Jump to content


Photo
- - - - -

Seeking Help with Redirect Demon


  • This topic is locked This topic is locked
28 replies to this topic

#1 Loric

Loric

    New Member

  • Members
  • Pip
  • 16 posts

Posted 30 March 2012 - 08:48 PM

Problem in brief:

Getting redirected to some unknown search engine deal and random websites when using searches in forums or anything that seems to call a search system up to pull results on a website, like telling a blog to pull up previous posts on 'xzy' topic. It doesn't consistently happen, just at random, and seems to send me to all kinds of addresses. Seems to only happen in Firefox. Directly using search engines like google, bing, etc.. doesn't seem to have the same problem.

Malwarebytes, Avast, and AVG all fully updated all concur there's nothing wrong but it still happens sporadically. Advice? Here's the DDS logs:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Robert at 21:13:18 on 2012-03-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16286.12047 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Pantone\huey\hueyTray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Robert\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Robert\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Pantone\huey\hueyTray.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\notepad.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "C:\Users\Robert\AppData\Local\Akamai\netsession_win.exe"
uRun: [AdobeBridge]
uRun: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BD2CPKG05NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1
uRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_Plugin.exe -update plugin
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
StartupFolder: C:\Users\Robert\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\hueyTray.lnk - C:\Program Files (x86)\Pantone\huey\hueyTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1 68.238.112.12
TCP: Interfaces\{25F0BC19-AD5C-4C24-BBB8-76794ACE1928} : DhcpNameServer = 192.168.1.1 68.238.112.12
TCP: Interfaces\{29F8D3DC-D8DC-46A6-9029-D9FA5D0D3E9D} : DhcpNameServer = 192.168.1.1 68.238.112.12
TCP: Interfaces\{7A2B8F7F-B0C5-44C5-AB0B-F5549884ECDA} : DhcpNameServer = 192.168.1.1 68.238.112.12
TCP: Interfaces\{C6B586D7-4310-44C1-A191-468ADF51E69E} : DhcpNameServer = 192.168.1.1 68.238.112.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do-Not-Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
Hosts: 149.5.18.172 www.google-analytics.com.
Hosts: 149.5.18.172 ad-emea.doubleclick.net.
Hosts: 149.5.18.172 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\63aqw56l.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Users\Robert\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Robert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\avgidseha.sys --> C:\windows\system32\DRIVERS\avgidseha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\windows\system32\DRIVERS\avgfwd6a.sys --> C:\windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-2-14 2316624]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-26 652360]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-26 2656280]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 MBfilt;MBfilt;C:\windows\system32\drivers\MBfilt64.sys --> C:\windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\drivers\HECIx64.sys --> C:\windows\system32\drivers\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\drivers\nusb3hub.sys --> C:\windows\system32\drivers\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\drivers\nusb3xhc.sys --> C:\windows\system32\drivers\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-2-14 5104992]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/09/29 13:35:44;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-18 240112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\windows\system32\DRIVERS\netr7364.sys --> C:\windows\system32\DRIVERS\netr7364.sys [?]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\windows\system32\DRIVERS\RTL8192su.sys --> C:\windows\system32\DRIVERS\RTL8192su.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-29 11:50:18 -------- d-----w- C:\Users\Robert\AppData\Roaming\AVG2012
2012-03-29 11:49:59 -------- d-----w- C:\windows\SysWow64\drivers\AVG
2012-03-29 11:49:33 -------- d--h--w- C:\$AVG
2012-03-29 11:49:33 -------- d-----w- C:\windows\System32\drivers\AVG
2012-03-29 11:49:33 -------- d-----w- C:\ProgramData\AVG2012
2012-03-29 11:48:25 -------- d-----w- C:\Program Files (x86)\AVG
2012-03-29 11:45:03 -------- d--h--w- C:\ProgramData\Common Files
2012-03-29 11:44:52 -------- d-----w- C:\ProgramData\MFAData
2012-03-29 01:00:02 -------- d-----w- C:\Users\Robert\AppData\Local\twitter
2012-03-29 00:59:41 612888 ----a-r- C:\Users\Robert\AppData\Roaming\Microsoft\Installer\{2DCD0543-22F6-4E54-80D3-B4EFB9AC4943}\TweetDeck.exe
2012-03-29 00:59:39 -------- d-----w- C:\Program Files (x86)\Twitter
2012-03-27 01:30:19 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-27 01:30:19 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-27 01:27:10 -------- d-----w- C:\ProgramData\AVAST Software
2012-03-27 01:27:10 -------- d-----w- C:\Program Files\AVAST Software
2012-03-27 01:01:42 -------- d-----w- C:\Users\Robert\AppData\Roaming\Malwarebytes
2012-03-27 01:01:36 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-27 01:01:36 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-27 01:01:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-22 22:58:05 -------- d-----w- C:\Users\Robert\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-03-22 22:58:05 -------- d-----w- C:\Users\Robert\AppData\Roaming\Adobe Mini Bridge CS5.1
2012-03-15 07:02:04 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-15 07:02:03 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 07:02:03 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-14 12:40:27 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-03-14 12:40:27 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-03-14 12:40:27 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-03-14 12:39:58 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-03-14 12:39:58 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-03-14 12:39:58 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-03-14 12:39:53 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-03-14 12:39:53 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-03-14 12:39:53 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-03-14 12:39:53 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-03-13 13:29:07 -------- d-----w- C:\Images
2012-03-13 13:28:28 -------- d-----w- C:\Program Files (x86)\ScreenGrab
2012-03-11 23:29:16 778088 ------w- C:\windows\System32\HPDiscoPMa111.dll
2012-03-11 23:28:07 -------- d-----w- C:\Program Files\HP
.
==================== Find3M ====================
.
2012-03-15 12:37:18 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-22 09:25:50 382032 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2012-02-22 09:25:32 289872 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2012-01-31 08:46:48 36944 ----a-w- C:\windows\System32\drivers\avgrkx64.sys
2012-01-04 10:44:20 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
.
============= FINISH: 21:13:32.13 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/22/2011 6:41:47 PM
System Uptime: 3/29/2012 8:46:55 AM (37 hours ago)
.
Motherboard: MSI | | H67MA-E45 (MS-7678)
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz | SOCKET 0 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1863 GiB total, 1716.978 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart 5510 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart 5510 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP33: 3/23/2012 12:00:02 AM - Scheduled Checkpoint
RP34: 3/26/2012 9:26:58 PM - avast! Free Antivirus Setup
RP35: 3/28/2012 8:33:32 PM - Windows Update
RP36: 3/28/2012 8:59:08 PM - Installed TweetDeck
RP37: 3/29/2012 7:48:08 AM - Installed AVG 2012
RP38: 3/29/2012 7:48:36 AM - Installed AVG 2012
RP39: 3/29/2012 8:40:41 AM - avast! Free Antivirus Setup
.
==== Hosts File Hijack ======================
.
Hosts: 149.5.18.172 www.google-analytics.com.
Hosts: 149.5.18.172 ad-emea.doubleclick.net.
Hosts: 149.5.18.172 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Acrobat X Pro - English, Fran├žais, Deutsch
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe Creative Suite 5.5 Design Standard
Adobe Download Assistant
Adobe Photoshop CS5.1
Adobe Reader 9.5.0
Akamai NetSession Interface
Amazon Add to Wish List IE Extension 1.2
Amazon Kindle
Apple Application Support
Apple Software Update
Belkin Connect Wireless USB Adapter
BufferChm
C309a
Coupon Printer for Windows
CyberLink Blu-ray Disc Suite
CyberLink LabelPrint
CyberLink LG Burning Tool
CyberLink MediaShow
CyberLink PowerBackup
CyberLink PowerDVD 9
CyberLink PowerProducer
CyberLink YouCam
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DocProc
Fax
Google Chrome
GPBaseService2
HP Photosmart 5510 series Help
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
HPSSupply
huey 1.0.5
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Internet TV for Windows Media Center
iSEEK AnswerWorks English Runtime
Java Auto Updater
Java™ 6 Update 29
LightScribe System Software
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 11.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PDF Settings CS5
PS_AIO_05_C309_Software_Min
Quicken 2011
QuickTime
QuickTransfer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Scan
ScreenGrab 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
SmartWebPrinting
SolutionCenter
Status
Toolbox
TrayApp
TweetDeck
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Visual Studio 2008 x64 Redistributables
WebReg
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/29/2012 8:53:53 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/28/2012 8:50:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
.
==== End Of File ===========================

So.. I figured since I'm in queue I'd post a more concise and detailed report of what's going on, since it just happened again.

Browsing in FireFox, reading 'bout my Disney World (shut up, don't judge me) and I'm on the DisBoards main page. A big, popular, well run website: http://www.disboards.com/

All cool, I go to click on one of the forum - I forget which, and I'm magically whisked away to this, per my Firefox history:

http://www.google-an...645434599446866

Which redirects to this whole list:

http://video-busines...GxheS5waHA/Zj0y

http://ppc11.front.b...be1c52739e8e5c2

http://www1.pharmacy...0df059b01f9099a

http://www1.pharmacy...it kohrs doctor

http://www1.pharmacy...s.net/check.php

http://88.214.201.20...6f0&did=daoxml6

http://dc2w.3vg58t1....onducive/l=COND

http://dc2w.3vg58t1....onducive/l=COND

http://dc2w.3vg58t1....onducive/l=COND

http://1.65038155.am...gVfZX4BQ11sZ09+

http://dc2w.3vg58t1....=-8&in_iframe=0

http://www.mdlinx.co...w=find a doctor

Which finally ends on this page:

http://www.mdlinx.co...s/find a doctor

So... that's what I'm up again. Hope that helps.

#2 Loric

Loric

    New Member

  • Members
  • Pip
  • 16 posts

Posted 02 April 2012 - 07:40 AM

I get the impression looking at the topics getting responded to at the top of the forum - all posted well after mine was created... and not following the instructions in the sticky that I followed... that i somehow got off on the wrong foot or something with the experts here and i'm getting some sort of kiss-off "take your issue and shove it" non-response :(

I don't really understand what provoked that.. but umm.. thanks..

Cherry picking favorites when it comes to helping people really isn't ethical or fair guys.

#3 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 02 April 2012 - 09:06 AM

We look for post with 0 replies, so when you replied to your own topic, we assumed you were being helped.
If you still need help


Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.


Please run a new MBAM scan being sure to update before scanning.
Post the scan results
Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".
We look for post with 0 replies, so when you replied to your own topic, we assumed you were being helped.

If you still need help:
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#4 Loric

Loric

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 April 2012 - 02:40 AM

Log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Robert :: ROBERT-PC [administrator]

Protection: Enabled

4/3/2012 3:14:01 AM
mbam-log-2012-04-03 (03-14-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273300
Time elapsed: 4 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

---

And general computer: The whole redirect thing seems to be behaving since I took my own initiative and did a full reboot of my router since none of the software could find anything and then gave it a strong password followed by a DNS flush on my end for good measure. I can't seem to provoke a redirect at any of the usual websites anymore. Any ideas on how to go about checking or is it a "wait and see"?

At the same time, from the other logs from Malware bytes:

2012/04/01 11:52:41 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 62087, Process: chrome.exe)
2012/04/01 11:52:41 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 62088, Process: chrome.exe)
2012/04/01 11:52:41 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 62089, Process: chrome.exe)
2012/04/01 11:52:41 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 62090, Process: chrome.exe)
2012/04/01 11:52:41 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 62091, Process: chrome.exe)
2012/04/01 11:52:41 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 62092, Process: chrome.exe)
2012/04/01 11:52:41 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 62093, Process: chrome.exe)
2012/04/01 19:58:13 -0400 ROBERT-PC Robert MESSAGE Starting protection
2012/04/01 19:58:14 -0400 ROBERT-PC Robert MESSAGE Protection started successfully
2012/04/01 19:58:17 -0400 ROBERT-PC Robert MESSAGE Starting IP protection
2012/04/01 19:58:17 -0400 ROBERT-PC Robert MESSAGE IP Protection started successfully
2012/04/01 23:00:35 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 52002, Process: firefox.exe)
2012/04/01 23:00:35 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 52004, Process: firefox.exe)

One little blip yesterday:

2012/04/02 11:57:16 -0400 ROBERT-PC Robert IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54513, Process: firefox.exe)

And so far nothing else.

#5 Loric

Loric

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 April 2012 - 02:49 AM

Well, that took all of 3 minutes to confirm i'm not at all out of the woods!

Was on this forum page: http://forums.wdwmag...ad.php?t=833814

Clicked something, ended up here: http://activitycatal...GF5LnBocD9mPTQ=

Argh......

#6 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 03 April 2012 - 06:20 AM

Next:
Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 Loric

Loric

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 April 2012 - 06:37 AM

It only found 5 suspicious objects, skipped them all, and then didn't try to cure anything and didn't ask for a reboot. Here's the log:


07:33:21.0630 5804 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
07:33:22.0633 5804 ============================================================
07:33:22.0633 5804 Current date / time: 2012/04/03 07:33:22.0633
07:33:22.0633 5804 SystemInfo:
07:33:22.0633 5804
07:33:22.0633 5804 OS Version: 6.1.7601 ServicePack: 1.0
07:33:22.0633 5804 Product type: Workstation
07:33:22.0633 5804 ComputerName: ROBERT-PC
07:33:22.0633 5804 UserName: Robert
07:33:22.0633 5804 Windows directory: C:\windows
07:33:22.0633 5804 System windows directory: C:\windows
07:33:22.0633 5804 Running under WOW64
07:33:22.0633 5804 Processor architecture: Intel x64
07:33:22.0633 5804 Number of processors: 8
07:33:22.0633 5804 Page size: 0x1000
07:33:22.0633 5804 Boot type: Normal boot
07:33:22.0633 5804 ============================================================
07:33:23.0410 5804 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:33:23.0425 5804 Drive \Device\Harddisk1\DR1 - Size: 0x79280000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:33:23.0436 5804 \Device\Harddisk0\DR0:
07:33:23.0437 5804 MBR used
07:33:23.0437 5804 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
07:33:23.0437 5804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD58B0
07:33:23.0437 5804 \Device\Harddisk1\DR1:
07:33:23.0438 5804 MBR used
07:33:23.0438 5804 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0xE2, BlocksNum 0x3C931E
07:33:23.0490 5804 Initialize success
07:33:23.0490 5804 ============================================================
07:33:32.0233 5276 ============================================================
07:33:32.0233 5276 Scan started
07:33:32.0233 5276 Mode: Manual; SigCheck; TDLFS;
07:33:32.0233 5276 ============================================================
07:33:33.0438 5276 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\DRIVERS\1394ohci.sys
07:33:33.0532 5276 1394ohci - ok
07:33:33.0563 5276 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
07:33:33.0579 5276 ACPI - ok
07:33:33.0610 5276 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
07:33:33.0672 5276 AcpiPmi - ok
07:33:33.0750 5276 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:33:33.0766 5276 AdobeFlashPlayerUpdateSvc - ok
07:33:33.0781 5276 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
07:33:33.0813 5276 adp94xx - ok
07:33:33.0828 5276 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
07:33:33.0844 5276 adpahci - ok
07:33:33.0859 5276 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
07:33:33.0875 5276 adpu320 - ok
07:33:33.0906 5276 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
07:33:33.0984 5276 AeLookupSvc - ok
07:33:34.0031 5276 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
07:33:34.0062 5276 AFD - ok
07:33:34.0093 5276 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
07:33:34.0109 5276 agp440 - ok
07:33:34.0125 5276 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
07:33:34.0171 5276 ALG - ok
07:33:34.0187 5276 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
07:33:34.0203 5276 aliide - ok
07:33:34.0218 5276 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
07:33:34.0234 5276 amdide - ok
07:33:34.0249 5276 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
07:33:34.0279 5276 AmdK8 - ok
07:33:34.0300 5276 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
07:33:34.0318 5276 AmdPPM - ok
07:33:34.0349 5276 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
07:33:34.0364 5276 amdsata - ok
07:33:34.0392 5276 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
07:33:34.0409 5276 amdsbs - ok
07:33:34.0421 5276 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
07:33:34.0433 5276 amdxata - ok
07:33:34.0465 5276 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
07:33:34.0512 5276 AppID - ok
07:33:34.0536 5276 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
07:33:34.0564 5276 AppIDSvc - ok
07:33:34.0582 5276 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
07:33:34.0615 5276 Appinfo - ok
07:33:34.0676 5276 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:33:34.0686 5276 Apple Mobile Device - ok
07:33:34.0695 5276 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
07:33:34.0707 5276 arc - ok
07:33:34.0745 5276 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
07:33:34.0761 5276 arcsas - ok
07:33:34.0780 5276 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
07:33:34.0833 5276 AsyncMac - ok
07:33:34.0859 5276 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
07:33:34.0869 5276 atapi - ok
07:33:34.0891 5276 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
07:33:34.0956 5276 AudioEndpointBuilder - ok
07:33:34.0962 5276 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
07:33:34.0987 5276 AudioSrv - ok
07:33:35.0047 5276 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\windows\system32\DRIVERS\avgfwd6a.sys
07:33:35.0058 5276 Avgfwfd - ok
07:33:35.0136 5276 avgfws (c0b5a964c1c329ed19e5a4b6e49ea1fe) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
07:33:35.0184 5276 avgfws - ok
07:33:35.0271 5276 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
07:33:35.0321 5276 AVGIDSAgent - ok
07:33:35.0337 5276 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys
07:33:35.0352 5276 AVGIDSDriver - ok
07:33:35.0368 5276 AVGIDSEH (9650578c511527e218328df6d311b4fa) C:\windows\system32\DRIVERS\avgidseha.sys
07:33:35.0368 5276 AVGIDSEH - ok
07:33:35.0383 5276 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys
07:33:35.0399 5276 AVGIDSFilter - ok
07:33:35.0430 5276 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys
07:33:35.0446 5276 Avgldx64 - ok
07:33:35.0477 5276 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys
07:33:35.0493 5276 Avgmfx64 - ok
07:33:35.0555 5276 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys
07:33:35.0571 5276 Avgrkx64 - ok
07:33:35.0586 5276 Avgtdia (e601444168adfb78afa22a1e270d9253) C:\windows\system32\DRIVERS\avgtdia.sys
07:33:35.0602 5276 Avgtdia - ok
07:33:35.0633 5276 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
07:33:35.0633 5276 avgwd - ok
07:33:35.0664 5276 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
07:33:35.0727 5276 AxInstSV - ok
07:33:35.0773 5276 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
07:33:35.0851 5276 b06bdrv - ok
07:33:35.0945 5276 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
07:33:35.0987 5276 b57nd60a - ok
07:33:36.0017 5276 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
07:33:36.0035 5276 BDESVC - ok
07:33:36.0051 5276 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
07:33:36.0117 5276 Beep - ok
07:33:36.0146 5276 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
07:33:36.0183 5276 BFE - ok
07:33:36.0220 5276 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
07:33:36.0269 5276 BITS - ok
07:33:36.0300 5276 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\drivers\blbdrive.sys
07:33:36.0318 5276 blbdrive - ok
07:33:36.0391 5276 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
07:33:36.0410 5276 Bonjour Service - ok
07:33:36.0433 5276 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
07:33:36.0464 5276 bowser - ok
07:33:36.0489 5276 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
07:33:36.0510 5276 BrFiltLo - ok
07:33:36.0519 5276 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
07:33:36.0533 5276 BrFiltUp - ok
07:33:36.0558 5276 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
07:33:36.0622 5276 Browser - ok
07:33:36.0647 5276 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
07:33:36.0688 5276 Brserid - ok
07:33:36.0705 5276 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
07:33:36.0734 5276 BrSerWdm - ok
07:33:36.0748 5276 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
07:33:36.0771 5276 BrUsbMdm - ok
07:33:36.0782 5276 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
07:33:36.0795 5276 BrUsbSer - ok
07:33:36.0808 5276 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
07:33:36.0835 5276 BTHMODEM - ok
07:33:36.0859 5276 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
07:33:36.0900 5276 bthserv - ok
07:33:36.0919 5276 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
07:33:36.0944 5276 cdfs - ok
07:33:36.0974 5276 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
07:33:36.0996 5276 cdrom - ok
07:33:37.0023 5276 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
07:33:37.0061 5276 CertPropSvc - ok
07:33:37.0071 5276 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
07:33:37.0083 5276 circlass - ok
07:33:37.0099 5276 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
07:33:37.0110 5276 CLFS - ok
07:33:37.0211 5276 CLKMSVC10_9EC60124 (4642b5a3e0d2e61d08163de95fc5b949) C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
07:33:37.0225 5276 CLKMSVC10_9EC60124 - ok
07:33:37.0282 5276 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:33:37.0293 5276 clr_optimization_v2.0.50727_32 - ok
07:33:37.0321 5276 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:33:37.0333 5276 clr_optimization_v2.0.50727_64 - ok
07:33:37.0384 5276 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:33:37.0397 5276 clr_optimization_v4.0.30319_32 - ok
07:33:37.0426 5276 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:33:37.0438 5276 clr_optimization_v4.0.30319_64 - ok
07:33:37.0517 5276 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\drivers\CmBatt.sys
07:33:37.0545 5276 CmBatt - ok
07:33:37.0573 5276 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
07:33:37.0586 5276 cmdide - ok
07:33:37.0639 5276 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
07:33:37.0670 5276 CNG - ok
07:33:37.0692 5276 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
07:33:37.0701 5276 Compbatt - ok
07:33:37.0722 5276 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
07:33:37.0763 5276 CompositeBus - ok
07:33:37.0777 5276 COMSysApp - ok
07:33:37.0806 5276 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
07:33:37.0820 5276 crcdisk - ok
07:33:37.0853 5276 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
07:33:37.0899 5276 CryptSvc - ok
07:33:37.0925 5276 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
07:33:37.0969 5276 DcomLaunch - ok
07:33:37.0986 5276 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
07:33:38.0017 5276 defragsvc - ok
07:33:38.0033 5276 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
07:33:38.0064 5276 DfsC - ok
07:33:38.0080 5276 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
07:33:38.0111 5276 Dhcp - ok
07:33:38.0126 5276 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
07:33:38.0236 5276 discache - ok
07:33:38.0292 5276 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
07:33:38.0306 5276 Disk - ok
07:33:38.0338 5276 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
07:33:38.0396 5276 Dnscache - ok
07:33:38.0422 5276 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
07:33:38.0472 5276 dot3svc - ok
07:33:38.0506 5276 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\windows\system32\DRIVERS\Dot4.sys
07:33:38.0536 5276 Dot4 - ok
07:33:38.0554 5276 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\windows\system32\DRIVERS\Dot4Prt.sys
07:33:38.0584 5276 Dot4Print - ok
07:33:38.0609 5276 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\windows\system32\DRIVERS\dot4usb.sys
07:33:38.0641 5276 dot4usb - ok
07:33:38.0661 5276 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
07:33:38.0708 5276 DPS - ok
07:33:38.0732 5276 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
07:33:38.0752 5276 drmkaud - ok
07:33:38.0773 5276 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
07:33:38.0795 5276 DXGKrnl - ok
07:33:38.0817 5276 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
07:33:38.0847 5276 EapHost - ok
07:33:38.0913 5276 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
07:33:38.0996 5276 ebdrv - ok
07:33:39.0024 5276 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
07:33:39.0055 5276 EFS - ok
07:33:39.0098 5276 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
07:33:39.0132 5276 ehRecvr - ok
07:33:39.0142 5276 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
07:33:39.0166 5276 ehSched - ok
07:33:39.0202 5276 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
07:33:39.0218 5276 elxstor - ok
07:33:39.0228 5276 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
07:33:39.0240 5276 ErrDev - ok
07:33:39.0263 5276 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
07:33:39.0305 5276 EventSystem - ok
07:33:39.0334 5276 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
07:33:39.0371 5276 exfat - ok
07:33:39.0388 5276 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
07:33:39.0417 5276 fastfat - ok
07:33:39.0443 5276 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
07:33:39.0478 5276 Fax - ok
07:33:39.0498 5276 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
07:33:39.0519 5276 fdc - ok
07:33:39.0544 5276 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
07:33:39.0594 5276 fdPHost - ok
07:33:39.0609 5276 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
07:33:39.0631 5276 FDResPub - ok
07:33:39.0654 5276 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
07:33:39.0661 5276 FileInfo - ok
07:33:39.0674 5276 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
07:33:39.0725 5276 Filetrace - ok
07:33:39.0755 5276 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
07:33:39.0772 5276 flpydisk - ok
07:33:39.0792 5276 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
07:33:39.0809 5276 FltMgr - ok
07:33:39.0837 5276 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
07:33:39.0915 5276 FontCache - ok
07:33:39.0986 5276 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:33:39.0996 5276 FontCache3.0.0.0 - ok
07:33:40.0022 5276 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
07:33:40.0034 5276 FsDepends - ok
07:33:40.0054 5276 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
07:33:40.0064 5276 Fs_Rec - ok
07:33:40.0093 5276 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
07:33:40.0142 5276 fvevol - ok
07:33:40.0171 5276 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
07:33:40.0184 5276 gagp30kx - ok
07:33:40.0209 5276 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
07:33:40.0219 5276 GEARAspiWDM - ok
07:33:40.0241 5276 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
07:33:40.0279 5276 gpsvc - ok
07:33:40.0303 5276 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
07:33:40.0322 5276 hcw85cir - ok
07:33:40.0369 5276 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
07:33:40.0385 5276 HdAudAddService - ok
07:33:40.0447 5276 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
07:33:40.0463 5276 HDAudBus - ok
07:33:40.0494 5276 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
07:33:40.0510 5276 HidBatt - ok
07:33:40.0525 5276 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
07:33:40.0541 5276 HidBth - ok
07:33:40.0572 5276 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
07:33:40.0588 5276 HidIr - ok
07:33:40.0603 5276 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
07:33:40.0634 5276 hidserv - ok
07:33:40.0650 5276 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
07:33:40.0666 5276 HidUsb - ok
07:33:40.0681 5276 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
07:33:40.0712 5276 hkmsvc - ok
07:33:40.0728 5276 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
07:33:40.0744 5276 HomeGroupListener - ok
07:33:40.0759 5276 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
07:33:40.0775 5276 HomeGroupProvider - ok
07:33:40.0900 5276 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
07:33:41.0301 5276 hpqcxs08 - ok
07:33:41.0320 5276 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
07:33:41.0331 5276 hpqddsvc - ok
07:33:41.0363 5276 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
07:33:41.0379 5276 HpSAMD - ok
07:33:41.0418 5276 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
07:33:41.0443 5276 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
07:33:41.0443 5276 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
07:33:41.0475 5276 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
07:33:41.0524 5276 HTTP - ok
07:33:41.0537 5276 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
07:33:41.0543 5276 hwpolicy - ok
07:33:41.0578 5276 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
07:33:41.0596 5276 i8042prt - ok
07:33:41.0632 5276 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
07:33:41.0654 5276 iaStorV - ok
07:33:41.0706 5276 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:33:41.0734 5276 idsvc - ok
07:33:41.0933 5276 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\windows\system32\DRIVERS\igdkmd64.sys
07:33:42.0202 5276 igfx - ok
07:33:42.0221 5276 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
07:33:42.0231 5276 iirsp - ok
07:33:42.0258 5276 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
07:33:42.0306 5276 IKEEXT - ok
07:33:42.0364 5276 IntcAzAudAddService (03076f51af9f78a272cccde03e9340ce) C:\windows\system32\drivers\RTKVHD64.sys
07:33:42.0417 5276 IntcAzAudAddService - ok
07:33:42.0441 5276 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
07:33:42.0454 5276 IntcDAud - ok
07:33:42.0474 5276 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
07:33:42.0481 5276 intelide - ok
07:33:42.0506 5276 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
07:33:42.0545 5276 intelppm - ok
07:33:42.0579 5276 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
07:33:42.0624 5276 IPBusEnum - ok
07:33:42.0651 5276 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
07:33:42.0672 5276 IpFilterDriver - ok
07:33:42.0695 5276 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
07:33:42.0727 5276 iphlpsvc - ok
07:33:42.0739 5276 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
07:33:42.0760 5276 IPMIDRV - ok
07:33:42.0780 5276 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
07:33:42.0804 5276 IPNAT - ok
07:33:42.0877 5276 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
07:33:42.0903 5276 iPod Service - ok
07:33:42.0916 5276 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
07:33:42.0927 5276 IRENUM - ok
07:33:42.0939 5276 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
07:33:42.0946 5276 isapnp - ok
07:33:42.0974 5276 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
07:33:42.0983 5276 iScsiPrt - ok
07:33:43.0014 5276 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
07:33:43.0021 5276 kbdclass - ok
07:33:43.0030 5276 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
07:33:43.0051 5276 kbdhid - ok
07:33:43.0093 5276 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
07:33:43.0103 5276 KeyIso - ok
07:33:43.0121 5276 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
07:33:43.0129 5276 KSecDD - ok
07:33:43.0140 5276 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
07:33:43.0148 5276 KSecPkg - ok
07:33:43.0160 5276 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
07:33:43.0192 5276 ksthunk - ok
07:33:43.0251 5276 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
07:33:43.0299 5276 KtmRm - ok
07:33:43.0331 5276 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
07:33:43.0363 5276 LanmanServer - ok
07:33:43.0378 5276 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
07:33:43.0409 5276 LanmanWorkstation - ok
07:33:43.0456 5276 LightScribeService (17203d81a68d9162db9022a1fc601778) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
07:33:43.0472 5276 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
07:33:43.0472 5276 LightScribeService - detected UnsignedFile.Multi.Generic (1)
07:33:43.0487 5276 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
07:33:43.0534 5276 lltdio - ok
07:33:43.0565 5276 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
07:33:43.0581 5276 lltdsvc - ok
07:33:43.0612 5276 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
07:33:43.0628 5276 lmhosts - ok
07:33:43.0659 5276 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
07:33:43.0659 5276 LMS - ok
07:33:43.0690 5276 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
07:33:43.0706 5276 LSI_FC - ok
07:33:43.0721 5276 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
07:33:43.0737 5276 LSI_SAS - ok
07:33:43.0753 5276 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
07:33:43.0753 5276 LSI_SAS2 - ok
07:33:43.0768 5276 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
07:33:43.0784 5276 LSI_SCSI - ok
07:33:43.0799 5276 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
07:33:43.0831 5276 luafv - ok
07:33:43.0877 5276 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
07:33:43.0893 5276 MBAMProtector - ok
07:33:43.0924 5276 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
07:33:43.0955 5276 MBAMService - ok
07:33:43.0955 5276 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\windows\system32\drivers\MBfilt64.sys
07:33:43.0971 5276 MBfilt - ok
07:33:44.0002 5276 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
07:33:44.0018 5276 Mcx2Svc - ok
07:33:44.0049 5276 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
07:33:44.0065 5276 megasas - ok
07:33:44.0096 5276 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
07:33:44.0111 5276 MegaSR - ok
07:33:44.0158 5276 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\drivers\HECIx64.sys
07:33:44.0174 5276 MEIx64 - ok
07:33:44.0205 5276 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
07:33:44.0236 5276 MMCSS - ok
07:33:44.0252 5276 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
07:33:44.0301 5276 Modem - ok
07:33:44.0320 5276 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
07:33:44.0334 5276 monitor - ok
07:33:44.0350 5276 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
07:33:44.0358 5276 mouclass - ok
07:33:44.0382 5276 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
07:33:44.0395 5276 mouhid - ok
07:33:44.0422 5276 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
07:33:44.0430 5276 mountmgr - ok
07:33:44.0446 5276 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
07:33:44.0455 5276 mpio - ok
07:33:44.0472 5276 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
07:33:44.0498 5276 mpsdrv - ok
07:33:44.0526 5276 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
07:33:44.0554 5276 MpsSvc - ok
07:33:44.0575 5276 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
07:33:44.0597 5276 MRxDAV - ok
07:33:44.0619 5276 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
07:33:44.0651 5276 mrxsmb - ok
07:33:44.0666 5276 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
07:33:44.0680 5276 mrxsmb10 - ok
07:33:44.0695 5276 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
07:33:44.0707 5276 mrxsmb20 - ok
07:33:44.0715 5276 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
07:33:44.0722 5276 msahci - ok
07:33:44.0745 5276 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
07:33:44.0755 5276 msdsm - ok
07:33:44.0774 5276 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
07:33:44.0795 5276 MSDTC - ok
07:33:44.0816 5276 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
07:33:44.0843 5276 Msfs - ok
07:33:44.0887 5276 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
07:33:44.0937 5276 mshidkmdf - ok
07:33:44.0953 5276 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
07:33:44.0959 5276 msisadrv - ok
07:33:44.0979 5276 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
07:33:45.0012 5276 MSiSCSI - ok
07:33:45.0017 5276 msiserver - ok
07:33:45.0035 5276 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
07:33:45.0063 5276 MSKSSRV - ok
07:33:45.0069 5276 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
07:33:45.0097 5276 MSPCLOCK - ok
07:33:45.0109 5276 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
07:33:45.0132 5276 MSPQM - ok
07:33:45.0151 5276 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
07:33:45.0161 5276 MsRPC - ok
07:33:45.0176 5276 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
07:33:45.0182 5276 mssmbios - ok
07:33:45.0197 5276 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
07:33:45.0247 5276 MSTEE - ok
07:33:45.0263 5276 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
07:33:45.0272 5276 MTConfig - ok
07:33:45.0291 5276 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
07:33:45.0298 5276 Mup - ok
07:33:45.0317 5276 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
07:33:45.0353 5276 napagent - ok
07:33:45.0380 5276 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
07:33:45.0394 5276 NativeWifiP - ok
07:33:45.0439 5276 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
07:33:45.0468 5276 NDIS - ok
07:33:45.0489 5276 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
07:33:45.0527 5276 NdisCap - ok
07:33:45.0556 5276 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
07:33:45.0594 5276 NdisTapi - ok
07:33:45.0609 5276 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
07:33:45.0632 5276 Ndisuio - ok
07:33:45.0642 5276 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
07:33:45.0668 5276 NdisWan - ok
07:33:45.0685 5276 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
07:33:45.0710 5276 NDProxy - ok
07:33:45.0756 5276 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
07:33:45.0772 5276 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
07:33:45.0772 5276 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
07:33:45.0781 5276 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
07:33:45.0839 5276 NetBIOS - ok
07:33:45.0856 5276 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
07:33:45.0880 5276 NetBT - ok
07:33:45.0911 5276 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
07:33:45.0920 5276 Netlogon - ok
07:33:45.0959 5276 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
07:33:46.0014 5276 Netman - ok
07:33:46.0030 5276 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
07:33:46.0068 5276 netprofm - ok
07:33:46.0099 5276 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\windows\system32\DRIVERS\netr7364.sys
07:33:46.0122 5276 netr7364 - ok
07:33:46.0177 5276 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:33:46.0191 5276 NetTcpPortSharing - ok
07:33:46.0248 5276 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
07:33:46.0262 5276 nfrd960 - ok
07:33:46.0285 5276 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
07:33:46.0332 5276 NlaSvc - ok
07:33:46.0441 5276 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
07:33:46.0472 5276 Npfs - ok
07:33:46.0488 5276 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
07:33:46.0535 5276 nsi - ok
07:33:46.0550 5276 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
07:33:46.0597 5276 nsiproxy - ok
07:33:46.0628 5276 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
07:33:46.0659 5276 Ntfs - ok
07:33:46.0675 5276 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
07:33:46.0691 5276 Null - ok
07:33:46.0706 5276 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\windows\system32\drivers\nusb3hub.sys
07:33:46.0722 5276 nusb3hub - ok
07:33:46.0737 5276 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\windows\system32\drivers\nusb3xhc.sys
07:33:46.0753 5276 nusb3xhc - ok
07:33:46.0784 5276 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
07:33:46.0800 5276 nvraid - ok
07:33:46.0815 5276 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
07:33:46.0831 5276 nvstor - ok
07:33:46.0862 5276 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
07:33:46.0878 5276 nv_agp - ok
07:33:46.0909 5276 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
07:33:46.0925 5276 ohci1394 - ok
07:33:46.0956 5276 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:33:46.0971 5276 ose - ok
07:33:47.0096 5276 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:33:47.0143 5276 osppsvc - ok
07:33:47.0174 5276 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
07:33:47.0190 5276 p2pimsvc - ok
07:33:47.0205 5276 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
07:33:47.0221 5276 p2psvc - ok
07:33:47.0252 5276 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
07:33:47.0276 5276 Parport - ok
07:33:47.0290 5276 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
07:33:47.0298 5276 partmgr - ok
07:33:47.0311 5276 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
07:33:47.0339 5276 PcaSvc - ok
07:33:47.0377 5276 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
07:33:47.0393 5276 pci - ok
07:33:47.0404 5276 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
07:33:47.0411 5276 pciide - ok
07:33:47.0451 5276 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
07:33:47.0462 5276 pcmcia - ok
07:33:47.0483 5276 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
07:33:47.0492 5276 pcw - ok
07:33:47.0510 5276 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
07:33:47.0555 5276 PEAUTH - ok
07:33:47.0593 5276 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
07:33:47.0626 5276 PerfHost - ok
07:33:47.0689 5276 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
07:33:47.0755 5276 pla - ok
07:33:47.0810 5276 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
07:33:47.0860 5276 PlugPlay - ok
07:33:47.0898 5276 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
07:33:47.0913 5276 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
07:33:47.0913 5276 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
07:33:47.0935 5276 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
07:33:47.0963 5276 PNRPAutoReg - ok
07:33:47.0985 5276 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
07:33:48.0001 5276 PNRPsvc - ok
07:33:48.0037 5276 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
07:33:48.0095 5276 PolicyAgent - ok
07:33:48.0120 5276 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
07:33:48.0152 5276 Power - ok
07:33:48.0202 5276 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
07:33:48.0251 5276 PptpMiniport - ok
07:33:48.0271 5276 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
07:33:48.0286 5276 Processor - ok
07:33:48.0302 5276 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
07:33:48.0364 5276 ProfSvc - ok
07:33:48.0395 5276 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
07:33:48.0411 5276 ProtectedStorage - ok
07:33:48.0427 5276 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
07:33:48.0473 5276 Psched - ok
07:33:48.0520 5276 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
07:33:48.0583 5276 ql2300 - ok
07:33:48.0598 5276 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
07:33:48.0598 5276 ql40xx - ok
07:33:48.0614 5276 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
07:33:48.0629 5276 QWAVE - ok
07:33:48.0629 5276 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
07:33:48.0645 5276 QWAVEdrv - ok
07:33:48.0661 5276 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
07:33:48.0676 5276 RasAcd - ok
07:33:48.0692 5276 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
07:33:48.0723 5276 RasAgileVpn - ok
07:33:48.0739 5276 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
07:33:48.0754 5276 RasAuto - ok
07:33:48.0770 5276 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
07:33:48.0801 5276 Rasl2tp - ok
07:33:48.0832 5276 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
07:33:48.0848 5276 RasMan - ok
07:33:48.0863 5276 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
07:33:48.0895 5276 RasPppoe - ok
07:33:48.0926 5276 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
07:33:48.0973 5276 RasSstp - ok
07:33:48.0988 5276 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
07:33:49.0004 5276 rdbss - ok
07:33:49.0019 5276 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
07:33:49.0035 5276 rdpbus - ok
07:33:49.0051 5276 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
07:33:49.0066 5276 RDPCDD - ok
07:33:49.0066 5276 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
07:33:49.0097 5276 RDPENCDD - ok
07:33:49.0113 5276 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
07:33:49.0129 5276 RDPREFMP - ok
07:33:49.0175 5276 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
07:33:49.0191 5276 RDPWD - ok
07:33:49.0222 5276 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
07:33:49.0222 5276 rdyboost - ok
07:33:49.0253 5276 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
07:33:49.0269 5276 RemoteAccess - ok
07:33:49.0285 5276 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
07:33:49.0323 5276 RemoteRegistry - ok
07:33:49.0392 5276 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
07:33:49.0405 5276 RichVideo - ok
07:33:49.0421 5276 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
07:33:49.0466 5276 RpcEptMapper - ok
07:33:49.0483 5276 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
07:33:49.0493 5276 RpcLocator - ok
07:33:49.0509 5276 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
07:33:49.0534 5276 RpcSs - ok
07:33:49.0544 5276 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
07:33:49.0567 5276 rspndr - ok
07:33:49.0607 5276 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
07:33:49.0628 5276 RTL8167 - ok
07:33:49.0675 5276 RTL8192su (a332db1dac07e95667a57aaeec236c37) C:\windows\system32\DRIVERS\RTL8192su.sys
07:33:49.0696 5276 RTL8192su - ok
07:33:49.0729 5276 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
07:33:49.0741 5276 SamSs - ok
07:33:49.0766 5276 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
07:33:49.0778 5276 sbp2port - ok
07:33:49.0839 5276 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
07:33:49.0867 5276 SBSDWSCService - ok
07:33:49.0877 5276 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
07:33:49.0900 5276 SCardSvr - ok
07:33:49.0908 5276 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
07:33:49.0934 5276 scfilter - ok
07:33:49.0952 5276 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
07:33:50.0017 5276 Schedule - ok
07:33:50.0042 5276 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
07:33:50.0062 5276 SCPolicySvc - ok
07:33:50.0076 5276 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
07:33:50.0093 5276 SDRSVC - ok
07:33:50.0114 5276 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
07:33:50.0165 5276 secdrv - ok
07:33:50.0181 5276 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
07:33:50.0203 5276 seclogon - ok
07:33:50.0250 5276 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
07:33:50.0291 5276 SENS - ok
07:33:50.0311 5276 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
07:33:50.0326 5276 SensrSvc - ok
07:33:50.0340 5276 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
07:33:50.0355 5276 Serenum - ok
07:33:50.0371 5276 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
07:33:50.0387 5276 Serial - ok
07:33:50.0418 5276 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
07:33:50.0418 5276 sermouse - ok
07:33:50.0433 5276 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
07:33:50.0465 5276 SessionEnv - ok
07:33:50.0480 5276 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
07:33:50.0527 5276 sffdisk - ok
07:33:50.0543 5276 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
07:33:50.0558 5276 sffp_mmc - ok
07:33:50.0574 5276 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
07:33:50.0589 5276 sffp_sd - ok
07:33:50.0605 5276 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
07:33:50.0621 5276 sfloppy - ok
07:33:50.0636 5276 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
07:33:50.0667 5276 SharedAccess - ok
07:33:50.0683 5276 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
07:33:50.0714 5276 ShellHWDetection - ok
07:33:50.0730 5276 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
07:33:50.0745 5276 SiSRaid2 - ok
07:33:50.0745 5276 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
07:33:50.0761 5276 SiSRaid4 - ok
07:33:50.0808 5276 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
07:33:50.0855 5276 Smb - ok
07:33:50.0870 5276 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
07:33:50.0886 5276 SNMPTRAP - ok
07:33:50.0901 5276 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
07:33:50.0901 5276 spldr - ok
07:33:50.0917 5276 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
07:33:50.0948 5276 Spooler - ok
07:33:51.0011 5276 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
07:33:51.0089 5276 sppsvc - ok
07:33:51.0120 5276 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
07:33:51.0151 5276 sppuinotify - ok
07:33:51.0182 5276 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
07:33:51.0213 5276 srv - ok
07:33:51.0229 5276 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
07:33:51.0245 5276 srv2 - ok
07:33:51.0271 5276 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
07:33:51.0281 5276 srvnet - ok
07:33:51.0310 5276 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
07:33:51.0340 5276 SSDPSRV - ok
07:33:51.0362 5276 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
07:33:51.0385 5276 SstpSvc - ok
07:33:51.0405 5276 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
07:33:51.0411 5276 stexstor - ok
07:33:51.0448 5276 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
07:33:51.0475 5276 StillCam - ok
07:33:51.0589 5276 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
07:33:51.0619 5276 stisvc - ok
07:33:51.0643 5276 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
07:33:51.0652 5276 swenum - ok
07:33:51.0771 5276 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
07:33:51.0794 5276 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
07:33:51.0794 5276 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
07:33:51.0820 5276 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
07:33:51.0865 5276 swprv - ok
07:33:51.0900 5276 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
07:33:51.0945 5276 SysMain - ok
07:33:51.0956 5276 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
07:33:51.0970 5276 TabletInputService - ok
07:33:51.0982 5276 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
07:33:52.0012 5276 TapiSrv - ok
07:33:52.0024 5276 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
07:33:52.0047 5276 TBS - ok
07:33:52.0096 5276 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
07:33:52.0137 5276 Tcpip - ok
07:33:52.0187 5276 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
07:33:52.0217 5276 TCPIP6 - ok
07:33:52.0239 5276 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
07:33:52.0271 5276 tcpipreg - ok
07:33:52.0290 5276 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
07:33:52.0299 5276 TDPIPE - ok
07:33:52.0330 5276 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
07:33:52.0338 5276 TDTCP - ok
07:33:52.0351 5276 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
07:33:52.0372 5276 tdx - ok
07:33:52.0389 5276 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
07:33:52.0396 5276 TermDD - ok
07:33:52.0432 5276 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
07:33:52.0470 5276 TermService - ok
07:33:52.0488 5276 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
07:33:52.0499 5276 Themes - ok
07:33:52.0527 5276 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
07:33:52.0565 5276 THREADORDER - ok
07:33:52.0579 5276 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
07:33:52.0607 5276 TrkWks - ok
07:33:52.0643 5276 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
07:33:52.0687 5276 TrustedInstaller - ok
07:33:52.0699 5276 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
07:33:52.0730 5276 tssecsrv - ok
07:33:52.0760 5276 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
07:33:52.0794 5276 TsUsbFlt - ok
07:33:52.0834 5276 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
07:33:52.0851 5276 TsUsbGD - ok
07:33:52.0877 5276 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
07:33:52.0928 5276 tunnel - ok
07:33:52.0949 5276 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
07:33:52.0957 5276 uagp35 - ok
07:33:52.0978 5276 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
07:33:53.0007 5276 udfs - ok
07:33:53.0022 5276 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
07:33:53.0032 5276 UI0Detect - ok
07:33:53.0059 5276 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
07:33:53.0067 5276 uliagpkx - ok
07:33:53.0083 5276 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
07:33:53.0109 5276 umbus - ok
07:33:53.0135 5276 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
07:33:53.0154 5276 UmPass - ok
07:33:53.0245 5276 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
07:33:53.0280 5276 UNS - ok
07:33:53.0296 5276 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
07:33:53.0333 5276 upnphost - ok
07:33:53.0382 5276 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
07:33:53.0424 5276 USBAAPL64 - ok
07:33:53.0449 5276 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
07:33:53.0479 5276 usbccgp - ok
07:33:53.0499 5276 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
07:33:53.0528 5276 usbcir - ok
07:33:53.0557 5276 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
07:33:53.0579 5276 usbehci - ok
07:33:53.0609 5276 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\drivers\usbhub.sys
07:33:53.0635 5276 usbhub - ok
07:33:53.0654 5276 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
07:33:53.0671 5276 usbohci - ok
07:33:53.0697 5276 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
07:33:53.0724 5276 usbprint - ok
07:33:53.0747 5276 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
07:33:53.0794 5276 usbscan - ok
07:33:53.0824 5276 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
07:33:53.0855 5276 USBSTOR - ok
07:33:53.0898 5276 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
07:33:53.0910 5276 usbuhci - ok
07:33:53.0931 5276 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
07:33:53.0975 5276 UxSms - ok
07:33:54.0011 5276 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
07:33:54.0027 5276 VaultSvc - ok
07:33:54.0050 5276 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
07:33:54.0063 5276 vdrvroot - ok
07:33:54.0082 5276 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
07:33:54.0127 5276 vds - ok
07:33:54.0159 5276 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
07:33:54.0170 5276 vga - ok
07:33:54.0182 5276 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
07:33:54.0213 5276 VgaSave - ok
07:33:54.0228 5276 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
07:33:54.0237 5276 vhdmp - ok
07:33:54.0251 5276 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
07:33:54.0258 5276 viaide - ok
07:33:54.0281 5276 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
07:33:54.0289 5276 volmgr - ok
07:33:54.0301 5276 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
07:33:54.0311 5276 volmgrx - ok
07:33:54.0316 5276 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
07:33:54.0332 5276 volsnap - ok
07:33:54.0348 5276 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
07:33:54.0348 5276 vsmraid - ok
07:33:54.0379 5276 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
07:33:54.0441 5276 VSS - ok
07:33:54.0457 5276 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
07:33:54.0472 5276 vwifibus - ok
07:33:54.0488 5276 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
07:33:54.0535 5276 vwififlt - ok
07:33:54.0550 5276 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
07:33:54.0597 5276 W32Time - ok
07:33:54.0613 5276 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
07:33:54.0628 5276 WacomPen - ok
07:33:54.0644 5276 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
07:33:54.0675 5276 WANARP - ok
07:33:54.0675 5276 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
07:33:54.0691 5276 Wanarpv6 - ok
07:33:54.0753 5276 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
07:33:54.0816 5276 WatAdminSvc - ok
07:33:54.0847 5276 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
07:33:54.0894 5276 wbengine - ok
07:33:54.0940 5276 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
07:33:54.0972 5276 WbioSrvc - ok
07:33:54.0987 5276 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
07:33:55.0018 5276 wcncsvc - ok
07:33:55.0034 5276 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
07:33:55.0050 5276 WcsPlugInService - ok
07:33:55.0081 5276 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
07:33:55.0081 5276 Wd - ok
07:33:55.0112 5276 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
07:33:55.0143 5276 Wdf01000 - ok
07:33:55.0159 5276 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
07:33:55.0206 5276 WdiServiceHost - ok
07:33:55.0206 5276 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
07:33:55.0221 5276 WdiSystemHost - ok
07:33:55.0237 5276 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
07:33:55.0271 5276 WebClient - ok
07:33:55.0309 5276 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
07:33:55.0359 5276 Wecsvc - ok
07:33:55.0385 5276 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
07:33:55.0406 5276 wercplsupport - ok
07:33:55.0428 5276 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
07:33:55.0478 5276 WerSvc - ok
07:33:55.0489 5276 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
07:33:55.0511 5276 WfpLwf - ok
07:33:55.0526 5276 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
07:33:55.0532 5276 WIMMount - ok
07:33:55.0549 5276 WinDefend - ok
07:33:55.0552 5276 WinHttpAutoProxySvc - ok
07:33:55.0594 5276 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
07:33:55.0632 5276 Winmgmt - ok
07:33:55.0665 5276 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
07:33:55.0729 5276 WinRM - ok
07:33:55.0763 5276 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
07:33:55.0773 5276 WinUsb - ok
07:33:55.0796 5276 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
07:33:55.0824 5276 Wlansvc - ok
07:33:55.0840 5276 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
07:33:55.0859 5276 WmiAcpi - ok
07:33:55.0873 5276 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
07:33:55.0894 5276 wmiApSrv - ok
07:33:55.0899 5276 WMPNetworkSvc - ok
07:33:55.0921 5276 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
07:33:55.0950 5276 WPCSvc - ok
07:33:55.0969 5276 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
07:33:56.0004 5276 WPDBusEnum - ok
07:33:56.0026 5276 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
07:33:56.0065 5276 ws2ifsl - ok
07:33:56.0076 5276 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
07:33:56.0095 5276 wscsvc - ok
07:33:56.0100 5276 WSearch - ok
07:33:56.0141 5276 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
07:33:56.0225 5276 wuauserv - ok
07:33:56.0244 5276 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
07:33:56.0271 5276 WudfPf - ok
07:33:56.0287 5276 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
07:33:56.0318 5276 WUDFRd - ok
07:33:56.0338 5276 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
07:33:56.0362 5276 wudfsvc - ok
07:33:56.0381 5276 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
07:33:56.0402 5276 WwanSvc - ok
07:33:56.0435 5276 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
07:33:56.0591 5276 \Device\Harddisk0\DR0 - ok
07:33:56.0598 5276 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
07:33:56.0805 5276 \Device\Harddisk1\DR1 - ok
07:33:56.0808 5276 Boot (0x1200) (df5d421a81e8ece5fcd212affb4e3b90) \Device\Harddisk0\DR0\Partition0
07:33:56.0809 5276 \Device\Harddisk0\DR0\Partition0 - ok
07:33:56.0814 5276 Boot (0x1200) (3b3116ec9dadd1a7ae694a556e502266) \Device\Harddisk0\DR0\Partition1
07:33:56.0816 5276 \Device\Harddisk0\DR0\Partition1 - ok
07:33:56.0820 5276 Boot (0x1200) (df484539708e66bfd6c119f83cd1a3df) \Device\Harddisk1\DR1\Partition0
07:33:56.0822 5276 \Device\Harddisk1\DR1\Partition0 - ok
07:33:56.0822 5276 ============================================================
07:33:56.0822 5276 Scan finished
07:33:56.0822 5276 ============================================================
07:33:56.0831 4224 Detected object count: 5
07:33:56.0832 4224 Actual detected object count: 5
07:34:51.0708 4224 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
07:34:51.0708 4224 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:34:51.0708 4224 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
07:34:51.0708 4224 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:34:51.0708 4224 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
07:34:51.0708 4224 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:34:51.0708 4224 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
07:34:51.0708 4224 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:34:51.0708 4224 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
07:34:51.0708 4224 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

#8 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 03 April 2012 - 07:11 AM

That looks good.

We'll try one more tool.

Please do not attach the scan results from Combofx. Use copy/paste.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")



Download ComboFix from one of these locations:

Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs

  • Double click on ComboFix.exe & follow the prompts.

    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.


Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 Loric

Loric

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 April 2012 - 07:45 AM

Greetings from my iPhone! I can't open any browsers after running combofix. Get a message for all of them saying they refer to illegal operation on a registry key markets for deletion. Combofix seemed to have run as normal and rebooted. So now what?

#10 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 03 April 2012 - 07:47 AM

Try another reboot
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#11 Loric

Loric

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 April 2012 - 07:47 AM

Markets=marked. Yay for autocorrect.

#12 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 03 April 2012 - 07:49 AM

You lost me there.

Can you get to the internet?
Can you post the scan results from combofix?
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#13 Loric

Loric

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 April 2012 - 07:52 AM

Yes, i'm back - was trying t fix a tyo in the last post but you had gotten the point. Rebooting worked.

Log:


ComboFix 12-04-02.01 - Robert 04/03/2012 8:21.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16286.12642 [GMT -4:00]
Running from: c:\users\Robert\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\1.bat
c:\windows\system32\2.bat
c:\windows\system32\s.bat
.
.
((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))
.
.
2012-04-01 16:15 . 2012-04-01 23:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-01 16:15 . 2012-04-01 16:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-01 09:39 . 2012-04-01 09:39 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-29 12:18 . 2012-03-29 12:18 -------- d-----w- c:\users\Administrator
2012-03-29 11:50 . 2012-03-29 11:50 -------- d-----w- c:\users\Robert\AppData\Roaming\AVG2012
2012-03-29 11:49 . 2012-03-29 11:49 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-03-29 11:49 . 2012-04-03 12:04 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-29 11:49 . 2012-03-29 12:23 -------- d-----w- c:\programdata\AVG2012
2012-03-29 11:49 . 2012-03-29 11:49 -------- d-----w- C:\$AVG
2012-03-29 11:48 . 2012-03-29 11:48 -------- d-----w- c:\program files (x86)\AVG
2012-03-29 11:45 . 2012-03-29 11:45 -------- d--h--w- c:\programdata\Common Files
2012-03-29 11:44 . 2012-04-03 12:04 -------- d-----w- c:\programdata\MFAData
2012-03-29 01:00 . 2012-03-29 01:00 -------- d-----w- c:\users\Robert\AppData\Local\twitter
2012-03-29 00:59 . 2012-03-29 00:59 612888 ----a-r- c:\users\Robert\AppData\Roaming\Microsoft\Installer\{2DCD0543-22F6-4E54-80D3-B4EFB9AC4943}\TweetDeck.exe
2012-03-29 00:59 . 2012-03-29 00:59 -------- d-----w- c:\program files (x86)\Twitter
2012-03-27 01:30 . 2012-03-27 01:30 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-27 01:30 . 2012-03-27 01:30 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-27 01:27 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-27 01:27 . 2012-03-29 12:43 -------- d-----w- c:\programdata\AVAST Software
2012-03-27 01:27 . 2012-03-27 01:27 -------- d-----w- c:\program files\AVAST Software
2012-03-27 01:01 . 2012-03-27 01:01 -------- d-----w- c:\users\Robert\AppData\Roaming\Malwarebytes
2012-03-27 01:01 . 2012-03-27 01:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-27 01:01 . 2012-03-27 01:01 -------- d-----w- c:\programdata\Malwarebytes
2012-03-27 01:01 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 22:58 . 2012-03-22 22:58 -------- d-----w- c:\users\Robert\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-03-22 22:58 . 2012-03-22 22:58 -------- d-----w- c:\users\Robert\AppData\Roaming\Adobe Mini Bridge CS5.1
2012-03-15 07:02 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 07:02 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 07:02 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 12:40 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 12:40 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 12:40 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 12:39 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 12:39 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 12:39 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 12:39 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 12:39 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 12:39 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 12:39 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 13:29 . 2012-03-13 14:46 -------- d-----w- C:\Images
2012-03-13 13:28 . 2012-03-13 13:28 -------- d-----w- c:\program files (x86)\ScreenGrab
2012-03-11 23:29 . 2011-09-16 15:24 778088 ------w- c:\windows\system32\HPDiscoPMa111.dll
2012-03-11 23:28 . 2012-03-11 23:28 -------- d-----w- c:\program files\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 09:39 . 2011-11-23 00:54 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-22 09:25 . 2012-02-22 09:25 382032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-02-22 09:25 . 2012-02-22 09:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-01-31 08:46 . 2012-01-31 08:46 36944 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
2012-02-20 09:04 898912 ----a-w- c:\program files (x86)\AVG\AVG2012\avgdtiex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-04-22 2363392]
"Akamai NetSession Interface"="c:\users\Robert\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-28 75048]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
.
c:\users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
hueyTray.lnk - c:\program files (x86)\Pantone\huey\hueyTray.exe [2011-11-24 901120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/09/29 13:35;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-18 240112]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidseha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-02-14 2316624]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-04-22 20:09 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 09:39]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3830033066-2622805820-2840220525-1000Core.job
- c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 18:07]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3830033066-2622805820-2840220525-1000UA.job
- c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 18:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
2012-02-20 09:04 1321824 ----a-w- c:\program files (x86)\AVG\AVG2012\avgdtiea.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-04 6602856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 68.238.112.12
FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\63aqw56l.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-04-03 08:33:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-03 12:33
.
Pre-Run: 1,847,323,148,288 bytes free
Post-Run: 1,852,414,738,432 bytes free
.
- - End Of File - - 1D18262B2B27B09826485679638E176C

#14 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 03 April 2012 - 07:55 AM

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

Are you using a Proxy?
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#15 Loric

Loric

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 April 2012 - 08:02 AM

I don't recognize that at all. I have a fairly basic into the wall FiOS connection.

#16 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 03 April 2012 - 08:03 AM

First:
Internet Explorer (Windows)
1. Click "Tools", then click "Internet Options". This will bring up the Internet Options window.

2. Click the "Connections" tab, then click the "LAN Settings" button.

3. Uncheck the box labeled "Use a proxy server for your LAN". Click "OK", and click "OK" in the previous window. This will remove the proxy server settings in Internet Explorer.



Next:

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

DDS::
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...


Posted Image

Drag CFScript.txt into ComboFix.exe


Then post the results log using Copy / Paste


Also please describe how your computer behaves at the moment.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#17 Loric

Loric

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 April 2012 - 08:09 AM

When I went into IE in step 3 there was no box checked for "Use proxy server"

Do you still want me to follow the steps after that?

#18 Loric

Loric

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 April 2012 - 08:18 AM

And a quick look through my browsers - Firefox is the only one that lists/sees the proxy. In the Connection Settings it's set to "use system proxy settings" and then greyed out below is "no proxy for: localhost, 127.0.0.1"

#19 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 03 April 2012 - 08:37 AM

Yes, run the combofix script
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#20 Loric

Loric

    New Member

  • Members
  • Pip
  • 16 posts

Posted 03 April 2012 - 09:05 AM

ComboFix 12-04-02.01 - Robert 04/03/2012 9:47.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16286.13986 [GMT -4:00]
Running from: c:\users\Robert\Desktop\ComboFix.exe
Command switches used :: c:\users\Robert\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))
.
.
2012-04-03 13:51 . 2012-04-03 13:51 -------- d-----w- c:\users\Mcx1-ROBERT-PC\AppData\Local\temp
2012-04-03 13:51 . 2012-04-03 13:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-01 16:15 . 2012-04-01 23:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-01 16:15 . 2012-04-01 16:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-01 09:39 . 2012-04-01 09:39 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-29 12:18 . 2012-03-29 12:18 -------- d-----w- c:\users\Administrator
2012-03-29 11:50 . 2012-03-29 11:50 -------- d-----w- c:\users\Robert\AppData\Roaming\AVG2012
2012-03-29 11:49 . 2012-03-29 11:49 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-03-29 11:49 . 2012-04-03 12:04 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-29 11:49 . 2012-03-29 12:23 -------- d-----w- c:\programdata\AVG2012
2012-03-29 11:49 . 2012-03-29 11:49 -------- d-----w- C:\$AVG
2012-03-29 11:48 . 2012-03-29 11:48 -------- d-----w- c:\program files (x86)\AVG
2012-03-29 11:45 . 2012-03-29 11:45 -------- d--h--w- c:\programdata\Common Files
2012-03-29 11:44 . 2012-04-03 12:04 -------- d-----w- c:\programdata\MFAData
2012-03-29 01:00 . 2012-03-29 01:00 -------- d-----w- c:\users\Robert\AppData\Local\twitter
2012-03-29 00:59 . 2012-03-29 00:59 612888 ----a-r- c:\users\Robert\AppData\Roaming\Microsoft\Installer\{2DCD0543-22F6-4E54-80D3-B4EFB9AC4943}\TweetDeck.exe
2012-03-29 00:59 . 2012-03-29 00:59 -------- d-----w- c:\program files (x86)\Twitter
2012-03-27 01:30 . 2012-03-27 01:30 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-27 01:30 . 2012-03-27 01:30 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-27 01:27 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-27 01:27 . 2012-03-29 12:43 -------- d-----w- c:\programdata\AVAST Software
2012-03-27 01:27 . 2012-03-27 01:27 -------- d-----w- c:\program files\AVAST Software
2012-03-27 01:01 . 2012-03-27 01:01 -------- d-----w- c:\users\Robert\AppData\Roaming\Malwarebytes
2012-03-27 01:01 . 2012-03-27 01:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-27 01:01 . 2012-03-27 01:01 -------- d-----w- c:\programdata\Malwarebytes
2012-03-27 01:01 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 22:58 . 2012-03-22 22:58 -------- d-----w- c:\users\Robert\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-03-22 22:58 . 2012-03-22 22:58 -------- d-----w- c:\users\Robert\AppData\Roaming\Adobe Mini Bridge CS5.1
2012-03-15 07:02 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 07:02 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 07:02 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 12:40 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 12:40 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 12:40 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 12:39 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 12:39 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 12:39 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 12:39 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 12:39 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 12:39 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 12:39 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 13:29 . 2012-03-13 14:46 -------- d-----w- C:\Images
2012-03-13 13:28 . 2012-03-13 13:28 -------- d-----w- c:\program files (x86)\ScreenGrab
2012-03-11 23:29 . 2011-09-16 15:24 778088 ------w- c:\windows\system32\HPDiscoPMa111.dll
2012-03-11 23:28 . 2012-03-11 23:28 -------- d-----w- c:\program files\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 09:39 . 2011-11-23 00:54 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-22 09:25 . 2012-02-22 09:25 382032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-02-22 09:25 . 2012-02-22 09:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-01-31 08:46 . 2012-01-31 08:46 36944 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-03_12.30.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-04-03 12:50 39500 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-03 12:50 42924 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-24 01:51 . 2012-04-03 12:50 6904 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3830033066-2622805820-2840220525-1000_UserData.bin
- 2012-04-03 12:29 . 2012-04-03 12:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-03 13:52 . 2012-04-03 13:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-03 12:29 . 2012-04-03 12:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-03 13:52 . 2012-04-03 13:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-04-03 12:28 479984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-03 13:51 479984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-11-24 01:47 . 2012-04-03 12:28 42001740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3830033066-2622805820-2840220525-1000-8192.dat
+ 2011-11-24 01:47 . 2012-04-03 13:51 42001740 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3830033066-2622805820-2840220525-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
2012-02-20 09:04 898912 ----a-w- c:\program files (x86)\AVG\AVG2012\avgdtiex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-04-22 2363392]
"Akamai NetSession Interface"="c:\users\Robert\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-28 75048]
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
.
c:\users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
hueyTray.lnk - c:\program files (x86)\Pantone\huey\hueyTray.exe [2011-11-24 901120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/09/29 13:35;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-18 240112]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidseha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-02-14 2316624]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-04-22 20:09 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 09:39]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3830033066-2622805820-2840220525-1000Core.job
- c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 18:07]
.
2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3830033066-2622805820-2840220525-1000UA.job
- c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 18:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
2012-02-20 09:04 1321824 ----a-w- c:\program files (x86)\AVG\AVG2012\avgdtiea.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-04 6602856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 68.238.112.12
FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\63aqw56l.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-04-03 09:55:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-03 13:55
ComboFix2.txt 2012-04-03 12:33
.
Pre-Run: 1,852,266,856,448 bytes free
Post-Run: 1,852,191,006,720 bytes free
.
- - End Of File - - A88BBD2C8ADD5A210C13E4F64D2A3E9B

Had to re-reboot again, but otherwise nothing exciting happened. Checked a few major programs, they all seemed to work. Turned the firewall and antivirus back on again. Poking around message boards, not getting any redirects currently - but that didnt work on demand before either. Does the log look ok?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users