Seeking Help with Redirect Demon

Loric · March 31, 2012

Problem in brief:

Getting redirected to some unknown search engine deal and random websites when using searches in forums or anything that seems to call a search system up to pull results on a website, like telling a blog to pull up previous posts on 'xzy' topic. It doesn't consistently happen, just at random, and seems to send me to all kinds of addresses. Seems to only happen in Firefox. Directly using search engines like google, bing, etc.. doesn't seem to have the same problem.

Malwarebytes, Avast, and AVG all fully updated all concur there's nothing wrong but it still happens sporadically. Advice? Here's the DDS logs:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Robert at 21:13:18 on 2012-03-30

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16286.12047 [GMT -4:00]

.

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgfws.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\taskhost.exe

C:\windows\system32\svchost.exe -k HPService

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Pantone\huey\hueyTray.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Users\Robert\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Robert\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Pantone\huey\hueyTray.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe

C:\windows\notepad.exe

C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\windows\system32\igfxsrvc.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [Google Update] "C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Akamai NetSession Interface] "C:\Users\Robert\AppData\Local\Akamai\netsession_win.exe"

uRun: [AdobeBridge]

uRun: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BD2CPKG05NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1

uRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_Plugin.exe -update plugin

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"

mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"

mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

StartupFolder: C:\Users\Robert\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\hueyTray.lnk - C:\Program Files (x86)\Pantone\huey\hueyTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1 68.238.112.12

TCP: Interfaces\{25F0BC19-AD5C-4C24-BBB8-76794ACE1928} : DhcpNameServer = 192.168.1.1 68.238.112.12

TCP: Interfaces\{29F8D3DC-D8DC-46A6-9029-D9FA5D0D3E9D} : DhcpNameServer = 192.168.1.1 68.238.112.12

TCP: Interfaces\{7A2B8F7F-B0C5-44C5-AB0B-F5549884ECDA} : DhcpNameServer = 192.168.1.1 68.238.112.12

TCP: Interfaces\{C6B586D7-4310-44C1-A191-468ADF51E69E} : DhcpNameServer = 192.168.1.1 68.238.112.12

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Do-Not-Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO-X64: AVG Do-Not-Track - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"

mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun-x64: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"

mRun-x64: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\1.0"

mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm

Hosts: 149.5.18.172 www.google-analytics.com.

Hosts: 149.5.18.172 ad-emea.doubleclick.net.

Hosts: 149.5.18.172 www.statcounter.com.

Hosts: 108.163.215.51 www.google-analytics.com.

Hosts: 108.163.215.51 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\63aqw56l.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Users\Robert\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Users\Robert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\avgidseha.sys --> C:\windows\system32\DRIVERS\avgidseha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgfwfd;AVG network filter service;C:\windows\system32\DRIVERS\avgfwd6a.sys --> C:\windows\system32\DRIVERS\avgfwd6a.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-2-14 2316624]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-26 652360]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-26 2656280]

R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 MBfilt;MBfilt;C:\windows\system32\drivers\MBfilt64.sys --> C:\windows\system32\drivers\MBfilt64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\drivers\HECIx64.sys --> C:\windows\system32\drivers\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\drivers\nusb3hub.sys --> C:\windows\system32\drivers\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\drivers\nusb3xhc.sys --> C:\windows\system32\drivers\nusb3xhc.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-2-14 5104992]

S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/09/29 13:35:44;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-18 240112]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\windows\system32\DRIVERS\netr7364.sys --> C:\windows\system32\DRIVERS\netr7364.sys [?]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\windows\system32\DRIVERS\RTL8192su.sys --> C:\windows\system32\DRIVERS\RTL8192su.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-03-29 11:50:18 -------- d-----w- C:\Users\Robert\AppData\Roaming\AVG2012

2012-03-29 11:49:59 -------- d-----w- C:\windows\SysWow64\drivers\AVG

2012-03-29 11:49:33 -------- d--h--w- C:\$AVG

2012-03-29 11:49:33 -------- d-----w- C:\windows\System32\drivers\AVG

2012-03-29 11:49:33 -------- d-----w- C:\ProgramData\AVG2012

2012-03-29 11:48:25 -------- d-----w- C:\Program Files (x86)\AVG

2012-03-29 11:45:03 -------- d--h--w- C:\ProgramData\Common Files

2012-03-29 11:44:52 -------- d-----w- C:\ProgramData\MFAData

2012-03-29 01:00:02 -------- d-----w- C:\Users\Robert\AppData\Local\twitter

2012-03-29 00:59:41 612888 ----a-r- C:\Users\Robert\AppData\Roaming\Microsoft\Installer\{2DCD0543-22F6-4E54-80D3-B4EFB9AC4943}\TweetDeck.exe

2012-03-29 00:59:39 -------- d-----w- C:\Program Files (x86)\Twitter

2012-03-27 01:30:19 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-27 01:30:19 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-03-27 01:27:10 -------- d-----w- C:\ProgramData\AVAST Software

2012-03-27 01:27:10 -------- d-----w- C:\Program Files\AVAST Software

2012-03-27 01:01:42 -------- d-----w- C:\Users\Robert\AppData\Roaming\Malwarebytes

2012-03-27 01:01:36 23152 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-03-27 01:01:36 -------- d-----w- C:\ProgramData\Malwarebytes

2012-03-27 01:01:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-22 22:58:05 -------- d-----w- C:\Users\Robert\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2012-03-22 22:58:05 -------- d-----w- C:\Users\Robert\AppData\Roaming\Adobe Mini Bridge CS5.1

2012-03-15 07:02:04 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-03-15 07:02:03 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-03-15 07:02:03 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-03-14 12:40:27 3145728 ----a-w- C:\windows\System32\win32k.sys

2012-03-14 12:40:27 1544192 ----a-w- C:\windows\System32\DWrite.dll

2012-03-14 12:40:27 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll

2012-03-14 12:39:58 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe

2012-03-14 12:39:58 77312 ----a-w- C:\windows\System32\rdpwsx.dll

2012-03-14 12:39:58 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll

2012-03-14 12:39:53 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll

2012-03-14 12:39:53 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys

2012-03-14 12:39:53 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-03-14 12:39:53 1031680 ----a-w- C:\windows\System32\rdpcore.dll

2012-03-13 13:29:07 -------- d-----w- C:\Images

2012-03-13 13:28:28 -------- d-----w- C:\Program Files (x86)\ScreenGrab

2012-03-11 23:29:16 778088 ------w- C:\windows\System32\HPDiscoPMa111.dll

2012-03-11 23:28:07 -------- d-----w- C:\Program Files\HP

.

==================== Find3M ====================

.

2012-03-15 12:37:18 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-22 09:25:50 382032 ----a-w- C:\windows\System32\drivers\avgtdia.sys

2012-02-22 09:25:32 289872 ----a-w- C:\windows\System32\drivers\avgldx64.sys

2012-01-31 08:46:48 36944 ----a-w- C:\windows\System32\drivers\avgrkx64.sys

2012-01-04 10:44:20 509952 ----a-w- C:\windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll

.

============= FINISH: 21:13:32.13 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 11/22/2011 6:41:47 PM

System Uptime: 3/29/2012 8:46:55 AM (37 hours ago)

.

Motherboard: MSI | | H67MA-E45 (MS-7678)

Processor: Intel® Core i7-2600 CPU @ 3.40GHz | SOCKET 0 | 3401/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 1863 GiB total, 1716.978 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart 5510 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart 5510 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP33: 3/23/2012 12:00:02 AM - Scheduled Checkpoint

RP34: 3/26/2012 9:26:58 PM - avast! Free Antivirus Setup

RP35: 3/28/2012 8:33:32 PM - Windows Update

RP36: 3/28/2012 8:59:08 PM - Installed TweetDeck

RP37: 3/29/2012 7:48:08 AM - Installed AVG 2012

RP38: 3/29/2012 7:48:36 AM - Installed AVG 2012

RP39: 3/29/2012 8:40:41 AM - avast! Free Antivirus Setup

.

==== Hosts File Hijack ======================

.

Hosts: 149.5.18.172 www.google-analytics.com.

Hosts: 149.5.18.172 ad-emea.doubleclick.net.

Hosts: 149.5.18.172 www.statcounter.com.

Hosts: 108.163.215.51 www.google-analytics.com.

Hosts: 108.163.215.51 ad-emea.doubleclick.net.

Hosts: 108.163.215.51 www.statcounter.com.

.

==== Installed Programs ======================

.

Acrobat.com

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe AIR

Adobe Community Help

Adobe Content Viewer

Adobe Creative Suite 5.5 Design Standard

Adobe Download Assistant

Adobe Photoshop CS5.1

Adobe Reader 9.5.0

Akamai NetSession Interface

Amazon Add to Wish List IE Extension 1.2

Amazon Kindle

Apple Application Support

Apple Software Update

Belkin Connect Wireless USB Adapter

BufferChm

C309a

Coupon Printer for Windows

CyberLink Blu-ray Disc Suite

CyberLink LabelPrint

CyberLink LG Burning Tool

CyberLink MediaShow

CyberLink PowerBackup

CyberLink PowerDVD 9

CyberLink PowerProducer

CyberLink YouCam

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

DocProc

Fax

Google Chrome

GPBaseService2

HP Photosmart 5510 series Help

HP Update

HPDiagnosticAlert

HPPhotoGadget

HPPhotoSmartDiscLabel_PaperLabel

HPPhotoSmartDiscLabel_PrintOnDisc

HPPhotoSmartDiscLabelContent1

hpphotosmartdisclabelplugin

HPPhotosmartEssential

HPProductAssistant

HPSSupply

huey 1.0.5

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Internet TV for Windows Media Center

iSEEK AnswerWorks English Runtime

Java Auto Updater

Java 6 Update 29

LightScribe System Software

Malwarebytes Anti-Malware version 1.60.1.1000

MarketResearch

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox 11.0 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

PDF Settings CS5

PS_AIO_05_C309_Software_Min

Quicken 2011

QuickTime

QuickTransfer

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Renesas Electronics USB 3.0 Host Controller Driver

Scan

ScreenGrab 1.1

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

SmartWebPrinting

SolutionCenter

Status

Toolbox

TrayApp

TweetDeck

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

Visual Studio 2008 x64 Redistributables

WebReg

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

3/29/2012 8:53:53 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

3/28/2012 8:50:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.

.

==== End Of File ===========================

So.. I figured since I'm in queue I'd post a more concise and detailed report of what's going on, since it just happened again.

Browsing in FireFox, reading 'bout my Disney World (shut up, don't judge me) and I'm on the DisBoards main page. A big, popular, well run website: http://www.disboards.com/

All cool, I go to click on one of the forum - I forget which, and I'm magically whisked away to this, per my Firefox history:

http://www.google-analytics.com/gc.js?1&ou=http%3A%2F%2Fwww.disboards.com%2Fforumdisplay.php%3Ff%3D2&p=0.5645434599446866

Which redirects to this whole list:

http://video-business.net/aff?aff=http%3A%2F%2Fppc11.front.bestppcever.net%2Fclick.php%3Fkey%3D187abb8561a9bec12754782eea27be1c52739e8e5c2&i=DczBDcMgDAXQs7dggSJDvx0yjiGQJlWE5ObS7ds3wEvLM6rEDERlygLiyEAmpoWUwEMaowlWKdUYyqbgkkZeDVpoB_ncu4eze7--YbhdfQtutR53eM-Xf8I22z39Pz7SDw~~&ou=aHR0cDovL3d3dy5kaXNib2FyZHMuY29tL2ZvcnVtZGlzcGxheS5waHA/Zj0y

http://ppc11.front.bestppcever.net/click.php?key=187abb8561a9bec12754782eea27be1c52739e8e5c2

http://www1.pharmacy-resources.net/click_url.php?redirUrl=http%3A%2F%2F88.214.201.204%2Fclick%2F%3Fsid%3Da427a116ffc5b65f5570096a050ee1e4%26cid%3Da91dcf0d11a6e68a4658b5cd1d1956f0%26did%3Ddaoxml6&q=roger+jeremy+framed+rabbit+kohrs+doctor&clickId=ab7553f67bcd11b880df059b01f9099a

http://www1.pharmacy-resources.net/?q=roger%20jeremy%20framed%20rabbit%20kohrs%20doctor

http://www1.pharmacy-resources.net/check.php

http://88.214.201.204/click/?sid=a427a116ffc5b65f5570096a050ee1e4&cid=a91dcf0d11a6e68a4658b5cd1d1956f0&did=daoxml6

http://dc2w.3vg58t1.com/ct?version=1.0.0&enURL=HNHu+81MXlGsUGrFcP+uqnzX5fqQqsmu+D8uGA9u4NjBBiYzbuhEKEbV9W5d1Pr5bDUPl1lRI/8U4UQU55U2P9PZdB6ksqFOMFL500lhUNPAqfgjH26GPMRLa/4Vp6Dn&queryid=262005967646&rtpid=&adid=148601&invid=65038155&ampsc=87&ampsctid=1&upid=&orgkw=roger%20jeremy%20framed%20rabbit%20kohrs%20doctor&kwid=87867274&crid=1395360&fs=w-xml-36&pb=960.0&advn=mdlinx.com%2Furology%2F&iic=40477677;65038152;65038153;65038154;65038155&cp=0.1320,51412,381578,0,pub_daoclick-8262,roger%20jeremy%20framed%20rabbit%20kohrs%20doctor,backfill_conducive/l=COND

http://dc2w.3vg58t1.com/ct?ctcookie_value=1333255566246.17566EAB95768CF91A2E124D1BA17E09&version=1.0.0&enURL=HNHu+81MXlGsUGrFcP+uqnzX5fqQqsmu+D8uGA9u4NjBBiYzbuhEKEbV9W5d1Pr5bDUPl1lRI/8U4UQU55U2P9PZdB6ksqFOMFL500lhUNPAqfgjH26GPMRLa/4Vp6Dn&queryid=262005967646&rtpid=&adid=148601&invid=65038155&ampsc=87&ampsctid=1&upid=&orgkw=roger%20jeremy%20framed%20rabbit%20kohrs%20doctor&kwid=87867274&crid=1395360&fs=w-xml-36&pb=960.0&advn=mdlinx.com%2Furology%2F&iic=40477677;65038152;65038153;65038154;65038155&cp=0.1320,51412,381578,0,pub_daoclick-8262,roger%20jeremy%20framed%20rabbit%20kohrs%20doctor,backfill_conducive/l=COND

http://1.65038155.ampnetwork.net/?sid=M1B9Tn1eQy17Dz0FHQkkIUlFQ2tkAXsOZFoHNnwHeAYeWn9hBUZTamcJew9pXQM2fwB6GgVfZX4BQ11sZ09%2B

http://dc2w.3vg58t1.com/bounce?click_id=2013247772&m_width=1440&m_height=900&b_width=1440&b_height=796&b_top=-8&b_left=-8&in_iframe=0

http://www.mdlinx.com/urology/index2.cfm?kw=find+a+doctor

Which finally ends on this page:

http://www.mdlinx.com/urology/articles.cfm/news/find%20a%20doctor

So... that's what I'm up again. Hope that helps.

Loric · April 2, 2012

I get the impression looking at the topics getting responded to at the top of the forum - all posted well after mine was created... and not following the instructions in the sticky that I followed... that i somehow got off on the wrong foot or something with the experts here and i'm getting some sort of kiss-off "take your issue and shove it" non-response

I don't really understand what provoked that.. but umm.. thanks..

Cherry picking favorites when it comes to helping people really isn't ethical or fair guys.

LDTate · April 2, 2012

We look for post with 0 replies, so when you replied to your own topic, we assumed you were being helped.

If you still need help

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

We look for post with 0 replies, so when you replied to your own topic, we assumed you were being helped.

If you still need help:

Loric · April 3, 2012

Log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.03.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Robert :: ROBERT-PC [administrator]

Protection: Enabled

4/3/2012 3:14:01 AM

mbam-log-2012-04-03 (03-14-01).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 273300

Time elapsed: 4 minute(s), 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

---

And general computer: The whole redirect thing seems to be behaving since I took my own initiative and did a full reboot of my router since none of the software could find anything and then gave it a strong password followed by a DNS flush on my end for good measure. I can't seem to provoke a redirect at any of the usual websites anymore. Any ideas on how to go about checking or is it a "wait and see"?

At the same time, from the other logs from Malware bytes:

2012/04/01 11:52:41 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 62087, Process: chrome.exe)

2012/04/01 11:52:41 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 62088, Process: chrome.exe)

2012/04/01 11:52:41 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 62089, Process: chrome.exe)

2012/04/01 11:52:41 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 62090, Process: chrome.exe)

2012/04/01 11:52:41 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 62091, Process: chrome.exe)

2012/04/01 11:52:41 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 62092, Process: chrome.exe)

2012/04/01 11:52:41 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 62093, Process: chrome.exe)

2012/04/01 19:58:13 -0400 ROBERT-PC Robert MESSAGE Starting protection

2012/04/01 19:58:14 -0400 ROBERT-PC Robert MESSAGE Protection started successfully

2012/04/01 19:58:17 -0400 ROBERT-PC Robert MESSAGE Starting IP protection

2012/04/01 19:58:17 -0400 ROBERT-PC Robert MESSAGE IP Protection started successfully

2012/04/01 23:00:35 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 52002, Process: firefox.exe)

2012/04/01 23:00:35 -0400 ROBERT-PC Robert IP-BLOCK 74.118.192.152 (Type: outgoing, Port: 52004, Process: firefox.exe)

One little blip yesterday:

2012/04/02 11:57:16 -0400 ROBERT-PC Robert IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 54513, Process: firefox.exe)

And so far nothing else.

Loric · April 3, 2012

Well, that took all of 3 minutes to confirm i'm not at all out of the woods!

Was on this forum page: http://forums.wdwmagic.com/showthread.php?t=833814

Clicked something, ended up here: http://activitycatalogue.com/aff?aff=http%3A%2F%2Fclick.FindSearchEngineResults.com%2Fads-clicktrack%2Fclick%2Fjump1.do%3Fsid%3DidLIq1nWKEkC9cMMchFB5d%252BBMUwF3cEKAq%252F8GfTpLPQ%253D%26affiliate%3D46831%26subid%3D7_g4%26rc%3D0%26terms%3Dpublic+join+date+profile+disney+world&i=DcxLDoQgEAXAdd-iLyBp9NHicZDPhAkR44wx3l53tSo7T0adGQGjQkpiBJ6E5teQ4qIgOizOr0GgEhTibRmXAPX0Ae3n2mrkb68bp_DPvB-91JY51d-Wb7760dL7DfYB&ou=aHR0cDovL2ZvcnVtcy53ZHdtYWdpYy5jb20vZm9ydW1kaXNwbGF5LnBocD9mPTQ=

Argh......

LDTate · April 3, 2012

Next:

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Loric · April 3, 2012

It only found 5 suspicious objects, skipped them all, and then didn't try to cure anything and didn't ask for a reboot. Here's the log:

07:33:21.0630 5804 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48

07:33:22.0633 5804 ============================================================

07:33:22.0633 5804 Current date / time: 2012/04/03 07:33:22.0633

07:33:22.0633 5804 SystemInfo:

07:33:22.0633 5804

07:33:22.0633 5804 OS Version: 6.1.7601 ServicePack: 1.0

07:33:22.0633 5804 Product type: Workstation

07:33:22.0633 5804 ComputerName: ROBERT-PC

07:33:22.0633 5804 UserName: Robert

07:33:22.0633 5804 Windows directory: C:\windows

07:33:22.0633 5804 System windows directory: C:\windows

07:33:22.0633 5804 Running under WOW64

07:33:22.0633 5804 Processor architecture: Intel x64

07:33:22.0633 5804 Number of processors: 8

07:33:22.0633 5804 Page size: 0x1000

07:33:22.0633 5804 Boot type: Normal boot

07:33:22.0633 5804 ============================================================

07:33:23.0410 5804 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

07:33:23.0425 5804 Drive \Device\Harddisk1\DR1 - Size: 0x79280000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

07:33:23.0436 5804 \Device\Harddisk0\DR0:

07:33:23.0437 5804 MBR used

07:33:23.0437 5804 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

07:33:23.0437 5804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DD58B0

07:33:23.0437 5804 \Device\Harddisk1\DR1:

07:33:23.0438 5804 MBR used

07:33:23.0438 5804 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0xE2, BlocksNum 0x3C931E

07:33:23.0490 5804 Initialize success

07:33:23.0490 5804 ============================================================

07:33:32.0233 5276 ============================================================

07:33:32.0233 5276 Scan started

07:33:32.0233 5276 Mode: Manual; SigCheck; TDLFS;

07:33:32.0233 5276 ============================================================

07:33:33.0438 5276 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\DRIVERS\1394ohci.sys

07:33:33.0532 5276 1394ohci - ok

07:33:33.0563 5276 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

07:33:33.0579 5276 ACPI - ok

07:33:33.0610 5276 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

07:33:33.0672 5276 AcpiPmi - ok

07:33:33.0750 5276 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

07:33:33.0766 5276 AdobeFlashPlayerUpdateSvc - ok

07:33:33.0781 5276 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys

07:33:33.0813 5276 adp94xx - ok

07:33:33.0828 5276 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys

07:33:33.0844 5276 adpahci - ok

07:33:33.0859 5276 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys

07:33:33.0875 5276 adpu320 - ok

07:33:33.0906 5276 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

07:33:33.0984 5276 AeLookupSvc - ok

07:33:34.0031 5276 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

07:33:34.0062 5276 AFD - ok

07:33:34.0093 5276 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

07:33:34.0109 5276 agp440 - ok

07:33:34.0125 5276 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

07:33:34.0171 5276 ALG - ok

07:33:34.0187 5276 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

07:33:34.0203 5276 aliide - ok

07:33:34.0218 5276 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

07:33:34.0234 5276 amdide - ok

07:33:34.0249 5276 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys

07:33:34.0279 5276 AmdK8 - ok

07:33:34.0300 5276 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys

07:33:34.0318 5276 AmdPPM - ok

07:33:34.0349 5276 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

07:33:34.0364 5276 amdsata - ok

07:33:34.0392 5276 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys

07:33:34.0409 5276 amdsbs - ok

07:33:34.0421 5276 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

07:33:34.0433 5276 amdxata - ok

07:33:34.0465 5276 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

07:33:34.0512 5276 AppID - ok

07:33:34.0536 5276 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

07:33:34.0564 5276 AppIDSvc - ok

07:33:34.0582 5276 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

07:33:34.0615 5276 Appinfo - ok

07:33:34.0676 5276 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

07:33:34.0686 5276 Apple Mobile Device - ok

07:33:34.0695 5276 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys

07:33:34.0707 5276 arc - ok

07:33:34.0745 5276 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys

07:33:34.0761 5276 arcsas - ok

07:33:34.0780 5276 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

07:33:34.0833 5276 AsyncMac - ok

07:33:34.0859 5276 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

07:33:34.0869 5276 atapi - ok

07:33:34.0891 5276 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

07:33:34.0956 5276 AudioEndpointBuilder - ok

07:33:34.0962 5276 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

07:33:34.0987 5276 AudioSrv - ok

07:33:35.0047 5276 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\windows\system32\DRIVERS\avgfwd6a.sys

07:33:35.0058 5276 Avgfwfd - ok

07:33:35.0136 5276 avgfws (c0b5a964c1c329ed19e5a4b6e49ea1fe) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe

07:33:35.0184 5276 avgfws - ok

07:33:35.0271 5276 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

07:33:35.0321 5276 AVGIDSAgent - ok

07:33:35.0337 5276 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys

07:33:35.0352 5276 AVGIDSDriver - ok

07:33:35.0368 5276 AVGIDSEH (9650578c511527e218328df6d311b4fa) C:\windows\system32\DRIVERS\avgidseha.sys

07:33:35.0368 5276 AVGIDSEH - ok

07:33:35.0383 5276 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys

07:33:35.0399 5276 AVGIDSFilter - ok

07:33:35.0430 5276 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys

07:33:35.0446 5276 Avgldx64 - ok

07:33:35.0477 5276 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys

07:33:35.0493 5276 Avgmfx64 - ok

07:33:35.0555 5276 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys

07:33:35.0571 5276 Avgrkx64 - ok

07:33:35.0586 5276 Avgtdia (e601444168adfb78afa22a1e270d9253) C:\windows\system32\DRIVERS\avgtdia.sys

07:33:35.0602 5276 Avgtdia - ok

07:33:35.0633 5276 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

07:33:35.0633 5276 avgwd - ok

07:33:35.0664 5276 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll

07:33:35.0727 5276 AxInstSV - ok

07:33:35.0773 5276 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys

07:33:35.0851 5276 b06bdrv - ok

07:33:35.0945 5276 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

07:33:35.0987 5276 b57nd60a - ok

07:33:36.0017 5276 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

07:33:36.0035 5276 BDESVC - ok

07:33:36.0051 5276 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

07:33:36.0117 5276 Beep - ok

07:33:36.0146 5276 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll

07:33:36.0183 5276 BFE - ok

07:33:36.0220 5276 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll

07:33:36.0269 5276 BITS - ok

07:33:36.0300 5276 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\drivers\blbdrive.sys

07:33:36.0318 5276 blbdrive - ok

07:33:36.0391 5276 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

07:33:36.0410 5276 Bonjour Service - ok

07:33:36.0433 5276 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

07:33:36.0464 5276 bowser - ok

07:33:36.0489 5276 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys

07:33:36.0510 5276 BrFiltLo - ok

07:33:36.0519 5276 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys

07:33:36.0533 5276 BrFiltUp - ok

07:33:36.0558 5276 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll

07:33:36.0622 5276 Browser - ok

07:33:36.0647 5276 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

07:33:36.0688 5276 Brserid - ok

07:33:36.0705 5276 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

07:33:36.0734 5276 BrSerWdm - ok

07:33:36.0748 5276 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

07:33:36.0771 5276 BrUsbMdm - ok

07:33:36.0782 5276 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

07:33:36.0795 5276 BrUsbSer - ok

07:33:36.0808 5276 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys

07:33:36.0835 5276 BTHMODEM - ok

07:33:36.0859 5276 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

07:33:36.0900 5276 bthserv - ok

07:33:36.0919 5276 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

07:33:36.0944 5276 cdfs - ok

07:33:36.0974 5276 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

07:33:36.0996 5276 cdrom - ok

07:33:37.0023 5276 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

07:33:37.0061 5276 CertPropSvc - ok

07:33:37.0071 5276 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys

07:33:37.0083 5276 circlass - ok

07:33:37.0099 5276 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

07:33:37.0110 5276 CLFS - ok

07:33:37.0211 5276 CLKMSVC10_9EC60124 (4642b5a3e0d2e61d08163de95fc5b949) C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe

07:33:37.0225 5276 CLKMSVC10_9EC60124 - ok

07:33:37.0282 5276 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

07:33:37.0293 5276 clr_optimization_v2.0.50727_32 - ok

07:33:37.0321 5276 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

07:33:37.0333 5276 clr_optimization_v2.0.50727_64 - ok

07:33:37.0384 5276 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

07:33:37.0397 5276 clr_optimization_v4.0.30319_32 - ok

07:33:37.0426 5276 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

07:33:37.0438 5276 clr_optimization_v4.0.30319_64 - ok

07:33:37.0517 5276 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\drivers\CmBatt.sys

07:33:37.0545 5276 CmBatt - ok

07:33:37.0573 5276 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

07:33:37.0586 5276 cmdide - ok

07:33:37.0639 5276 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

07:33:37.0670 5276 CNG - ok

07:33:37.0692 5276 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys

07:33:37.0701 5276 Compbatt - ok

07:33:37.0722 5276 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys

07:33:37.0763 5276 CompositeBus - ok

07:33:37.0777 5276 COMSysApp - ok

07:33:37.0806 5276 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys

07:33:37.0820 5276 crcdisk - ok

07:33:37.0853 5276 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll

07:33:37.0899 5276 CryptSvc - ok

07:33:37.0925 5276 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

07:33:37.0969 5276 DcomLaunch - ok

07:33:37.0986 5276 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

07:33:38.0017 5276 defragsvc - ok

07:33:38.0033 5276 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

07:33:38.0064 5276 DfsC - ok

07:33:38.0080 5276 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll

07:33:38.0111 5276 Dhcp - ok

07:33:38.0126 5276 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

07:33:38.0236 5276 discache - ok

07:33:38.0292 5276 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys

07:33:38.0306 5276 Disk - ok

07:33:38.0338 5276 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll

07:33:38.0396 5276 Dnscache - ok

07:33:38.0422 5276 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll

07:33:38.0472 5276 dot3svc - ok

07:33:38.0506 5276 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\windows\system32\DRIVERS\Dot4.sys

07:33:38.0536 5276 Dot4 - ok

07:33:38.0554 5276 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\windows\system32\DRIVERS\Dot4Prt.sys

07:33:38.0584 5276 Dot4Print - ok

07:33:38.0609 5276 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\windows\system32\DRIVERS\dot4usb.sys

07:33:38.0641 5276 dot4usb - ok

07:33:38.0661 5276 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll

07:33:38.0708 5276 DPS - ok

07:33:38.0732 5276 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

07:33:38.0752 5276 drmkaud - ok

07:33:38.0773 5276 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

07:33:38.0795 5276 DXGKrnl - ok

07:33:38.0817 5276 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

07:33:38.0847 5276 EapHost - ok

07:33:38.0913 5276 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys

07:33:38.0996 5276 ebdrv - ok

07:33:39.0024 5276 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe

07:33:39.0055 5276 EFS - ok

07:33:39.0098 5276 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe

07:33:39.0132 5276 ehRecvr - ok

07:33:39.0142 5276 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

07:33:39.0166 5276 ehSched - ok

07:33:39.0202 5276 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys

07:33:39.0218 5276 elxstor - ok

07:33:39.0228 5276 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

07:33:39.0240 5276 ErrDev - ok

07:33:39.0263 5276 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

07:33:39.0305 5276 EventSystem - ok

07:33:39.0334 5276 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

07:33:39.0371 5276 exfat - ok

07:33:39.0388 5276 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

07:33:39.0417 5276 fastfat - ok

07:33:39.0443 5276 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe

07:33:39.0478 5276 Fax - ok

07:33:39.0498 5276 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys

07:33:39.0519 5276 fdc - ok

07:33:39.0544 5276 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

07:33:39.0594 5276 fdPHost - ok

07:33:39.0609 5276 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

07:33:39.0631 5276 FDResPub - ok

07:33:39.0654 5276 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

07:33:39.0661 5276 FileInfo - ok

07:33:39.0674 5276 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

07:33:39.0725 5276 Filetrace - ok

07:33:39.0755 5276 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys

07:33:39.0772 5276 flpydisk - ok

07:33:39.0792 5276 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

07:33:39.0809 5276 FltMgr - ok

07:33:39.0837 5276 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll

07:33:39.0915 5276 FontCache - ok

07:33:39.0986 5276 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

07:33:39.0996 5276 FontCache3.0.0.0 - ok

07:33:40.0022 5276 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

07:33:40.0034 5276 FsDepends - ok

07:33:40.0054 5276 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys

07:33:40.0064 5276 Fs_Rec - ok

07:33:40.0093 5276 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

07:33:40.0142 5276 fvevol - ok

07:33:40.0171 5276 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys

07:33:40.0184 5276 gagp30kx - ok

07:33:40.0209 5276 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

07:33:40.0219 5276 GEARAspiWDM - ok

07:33:40.0241 5276 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll

07:33:40.0279 5276 gpsvc - ok

07:33:40.0303 5276 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

07:33:40.0322 5276 hcw85cir - ok

07:33:40.0369 5276 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

07:33:40.0385 5276 HdAudAddService - ok

07:33:40.0447 5276 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys

07:33:40.0463 5276 HDAudBus - ok

07:33:40.0494 5276 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys

07:33:40.0510 5276 HidBatt - ok

07:33:40.0525 5276 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys

07:33:40.0541 5276 HidBth - ok

07:33:40.0572 5276 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys

07:33:40.0588 5276 HidIr - ok

07:33:40.0603 5276 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll

07:33:40.0634 5276 hidserv - ok

07:33:40.0650 5276 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

07:33:40.0666 5276 HidUsb - ok

07:33:40.0681 5276 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll

07:33:40.0712 5276 hkmsvc - ok

07:33:40.0728 5276 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll

07:33:40.0744 5276 HomeGroupListener - ok

07:33:40.0759 5276 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll

07:33:40.0775 5276 HomeGroupProvider - ok

07:33:40.0900 5276 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

07:33:41.0301 5276 hpqcxs08 - ok

07:33:41.0320 5276 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

07:33:41.0331 5276 hpqddsvc - ok

07:33:41.0363 5276 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

07:33:41.0379 5276 HpSAMD - ok

07:33:41.0418 5276 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

07:33:41.0443 5276 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning

07:33:41.0443 5276 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)

07:33:41.0475 5276 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

07:33:41.0524 5276 HTTP - ok

07:33:41.0537 5276 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

07:33:41.0543 5276 hwpolicy - ok

07:33:41.0578 5276 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

07:33:41.0596 5276 i8042prt - ok

07:33:41.0632 5276 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

07:33:41.0654 5276 iaStorV - ok

07:33:41.0706 5276 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

07:33:41.0734 5276 idsvc - ok

07:33:41.0933 5276 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\windows\system32\DRIVERS\igdkmd64.sys

07:33:42.0202 5276 igfx - ok

07:33:42.0221 5276 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys

07:33:42.0231 5276 iirsp - ok

07:33:42.0258 5276 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll

07:33:42.0306 5276 IKEEXT - ok

07:33:42.0364 5276 IntcAzAudAddService (03076f51af9f78a272cccde03e9340ce) C:\windows\system32\drivers\RTKVHD64.sys

07:33:42.0417 5276 IntcAzAudAddService - ok

07:33:42.0441 5276 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys

07:33:42.0454 5276 IntcDAud - ok

07:33:42.0474 5276 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

07:33:42.0481 5276 intelide - ok

07:33:42.0506 5276 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys

07:33:42.0545 5276 intelppm - ok

07:33:42.0579 5276 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

07:33:42.0624 5276 IPBusEnum - ok

07:33:42.0651 5276 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

07:33:42.0672 5276 IpFilterDriver - ok

07:33:42.0695 5276 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll

07:33:42.0727 5276 iphlpsvc - ok

07:33:42.0739 5276 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

07:33:42.0760 5276 IPMIDRV - ok

07:33:42.0780 5276 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

07:33:42.0804 5276 IPNAT - ok

07:33:42.0877 5276 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe

07:33:42.0903 5276 iPod Service - ok

07:33:42.0916 5276 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

07:33:42.0927 5276 IRENUM - ok

07:33:42.0939 5276 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

07:33:42.0946 5276 isapnp - ok

07:33:42.0974 5276 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

07:33:42.0983 5276 iScsiPrt - ok

07:33:43.0014 5276 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

07:33:43.0021 5276 kbdclass - ok

07:33:43.0030 5276 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys

07:33:43.0051 5276 kbdhid - ok

07:33:43.0093 5276 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

07:33:43.0103 5276 KeyIso - ok

07:33:43.0121 5276 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

07:33:43.0129 5276 KSecDD - ok

07:33:43.0140 5276 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

07:33:43.0148 5276 KSecPkg - ok

07:33:43.0160 5276 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

07:33:43.0192 5276 ksthunk - ok

07:33:43.0251 5276 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

07:33:43.0299 5276 KtmRm - ok

07:33:43.0331 5276 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll

07:33:43.0363 5276 LanmanServer - ok

07:33:43.0378 5276 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll

07:33:43.0409 5276 LanmanWorkstation - ok

07:33:43.0456 5276 LightScribeService (17203d81a68d9162db9022a1fc601778) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

07:33:43.0472 5276 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

07:33:43.0472 5276 LightScribeService - detected UnsignedFile.Multi.Generic (1)

07:33:43.0487 5276 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

07:33:43.0534 5276 lltdio - ok

07:33:43.0565 5276 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

07:33:43.0581 5276 lltdsvc - ok

07:33:43.0612 5276 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

07:33:43.0628 5276 lmhosts - ok

07:33:43.0659 5276 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

07:33:43.0659 5276 LMS - ok

07:33:43.0690 5276 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys

07:33:43.0706 5276 LSI_FC - ok

07:33:43.0721 5276 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys

07:33:43.0737 5276 LSI_SAS - ok

07:33:43.0753 5276 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys

07:33:43.0753 5276 LSI_SAS2 - ok

07:33:43.0768 5276 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys

07:33:43.0784 5276 LSI_SCSI - ok

07:33:43.0799 5276 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

07:33:43.0831 5276 luafv - ok

07:33:43.0877 5276 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys

07:33:43.0893 5276 MBAMProtector - ok

07:33:43.0924 5276 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

07:33:43.0955 5276 MBAMService - ok

07:33:43.0955 5276 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\windows\system32\drivers\MBfilt64.sys

07:33:43.0971 5276 MBfilt - ok

07:33:44.0002 5276 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll

07:33:44.0018 5276 Mcx2Svc - ok

07:33:44.0049 5276 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys

07:33:44.0065 5276 megasas - ok

07:33:44.0096 5276 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys

07:33:44.0111 5276 MegaSR - ok

07:33:44.0158 5276 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\drivers\HECIx64.sys

07:33:44.0174 5276 MEIx64 - ok

07:33:44.0205 5276 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

07:33:44.0236 5276 MMCSS - ok

07:33:44.0252 5276 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

07:33:44.0301 5276 Modem - ok

07:33:44.0320 5276 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

07:33:44.0334 5276 monitor - ok

07:33:44.0350 5276 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

07:33:44.0358 5276 mouclass - ok

07:33:44.0382 5276 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

07:33:44.0395 5276 mouhid - ok

07:33:44.0422 5276 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

07:33:44.0430 5276 mountmgr - ok

07:33:44.0446 5276 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

07:33:44.0455 5276 mpio - ok

07:33:44.0472 5276 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

07:33:44.0498 5276 mpsdrv - ok

07:33:44.0526 5276 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll

07:33:44.0554 5276 MpsSvc - ok

07:33:44.0575 5276 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

07:33:44.0597 5276 MRxDAV - ok

07:33:44.0619 5276 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

07:33:44.0651 5276 mrxsmb - ok

07:33:44.0666 5276 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

07:33:44.0680 5276 mrxsmb10 - ok

07:33:44.0695 5276 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

07:33:44.0707 5276 mrxsmb20 - ok

07:33:44.0715 5276 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys

07:33:44.0722 5276 msahci - ok

07:33:44.0745 5276 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

07:33:44.0755 5276 msdsm - ok

07:33:44.0774 5276 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

07:33:44.0795 5276 MSDTC - ok

07:33:44.0816 5276 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

07:33:44.0843 5276 Msfs - ok

07:33:44.0887 5276 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

07:33:44.0937 5276 mshidkmdf - ok

07:33:44.0953 5276 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

07:33:44.0959 5276 msisadrv - ok

07:33:44.0979 5276 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

07:33:45.0012 5276 MSiSCSI - ok

07:33:45.0017 5276 msiserver - ok

07:33:45.0035 5276 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

07:33:45.0063 5276 MSKSSRV - ok

07:33:45.0069 5276 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

07:33:45.0097 5276 MSPCLOCK - ok

07:33:45.0109 5276 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

07:33:45.0132 5276 MSPQM - ok

07:33:45.0151 5276 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

07:33:45.0161 5276 MsRPC - ok

07:33:45.0176 5276 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys

07:33:45.0182 5276 mssmbios - ok

07:33:45.0197 5276 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

07:33:45.0247 5276 MSTEE - ok

07:33:45.0263 5276 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys

07:33:45.0272 5276 MTConfig - ok

07:33:45.0291 5276 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

07:33:45.0298 5276 Mup - ok

07:33:45.0317 5276 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll

07:33:45.0353 5276 napagent - ok

07:33:45.0380 5276 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

07:33:45.0394 5276 NativeWifiP - ok

07:33:45.0439 5276 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

07:33:45.0468 5276 NDIS - ok

07:33:45.0489 5276 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

07:33:45.0527 5276 NdisCap - ok

07:33:45.0556 5276 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

07:33:45.0594 5276 NdisTapi - ok

07:33:45.0609 5276 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

07:33:45.0632 5276 Ndisuio - ok

07:33:45.0642 5276 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

07:33:45.0668 5276 NdisWan - ok

07:33:45.0685 5276 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

07:33:45.0710 5276 NDProxy - ok

07:33:45.0756 5276 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll

07:33:45.0772 5276 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

07:33:45.0772 5276 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

07:33:45.0781 5276 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

07:33:45.0839 5276 NetBIOS - ok

07:33:45.0856 5276 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

07:33:45.0880 5276 NetBT - ok

07:33:45.0911 5276 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

07:33:45.0920 5276 Netlogon - ok

07:33:45.0959 5276 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

07:33:46.0014 5276 Netman - ok

07:33:46.0030 5276 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

07:33:46.0068 5276 netprofm - ok

07:33:46.0099 5276 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\windows\system32\DRIVERS\netr7364.sys

07:33:46.0122 5276 netr7364 - ok

07:33:46.0177 5276 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

07:33:46.0191 5276 NetTcpPortSharing - ok

07:33:46.0248 5276 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys

07:33:46.0262 5276 nfrd960 - ok

07:33:46.0285 5276 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll

07:33:46.0332 5276 NlaSvc - ok

07:33:46.0441 5276 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

07:33:46.0472 5276 Npfs - ok

07:33:46.0488 5276 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

07:33:46.0535 5276 nsi - ok

07:33:46.0550 5276 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

07:33:46.0597 5276 nsiproxy - ok

07:33:46.0628 5276 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

07:33:46.0659 5276 Ntfs - ok

07:33:46.0675 5276 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

07:33:46.0691 5276 Null - ok

07:33:46.0706 5276 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\windows\system32\drivers\nusb3hub.sys

07:33:46.0722 5276 nusb3hub - ok

07:33:46.0737 5276 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\windows\system32\drivers\nusb3xhc.sys

07:33:46.0753 5276 nusb3xhc - ok

07:33:46.0784 5276 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

07:33:46.0800 5276 nvraid - ok

07:33:46.0815 5276 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

07:33:46.0831 5276 nvstor - ok

07:33:46.0862 5276 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

07:33:46.0878 5276 nv_agp - ok

07:33:46.0909 5276 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

07:33:46.0925 5276 ohci1394 - ok

07:33:46.0956 5276 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

07:33:46.0971 5276 ose - ok

07:33:47.0096 5276 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

07:33:47.0143 5276 osppsvc - ok

07:33:47.0174 5276 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

07:33:47.0190 5276 p2pimsvc - ok

07:33:47.0205 5276 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

07:33:47.0221 5276 p2psvc - ok

07:33:47.0252 5276 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys

07:33:47.0276 5276 Parport - ok

07:33:47.0290 5276 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys

07:33:47.0298 5276 partmgr - ok

07:33:47.0311 5276 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

07:33:47.0339 5276 PcaSvc - ok

07:33:47.0377 5276 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

07:33:47.0393 5276 pci - ok

07:33:47.0404 5276 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys

07:33:47.0411 5276 pciide - ok

07:33:47.0451 5276 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys

07:33:47.0462 5276 pcmcia - ok

07:33:47.0483 5276 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

07:33:47.0492 5276 pcw - ok

07:33:47.0510 5276 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

07:33:47.0555 5276 PEAUTH - ok

07:33:47.0593 5276 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

07:33:47.0626 5276 PerfHost - ok

07:33:47.0689 5276 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll

07:33:47.0755 5276 pla - ok

07:33:47.0810 5276 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll

07:33:47.0860 5276 PlugPlay - ok

07:33:47.0898 5276 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll

07:33:47.0913 5276 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

07:33:47.0913 5276 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

07:33:47.0935 5276 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

07:33:47.0963 5276 PNRPAutoReg - ok

07:33:47.0985 5276 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

07:33:48.0001 5276 PNRPsvc - ok

07:33:48.0037 5276 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll

07:33:48.0095 5276 PolicyAgent - ok

07:33:48.0120 5276 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

07:33:48.0152 5276 Power - ok

07:33:48.0202 5276 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

07:33:48.0251 5276 PptpMiniport - ok

07:33:48.0271 5276 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys

07:33:48.0286 5276 Processor - ok

07:33:48.0302 5276 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll

07:33:48.0364 5276 ProfSvc - ok

07:33:48.0395 5276 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

07:33:48.0411 5276 ProtectedStorage - ok

07:33:48.0427 5276 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

07:33:48.0473 5276 Psched - ok

07:33:48.0520 5276 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys

07:33:48.0583 5276 ql2300 - ok

07:33:48.0598 5276 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys

07:33:48.0598 5276 ql40xx - ok

07:33:48.0614 5276 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

07:33:48.0629 5276 QWAVE - ok

07:33:48.0629 5276 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

07:33:48.0645 5276 QWAVEdrv - ok

07:33:48.0661 5276 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

07:33:48.0676 5276 RasAcd - ok

07:33:48.0692 5276 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

07:33:48.0723 5276 RasAgileVpn - ok

07:33:48.0739 5276 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

07:33:48.0754 5276 RasAuto - ok

07:33:48.0770 5276 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

07:33:48.0801 5276 Rasl2tp - ok

07:33:48.0832 5276 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll

07:33:48.0848 5276 RasMan - ok

07:33:48.0863 5276 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

07:33:48.0895 5276 RasPppoe - ok

07:33:48.0926 5276 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

07:33:48.0973 5276 RasSstp - ok

07:33:48.0988 5276 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

07:33:49.0004 5276 rdbss - ok

07:33:49.0019 5276 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys

07:33:49.0035 5276 rdpbus - ok

07:33:49.0051 5276 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

07:33:49.0066 5276 RDPCDD - ok

07:33:49.0066 5276 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

07:33:49.0097 5276 RDPENCDD - ok

07:33:49.0113 5276 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

07:33:49.0129 5276 RDPREFMP - ok

07:33:49.0175 5276 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys

07:33:49.0191 5276 RDPWD - ok

07:33:49.0222 5276 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

07:33:49.0222 5276 rdyboost - ok

07:33:49.0253 5276 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

07:33:49.0269 5276 RemoteAccess - ok

07:33:49.0285 5276 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

07:33:49.0323 5276 RemoteRegistry - ok

07:33:49.0392 5276 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

07:33:49.0405 5276 RichVideo - ok

07:33:49.0421 5276 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

07:33:49.0466 5276 RpcEptMapper - ok

07:33:49.0483 5276 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

07:33:49.0493 5276 RpcLocator - ok

07:33:49.0509 5276 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

07:33:49.0534 5276 RpcSs - ok

07:33:49.0544 5276 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

07:33:49.0567 5276 rspndr - ok

07:33:49.0607 5276 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys

07:33:49.0628 5276 RTL8167 - ok

07:33:49.0675 5276 RTL8192su (a332db1dac07e95667a57aaeec236c37) C:\windows\system32\DRIVERS\RTL8192su.sys

07:33:49.0696 5276 RTL8192su - ok

07:33:49.0729 5276 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

07:33:49.0741 5276 SamSs - ok

07:33:49.0766 5276 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

07:33:49.0778 5276 sbp2port - ok

07:33:49.0839 5276 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

07:33:49.0867 5276 SBSDWSCService - ok

07:33:49.0877 5276 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

07:33:49.0900 5276 SCardSvr - ok

07:33:49.0908 5276 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

07:33:49.0934 5276 scfilter - ok

07:33:49.0952 5276 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll

07:33:50.0017 5276 Schedule - ok

07:33:50.0042 5276 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

07:33:50.0062 5276 SCPolicySvc - ok

07:33:50.0076 5276 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll

07:33:50.0093 5276 SDRSVC - ok

07:33:50.0114 5276 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

07:33:50.0165 5276 secdrv - ok

07:33:50.0181 5276 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll

07:33:50.0203 5276 seclogon - ok

07:33:50.0250 5276 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll

07:33:50.0291 5276 SENS - ok

07:33:50.0311 5276 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

07:33:50.0326 5276 SensrSvc - ok

07:33:50.0340 5276 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys

07:33:50.0355 5276 Serenum - ok

07:33:50.0371 5276 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys

07:33:50.0387 5276 Serial - ok

07:33:50.0418 5276 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys

07:33:50.0418 5276 sermouse - ok

07:33:50.0433 5276 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll

07:33:50.0465 5276 SessionEnv - ok

07:33:50.0480 5276 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

07:33:50.0527 5276 sffdisk - ok

07:33:50.0543 5276 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

07:33:50.0558 5276 sffp_mmc - ok

07:33:50.0574 5276 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

07:33:50.0589 5276 sffp_sd - ok

07:33:50.0605 5276 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys

07:33:50.0621 5276 sfloppy - ok

07:33:50.0636 5276 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll

07:33:50.0667 5276 SharedAccess - ok

07:33:50.0683 5276 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll

07:33:50.0714 5276 ShellHWDetection - ok

07:33:50.0730 5276 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys

07:33:50.0745 5276 SiSRaid2 - ok

07:33:50.0745 5276 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys

07:33:50.0761 5276 SiSRaid4 - ok

07:33:50.0808 5276 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

07:33:50.0855 5276 Smb - ok

07:33:50.0870 5276 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

07:33:50.0886 5276 SNMPTRAP - ok

07:33:50.0901 5276 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

07:33:50.0901 5276 spldr - ok

07:33:50.0917 5276 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe

07:33:50.0948 5276 Spooler - ok

07:33:51.0011 5276 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe

07:33:51.0089 5276 sppsvc - ok

07:33:51.0120 5276 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

07:33:51.0151 5276 sppuinotify - ok

07:33:51.0182 5276 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

07:33:51.0213 5276 srv - ok

07:33:51.0229 5276 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

07:33:51.0245 5276 srv2 - ok

07:33:51.0271 5276 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

07:33:51.0281 5276 srvnet - ok

07:33:51.0310 5276 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

07:33:51.0340 5276 SSDPSRV - ok

07:33:51.0362 5276 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

07:33:51.0385 5276 SstpSvc - ok

07:33:51.0405 5276 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys

07:33:51.0411 5276 stexstor - ok

07:33:51.0448 5276 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys

07:33:51.0475 5276 StillCam - ok

07:33:51.0589 5276 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll

07:33:51.0619 5276 stisvc - ok

07:33:51.0643 5276 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys

07:33:51.0652 5276 swenum - ok

07:33:51.0771 5276 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

07:33:51.0794 5276 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning

07:33:51.0794 5276 SwitchBoard - detected UnsignedFile.Multi.Generic (1)

07:33:51.0820 5276 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

07:33:51.0865 5276 swprv - ok

07:33:51.0900 5276 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll

07:33:51.0945 5276 SysMain - ok

07:33:51.0956 5276 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll

07:33:51.0970 5276 TabletInputService - ok

07:33:51.0982 5276 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll

07:33:52.0012 5276 TapiSrv - ok

07:33:52.0024 5276 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

07:33:52.0047 5276 TBS - ok

07:33:52.0096 5276 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys

07:33:52.0137 5276 Tcpip - ok

07:33:52.0187 5276 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys

07:33:52.0217 5276 TCPIP6 - ok

07:33:52.0239 5276 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

07:33:52.0271 5276 tcpipreg - ok

07:33:52.0290 5276 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

07:33:52.0299 5276 TDPIPE - ok

07:33:52.0330 5276 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys

07:33:52.0338 5276 TDTCP - ok

07:33:52.0351 5276 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

07:33:52.0372 5276 tdx - ok

07:33:52.0389 5276 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys

07:33:52.0396 5276 TermDD - ok

07:33:52.0432 5276 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll

07:33:52.0470 5276 TermService - ok

07:33:52.0488 5276 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

07:33:52.0499 5276 Themes - ok

07:33:52.0527 5276 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

07:33:52.0565 5276 THREADORDER - ok

07:33:52.0579 5276 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

07:33:52.0607 5276 TrkWks - ok

07:33:52.0643 5276 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe

07:33:52.0687 5276 TrustedInstaller - ok

07:33:52.0699 5276 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

07:33:52.0730 5276 tssecsrv - ok

07:33:52.0760 5276 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

07:33:52.0794 5276 TsUsbFlt - ok

07:33:52.0834 5276 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys

07:33:52.0851 5276 TsUsbGD - ok

07:33:52.0877 5276 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

07:33:52.0928 5276 tunnel - ok

07:33:52.0949 5276 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys

07:33:52.0957 5276 uagp35 - ok

07:33:52.0978 5276 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

07:33:53.0007 5276 udfs - ok

07:33:53.0022 5276 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

07:33:53.0032 5276 UI0Detect - ok

07:33:53.0059 5276 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

07:33:53.0067 5276 uliagpkx - ok

07:33:53.0083 5276 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys

07:33:53.0109 5276 umbus - ok

07:33:53.0135 5276 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

07:33:53.0154 5276 UmPass - ok

07:33:53.0245 5276 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

07:33:53.0280 5276 UNS - ok

07:33:53.0296 5276 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

07:33:53.0333 5276 upnphost - ok

07:33:53.0382 5276 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys

07:33:53.0424 5276 USBAAPL64 - ok

07:33:53.0449 5276 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

07:33:53.0479 5276 usbccgp - ok

07:33:53.0499 5276 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

07:33:53.0528 5276 usbcir - ok

07:33:53.0557 5276 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys

07:33:53.0579 5276 usbehci - ok

07:33:53.0609 5276 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\drivers\usbhub.sys

07:33:53.0635 5276 usbhub - ok

07:33:53.0654 5276 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

07:33:53.0671 5276 usbohci - ok

07:33:53.0697 5276 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

07:33:53.0724 5276 usbprint - ok

07:33:53.0747 5276 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys

07:33:53.0794 5276 usbscan - ok

07:33:53.0824 5276 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

07:33:53.0855 5276 USBSTOR - ok

07:33:53.0898 5276 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

07:33:53.0910 5276 usbuhci - ok

07:33:53.0931 5276 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

07:33:53.0975 5276 UxSms - ok

07:33:54.0011 5276 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

07:33:54.0027 5276 VaultSvc - ok

07:33:54.0050 5276 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

07:33:54.0063 5276 vdrvroot - ok

07:33:54.0082 5276 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe

07:33:54.0127 5276 vds - ok

07:33:54.0159 5276 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

07:33:54.0170 5276 vga - ok

07:33:54.0182 5276 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

07:33:54.0213 5276 VgaSave - ok

07:33:54.0228 5276 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

07:33:54.0237 5276 vhdmp - ok

07:33:54.0251 5276 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

07:33:54.0258 5276 viaide - ok

07:33:54.0281 5276 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

07:33:54.0289 5276 volmgr - ok

07:33:54.0301 5276 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

07:33:54.0311 5276 volmgrx - ok

07:33:54.0316 5276 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

07:33:54.0332 5276 volsnap - ok

07:33:54.0348 5276 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys

07:33:54.0348 5276 vsmraid - ok

07:33:54.0379 5276 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe

07:33:54.0441 5276 VSS - ok

07:33:54.0457 5276 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

07:33:54.0472 5276 vwifibus - ok

07:33:54.0488 5276 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

07:33:54.0535 5276 vwififlt - ok

07:33:54.0550 5276 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

07:33:54.0597 5276 W32Time - ok

07:33:54.0613 5276 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys

07:33:54.0628 5276 WacomPen - ok

07:33:54.0644 5276 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

07:33:54.0675 5276 WANARP - ok

07:33:54.0675 5276 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

07:33:54.0691 5276 Wanarpv6 - ok

07:33:54.0753 5276 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe

07:33:54.0816 5276 WatAdminSvc - ok

07:33:54.0847 5276 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe

07:33:54.0894 5276 wbengine - ok

07:33:54.0940 5276 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

07:33:54.0972 5276 WbioSrvc - ok

07:33:54.0987 5276 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll

07:33:55.0018 5276 wcncsvc - ok

07:33:55.0034 5276 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

07:33:55.0050 5276 WcsPlugInService - ok

07:33:55.0081 5276 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys

07:33:55.0081 5276 Wd - ok

07:33:55.0112 5276 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

07:33:55.0143 5276 Wdf01000 - ok

07:33:55.0159 5276 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

07:33:55.0206 5276 WdiServiceHost - ok

07:33:55.0206 5276 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

07:33:55.0221 5276 WdiSystemHost - ok

07:33:55.0237 5276 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll

07:33:55.0271 5276 WebClient - ok

07:33:55.0309 5276 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

07:33:55.0359 5276 Wecsvc - ok

07:33:55.0385 5276 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

07:33:55.0406 5276 wercplsupport - ok

07:33:55.0428 5276 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

07:33:55.0478 5276 WerSvc - ok

07:33:55.0489 5276 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

07:33:55.0511 5276 WfpLwf - ok

07:33:55.0526 5276 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

07:33:55.0532 5276 WIMMount - ok

07:33:55.0549 5276 WinDefend - ok

07:33:55.0552 5276 WinHttpAutoProxySvc - ok

07:33:55.0594 5276 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

07:33:55.0632 5276 Winmgmt - ok

07:33:55.0665 5276 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll

07:33:55.0729 5276 WinRM - ok

07:33:55.0763 5276 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys

07:33:55.0773 5276 WinUsb - ok

07:33:55.0796 5276 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

07:33:55.0824 5276 Wlansvc - ok

07:33:55.0840 5276 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys

07:33:55.0859 5276 WmiAcpi - ok

07:33:55.0873 5276 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

07:33:55.0894 5276 wmiApSrv - ok

07:33:55.0899 5276 WMPNetworkSvc - ok

07:33:55.0921 5276 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

07:33:55.0950 5276 WPCSvc - ok

07:33:55.0969 5276 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll

07:33:56.0004 5276 WPDBusEnum - ok

07:33:56.0026 5276 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

07:33:56.0065 5276 ws2ifsl - ok

07:33:56.0076 5276 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll

07:33:56.0095 5276 wscsvc - ok

07:33:56.0100 5276 WSearch - ok

07:33:56.0141 5276 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll

07:33:56.0225 5276 wuauserv - ok

07:33:56.0244 5276 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

07:33:56.0271 5276 WudfPf - ok

07:33:56.0287 5276 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

07:33:56.0318 5276 WUDFRd - ok

07:33:56.0338 5276 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll

07:33:56.0362 5276 wudfsvc - ok

07:33:56.0381 5276 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

07:33:56.0402 5276 WwanSvc - ok

07:33:56.0435 5276 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

07:33:56.0591 5276 \Device\Harddisk0\DR0 - ok

07:33:56.0598 5276 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1

07:33:56.0805 5276 \Device\Harddisk1\DR1 - ok

07:33:56.0808 5276 Boot (0x1200) (df5d421a81e8ece5fcd212affb4e3b90) \Device\Harddisk0\DR0\Partition0

07:33:56.0809 5276 \Device\Harddisk0\DR0\Partition0 - ok

07:33:56.0814 5276 Boot (0x1200) (3b3116ec9dadd1a7ae694a556e502266) \Device\Harddisk0\DR0\Partition1

07:33:56.0816 5276 \Device\Harddisk0\DR0\Partition1 - ok

07:33:56.0820 5276 Boot (0x1200) (df484539708e66bfd6c119f83cd1a3df) \Device\Harddisk1\DR1\Partition0

07:33:56.0822 5276 \Device\Harddisk1\DR1\Partition0 - ok

07:33:56.0822 5276 ============================================================

07:33:56.0822 5276 Scan finished

07:33:56.0822 5276 ============================================================

07:33:56.0831 4224 Detected object count: 5

07:33:56.0832 4224 Actual detected object count: 5

07:34:51.0708 4224 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user

07:34:51.0708 4224 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:34:51.0708 4224 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

07:34:51.0708 4224 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:34:51.0708 4224 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

07:34:51.0708 4224 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:34:51.0708 4224 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

07:34:51.0708 4224 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:34:51.0708 4224 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user

07:34:51.0708 4224 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

LDTate · April 3, 2012

That looks good.

We'll try one more tool.

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
Note: If you have XP SP3, use the XP SP2 package.
If Vista or Windows 7, skip the Recovery Console part
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Loric · April 3, 2012

Greetings from my iPhone! I can't open any browsers after running combofix. Get a message for all of them saying they refer to illegal operation on a registry key markets for deletion. Combofix seemed to have run as normal and rebooted. So now what?

LDTate · April 3, 2012

Try another reboot

Loric · April 3, 2012

Markets=marked. Yay for autocorrect.

LDTate · April 3, 2012

You lost me there.

Can you get to the internet?

Can you post the scan results from combofix?

Loric · April 3, 2012

Yes, i'm back - was trying t fix a tyo in the last post but you had gotten the point. Rebooting worked.

Log:

ComboFix 12-04-02.01 - Robert 04/03/2012 8:21.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16286.12642 [GMT -4:00]

Running from: c:\users\Robert\Desktop\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\1.bat

c:\windows\system32\2.bat

c:\windows\system32\s.bat

.

((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))

.

2012-04-01 16:15 . 2012-04-01 23:58 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-04-01 16:15 . 2012-04-01 16:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-04-01 09:39 . 2012-04-01 09:39 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-03-29 12:18 . 2012-03-29 12:18 -------- d-----w- c:\users\Administrator

2012-03-29 11:50 . 2012-03-29 11:50 -------- d-----w- c:\users\Robert\AppData\Roaming\AVG2012

2012-03-29 11:49 . 2012-03-29 11:49 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2012-03-29 11:49 . 2012-04-03 12:04 -------- d-----w- c:\windows\system32\drivers\AVG

2012-03-29 11:49 . 2012-03-29 12:23 -------- d-----w- c:\programdata\AVG2012

2012-03-29 11:49 . 2012-03-29 11:49 -------- d-----w- C:\$AVG

2012-03-29 11:48 . 2012-03-29 11:48 -------- d-----w- c:\program files (x86)\AVG

2012-03-29 11:45 . 2012-03-29 11:45 -------- d--h--w- c:\programdata\Common Files

2012-03-29 11:44 . 2012-04-03 12:04 -------- d-----w- c:\programdata\MFAData

2012-03-29 01:00 . 2012-03-29 01:00 -------- d-----w- c:\users\Robert\AppData\Local\twitter

2012-03-29 00:59 . 2012-03-29 00:59 612888 ----a-r- c:\users\Robert\AppData\Roaming\Microsoft\Installer\{2DCD0543-22F6-4E54-80D3-B4EFB9AC4943}\TweetDeck.exe

2012-03-29 00:59 . 2012-03-29 00:59 -------- d-----w- c:\program files (x86)\Twitter

2012-03-27 01:30 . 2012-03-27 01:30 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-27 01:30 . 2012-03-27 01:30 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-27 01:27 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe

2012-03-27 01:27 . 2012-03-29 12:43 -------- d-----w- c:\programdata\AVAST Software

2012-03-27 01:27 . 2012-03-27 01:27 -------- d-----w- c:\program files\AVAST Software

2012-03-27 01:01 . 2012-03-27 01:01 -------- d-----w- c:\users\Robert\AppData\Roaming\Malwarebytes

2012-03-27 01:01 . 2012-03-27 01:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-27 01:01 . 2012-03-27 01:01 -------- d-----w- c:\programdata\Malwarebytes

2012-03-27 01:01 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-22 22:58 . 2012-03-22 22:58 -------- d-----w- c:\users\Robert\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2012-03-22 22:58 . 2012-03-22 22:58 -------- d-----w- c:\users\Robert\AppData\Roaming\Adobe Mini Bridge CS5.1

2012-03-15 07:02 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-15 07:02 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-15 07:02 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 12:40 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 12:40 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 12:40 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 12:39 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 12:39 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 12:39 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 12:39 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 12:39 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 12:39 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 12:39 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-13 13:29 . 2012-03-13 14:46 -------- d-----w- C:\Images

2012-03-13 13:28 . 2012-03-13 13:28 -------- d-----w- c:\program files (x86)\ScreenGrab

2012-03-11 23:29 . 2011-09-16 15:24 778088 ------w- c:\windows\system32\HPDiscoPMa111.dll

2012-03-11 23:28 . 2012-03-11 23:28 -------- d-----w- c:\program files\HP

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-01 09:39 . 2011-11-23 00:54 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-22 09:25 . 2012-02-22 09:25 382032 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2012-02-22 09:25 . 2012-02-22 09:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2012-01-31 08:46 . 2012-01-31 08:46 36944 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]

2012-02-20 09:04 898912 ----a-w- c:\program files (x86)\AVG\AVG2012\avgdtiex.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-04-22 2363392]

"Akamai NetSession Interface"="c:\users\Robert\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]

"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 2676584]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-28 75048]

"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]

"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]

"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]

.

c:\users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

hueyTray.lnk - c:\program files (x86)\Pantone\huey\hueyTray.exe [2011-11-24 901120]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/09/29 13:35;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-18 240112]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 253600]

R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidseha.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-02-14 2316624]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - CLKMDRV10_9EC60124

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-04-22 20:09 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 09:39]

.

2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3830033066-2622805820-2840220525-1000Core.job

- c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 18:07]

.

2012-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3830033066-2622805820-2840220525-1000UA.job

- c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 18:07]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]

2012-02-20 09:04 1321824 ----a-w- c:\program files (x86)\AVG\AVG2012\avgdtiea.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-04 6602856]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1 68.238.112.12

FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\63aqw56l.default\

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-04-03 08:33:56 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-03 12:33

.

Pre-Run: 1,847,323,148,288 bytes free

Post-Run: 1,852,414,738,432 bytes free

.

- - End Of File - - 1D18262B2B27B09826485679638E176C

LDTate · April 3, 2012

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

Are you using a Proxy?

Loric · April 3, 2012

I don't recognize that at all. I have a fairly basic into the wall FiOS connection.

LDTate · April 3, 2012

First:

Internet Explorer (Windows)

1. Click "Tools", then click "Internet Options". This will bring up the Internet Options window.

2. Click the "Connections" tab, then click the "LAN Settings" button.

3. Uncheck the box labeled "Use a proxy server for your LAN". Click "OK", and click "OK" in the previous window. This will remove the proxy server settings in Internet Explorer.

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

DDS::
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Loric · April 3, 2012

When I went into IE in step 3 there was no box checked for "Use proxy server"

Do you still want me to follow the steps after that?

Loric · April 3, 2012

And a quick look through my browsers - Firefox is the only one that lists/sees the proxy. In the Connection Settings it's set to "use system proxy settings" and then greyed out below is "no proxy for: localhost, 127.0.0.1"

LDTate · April 3, 2012

Yes, run the combofix script

Loric · April 3, 2012

ComboFix 12-04-02.01 - Robert 04/03/2012 9:47.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16286.13986 [GMT -4:00]

Running from: c:\users\Robert\Desktop\ComboFix.exe

Command switches used :: c:\users\Robert\Desktop\CFScript.txt

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((( Files Created from 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))))

.

2012-04-03 13:51 . 2012-04-03 13:51 -------- d-----w- c:\users\Mcx1-ROBERT-PC\AppData\Local\temp

2012-04-03 13:51 . 2012-04-03 13:51 -------- d-----w- c:\users\Default\AppData\Local\temp