:33:22.0633 5804 Product type: Workstation 07:33:22.0633 5804 ComputerName: ROBERT-PC 07:33:22.0633 5804 UserName: Robert 07:33:22.0633 5804 Windows directory: C:\windows 07:33:22.0633 5804 System windows directory: C:\windows 07:33:22.0633 5804 Running under WOW64 07:33:22.0633 5804 Processor architecture: Intel x64 07:33:22.0633 5804 Number of processors: 8 07:33:22.0633 5804 Page size: 0x1000 07:33:22.0633 5804 Boot type: Normal boot 07:33:22.0633 5804 ============================================================ 07:33:23.0410 5804 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 07:33:23.0425 5804 Drive \Device\Harddisk1\DR1 - Size: 0x79280000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 07:33:23.0436 5804 \Device\Harddisk0\DR0: 07:33:23.0437 5804 MBR used 07:33:23.0437 5804 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 07:33:23.0437 5804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD58B0 07:33:23.0437 5804 \Device\Harddisk1\DR1: 07:33:23.0438 5804 MBR used 07:33:23.0438 5804 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0xE2, BlocksNum 0x3C931E 07:33:23.0490 5804 Initialize success 07:33:23.0490 5804 ============================================================ 07:33:32.0233 5276 ============================================================ 07:33:32.0233 5276 Scan started 07:33:32.0233 5276 Mode: Manual; SigCheck; TDLFS; 07:33:32.0233 5276 ============================================================ 07:33:33.0438 5276 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\DRIVERS\1394ohci.sys 07:33:33.0532 5276 1394ohci - ok 07:33:33.0563 5276 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys 07:33:33.0579 5276 ACPI - ok 07:33:33.0610 5276 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys 07:33:33.0672 5276 AcpiPmi - ok 07:33:33.0750 5276 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 07:33:33.0766 5276 AdobeFlashPlayerUpdateSvc - ok 07:33:33.0781 5276 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys 07:33:33.0813 5276 adp94xx - ok 07:33:33.0828 5276 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys 07:33:33.0844 5276 adpahci - ok 07:33:33.0859 5276 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys 07:33:33.0875 5276 adpu320 - ok 07:33:33.0906 5276 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll 07:33:33.0984 5276 AeLookupSvc - ok 07:33:34.0031 5276 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys 07:33:34.0062 5276 AFD - ok 07:33:34.0093 5276 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys 07:33:34.0109 5276 agp440 - ok 07:33:34.0125 5276 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe 07:33:34.0171 5276 ALG - ok 07:33:34.0187 5276 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys 07:33:34.0203 5276 aliide - ok 07:33:34.0218 5276 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys 07:33:34.0234 5276 amdide - ok 07:33:34.0249 5276 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys 07:33:34.0279 5276 AmdK8 - ok 07:33:34.0300 5276 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys 07:33:34.0318 5276 AmdPPM - ok 07:33:34.0349 5276 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys 07:33:34.0364 5276 amdsata - ok 07:33:34.0392 5276 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys 07:33:34.0409 5276 amdsbs - ok 07:33:34.0421 5276 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys 07:33:34.0433 5276 amdxata - ok 07:33:34.0465 5276 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys 07:33:34.0512 5276 AppID - ok 07:33:34.0536 5276 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll 07:33:34.0564 5276 AppIDSvc - ok 07:33:34.0582 5276 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll 07:33:34.0615 5276 Appinfo - ok 07:33:34.0676 5276 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 07:33:34.0686 5276 Apple Mobile Device - ok 07:33:34.0695 5276 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys 07:33:34.0707 5276 arc - ok 07:33:34.0745 5276 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys 07:33:34.0761 5276 arcsas - ok 07:33:34.0780 5276 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys 07:33:34.0833 5276 AsyncMac - ok 07:33:34.0859 5276 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys 07:33:34.0869 5276 atapi - ok 07:33:34.0891 5276 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 07:33:34.0956 5276 AudioEndpointBuilder - ok 07:33:34.0962 5276 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 07:33:34.0987 5276 AudioSrv - ok 07:33:35.0047 5276 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\windows\system32\DRIVERS\avgfwd6a.sys 07:33:35.0058 5276 Avgfwfd - ok 07:33:35.0136 5276 avgfws (c0b5a964c1c329ed19e5a4b6e49ea1fe) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe 07:33:35.0184 5276 avgfws - ok 07:33:35.0271 5276 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe 07:33:35.0321 5276 AVGIDSAgent - ok 07:33:35.0337 5276 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys 07:33:35.0352 5276 AVGIDSDriver - ok 07:33:35.0368 5276 AVGIDSEH (9650578c511527e218328df6d311b4fa) C:\windows\system32\DRIVERS\avgidseha.sys 07:33:35.0368 5276 AVGIDSEH - ok 07:33:35.0383 5276 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys 07:33:35.0399 5276 AVGIDSFilter - ok 07:33:35.0430 5276 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys 07:33:35.0446 5276 Avgldx64 - ok 07:33:35.0477 5276 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys 07:33:35.0493 5276 Avgmfx64 - ok 07:33:35.0555 5276 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys 07:33:35.0571 5276 Avgrkx64 - ok 07:33:35.0586 5276 Avgtdia (e601444168adfb78afa22a1e270d9253) C:\windows\system32\DRIVERS\avgtdia.sys 07:33:35.0602 5276 Avgtdia - ok 07:33:35.0633 5276 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe 07:33:35.0633 5276 avgwd - ok 07:33:35.0664 5276 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll 07:33:35.0727 5276 AxInstSV - ok 07:33:35.0773 5276 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys 07:33:35.0851 5276 b06bdrv - ok 07:33:35.0945 5276 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys 07:33:35.0987 5276 b57nd60a - ok 07:33:36.0017 5276 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll 07:33:36.0035 5276 BDESVC - ok 07:33:36.0051 5276 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys 07:33:36.0117 5276 Beep - ok 07:33:36.0146 5276 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll 07:33:36.0183 5276 BFE - ok 07:33:36.0220 5276 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll 07:33:36.0269 5276 BITS - ok 07:33:36.0300 5276 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\drivers\blbdrive.sys 07:33:36.0318 5276 blbdrive - ok 07:33:36.0391 5276 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 07:33:36.0410 5276 Bonjour Service - ok 07:33:36.0433 5276 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys 07:33:36.0464 5276 bowser - ok 07:33:36.0489 5276 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys 07:33:36.0510 5276 BrFiltLo - ok 07:33:36.0519 5276 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys 07:33:36.0533 5276 BrFiltUp - ok 07:33:36.0558 5276 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll 07:33:36.0622 5276 Browser - ok 07:33:36.0647 5276 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys 07:33:36.0688 5276 Brserid - ok 07:33:36.0705 5276 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys 07:33:36.0734 5276 BrSerWdm - ok 07:33:36.0748 5276 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys 07:33:36.0771 5276 BrUsbMdm - ok 07:33:36.0782 5276 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys 07:33:36.0795 5276 BrUsbSer - ok 07:33:36.0808 5276 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys 07:33:36.0835 5276 BTHMODEM - ok 07:33:36.0859 5276 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll 07:33:36.0900 5276 bthserv - ok 07:33:36.0919 5276 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys 07:33:36.0944 5276 cdfs - ok 07:33:36.0974 5276 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys 07:33:36.0996 5276 cdrom - ok 07:33:37.0023 5276 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 07:33:37.0061 5276 CertPropSvc - ok 07:33:37.0071 5276 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys 07:33:37.0083 5276 circlass - ok 07:33:37.0099 5276 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys 07:33:37.0110 5276 CLFS - ok 07:33:37.0211 5276 CLKMSVC10_9EC60124 (4642b5a3e0d2e61d08163de95fc5b949) C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe 07:33:37.0225 5276 CLKMSVC10_9EC60124 - ok 07:33:37.0282 5276 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 07:33:37.0293 5276 clr_optimization_v2.0.50727_32 - ok 07:33:37.0321 5276 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 07:33:37.0333 5276 clr_optimization_v2.0.50727_64 - ok 07:33:37.0384 5276 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 07:33:37.0397 5276 clr_optimization_v4.0.30319_32 - ok 07:33:37.0426 5276 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 07:33:37.0438 5276 clr_optimization_v4.0.30319_64 - ok 07:33:37.0517 5276 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\drivers\CmBatt.sys 07:33:37.0545 5276 CmBatt - ok 07:33:37.0573 5276 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys 07:33:37.0586 5276 cmdide - ok 07:33:37.0639 5276 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys 07:33:37.0670 5276 CNG - ok 07:33:37.0692 5276 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys 07:33:37.0701 5276 Compbatt - ok 07:33:37.0722 5276 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys 07:33:37.0763 5276 CompositeBus - ok 07:33:37.0777 5276 COMSysApp - ok 07:33:37.0806 5276 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys 07:33:37.0820 5276 crcdisk - ok 07:33:37.0853 5276 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll 07:33:37.0899 5276 CryptSvc - ok 07:33:37.0925 5276 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 07:33:37.0969 5276 DcomLaunch - ok 07:33:37.0986 5276 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll 07:33:38.0017 5276 defragsvc - ok 07:33:38.0033 5276 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys 07:33:38.0064 5276 DfsC - ok 07:33:38.0080 5276 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll 07:33:38.0111 5276 Dhcp - ok 07:33:38.0126 5276 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys 07:33:38.0236 5276 discache - ok 07:33:38.0292 5276 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys 07:33:38.0306 5276 Disk - ok 07:33:38.0338 5276 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll 07:33:38.0396 5276 Dnscache - ok 07:33:38.0422 5276 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll 07:33:38.0472 5276 dot3svc - ok 07:33:38.0506 5276 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\windows\system32\DRIVERS\Dot4.sys 07:33:38.0536 5276 Dot4 - ok 07:33:38.0554 5276 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\windows\system32\DRIVERS\Dot4Prt.sys 07:33:38.0584 5276 Dot4Print - ok 07:33:38.0609 5276 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\windows\system32\DRIVERS\dot4usb.sys 07:33:38.0641 5276 dot4usb - ok 07:33:38.0661 5276 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll 07:33:38.0708 5276 DPS - ok 07:33:38.0732 5276 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys 07:33:38.0752 5276 drmkaud - ok 07:33:38.0773 5276 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys 07:33:38.0795 5276 DXGKrnl - ok 07:33:38.0817 5276 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll 07:33:38.0847 5276 EapHost - ok 07:33:38.0913 5276 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys 07:33:38.0996 5276 ebdrv - ok 07:33:39.0024 5276 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe 07:33:39.0055 5276 EFS - ok 07:33:39.0098 5276 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe 07:33:39.0132 5276 ehRecvr - ok 07:33:39.0142 5276 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe 07:33:39.0166 5276 ehSched - ok 07:33:39.0202 5276 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys 07:33:39.0218 5276 elxstor - ok 07:33:39.0228 5276 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys 07:33:39.0240 5276 ErrDev - ok 07:33:39.0263 5276 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll 07:33:39.0305 5276 EventSystem - ok 07:33:39.0334 5276 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys 07:33:39.0371 5276 exfat - ok 07:33:39.0388 5276 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys 07:33:39.0417 5276 fastfat - ok 07:33:39.0443 5276 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe 07:33:39.0478 5276 Fax - ok 07:33:39.0498 5276 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys 07:33:39.0519 5276 fdc - ok 07:33:39.0544 5276 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll 07:33:39.0594 5276 fdPHost - ok 07:33:39.0609 5276 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll 07:33:39.0631 5276 FDResPub - ok 07:33:39.0654 5276 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys 07:33:39.0661 5276 FileInfo - ok 07:33:39.0674 5276 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys 07:33:39.0725 5276 Filetrace - ok 07:33:39.0755 5276 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys 07:33:39.0772 5276 flpydisk - ok 07:33:39.0792 5276 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys 07:33:39.0809 5276 FltMgr - ok 07:33:39.0837 5276 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll 07:33:39.0915 5276 FontCache - ok 07:33:39.0986 5276 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 07:33:39.0996 5276 FontCache3.0.0.0 - ok 07:33:40.0022 5276 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys 07:33:40.0034 5276 FsDepends - ok 07:33:40.0054 5276 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys 07:33:40.0064 5276 Fs_Rec - ok 07:33:40.0093 5276 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys 07:33:40.0142 5276 fvevol - ok 07:33:40.0171 5276 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys 07:33:40.0184 5276 gagp30kx - ok 07:33:40.0209 5276 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys 07:33:40.0219 5276 GEARAspiWDM - ok 07:33:40.0241 5276 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll 07:33:40.0279 5276 gpsvc - ok 07:33:40.0303 5276 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys 07:33:40.0322 5276 hcw85cir - ok 07:33:40.0369 5276 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys 07:33:40.0385 5276 HdAudAddService - ok 07:33:40.0447 5276 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys 07:33:40.0463 5276 HDAudBus - ok 07:33:40.0494 5276 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys 07:33:40.0510 5276 HidBatt - ok 07:33:40.0525 5276 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys 07:33:40.0541 5276 HidBth - ok 07:33:40.0572 5276 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys 07:33:40.0588 5276 HidIr - ok 07:33:40.0603 5276 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll 07:33:40.0634 5276 hidserv - ok 07:33:40.0650 5276 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys 07:33:40.0666 5276 HidUsb - ok 07:33:40.0681 5276 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll 07:33:40.0712 5276 hkmsvc - ok 07:33:40.0728 5276 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll 07:33:40.0744 5276 HomeGroupListener - ok 07:33:40.0759 5276 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll 07:33:40.0775 5276 HomeGroupProvider - ok 07:33:40.0900 5276 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 07:33:41.0301 5276 hpqcxs08 - ok 07:33:41.0320 5276 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 07:33:41.0331 5276 hpqddsvc - ok 07:33:41.0363 5276 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys 07:33:41.0379 5276 HpSAMD - ok 07:33:41.0418 5276 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL 07:33:41.0443 5276 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning 07:33:41.0443 5276 HPSLPSVC - detected UnsignedFile.Multi.Generic (1) 07:33:41.0475 5276 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys 07:33:41.0524 5276 HTTP - ok 07:33:41.0537 5276 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys 07:33:41.0543 5276 hwpolicy - ok 07:33:41.0578 5276 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys 07:33:41.0596 5276 i8042prt - ok 07:33:41.0632 5276 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys 07:33:41.0654 5276 iaStorV - ok 07:33:41.0706 5276 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 07:33:41.0734 5276 idsvc - ok 07:33:41.0933 5276 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\windows\system32\DRIVERS\igdkmd64.sys 07:33:42.0202 5276 igfx - ok 07:33:42.0221 5276 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys 07:33:42.0231 5276 iirsp - ok 07:33:42.0258 5276 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll 07:33:42.0306 5276 IKEEXT - ok 07:33:42.0364 5276 IntcAzAudAddService (03076f51af9f78a272cccde03e9340ce) C:\windows\system32\drivers\RTKVHD64.sys 07:33:42.0417 5276 IntcAzAudAddService - ok 07:33:42.0441 5276 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys 07:33:42.0454 5276 IntcDAud - ok 07:33:42.0474 5276 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys 07:33:42.0481 5276 intelide - ok 07:33:42.0506 5276 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys 07:33:42.0545 5276 intelppm - ok 07:33:42.0579 5276 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll 07:33:42.0624 5276 IPBusEnum - ok 07:33:42.0651 5276 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys 07:33:42.0672 5276 IpFilterDriver - ok 07:33:42.0695 5276 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll 07:33:42.0727 5276 iphlpsvc - ok 07:33:42.0739 5276 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys 07:33:42.0760 5276 IPMIDRV - ok 07:33:42.0780 5276 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys 07:33:42.0804 5276 IPNAT - ok 07:33:42.0877 5276 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe 07:33:42.0903 5276 iPod Service - ok 07:33:42.0916 5276 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys 07:33:42.0927 5276 IRENUM - ok 07:33:42.0939 5276 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys 07:33:42.0946 5276 isapnp - ok 07:33:42.0974 5276 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys 07:33:42.0983 5276 iScsiPrt - ok 07:33:43.0014 5276 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys 07:33:43.0021 5276 kbdclass - ok 07:33:43.0030 5276 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys 07:33:43.0051 5276 kbdhid - ok 07:33:43.0093 5276 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 07:33:43.0103 5276 KeyIso - ok 07:33:43.0121 5276 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys 07:33:43.0129 5276 KSecDD - ok 07:33:43.0140 5276 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys 07:33:43.0148 5276 KSecPkg - ok 07:33:43.0160 5276 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys 07:33:43.0192 5276 ksthunk - ok 07:33:43.0251 5276 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll 07:33:43.0299 5276 KtmRm - ok 07:33:43.0331 5276 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll 07:33:43.0363 5276 LanmanServer - ok 07:33:43.0378 5276 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll 07:33:43.0409 5276 LanmanWorkstation - ok 07:33:43.0456 5276 LightScribeService (17203d81a68d9162db9022a1fc601778) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 07:33:43.0472 5276 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 07:33:43.0472 5276 LightScribeService - detected UnsignedFile.Multi.Generic (1) 07:33:43.0487 5276 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys 07:33:43.0534 5276 lltdio - ok 07:33:43.0565 5276 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll 07:33:43.0581 5276 lltdsvc - ok 07:33:43.0612 5276 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll 07:33:43.0628 5276 lmhosts - ok 07:33:43.0659 5276 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 07:33:43.0659 5276 LMS - ok 07:33:43.0690 5276 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys 07:33:43.0706 5276 LSI_FC - ok 07:33:43.0721 5276 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys 07:33:43.0737 5276 LSI_SAS - ok 07:33:43.0753 5276 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys 07:33:43.0753 5276 LSI_SAS2 - ok 07:33:43.0768 5276 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys 07:33:43.0784 5276 LSI_SCSI - ok 07:33:43.0799 5276 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys 07:33:43.0831 5276 luafv - ok 07:33:43.0877 5276 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys 07:33:43.0893 5276 MBAMProtector - ok 07:33:43.0924 5276 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 07:33:43.0955 5276 MBAMService - ok 07:33:43.0955 5276 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\windows\system32\drivers\MBfilt64.sys 07:33:43.0971 5276 MBfilt - ok 07:33:44.0002 5276 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll 07:33:44.0018 5276 Mcx2Svc - ok 07:33:44.0049 5276 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys 07:33:44.0065 5276 megasas - ok 07:33:44.0096 5276 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys 07:33:44.0111 5276 MegaSR - ok 07:33:44.0158 5276 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\drivers\HECIx64.sys 07:33:44.0174 5276 MEIx64 - ok 07:33:44.0205 5276 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 07:33:44.0236 5276 MMCSS - ok 07:33:44.0252 5276 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys 07:33:44.0301 5276 Modem - ok 07:33:44.0320 5276 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys 07:33:44.0334 5276 monitor - ok 07:33:44.0350 5276 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys 07:33:44.0358 5276 mouclass - ok 07:33:44.0382 5276 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys 07:33:44.0395 5276 mouhid - ok 07:33:44.0422 5276 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys 07:33:44.0430 5276 mountmgr - ok 07:33:44.0446 5276 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys 07:33:44.0455 5276 mpio - ok 07:33:44.0472 5276 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys 07:33:44.0498 5276 mpsdrv - ok 07:33:44.0526 5276 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll 07:33:44.0554 5276 MpsSvc - ok 07:33:44.0575 5276 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys 07:33:44.0597 5276 MRxDAV - ok 07:33:44.0619 5276 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys 07:33:44.0651 5276 mrxsmb - ok 07:33:44.0666 5276 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys 07:33:44.0680 5276 mrxsmb10 - ok 07:33:44.0695 5276 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys 07:33:44.0707 5276 mrxsmb20 - ok 07:33:44.0715 5276 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys 07:33:44.0722 5276 msahci - ok 07:33:44.0745 5276 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys 07:33:44.0755 5276 msdsm - ok 07:33:44.0774 5276 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe 07:33:44.0795 5276 MSDTC - ok 07:33:44.0816 5276 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys 07:33:44.0843 5276 Msfs - ok 07:33:44.0887 5276 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys 07:33:44.0937 5276 mshidkmdf - ok 07:33:44.0953 5276 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys 07:33:44.0959 5276 msisadrv - ok 07:33:44.0979 5276 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll 07:33:45.0012 5276 MSiSCSI - ok 07:33:45.0017 5276 msiserver - ok 07:33:45.0035 5276 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys 07:33:45.0063 5276 MSKSSRV - ok 07:33:45.0069 5276 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys 07:33:45.0097 5276 MSPCLOCK - ok 07:33:45.0109 5276 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys 07:33:45.0132 5276 MSPQM - ok 07:33:45.0151 5276 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys 07:33:45.0161 5276 MsRPC - ok 07:33:45.0176 5276 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys 07:33:45.0182 5276 mssmbios - ok 07:33:45.0197 5276 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys 07:33:45.0247 5276 MSTEE - ok 07:33:45.0263 5276 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys 07:33:45.0272 5276 MTConfig - ok 07:33:45.0291 5276 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys 07:33:45.0298 5276 Mup - ok 07:33:45.0317 5276 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll 07:33:45.0353 5276 napagent - ok 07:33:45.0380 5276 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys 07:33:45.0394 5276 NativeWifiP - ok 07:33:45.0439 5276 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys 07:33:45.0468 5276 NDIS - ok 07:33:45.0489 5276 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys 07:33:45.0527 5276 NdisCap - ok 07:33:45.0556 5276 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys 07:33:45.0594 5276 NdisTapi - ok 07:33:45.0609 5276 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys 07:33:45.0632 5276 Ndisuio - ok 07:33:45.0642 5276 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys 07:33:45.0668 5276 NdisWan - ok 07:33:45.0685 5276 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys 07:33:45.0710 5276 NDProxy - ok 07:33:45.0756 5276 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll 07:33:45.0772 5276 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 07:33:45.0772 5276 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 07:33:45.0781 5276 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys 07:33:45.0839 5276 NetBIOS - ok 07:33:45.0856 5276 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys 07:33:45.0880 5276 NetBT - ok 07:33:45.0911 5276 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 07:33:45.0920 5276 Netlogon - ok 07:33:45.0959 5276 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll 07:33:46.0014 5276 Netman - ok 07:33:46.0030 5276 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll 07:33:46.0068 5276 netprofm - ok 07:33:46.0099 5276 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\windows\system32\DRIVERS\netr7364.sys 07:33:46.0122 5276 netr7364 - ok 07:33:46.0177 5276 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 07:33:46.0191 5276 NetTcpPortSharing - ok 07:33:46.0248 5276 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys 07:33:46.0262 5276 nfrd960 - ok 07:33:46.0285 5276 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll 07:33:46.0332 5276 NlaSvc - ok 07:33:46.0441 5276 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys 07:33:46.0472 5276 Npfs - ok 07:33:46.0488 5276 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll 07:33:46.0535 5276 nsi - ok 07:33:46.0550 5276 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys 07:33:46.0597 5276 nsiproxy - ok 07:33:46.0628 5276 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys 07:33:46.0659 5276 Ntfs - ok 07:33:46.0675 5276 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys 07:33:46.0691 5276 Null - ok 07:33:46.0706 5276 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\windows\system32\drivers\nusb3hub.sys 07:33:46.0722 5276 nusb3hub - ok 07:33:46.0737 5276 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\windows\system32\drivers\nusb3xhc.sys 07:33:46.0753 5276 nusb3xhc - ok 07:33:46.0784 5276 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys 07:33:46.0800 5276 nvraid - ok 07:33:46.0815 5276 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys 07:33:46.0831 5276 nvstor - ok 07:33:46.0862 5276 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys 07:33:46.0878 5276 nv_agp - ok 07:33:46.0909 5276 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys 07:33:46.0925 5276 ohci1394 - ok 07:33:46.0956 5276 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 07:33:46.0971 5276 ose - ok 07:33:47.0096 5276 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 07:33:47.0143 5276 osppsvc - ok 07:33:47.0174 5276 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 07:33:47.0190 5276 p2pimsvc - ok 07:33:47.0205 5276 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll 07:33:47.0221 5276 p2psvc - ok 07:33:47.0252 5276 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys 07:33:47.0276 5276 Parport - ok 07:33:47.0290 5276 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys 07:33:47.0298 5276 partmgr - ok 07:33:47.0311 5276 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll 07:33:47.0339 5276 PcaSvc - ok 07:33:47.0377 5276 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys 07:33:47.0393 5276 pci - ok 07:33:47.0404 5276 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys 07:33:47.0411 5276 pciide - ok 07:33:47.0451 5276 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys 07:33:47.0462 5276 pcmcia - ok 07:33:47.0483 5276 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys 07:33:47.0492 5276 pcw - ok 07:33:47.0510 5276 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys 07:33:47.0555 5276 PEAUTH - ok 07:33:47.0593 5276 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe 07:33:47.0626 5276 PerfHost - ok 07:33:47.0689 5276 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll 07:33:47.0755 5276 pla - ok 07:33:47.0810 5276 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll 07:33:47.0860 5276 PlugPlay - ok 07:33:47.0898 5276 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll 07:33:47.0913 5276 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 07:33:47.0913 5276 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 07:33:47.0935 5276 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll 07:33:47.0963 5276 PNRPAutoReg - ok 07:33:47.0985 5276 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 07:33:48.0001 5276 PNRPsvc - ok 07:33:48.0037 5276 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll 07:33:48.0095 5276 PolicyAgent - ok 07:33:48.0120 5276 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll 07:33:48.0152 5276 Power - ok 07:33:48.0202 5276 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys 07:33:48.0251 5276 PptpMiniport - ok 07:33:48.0271 5276 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys 07:33:48.0286 5276 Processor - ok 07:33:48.0302 5276 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll 07:33:48.0364 5276 ProfSvc - ok 07:33:48.0395 5276 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 07:33:48.0411 5276 ProtectedStorage - ok 07:33:48.0427 5276 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys 07:33:48.0473 5276 Psched - ok 07:33:48.0520 5276 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys 07:33:48.0583 5276 ql2300 - ok 07:33:48.0598 5276 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys 07:33:48.0598 5276 ql40xx - ok 07:33:48.0614 5276 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll 07:33:48.0629 5276 QWAVE - ok 07:33:48.0629 5276 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys 07:33:48.0645 5276 QWAVEdrv - ok 07:33:48.0661 5276 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys 07:33:48.0676 5276 RasAcd - ok 07:33:48.0692 5276 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys 07:33:48.0723 5276 RasAgileVpn - ok 07:33:48.0739 5276 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll 07:33:48.0754 5276 RasAuto - ok 07:33:48.0770 5276 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys 07:33:48.0801 5276 Rasl2tp - ok 07:33:48.0832 5276 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll 07:33:48.0848 5276 RasMan - ok 07:33:48.0863 5276 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys 07:33:48.0895 5276 RasPppoe - ok 07:33:48.0926 5276 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys 07:33:48.0973 5276 RasSstp - ok 07:33:48.0988 5276 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys 07:33:49.0004 5276 rdbss - ok 07:33:49.0019 5276 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys 07:33:49.0035 5276 rdpbus - ok 07:33:49.0051 5276 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys 07:33:49.0066 5276 RDPCDD - ok 07:33:49.0066 5276 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys 07:33:49.0097 5276 RDPENCDD - ok 07:33:49.0113 5276 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys 07:33:49.0129 5276 RDPREFMP - ok 07:33:49.0175 5276 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys 07:33:49.0191 5276 RDPWD - ok 07:33:49.0222 5276 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys 07:33:49.0222 5276 rdyboost - ok 07:33:49.0253 5276 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll 07:33:49.0269 5276 RemoteAccess - ok 07:33:49.0285 5276 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll 07:33:49.0323 5276 RemoteRegistry - ok 07:33:49.0392 5276 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 07:33:49.0405 5276 RichVideo - ok 07:33:49.0421 5276 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll 07:33:49.0466 5276 RpcEptMapper - ok 07:33:49.0483 5276 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe 07:33:49.0493 5276 RpcLocator - ok 07:33:49.0509 5276 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 07:33:49.0534 5276 RpcSs - ok 07:33:49.0544 5276 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys 07:33:49.0567 5276 rspndr - ok 07:33:49.0607 5276 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys 07:33:49.0628 5276 RTL8167 - ok 07:33:49.0675 5276 RTL8192su (a332db1dac07e95667a57aaeec236c37) C:\windows\system32\DRIVERS\RTL8192su.sys 07:33:49.0696 5276 RTL8192su - ok 07:33:49.0729 5276 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 07:33:49.0741 5276 SamSs - ok 07:33:49.0766 5276 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys 07:33:49.0778 5276 sbp2port - ok 07:33:49.0839 5276 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 07:33:49.0867 5276 SBSDWSCService - ok 07:33:49.0877 5276 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll 07:33:49.0900 5276 SCardSvr - ok 07:33:49.0908 5276 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys 07:33:49.0934 5276 scfilter - ok 07:33:49.0952 5276 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll 07:33:50.0017 5276 Schedule - ok 07:33:50.0042 5276 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 07:33:50.0062 5276 SCPolicySvc - ok 07:33:50.0076 5276 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll 07:33:50.0093 5276 SDRSVC - ok 07:33:50.0114 5276 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys 07:33:50.0165 5276 secdrv - ok 07:33:50.0181 5276 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll 07:33:50.0203 5276 seclogon - ok 07:33:50.0250 5276 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll 07:33:50.0291 5276 SENS - ok 07:33:50.0311 5276 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll 07:33:50.0326 5276 SensrSvc - ok 07:33:50.0340 5276 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys 07:33:50.0355 5276 Serenum - ok 07:33:50.0371 5276 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys 07:33:50.0387 5276 Serial - ok 07:33:50.0418 5276 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys 07:33:50.0418 5276 sermouse - ok 07:33:50.0433 5276 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll 07:33:50.0465 5276 SessionEnv - ok 07:33:50.0480 5276 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys 07:33:50.0527 5276 sffdisk - ok 07:33:50.0543 5276 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys 07:33:50.0558 5276 sffp_mmc - ok 07:33:50.0574 5276 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys 07:33:50.0589 5276 sffp_sd - ok 07:33:50.0605 5276 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys 07:33:50.0621 5276 sfloppy - ok 07:33:50.0636 5276 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll 07:33:50.0667 5276 SharedAccess - ok 07:33:50.0683 5276 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll 07:33:50.0714 5276 ShellHWDetection - ok 07:33:50.0730 5276 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys 07:33:50.0745 5276 SiSRaid2 - ok 07:33:50.0745 5276 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys 07:33:50.0761 5276 SiSRaid4 - ok 07:33:50.0808 5276 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys 07:33:50.0855 5276 Smb - ok 07:33:50.0870 5276 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe 07:33:50.0886 5276 SNMPTRAP - ok 07:33:50.0901 5276 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys 07:33:50.0901 5276 spldr - ok 07:33:50.0917 5276 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe 07:33:50.0948 5276 Spooler - ok 07:33:51.0011 5276 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe 07:33:51.0089 5276 sppsvc - ok 07:33:51.0120 5276 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll 07:33:51.0151 5276 sppuinotify - ok 07:33:51.0182 5276 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys 07:33:51.0213 5276 srv - ok 07:33:51.0229 5276 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys 07:33:51.0245 5276 srv2 - ok 07:33:51.0271 5276 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys 07:33:51.0281 5276 srvnet - ok 07:33:51.0310 5276 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll 07:33:51.0340 5276 SSDPSRV - ok 07:33:51.0362 5276 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll 07:33:51.0385 5276 SstpSvc - ok 07:33:51.0405 5276 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys 07:33:51.0411 5276 stexstor - ok 07:33:51.0448 5276 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys 07:33:51.0475 5276 StillCam - ok 07:33:51.0589 5276 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll 07:33:51.0619 5276 stisvc - ok 07:33:51.0643 5276 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys 07:33:51.0652 5276 swenum - ok 07:33:51.0771 5276 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 07:33:51.0794 5276 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning 07:33:51.0794 5276 SwitchBoard - detected UnsignedFile.Multi.Generic (1) 07:33:51.0820 5276 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll 07:33:51.0865 5276 swprv - ok 07:33:51.0900 5276 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll 07:33:51.0945 5276 SysMain - ok 07:33:51.0956 5276 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll 07:33:51.0970 5276 TabletInputService - ok 07:33:51.0982 5276 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll 07:33:52.0012 5276 TapiSrv - ok 07:33:52.0024 5276 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll 07:33:52.0047 5276 TBS - ok 07:33:52.0096 5276 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys 07:33:52.0137 5276 Tcpip - ok 07:33:52.0187 5276 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys 07:33:52.0217 5276 TCPIP6 - ok 07:33:52.0239 5276 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys 07:33:52.0271 5276 tcpipreg - ok 07:33:52.0290 5276 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys 07:33:52.0299 5276 TDPIPE - ok 07:33:52.0330 5276 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys 07:33:52.0338 5276 TDTCP - ok 07:33:52.0351 5276 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys 07:33:52.0372 5276 tdx - ok 07:33:52.0389 5276 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys 07:33:52.0396 5276 TermDD - ok 07:33:52.0432 5276 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll 07:33:52.0470 5276 TermService - ok 07:33:52.0488 5276 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll 07:33:52.0499 5276 Themes - ok 07:33:52.0527 5276 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 07:33:52.0565 5276 THREADORDER - ok 07:33:52.0579 5276 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll 07:33:52.0607 5276 TrkWks - ok 07:33:52.0643 5276 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe 07:33:52.0687 5276 TrustedInstaller - ok 07:33:52.0699 5276 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys 07:33:52.0730 5276 tssecsrv - ok 07:33:52.0760 5276 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys 07:33:52.0794 5276 TsUsbFlt - ok 07:33:52.0834 5276 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys 07:33:52.0851 5276 TsUsbGD - ok 07:33:52.0877 5276 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys 07:33:52.0928 5276 tunnel - ok 07:33:52.0949 5276 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys 07:33:52.0957 5276 uagp35 - ok 07:33:52.0978 5276 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys 07:33:53.0007 5276 udfs - ok 07:33:53.0022 5276 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe 07:33:53.0032 5276 UI0Detect - ok 07:33:53.0059 5276 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys 07:33:53.0067 5276 uliagpkx - ok 07:33:53.0083 5276 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys 07:33:53.0109 5276 umbus - ok 07:33:53.0135 5276 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys 07:33:53.0154 5276 UmPass - ok 07:33:53.0245 5276 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 07:33:53.0280 5276 UNS - ok 07:33:53.0296 5276 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll 07:33:53.0333 5276 upnphost - ok 07:33:53.0382 5276 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys 07:33:53.0424 5276 USBAAPL64 - ok 07:33:53.0449 5276 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys 07:33:53.0479 5276 usbccgp - ok 07:33:53.0499 5276 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys 07:33:53.0528 5276 usbcir - ok 07:33:53.0557 5276 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys 07:33:53.0579 5276 usbehci - ok 07:33:53.0609 5276 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\drivers\usbhub.sys 07:33:53.0635 5276 usbhub - ok 07:33:53.0654 5276 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys 07:33:53.0671 5276 usbohci - ok 07:33:53.0697 5276 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys 07:33:53.0724 5276 usbprint - ok 07:33:53.0747 5276 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys 07:33:53.0794 5276 usbscan - ok 07:33:53.0824 5276 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS 07:33:53.0855 5276 USBSTOR - ok 07:33:53.0898 5276 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys 07:33:53.0910 5276 usbuhci - ok 07:33:53.0931 5276 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll 07:33:53.0975 5276 UxSms - ok 07:33:54.0011 5276 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 07:33:54.0027 5276 VaultSvc - ok 07:33:54.0050 5276 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys 07:33:54.0063 5276 vdrvroot - ok 07:33:54.0082 5276 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe 07:33:54.0127 5276 vds - ok 07:33:54.0159 5276 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys 07:33:54.0170 5276 vga - ok 07:33:54.0182 5276 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys 07:33:54.0213 5276 VgaSave - ok 07:33:54.0228 5276 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys 07:33:54.0237 5276 vhdmp - ok 07:33:54.0251 5276 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys 07:33:54.0258 5276 viaide - ok 07:33:54.0281 5276 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys 07:33:54.0289 5276 volmgr - ok 07:33:54.0301 5276 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys 07:33:54.0311 5276 volmgrx - ok 07:33:54.0316 5276 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys 07:33:54.0332 5276 volsnap - ok 07:33:54.0348 5276 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys 07:33:54.0348 5276 vsmraid - ok 07:33:54.0379 5276 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe 07:33:54.0441 5276 VSS - ok 07:33:54.0457 5276 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys 07:33:54.0472 5276 vwifibus - ok 07:33:54.0488 5276 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys 07:33:54.0535 5276 vwififlt - ok 07:33:54.0550 5276 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll 07:33:54.0597 5276 W32Time - ok 07:33:54.0613 5276 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys 07:33:54.0628 5276 WacomPen - ok 07:33:54.0644 5276 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 07:33:54.0675 5276 WANARP - ok 07:33:54.0675 5276 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 07:33:54.0691 5276 Wanarpv6 - ok 07:33:54.0753 5276 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe 07:33:54.0816 5276 WatAdminSvc - ok 07:33:54.0847 5276 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe 07:33:54.0894 5276 wbengine - ok 07:33:54.0940 5276 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll 07:33:54.0972 5276 WbioSrvc - ok 07:33:54.0987 5276 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll 07:33:55.0018 5276 wcncsvc - ok 07:33:55.0034 5276 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll 07:33:55.0050 5276 WcsPlugInService - ok 07:33:55.0081 5276 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys 07:33:55.0081 5276 Wd - ok 07:33:55.0112 5276 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys 07:33:55.0143 5276 Wdf01000 - ok 07:33:55.0159 5276 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 07:33:55.0206 5276 WdiServiceHost - ok 07:33:55.0206 5276 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 07:33:55.0221 5276 WdiSystemHost - ok 07:33:55.0237 5276 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll 07:33:55.0271 5276 WebClient - ok 07:33:55.0309 5276 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll 07:33:55.0359 5276 Wecsvc - ok 07:33:55.0385 5276 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll 07:33:55.0406 5276 wercplsupport - ok 07:33:55.0428 5276 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll 07:33:55.0478 5276 WerSvc - ok 07:33:55.0489 5276 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys 07:33:55.0511 5276 WfpLwf - ok 07:33:55.0526 5276 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys 07:33:55.0532 5276 WIMMount - ok 07:33:55.0549 5276 WinDefend - ok 07:33:55.0552 5276 WinHttpAutoProxySvc - ok 07:33:55.0594 5276 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll 07:33:55.0632 5276 Winmgmt - ok 07:33:55.0665 5276 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll 07:33:55.0729 5276 WinRM - ok 07:33:55.0763 5276 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys 07:33:55.0773 5276 WinUsb - ok 07:33:55.0796 5276 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll 07:33:55.0824 5276 Wlansvc - ok 07:33:55.0840 5276 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys 07:33:55.0859 5276 WmiAcpi - ok 07:33:55.0873 5276 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe 07:33:55.0894 5276 wmiApSrv - ok 07:33:55.0899 5276 WMPNetworkSvc - ok 07:33:55.0921 5276 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll 07:33:55.0950 5276 WPCSvc - ok 07:33:55.0969 5276 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll 07:33:56.0004 5276 WPDBusEnum - ok 07:33:56.0026 5276 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys 07:33:56.0065 5276 ws2ifsl - ok 07:33:56.0076 5276 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll 07:33:56.0095 5276 wscsvc - ok 07:33:56.0100 5276 WSearch - ok 07:33:56.0141 5276 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll 07:33:56.0225 5276 wuauserv - ok 07:33:56.0244 5276 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys 07:33:56.0271 5276 WudfPf - ok 07:33:56.0287 5276 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys 07:33:56.0318 5276 WUDFRd - ok 07:33:56.0338 5276 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll 07:33:56.0362 5276 wudfsvc - ok 07:33:56.0381 5276 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll 07:33:56.0402 5276 WwanSvc - ok 07:33:56.0435 5276 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 07:33:56.0591 5276 \Device\Harddisk0\DR0 - ok 07:33:56.0598 5276 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1 07:33:56.0805 5276 \Device\Harddisk1\DR1 - ok 07:33:56.0808 5276 Boot (0x1200) (df5d421a81e8ece5fcd212affb4e3b90) \Device\Harddisk0\DR0\Partition0 07:33:56.0809 5276 \Device\Harddisk0\DR0\Partition0 - ok 07:33:56.0814 5276 Boot (0x1200) (3b3116ec9dadd1a7ae694a556e502266) \Device\Harddisk0\DR0\Partition1 07:33:56.0816 5276 \Device\Harddisk0\DR0\Partition1 - ok 07:33:56.0820 5276 Boot (0x1200) (df484539708e66bfd6c119f83cd1a3df) \Device\Harddisk1\DR1\Partition0 07:33:56.0822 5276 \Device\Harddisk1\DR1\Partition0 - ok 07:33:56.0822 5276 ============================================================ 07:33:56.0822 5276 Scan finished 07:33:56.0822 5276 ============================================================ 07:33:56.0831 4224 Detected object count: 5 07:33:56.0832 4224 Actual detected object count: 5 07:34:51.0708 4224 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user 07:34:51.0708 4224 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 07:34:51.0708 4224 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 07:34:51.0708 4224 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 07:34:51.0708 4224 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 07:34:51.0708 4224 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 07:34:51.0708 4224 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 07:34:51.0708 4224 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 07:34:51.0708 4224 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 07:34:51.0708 4224 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
  12. Loric
    Well, that took all of 3 minutes to confirm i'm not at all out of the woods! Was on this forum page: http://forums.wdwmagic.com/showthread.php?t=833814 Clicked something, ended up here: http://activitycatalogue.com/aff?aff=http%3A%2F%2Fclick.FindSearchEngineResults.com%2Fads-clicktrack%2Fclick%2Fjump1.do%3Fsid%3DidLIq1nWKEkC9cMMchFB5d%252BBMUwF3cEKAq%252F8GfTpLPQ%253D%26affiliate%3D46831%26subid%3D7_g4%26rc%3D0%26terms%3Dpublic+join+date+profile+disney+world&i=DcxLDoQgEAXAdd-iLyBp9NHicZDPhAkR44wx3l53tSo7T0adGQGjQkpiBJ6E5teQ4qIgOizOr0GgEhTibRmXAPX0Ae3n2mrkb68bp_DPvB-91JY51d-Wb7760dL7DfYB&ou=aHR0cDovL2ZvcnVtcy53ZHdtYWdpYy5jb20vZm9ydW1kaXNwbGF5LnBocD9mPTQ= Argh......
  13. Loric
    Log: Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.03.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Robert :: ROBERT-PC [administrator] Protection: Enabled 4/3/2012 3:14:01 AM mbam-log-2012-04-03 (03-14-01).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 273300 Time elapsed: 4 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --- And general computer: The whole redirect thing seems to be behaving since I took my own initiative and did a full reboot of my router since none of the software could find anything and then gave it a strong password followed by a DNS flush on my end for good measure. I can't seem to provoke a redirect at any of the usual websites anymore. Any ideas on how to go about checking or is it a "wait and see"? At the same time, from the other logs from Malware bytes: 2012/04/01 11:52:41 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 62087, Process: chrome.exe) 2012/04/01 11:52:41 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 62088, Process: chrome.exe) 2012/04/01 11:52:41 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 62089, Process: chrome.exe) 2012/04/01 11:52:41 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 62090, Process: chrome.exe) 2012/04/01 11:52:41 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 62091, Process: chrome.exe) 2012/04/01 11:52:41 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 62092, Process: chrome.exe) 2012/04/01 11:52:41 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 62093, Process: chrome.exe) 2012/04/01 19:58:13 -0400 ROBERT-PC Robert MESSAGE Starting protection 2012/04/01 19:58:14 -0400 ROBERT-PC Robert MESSAGE Protection started successfully 2012/04/01 19:58:17 -0400 ROBERT-PC Robert MESSAGE Starting IP protection 2012/04/01 19:58:17 -0400 ROBERT-PC Robert MESSAGE IP Protection started successfully 2012/04/01 23:00:35 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 52002, Process: firefox.exe) 2012/04/01 23:00:35 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 52004, Process: firefox.exe) One little blip yesterday: 2012/04/02 11:57:16 -0400 ROBERT-PC Robert IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54513, Process: firefox.exe) And so far nothing else.
  14. Loric
    I get the impression looking at the topics getting responded to at the top of the forum - all posted well after mine was created... and not following the instructions in the sticky that I followed... that i somehow got off on the wrong foot or something with the experts here and i'm getting some sort of kiss-off "take your issue and shove it" non-response I don't really understand what provoked that.. but umm.. thanks.. Cherry picking favorites when it comes to helping people really isn't ethical or fair guys.
  15. Loric
    Problem in brief: Getting redirected to some unknown search engine deal and random websites when using searches in forums or anything that seems to call a search system up to pull results on a website, like telling a blog to pull up previous posts on 'xzy' topic. It doesn't consistently happen, just at random, and seems to send me to all kinds of addresses. Seems to only happen in Firefox. Directly using search engines like google, bing, etc.. doesn't seem to have the same problem. Malwarebytes, Avast, and AVG all fully updated all concur there's nothing wrong but it still happens sporadically. Advice? Here's the DDS logs: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Robert at 21:13:18 on 2012-03-30 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16286.12047 [GMT -4:00] . AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2012\avgfws.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\windows\System32\svchost.exe -k HPZ12 C:\windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\taskhost.exe C:\windows\system32\svchost.exe -k HPService C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Pantone\huey\hueyTray.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Users\Robert\AppData\Local\Akamai\netsession_win.exe C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Users\Robert\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files (x86)\Pantone\huey\hueyTray.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\notepad.exe C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\windows\system32\igfxsrvc.exe C:\windows\system32\igfxsrvc.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll mWinlogon: Userinit=userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [Google Update] "C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Akamai NetSession Interface] "C:\Users\Robert\AppData\Local\Akamai\netsession_win.exe" uRun: [AdobeBridge] uRun: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BD2CPKG05NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1 uRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_Plugin.exe -update plugin mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0" mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" StartupFolder: C:\Users\Robert\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\hueyTray.lnk - C:\Program Files (x86)\Pantone\huey\hueyTray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.1.1 68.238.112.12 TCP: Interfaces\{25F0BC19-AD5C-4C24-BBB8-76794ACE1928} : DhcpNameServer = 192.168.1.1 68.238.112.12 TCP: Interfaces\{29F8D3DC-D8DC-46A6-9029-D9FA5D0D3E9D} : DhcpNameServer = 192.168.1.1 68.238.112.12 TCP: Interfaces\{7A2B8F7F-B0C5-44C5-AB0B-F5549884ECDA} : DhcpNameServer = 192.168.1.1 68.238.112.12 TCP: Interfaces\{C6B586D7-4310-44C1-A191-468ADF51E69E} : DhcpNameServer = 192.168.1.1 68.238.112.12 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO-X64: 0x1 - No File BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO-X64: AVG Do-Not-Track - No File BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun-x64: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun-x64: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0" mRun-x64: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0" mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm Hosts: 149.5.18.172 www.google-analytics.com. Hosts: 149.5.18.172 ad-emea.doubleclick.net. Hosts: 149.5.18.172 www.statcounter.com. Hosts: 108.163.215.51 www.google-analytics.com. Hosts: 108.163.215.51 ad-emea.doubleclick.net. . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\63aqw56l.default\ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Users\Robert\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Users\Robert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\avgidseha.sys --> C:\windows\system32\DRIVERS\avgidseha.sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?] R1 Avgfwfd;AVG network filter service;C:\windows\system32\DRIVERS\avgfwd6a.sys --> C:\windows\system32\DRIVERS\avgfwd6a.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-2-14 2316624] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-26 652360] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-26 2656280] R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?] R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] R3 MBfilt;MBfilt;C:\windows\system32\drivers\MBfilt64.sys --> C:\windows\system32\drivers\MBfilt64.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\drivers\HECIx64.sys --> C:\windows\system32\drivers\HECIx64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\drivers\nusb3hub.sys --> C:\windows\system32\drivers\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\drivers\nusb3xhc.sys --> C:\windows\system32\drivers\nusb3xhc.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-2-14 5104992] S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/09/29 13:35:44;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-18 240112] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\windows\system32\DRIVERS\netr7364.sys --> C:\windows\system32\DRIVERS\netr7364.sys [?] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\windows\system32\DRIVERS\RTL8192su.sys --> C:\windows\system32\DRIVERS\RTL8192su.sys [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-03-29 11:50:18 -------- d-----w- C:\Users\Robert\AppData\Roaming\AVG2012 2012-03-29 11:49:59 -------- d-----w- C:\windows\SysWow64\drivers\AVG 2012-03-29 11:49:33 -------- d--h--w- C:\$AVG 2012-03-29 11:49:33 -------- d-----w- C:\windows\System32\drivers\AVG 2012-03-29 11:49:33 -------- d-----w- C:\ProgramData\AVG2012 2012-03-29 11:48:25 -------- d-----w- C:\Program Files (x86)\AVG 2012-03-29 11:45:03 -------- d--h--w- C:\ProgramData\Common Files 2012-03-29 11:44:52 -------- d-----w- C:\ProgramData\MFAData 2012-03-29 01:00:02 -------- d-----w- C:\Users\Robert\AppData\Local\twitter 2012-03-29 00:59:41 612888 ----a-r- C:\Users\Robert\AppData\Roaming\Microsoft\Installer\{2DCD0543-22F6-4E54-80D3-B4EFB9AC4943}\TweetDeck.exe 2012-03-29 00:59:39 -------- d-----w- C:\Program Files (x86)\Twitter 2012-03-27 01:30:19 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-27 01:30:19 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll 2012-03-27 01:27:10 -------- d-----w- C:\ProgramData\AVAST Software 2012-03-27 01:27:10 -------- d-----w- C:\Program Files\AVAST Software 2012-03-27 01:01:42 -------- d-----w- C:\Users\Robert\AppData\Roaming\Malwarebytes 2012-03-27 01:01:36 23152 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-03-27 01:01:36 -------- d-----w- C:\ProgramData\Malwarebytes 2012-03-27 01:01:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-03-22 22:58:05 -------- d-----w- C:\Users\Robert\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2012-03-22 22:58:05 -------- d-----w- C:\Users\Robert\AppData\Roaming\Adobe Mini Bridge CS5.1 2012-03-15 07:02:04 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-03-15 07:02:03 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-03-15 07:02:03 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-03-14 12:40:27 3145728 ----a-w- C:\windows\System32\win32k.sys 2012-03-14 12:40:27 1544192 ----a-w- C:\windows\System32\DWrite.dll 2012-03-14 12:40:27 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll 2012-03-14 12:39:58 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe 2012-03-14 12:39:58 77312 ----a-w- C:\windows\System32\rdpwsx.dll 2012-03-14 12:39:58 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll 2012-03-14 12:39:53 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll 2012-03-14 12:39:53 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys 2012-03-14 12:39:53 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys 2012-03-14 12:39:53 1031680 ----a-w- C:\windows\System32\rdpcore.dll 2012-03-13 13:29:07 -------- d-----w- C:\Images 2012-03-13 13:28:28 -------- d-----w- C:\Program Files (x86)\ScreenGrab 2012-03-11 23:29:16 778088 ------w- C:\windows\System32\HPDiscoPMa111.dll 2012-03-11 23:28:07 -------- d-----w- C:\Program Files\HP . ==================== Find3M ==================== . 2012-03-15 12:37:18 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-22 09:25:50 382032 ----a-w- C:\windows\System32\drivers\avgtdia.sys 2012-02-22 09:25:32 289872 ----a-w- C:\windows\System32\drivers\avgldx64.sys 2012-01-31 08:46:48 36944 ----a-w- C:\windows\System32\drivers\avgrkx64.sys 2012-01-04 10:44:20 509952 ----a-w- C:\windows\System32\ntshrui.dll 2012-01-04 08:58:41 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll . ============= FINISH: 21:13:32.13 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 11/22/2011 6:41:47 PM System Uptime: 3/29/2012 8:46:55 AM (37 hours ago) . Motherboard: MSI | | H67MA-E45 (MS-7678) Processor: Intel® Core i7-2600 CPU @ 3.40GHz | SOCKET 0 | 3401/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 1863 GiB total, 1716.978 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart 5510 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart 5510 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . ==== System Restore Points =================== . RP33: 3/23/2012 12:00:02 AM - Scheduled Checkpoint RP34: 3/26/2012 9:26:58 PM - avast! Free Antivirus Setup RP35: 3/28/2012 8:33:32 PM - Windows Update RP36: 3/28/2012 8:59:08 PM - Installed TweetDeck RP37: 3/29/2012 7:48:08 AM - Installed AVG 2012 RP38: 3/29/2012 7:48:36 AM - Installed AVG 2012 RP39: 3/29/2012 8:40:41 AM - avast! Free Antivirus Setup . ==== Hosts File Hijack ====================== . Hosts: 149.5.18.172 www.google-analytics.com. Hosts: 149.5.18.172 ad-emea.doubleclick.net. Hosts: 149.5.18.172 www.statcounter.com. Hosts: 108.163.215.51 www.google-analytics.com. Hosts: 108.163.215.51 ad-emea.doubleclick.net. Hosts: 108.163.215.51 www.statcounter.com. . ==== Installed Programs ====================== . Acrobat.com Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Community Help Adobe Content Viewer Adobe Creative Suite 5.5 Design Standard Adobe Download Assistant Adobe Photoshop CS5.1 Adobe Reader 9.5.0 Akamai NetSession Interface Amazon Add to Wish List IE Extension 1.2 Amazon Kindle Apple Application Support Apple Software Update Belkin Connect Wireless USB Adapter BufferChm C309a Coupon Printer for Windows CyberLink Blu-ray Disc Suite CyberLink LabelPrint CyberLink LG Burning Tool CyberLink MediaShow CyberLink PowerBackup CyberLink PowerDVD 9 CyberLink PowerProducer CyberLink YouCam Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations DeviceDiscovery DocProc Fax Google Chrome GPBaseService2 HP Photosmart 5510 series Help HP Update HPDiagnosticAlert HPPhotoGadget HPPhotoSmartDiscLabel_PaperLabel HPPhotoSmartDiscLabel_PrintOnDisc HPPhotoSmartDiscLabelContent1 hpphotosmartdisclabelplugin HPPhotosmartEssential HPProductAssistant HPSSupply huey 1.0.5 Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Internet TV for Windows Media Center iSEEK AnswerWorks English Runtime Java Auto Updater Java 6 Update 29 LightScribe System Software Malwarebytes Anti-Malware version 1.60.1.1000 MarketResearch Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Mozilla Firefox 11.0 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) PDF Settings CS5 PS_AIO_05_C309_Software_Min Quicken 2011 QuickTime QuickTransfer Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Renesas Electronics USB 3.0 Host Controller Driver Scan ScreenGrab 1.1 Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition SmartWebPrinting SolutionCenter Status Toolbox TrayApp TweetDeck Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) Visual Studio 2008 x64 Redistributables WebReg Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 3/29/2012 8:53:53 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 3/28/2012 8:50:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. . ==== End Of File =========================== So.. I figured since I'm in queue I'd post a more concise and detailed report of what's going on, since it just happened again. Browsing in FireFox, reading 'bout my Disney World (shut up, don't judge me) and I'm on the DisBoards main page. A big, popular, well run website: http://www.disboards.com/ All cool, I go to click on one of the forum - I forget which, and I'm magically whisked away to this, per my Firefox history: http://www.google-analytics.com/gc.js?1&ou=http%3A%2F%2Fwww.disboards.com%2Fforumdisplay.php%3Ff%3D2&p=0.5645434599446866 Which redirects to this whole list: http://video-business.net/aff?aff=http%3A%2F%2Fppc11.front.bestppcever.net%2Fclick.php%3Fkey%3D187abb8561a9bec12754782eea27be1c52739e8e5c2&i=DczBDcMgDAXQs7dggSJDvx0yjiGQJlWE5ObS7ds3wEvLM6rEDERlygLiyEAmpoWUwEMaowlWKdUYyqbgkkZeDVpoB_ncu4eze7--YbhdfQtutR53eM-Xf8I22z39Pz7SDw~~&ou=aHR0cDovL3d3dy5kaXNib2FyZHMuY29tL2ZvcnVtZGlzcGxheS5waHA/Zj0y http://ppc11.front.bestppcever.net/click.php?key=187abb8561a9bec12754782eea27be1c52739e8e5c2 http://www1.pharmacy-resources.net/click_url.php?redirUrl=http%3A%2F%2F88.214.201.204%2Fclick%2F%3Fsid%3Da427a116ffc5b65f5570096a050ee1e4%26cid%3Da91dcf0d11a6e68a4658b5cd1d1956f0%26did%3Ddaoxml6&q=roger+jeremy+framed+rabbit+kohrs+doctor&clickId=ab7553f67bcd11b880df059b01f9099a http://www1.pharmacy-resources.net/?q=roger%20jeremy%20framed%20rabbit%20kohrs%20doctor http://www1.pharmacy-resources.net/check.php http://88.214.201.204/click/?sid=a427a116ffc5b65f5570096a050ee1e4&cid=a91dcf0d11a6e68a4658b5cd1d1956f0&did=daoxml6 http://dc2w.3vg58t1.com/ct?version=1.0.0&enURL=HNHu+81MXlGsUGrFcP+uqnzX5fqQqsmu+D8uGA9u4NjBBiYzbuhEKEbV9W5d1Pr5bDUPl1lRI/8U4UQU55U2P9PZdB6ksqFOMFL500lhUNPAqfgjH26GPMRLa/4Vp6Dn&queryid=262005967646&rtpid=&adid=148601&invid=65038155&ampsc=87&ampsctid=1&upid=&orgkw=roger%20jeremy%20framed%20rabbit%20kohrs%20doctor&kwid=87867274&crid=1395360&fs=w-xml-36&pb=960.0&advn=mdlinx.com%2Furology%2F&iic=40477677;65038152;65038153;65038154;65038155&cp=0.1320,51412,381578,0,pub_daoclick-8262,roger%20jeremy%20framed%20rabbit%20kohrs%20doctor,backfill_conducive/l=COND http://dc2w.3vg58t1.com/ct?version=1.0.0&enURL=HNHu+81MXlGsUGrFcP+uqnzX5fqQqsmu+D8uGA9u4NjBBiYzbuhEKEbV9W5d1Pr5bDUPl1lRI/8U4UQU55U2P9PZdB6ksqFOMFL500lhUNPAqfgjH26GPMRLa/4Vp6Dn&queryid=262005967646&rtpid=&adid=148601&invid=65038155&ampsc=87&ampsctid=1&upid=&orgkw=roger%20jeremy%20framed%20rabbit%20kohrs%20doctor&kwid=87867274&crid=1395360&fs=w-xml-36&pb=960.0&advn=mdlinx.com%2Furology%2F&iic=40477677;65038152;65038153;65038154;65038155&cp=0.1320,51412,381578,0,pub_daoclick-8262,roger%20jeremy%20framed%20rabbit%20kohrs%20doctor,backfill_conducive/l=COND http://dc2w.3vg58t1.com/ct?ctcookie_value=1333255566246.17566EAB95768CF91A2E124D1BA17E09&version=1.0.0&enURL=HNHu+81MXlGsUGrFcP+uqnzX5fqQqsmu+D8uGA9u4NjBBiYzbuhEKEbV9W5d1Pr5bDUPl1lRI/8U4UQU55U2P9PZdB6ksqFOMFL500lhUNPAqfgjH26GPMRLa/4Vp6Dn&queryid=262005967646&rtpid=&adid=148601&invid=65038155&ampsc=87&ampsctid=1&upid=&orgkw=roger%20jeremy%20framed%20rabbit%20kohrs%20doctor&kwid=87867274&crid=1395360&fs=w-xml-36&pb=960.0&advn=mdlinx.com%2Furology%2F&iic=40477677;65038152;65038153;65038154;65038155&cp=0.1320,51412,381578,0,pub_daoclick-8262,roger%20jeremy%20framed%20rabbit%20kohrs%20doctor,backfill_conducive/l=COND http://1.65038155.ampnetwork.net/?sid=M1B9Tn1eQy17Dz0FHQkkIUlFQ2tkAXsOZFoHNnwHeAYeWn9hBUZTamcJew9pXQM2fwB6GgVfZX4BQ11sZ09%2B http://dc2w.3vg58t1.com/bounce?click_id=2013247772&m_width=1440&m_height=900&b_width=1440&b_height=796&b_top=-8&b_left=-8&in_iframe=0 http://www.mdlinx.com/urology/index2.cfm?kw=find+a+doctor Which finally ends on this page: http://www.mdlinx.com/urology/articles.cfm/news/find%20a%20doctor So... that's what I'm up again. Hope that helps.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.