Smart Fortress and Butterfly Search Engine

[johncrimi]

I hope you can help. About a week ago, MS Security Essentials popped up stating it had just cleaned a file - no action necessary. Since I had NEVER seen that before, I got concerned. Subsequently, Smart Fortress tried to start scanning, etc, etc. I immediately shut down the PC - started in safe mode - updated Malwarebytes - and ran it. It had difficulty with one file in the appdata directory - stating it did not have permissions. So I changed permissions of the directory and it successfully removed it. One desktop icon remained which I manually removed. I have not seen any evidence of it since...but...at the same time...

The Butterfly search engine is haunting me. Searches are occasionally re-directed to that search site. I immediately click 'back' on the browser (Chrome) - and search again. On all occasions, I get where I am supposed to go the second time.

I have run MS Security Essentials multiple times - it cannot find anything. I have run Malwarebytes multiple times - it cannot find anything. I have tried Adaware - it cannot find anything....

2 question:

1) where is it hiding - how do I make it go away?

2) how malicious is Smart Fortress and Butterfly Search Engine? I immediately changed my online passwords and have not used any of the 'critical' ones since. I do not have a comfort level yet...

I have attached the 2 files as requested. Any help would be much appreciated.

Thank you - John Crimi

DDS.txt

Attach.txt

[gringo_pr]

Hello and Welcome!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• 
  
• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

  [*]Please do not attach logs or use code boxes, just copy and paste the text.

  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
    

  [*]Please read every post completely before doing anything.

  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
    

  [*]Please provide feedback about your experience as we go.

  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
  
  

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

• Download Security Check by screen317 from

here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
  
• let me know of any problems you may have had
  
• How is the computer doing now?
  

Gringo

[johncrimi]

Security Check...

Results of screen317's Security Check version 0.99.41

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Lavasoft Ad-Watch Live! Anti-Virus

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.61.0.1400

JavaFX 2.1.0

Java 7 Update 4

Adobe Reader X (10.1.3)

Google Chrome 19.0.1084.46

Google Chrome 19.0.1084.52

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

I will now run Combofix and post results...Thank you

[johncrimi]

ComboFix 12-05-30.04 - John 05/30/2012 20:16:10.1.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3966.2888 [GMT -5:00]

Running from: c:\users\John\Downloads\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5400E5D5-03CD-4181-B493-20D25C4433A8}.xps

c:\windows\assembly\temp\@

c:\windows\assembly\temp\cfg.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-31 )))))))))))))))))))))))))))))))

.

.

2012-05-31 01:24 . 2012-05-31 01:24 -------- d-----w- c:\users\JLK\AppData\Local\temp

2012-05-31 01:24 . 2012-05-31 01:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-31 00:58 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A9176DA-4581-40F4-8669-C1E397539040}\mpengine.dll

2012-05-29 02:11 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-29 01:53 . 2012-05-29 01:53 -------- d-----w- c:\program files (x86)\MSXML 4.0

2012-05-26 16:19 . 2012-05-26 16:19 -------- d-----w- c:\windows\SysWow64\Adobe

2012-05-26 04:32 . 2012-05-26 04:32 -------- d-----w- c:\users\JLK\AppData\Roaming\Malwarebytes

2012-05-26 04:25 . 2012-05-26 04:25 -------- d-----w- c:\users\JLK\AppData\Local\Adobe

2012-05-15 13:03 . 2012-05-15 13:03 -------- d-----w- c:\program files (x86)\Oracle

2012-05-14 12:33 . 2012-05-14 12:33 -------- d-----w- c:\programdata\GFI Software

2012-05-14 02:17 . 2012-05-14 02:17 -------- d-----w- c:\users\John\AppData\Local\{FF97BDA9-9D6A-11E1-826F-B8AC6F996F26}

2012-05-14 02:17 . 2012-05-14 02:17 -------- d-----w- c:\programdata\needthis_F4D56268000078330003BE83B4EB2331

2012-05-10 04:16 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-10 04:16 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-10 04:16 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-10 04:16 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-10 04:16 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-10 04:16 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-10 04:15 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-10 04:14 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-10 04:14 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-10 04:14 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-10 04:14 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 04:14 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-10 04:14 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-01 12:40 . 2012-05-01 12:40 -------- d-----w- c:\program files (x86)\Microsoft Security Client

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-14 02:20 . 2012-04-09 12:03 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-14 02:20 . 2011-11-06 12:48 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 02:50 . 2012-04-14 20:06 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-04 23:47 . 2011-12-21 14:37 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-04-04 23:47 . 2011-12-21 14:37 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-04-04 20:56 . 2011-11-04 03:27 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-21 01:44 . 2011-04-27 20:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-21 01:44 . 2011-04-18 18:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 257696]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 02:20]

.

2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2300757923-2495358467-2577583169-1001Core.job

- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 05:24]

.

2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2300757923-2495358467-2577583169-1001UA.job

- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-29 05:24]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]

"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2011-12-11 3240448]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.1.1 68.238.96.12

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-WinShield.exe - c:\users\John\AppData\Roaming\Audio Resources\WinShield.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Completion time: 2012-05-30 20:38:31 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-31 01:38

.

Pre-Run: 234,987,630,592 bytes free

Post-Run: 234,778,845,184 bytes free

.

- - End Of File - - 6DFB82B6E683651A8634AC148784A0AF

[johncrimi]

When running Combofix - it had an issue with Microsoft Security Essentials. Even though I closed it - it still thought it was open. After double and triple checking - I ran Combofix anyway. Results are posted above.

For some reason, even though I am tracking this topic - I did not get an e-mail regarding your reply. I will check back shortly to see if the above information give you any useful information.

Thank you - John

[gringo_pr]

Greetings

:multiple Anti Virus programs:

• It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:
  AV: Lavasoft Ad-Watch Live! Anti-Virus
  AV: Microsoft Security Essentials
  Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
  Please remove all but one of them.
  

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
  
• it will ask to download extra definitions - ALLOW IT
  
• Click the Scan button to start the scan
  
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

[johncrimi]

Thanks - I will run these now.

Regarding multiple anti-virus - Adaware was removed. All I wanted was their adware component - but the new version contains anti-virus as well. It was ran one time - then removed. It found nothing. Note in the listing is says 'Disabled' - I'm surprised it is listed at all.

OK - will run these programs and report back - thanks for your help...

- John

[johncrimi]

unsure if you want to see the result log - but TDSSKiller found no threats...

Moving onto next step - thanks

[johncrimi]

Just re-read and noticed you wanted the logs...so here is TDSSKiller's report..

22:48:25.0117 3880 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31

22:48:25.0538 3880 ============================================================

22:48:25.0538 3880 Current date / time: 2012/05/30 22:48:25.0538

22:48:25.0538 3880 SystemInfo:

22:48:25.0538 3880

22:48:25.0538 3880 OS Version: 6.1.7601 ServicePack: 1.0

22:48:25.0538 3880 Product type: Workstation

22:48:25.0538 3880 ComputerName: JOHN-PC

22:48:25.0538 3880 UserName: John

22:48:25.0538 3880 Windows directory: C:\Windows

22:48:25.0538 3880 System windows directory: C:\Windows

22:48:25.0538 3880 Running under WOW64

22:48:25.0538 3880 Processor architecture: Intel x64

22:48:25.0538 3880 Number of processors: 2

22:48:25.0538 3880 Page size: 0x1000

22:48:25.0538 3880 Boot type: Normal boot

22:48:25.0538 3880 ============================================================

22:48:26.0973 3880 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:48:27.0004 3880 ============================================================

22:48:27.0004 3880 \Device\Harddisk0\DR0:

22:48:27.0004 3880 MBR partitions:

22:48:27.0004 3880 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1371276

22:48:27.0004 3880 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13712B5, BlocksNum 0x240BCFFB

22:48:27.0004 3880 ============================================================

22:48:27.0051 3880 C: <-> \Device\Harddisk0\DR0\Partition1

22:48:27.0051 3880 D: <-> \Device\Harddisk0\DR0\Partition0

22:48:27.0051 3880 ============================================================

22:48:27.0051 3880 Initialize success

22:48:27.0051 3880 ============================================================

22:49:01.0621 3892 ============================================================

22:49:01.0621 3892 Scan started

22:49:01.0621 3892 Mode: Manual;

22:49:01.0621 3892 ============================================================

22:49:02.0916 3892 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

22:49:02.0931 3892 1394ohci - ok

22:49:02.0978 3892 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

22:49:02.0994 3892 ACPI - ok

22:49:03.0040 3892 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

22:49:03.0040 3892 AcpiPmi - ok

22:49:03.0134 3892 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

22:49:03.0134 3892 AdobeARMservice - ok

22:49:03.0430 3892 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

22:49:03.0430 3892 AdobeFlashPlayerUpdateSvc - ok

22:49:04.0320 3892 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

22:49:04.0351 3892 adp94xx - ok

22:49:04.0429 3892 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

22:49:04.0444 3892 adpahci - ok

22:49:04.0507 3892 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

22:49:04.0507 3892 adpu320 - ok

22:49:04.0569 3892 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

22:49:04.0569 3892 AeLookupSvc - ok

22:49:04.0632 3892 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

22:49:04.0678 3892 AFD - ok

22:49:04.0772 3892 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe

22:49:04.0772 3892 AgereModemAudio - ok

22:49:05.0458 3892 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\Windows\system32\DRIVERS\agrsm64.sys

22:49:05.0490 3892 AgereSoftModem - ok

22:49:05.0536 3892 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

22:49:05.0536 3892 agp440 - ok

22:49:05.0583 3892 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

22:49:05.0583 3892 ALG - ok

22:49:05.0614 3892 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

22:49:05.0614 3892 aliide - ok

22:49:05.0630 3892 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

22:49:05.0630 3892 amdide - ok

22:49:05.0708 3892 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

22:49:05.0724 3892 AmdK8 - ok

22:49:05.0739 3892 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

22:49:05.0739 3892 AmdPPM - ok

22:49:05.0770 3892 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

22:49:05.0770 3892 amdsata - ok

22:49:05.0817 3892 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

22:49:05.0834 3892 amdsbs - ok

22:49:05.0865 3892 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

22:49:05.0865 3892 amdxata - ok

22:49:05.0912 3892 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

22:49:05.0912 3892 AppID - ok

22:49:05.0943 3892 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

22:49:05.0959 3892 AppIDSvc - ok

22:49:05.0990 3892 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

22:49:05.0990 3892 Appinfo - ok

22:49:06.0193 3892 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

22:49:06.0208 3892 Apple Mobile Device - ok

22:49:06.0271 3892 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

22:49:06.0286 3892 AppMgmt - ok

22:49:06.0317 3892 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

22:49:06.0333 3892 arc - ok

22:49:06.0349 3892 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

22:49:06.0349 3892 arcsas - ok

22:49:06.0380 3892 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

22:49:06.0380 3892 AsyncMac - ok

22:49:06.0427 3892 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

22:49:06.0427 3892 atapi - ok

22:49:06.0489 3892 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

22:49:06.0505 3892 AudioEndpointBuilder - ok

22:49:06.0520 3892 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

22:49:06.0520 3892 AudioSrv - ok

22:49:06.0567 3892 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

22:49:06.0583 3892 AxInstSV - ok

22:49:06.0629 3892 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

22:49:06.0645 3892 b06bdrv - ok

22:49:06.0692 3892 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

22:49:06.0707 3892 b57nd60a - ok

22:49:07.0441 3892 BCM43XX (fb4fda64f2e8552eaeb5986c3f34462c) C:\Windows\system32\DRIVERS\bcmwl664.sys

22:49:07.0456 3892 BCM43XX - ok

22:49:08.0392 3892 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

22:49:08.0408 3892 BDESVC - ok

22:49:08.0611 3892 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

22:49:08.0626 3892 Beep - ok

22:49:08.0782 3892 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

22:49:08.0798 3892 BFE - ok

22:49:08.0860 3892 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

22:49:08.0876 3892 BITS - ok

22:49:08.0954 3892 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

22:49:08.0954 3892 blbdrive - ok

22:49:09.0047 3892 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

22:49:09.0047 3892 Bonjour Service - ok

22:49:09.0094 3892 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

22:49:09.0110 3892 bowser - ok

22:49:09.0125 3892 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:49:09.0125 3892 BrFiltLo - ok

22:49:09.0141 3892 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:49:09.0141 3892 BrFiltUp - ok

22:49:09.0188 3892 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

22:49:09.0188 3892 BridgeMP - ok

22:49:09.0219 3892 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

22:49:09.0235 3892 Browser - ok

22:49:09.0250 3892 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

22:49:09.0266 3892 Brserid - ok

22:49:09.0297 3892 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

22:49:09.0297 3892 BrSerWdm - ok

22:49:09.0313 3892 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

22:49:09.0313 3892 BrUsbMdm - ok

22:49:09.0328 3892 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

22:49:09.0328 3892 BrUsbSer - ok

22:49:09.0344 3892 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

22:49:09.0344 3892 BTHMODEM - ok

22:49:09.0391 3892 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

22:49:09.0406 3892 bthserv - ok

22:49:09.0437 3892 catchme - ok

22:49:09.0500 3892 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

22:49:09.0515 3892 cdfs - ok

22:49:09.0562 3892 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

22:49:09.0578 3892 cdrom - ok

22:49:09.0625 3892 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

22:49:09.0625 3892 CertPropSvc - ok

22:49:09.0656 3892 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

22:49:09.0671 3892 circlass - ok

22:49:09.0703 3892 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

22:49:09.0718 3892 CLFS - ok

22:49:10.0077 3892 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:49:10.0077 3892 clr_optimization_v2.0.50727_32 - ok

22:49:10.0342 3892 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

22:49:10.0342 3892 clr_optimization_v2.0.50727_64 - ok

22:49:10.0436 3892 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:49:10.0451 3892 clr_optimization_v4.0.30319_32 - ok

22:49:10.0483 3892 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

22:49:10.0498 3892 clr_optimization_v4.0.30319_64 - ok

22:49:10.0545 3892 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

22:49:10.0545 3892 CmBatt - ok

22:49:10.0576 3892 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

22:49:10.0576 3892 cmdide - ok

22:49:10.0623 3892 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

22:49:10.0654 3892 CNG - ok

22:49:10.0670 3892 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

22:49:10.0670 3892 Compbatt - ok

22:49:10.0748 3892 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

22:49:10.0748 3892 CompositeBus - ok

22:49:10.0763 3892 COMSysApp - ok

22:49:10.0841 3892 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

22:49:10.0841 3892 crcdisk - ok

22:49:10.0904 3892 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

22:49:10.0919 3892 CryptSvc - ok

22:49:11.0247 3892 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

22:49:11.0278 3892 CSC - ok

22:49:11.0356 3892 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

22:49:11.0387 3892 CscService - ok

22:49:11.0481 3892 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

22:49:11.0497 3892 DcomLaunch - ok

22:49:11.0559 3892 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

22:49:11.0575 3892 defragsvc - ok

22:49:11.0684 3892 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

22:49:11.0699 3892 DfsC - ok

22:49:11.0762 3892 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

22:49:11.0777 3892 Dhcp - ok

22:49:11.0809 3892 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

22:49:11.0809 3892 discache - ok

22:49:11.0855 3892 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

22:49:11.0855 3892 Disk - ok

22:49:11.0902 3892 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

22:49:11.0918 3892 Dnscache - ok

22:49:11.0949 3892 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

22:49:11.0965 3892 dot3svc - ok

22:49:12.0011 3892 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

22:49:12.0027 3892 DPS - ok

22:49:12.0074 3892 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

22:49:12.0074 3892 drmkaud - ok

22:49:12.0136 3892 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

22:49:12.0152 3892 DXGKrnl - ok

22:49:12.0230 3892 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

22:49:12.0245 3892 EapHost - ok

22:49:13.0712 3892 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

22:49:13.0774 3892 ebdrv - ok

22:49:13.0946 3892 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

22:49:13.0946 3892 EFS - ok

22:49:14.0835 3892 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

22:49:14.0866 3892 ehRecvr - ok

22:49:14.0929 3892 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

22:49:14.0944 3892 ehSched - ok

22:49:15.0069 3892 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

22:49:15.0085 3892 elxstor - ok

22:49:15.0116 3892 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

22:49:15.0116 3892 ErrDev - ok

22:49:15.0178 3892 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

22:49:15.0194 3892 EventSystem - ok

22:49:15.0209 3892 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

22:49:15.0225 3892 exfat - ok

22:49:15.0241 3892 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

22:49:15.0256 3892 fastfat - ok

22:49:15.0334 3892 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

22:49:15.0350 3892 Fax - ok

22:49:15.0365 3892 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

22:49:15.0365 3892 fdc - ok

22:49:15.0506 3892 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

22:49:15.0506 3892 fdPHost - ok

22:49:15.0521 3892 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

22:49:15.0537 3892 FDResPub - ok

22:49:15.0568 3892 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

22:49:15.0568 3892 FileInfo - ok

22:49:15.0599 3892 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

22:49:15.0599 3892 Filetrace - ok

22:49:15.0615 3892 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

22:49:15.0631 3892 flpydisk - ok

22:49:15.0880 3892 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

22:49:15.0896 3892 FltMgr - ok

22:49:16.0457 3892 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

22:49:16.0489 3892 FontCache - ok

22:49:16.0645 3892 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

22:49:16.0645 3892 FontCache3.0.0.0 - ok

22:49:16.0785 3892 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

22:49:16.0801 3892 FsDepends - ok

22:49:16.0832 3892 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

22:49:16.0832 3892 Fs_Rec - ok

22:49:16.0894 3892 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

22:49:16.0910 3892 fvevol - ok

22:49:16.0972 3892 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

22:49:16.0972 3892 gagp30kx - ok

22:49:17.0019 3892 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

22:49:17.0019 3892 GEARAspiWDM - ok

22:49:17.0081 3892 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

22:49:17.0113 3892 gpsvc - ok

22:49:17.0128 3892 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

22:49:17.0128 3892 hcw85cir - ok

22:49:17.0175 3892 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

22:49:17.0191 3892 HdAudAddService - ok

22:49:17.0253 3892 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

22:49:17.0253 3892 HDAudBus - ok

22:49:17.0284 3892 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

22:49:17.0284 3892 HidBatt - ok

22:49:17.0300 3892 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

22:49:17.0300 3892 HidBth - ok

22:49:17.0315 3892 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

22:49:17.0315 3892 HidIr - ok

22:49:17.0347 3892 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

22:49:17.0362 3892 hidserv - ok

22:49:17.0409 3892 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

22:49:17.0409 3892 HidUsb - ok

22:49:17.0471 3892 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

22:49:17.0487 3892 hkmsvc - ok

22:49:17.0783 3892 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

22:49:17.0799 3892 HomeGroupListener - ok

22:49:17.0830 3892 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

22:49:17.0861 3892 HomeGroupProvider - ok

22:49:17.0908 3892 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

22:49:17.0908 3892 HpSAMD - ok

22:49:18.0189 3892 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

22:49:18.0220 3892 HTTP - ok

22:49:18.0251 3892 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

22:49:18.0251 3892 hwpolicy - ok

22:49:18.0283 3892 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

22:49:18.0298 3892 i8042prt - ok

22:49:18.0361 3892 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

22:49:18.0392 3892 iaStorV - ok

22:49:19.0468 3892 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

22:49:19.0499 3892 idsvc - ok

22:49:19.0546 3892 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

22:49:19.0546 3892 iirsp - ok

22:49:19.0624 3892 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

22:49:19.0655 3892 IKEEXT - ok

22:49:21.0451 3892 IntcAzAudAddService (f2744fd54be1580be05916d1c755c92a) C:\Windows\system32\drivers\RTKVHD64.sys

22:49:21.0471 3892 IntcAzAudAddService - ok

22:49:21.0745 3892 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

22:49:21.0747 3892 intelide - ok

22:49:21.0798 3892 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

22:49:21.0802 3892 intelppm - ok

22:49:21.0946 3892 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

22:49:21.0947 3892 IntuitUpdateServiceV4 - ok

22:49:22.0072 3892 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

22:49:22.0079 3892 IPBusEnum - ok

22:49:22.0110 3892 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:49:22.0117 3892 IpFilterDriver - ok

22:49:22.0194 3892 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

22:49:22.0213 3892 iphlpsvc - ok

22:49:22.0252 3892 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

22:49:22.0254 3892 IPMIDRV - ok

22:49:22.0293 3892 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

22:49:22.0300 3892 IPNAT - ok

22:49:23.0218 3892 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

22:49:23.0225 3892 iPod Service - ok

22:49:23.0267 3892 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

22:49:23.0269 3892 IRENUM - ok

22:49:23.0296 3892 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

22:49:23.0298 3892 isapnp - ok

22:49:23.0334 3892 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

22:49:23.0346 3892 iScsiPrt - ok

22:49:23.0366 3892 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

22:49:23.0367 3892 kbdclass - ok

22:49:23.0404 3892 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

22:49:23.0405 3892 kbdhid - ok

22:49:23.0444 3892 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:49:23.0446 3892 KeyIso - ok

22:49:23.0561 3892 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

22:49:23.0564 3892 KSecDD - ok

22:49:23.0589 3892 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

22:49:23.0603 3892 KSecPkg - ok

22:49:23.0646 3892 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

22:49:23.0649 3892 ksthunk - ok

22:49:23.0708 3892 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

22:49:23.0726 3892 KtmRm - ok

22:49:23.0790 3892 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

22:49:23.0809 3892 LanmanServer - ok

22:49:23.0859 3892 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

22:49:23.0872 3892 LanmanWorkstation - ok

22:49:23.0916 3892 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

22:49:23.0920 3892 lltdio - ok

22:49:23.0971 3892 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

22:49:23.0984 3892 lltdsvc - ok

22:49:24.0001 3892 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

22:49:24.0003 3892 lmhosts - ok

22:49:24.0042 3892 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

22:49:24.0048 3892 LSI_FC - ok

22:49:24.0064 3892 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

22:49:24.0070 3892 LSI_SAS - ok

22:49:24.0086 3892 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:49:24.0087 3892 LSI_SAS2 - ok

22:49:24.0103 3892 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:49:24.0110 3892 LSI_SCSI - ok

22:49:24.0137 3892 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

22:49:24.0144 3892 luafv - ok

22:49:24.0170 3892 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

22:49:24.0177 3892 Mcx2Svc - ok

22:49:24.0194 3892 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

22:49:24.0196 3892 megasas - ok

22:49:24.0227 3892 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

22:49:24.0240 3892 MegaSR - ok

22:49:24.0332 3892 Microsoft SharePoint Workspace Audit Service - ok

22:49:24.0384 3892 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

22:49:24.0389 3892 MMCSS - ok

22:49:24.0447 3892 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

22:49:24.0449 3892 Modem - ok

22:49:24.0501 3892 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

22:49:24.0502 3892 monitor - ok

22:49:24.0541 3892 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

22:49:24.0541 3892 mouclass - ok

22:49:24.0603 3892 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

22:49:24.0603 3892 mouhid - ok

22:49:24.0634 3892 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

22:49:24.0650 3892 mountmgr - ok

22:49:24.0697 3892 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

22:49:24.0697 3892 MpFilter - ok

22:49:24.0744 3892 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

22:49:24.0759 3892 mpio - ok

22:49:24.0790 3892 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

22:49:24.0790 3892 mpsdrv - ok

22:49:24.0868 3892 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

22:49:24.0900 3892 MpsSvc - ok

22:49:24.0962 3892 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

22:49:24.0978 3892 MRxDAV - ok

22:49:25.0024 3892 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:49:25.0024 3892 mrxsmb - ok

22:49:25.0071 3892 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:49:25.0087 3892 mrxsmb10 - ok

22:49:25.0118 3892 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:49:25.0134 3892 mrxsmb20 - ok

22:49:25.0165 3892 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

22:49:25.0165 3892 msahci - ok

22:49:25.0212 3892 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

22:49:25.0212 3892 msdsm - ok

22:49:25.0258 3892 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

22:49:25.0274 3892 MSDTC - ok

22:49:25.0305 3892 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

22:49:25.0305 3892 Msfs - ok

22:49:25.0305 3892 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

22:49:25.0305 3892 mshidkmdf - ok

22:49:25.0321 3892 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

22:49:25.0321 3892 msisadrv - ok

22:49:25.0368 3892 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

22:49:25.0383 3892 MSiSCSI - ok

22:49:25.0399 3892 msiserver - ok

22:49:25.0430 3892 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

22:49:25.0430 3892 MSKSSRV - ok

22:49:25.0555 3892 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe

22:49:25.0570 3892 MsMpSvc - ok

22:49:25.0586 3892 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

22:49:25.0586 3892 MSPCLOCK - ok

22:49:25.0602 3892 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

22:49:25.0602 3892 MSPQM - ok

22:49:25.0648 3892 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

22:49:25.0664 3892 MsRPC - ok

22:49:25.0695 3892 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

22:49:25.0695 3892 mssmbios - ok

22:49:25.0711 3892 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

22:49:25.0711 3892 MSTEE - ok

22:49:25.0726 3892 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

22:49:25.0726 3892 MTConfig - ok

22:49:25.0758 3892 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

22:49:25.0758 3892 Mup - ok

22:49:25.0804 3892 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

22:49:25.0820 3892 napagent - ok

22:49:25.0882 3892 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

22:49:25.0898 3892 NativeWifiP - ok

22:49:25.0992 3892 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

22:49:26.0007 3892 NDIS - ok

22:49:26.0038 3892 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

22:49:26.0038 3892 NdisCap - ok

22:49:26.0054 3892 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

22:49:26.0054 3892 NdisTapi - ok

22:49:26.0101 3892 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

22:49:26.0101 3892 Ndisuio - ok

22:49:26.0132 3892 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

22:49:26.0148 3892 NdisWan - ok

22:49:26.0179 3892 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

22:49:26.0179 3892 NDProxy - ok

22:49:26.0226 3892 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

22:49:26.0226 3892 NetBIOS - ok

22:49:26.0257 3892 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

22:49:26.0272 3892 NetBT - ok

22:49:26.0304 3892 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:49:26.0304 3892 Netlogon - ok

22:49:26.0366 3892 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

22:49:26.0382 3892 Netman - ok

22:49:26.0428 3892 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

22:49:26.0444 3892 netprofm - ok

22:49:26.0662 3892 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:49:26.0678 3892 NetTcpPortSharing - ok

22:49:26.0740 3892 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

22:49:26.0740 3892 nfrd960 - ok

22:49:26.0787 3892 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

22:49:26.0803 3892 NisDrv - ok

22:49:27.0255 3892 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

22:49:27.0271 3892 NisSrv - ok

22:49:27.0349 3892 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

22:49:27.0364 3892 NlaSvc - ok

22:49:27.0411 3892 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

22:49:27.0411 3892 Npfs - ok

22:49:27.0458 3892 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

22:49:27.0458 3892 nsi - ok

22:49:27.0474 3892 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

22:49:27.0474 3892 nsiproxy - ok

22:49:28.0846 3892 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

22:49:28.0893 3892 Ntfs - ok

22:49:29.0018 3892 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

22:49:29.0018 3892 Null - ok

22:49:29.0486 3892 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys

22:49:29.0564 3892 nvlddmkm - ok

22:49:29.0704 3892 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

22:49:29.0720 3892 nvraid - ok

22:49:29.0751 3892 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

22:49:29.0751 3892 nvstor - ok

22:49:29.0798 3892 nvsvc (43bc8151893ae6afe42e149d663c2221) C:\Windows\system32\nvvsvc.exe

22:49:29.0798 3892 nvsvc - ok

22:49:29.0829 3892 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

22:49:29.0829 3892 nv_agp - ok

22:49:29.0860 3892 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

22:49:29.0860 3892 ohci1394 - ok

22:49:29.0938 3892 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:49:29.0954 3892 ose - ok

22:49:30.0219 3892 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

22:49:30.0313 3892 osppsvc - ok

22:49:30.0422 3892 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

22:49:30.0438 3892 p2pimsvc - ok

22:49:30.0484 3892 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

22:49:30.0500 3892 p2psvc - ok

22:49:30.0578 3892 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

22:49:30.0578 3892 Parport - ok

22:49:30.0625 3892 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

22:49:30.0625 3892 partmgr - ok

22:49:30.0640 3892 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

22:49:30.0656 3892 PcaSvc - ok

22:49:30.0687 3892 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

22:49:30.0703 3892 pci - ok

22:49:30.0718 3892 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

22:49:30.0718 3892 pciide - ok

22:49:30.0734 3892 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

22:49:30.0750 3892 pcmcia - ok

22:49:30.0765 3892 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

22:49:30.0765 3892 pcw - ok

22:49:30.0812 3892 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

22:49:30.0828 3892 PEAUTH - ok

22:49:30.0906 3892 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

22:49:30.0937 3892 PeerDistSvc - ok

22:49:31.0015 3892 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

22:49:31.0015 3892 PerfHost - ok

22:49:31.0171 3892 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

22:49:31.0202 3892 pla - ok

22:49:31.0264 3892 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

22:49:31.0280 3892 PlugPlay - ok

22:49:31.0311 3892 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

22:49:31.0311 3892 PNRPAutoReg - ok

22:49:31.0342 3892 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

22:49:31.0358 3892 PNRPsvc - ok

22:49:31.0405 3892 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

22:49:31.0420 3892 PolicyAgent - ok

22:49:31.0467 3892 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

22:49:31.0483 3892 Power - ok

22:49:31.0545 3892 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

22:49:31.0545 3892 PptpMiniport - ok

22:49:31.0592 3892 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

22:49:31.0592 3892 Processor - ok

22:49:31.0654 3892 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

22:49:31.0654 3892 ProfSvc - ok

22:49:31.0686 3892 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:49:31.0686 3892 ProtectedStorage - ok

22:49:31.0732 3892 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

22:49:31.0748 3892 Psched - ok

22:49:31.0826 3892 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

22:49:31.0873 3892 ql2300 - ok

22:49:31.0982 3892 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

22:49:31.0982 3892 ql40xx - ok

22:49:32.0013 3892 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

22:49:32.0029 3892 QWAVE - ok

22:49:32.0044 3892 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

22:49:32.0044 3892 QWAVEdrv - ok

22:49:32.0060 3892 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

22:49:32.0060 3892 RasAcd - ok

22:49:32.0091 3892 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

22:49:32.0091 3892 RasAgileVpn - ok

22:49:32.0107 3892 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

22:49:32.0122 3892 RasAuto - ok

22:49:32.0154 3892 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:49:32.0169 3892 Rasl2tp - ok

22:49:32.0185 3892 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

22:49:32.0200 3892 RasMan - ok

22:49:32.0232 3892 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

22:49:32.0232 3892 RasPppoe - ok

22:49:32.0263 3892 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

22:49:32.0263 3892 RasSstp - ok

22:49:32.0310 3892 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

22:49:32.0325 3892 rdbss - ok

22:49:32.0341 3892 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

22:49:32.0341 3892 rdpbus - ok

22:49:32.0356 3892 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:49:32.0356 3892 RDPCDD - ok

22:49:32.0403 3892 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

22:49:32.0419 3892 RDPDR - ok

22:49:32.0434 3892 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

22:49:32.0434 3892 RDPENCDD - ok

22:49:32.0481 3892 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

22:49:32.0481 3892 RDPREFMP - ok

22:49:32.0512 3892 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

22:49:32.0512 3892 RdpVideoMiniport - ok

22:49:32.0544 3892 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

22:49:32.0559 3892 RDPWD - ok

22:49:32.0590 3892 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

22:49:32.0606 3892 rdyboost - ok

22:49:32.0637 3892 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

22:49:32.0653 3892 RemoteAccess - ok

22:49:32.0684 3892 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

22:49:32.0700 3892 RemoteRegistry - ok

22:49:32.0715 3892 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

22:49:32.0731 3892 RpcEptMapper - ok

22:49:32.0762 3892 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

22:49:32.0762 3892 RpcLocator - ok

22:49:32.0840 3892 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

22:49:32.0856 3892 RpcSs - ok

22:49:32.0902 3892 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

22:49:32.0902 3892 rspndr - ok

22:49:32.0934 3892 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

22:49:32.0934 3892 s3cap - ok

22:49:32.0965 3892 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:49:32.0965 3892 SamSs - ok

22:49:32.0980 3892 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

22:49:32.0980 3892 sbp2port - ok

22:49:32.0996 3892 SBRE - ok

22:49:33.0058 3892 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

22:49:33.0058 3892 SCardSvr - ok

22:49:33.0090 3892 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

22:49:33.0090 3892 scfilter - ok

22:49:33.0152 3892 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

22:49:33.0183 3892 Schedule - ok

22:49:33.0214 3892 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

22:49:33.0214 3892 SCPolicySvc - ok

22:49:33.0261 3892 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

22:49:33.0277 3892 SDRSVC - ok

22:49:33.0355 3892 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

22:49:33.0355 3892 secdrv - ok

22:49:33.0386 3892 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

22:49:33.0386 3892 seclogon - ok

22:49:33.0448 3892 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

22:49:33.0448 3892 SENS - ok

22:49:33.0464 3892 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

22:49:33.0480 3892 SensrSvc - ok

22:49:33.0495 3892 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

22:49:33.0495 3892 Serenum - ok

22:49:33.0511 3892 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

22:49:33.0526 3892 Serial - ok

22:49:33.0573 3892 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

22:49:33.0573 3892 sermouse - ok

22:49:33.0620 3892 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

22:49:33.0620 3892 SessionEnv - ok

22:49:33.0651 3892 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

22:49:33.0651 3892 sffdisk - ok

22:49:33.0667 3892 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

22:49:33.0667 3892 sffp_mmc - ok

22:49:33.0667 3892 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

22:49:33.0682 3892 sffp_sd - ok

22:49:33.0714 3892 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

22:49:33.0714 3892 sfloppy - ok

22:49:33.0792 3892 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

22:49:33.0807 3892 SharedAccess - ok

22:49:33.0870 3892 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

22:49:33.0885 3892 ShellHWDetection - ok

22:49:33.0932 3892 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:49:33.0932 3892 SiSRaid2 - ok

22:49:33.0948 3892 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

22:49:33.0948 3892 SiSRaid4 - ok

22:49:33.0979 3892 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

22:49:33.0979 3892 Smb - ok

22:49:34.0041 3892 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

22:49:34.0041 3892 SNMPTRAP - ok

22:49:34.0057 3892 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

22:49:34.0057 3892 spldr - ok

22:49:34.0104 3892 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

22:49:34.0104 3892 Spooler - ok

22:49:34.0228 3892 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

22:49:34.0306 3892 sppsvc - ok

22:49:34.0416 3892 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

22:49:34.0416 3892 sppuinotify - ok

22:49:34.0509 3892 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

22:49:34.0540 3892 srv - ok

22:49:34.0572 3892 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

22:49:34.0587 3892 srv2 - ok

22:49:34.0603 3892 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

22:49:34.0603 3892 srvnet - ok

22:49:34.0650 3892 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

22:49:34.0665 3892 SSDPSRV - ok

22:49:34.0681 3892 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

22:49:34.0696 3892 SstpSvc - ok

22:49:34.0728 3892 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

22:49:34.0728 3892 stexstor - ok

22:49:34.0790 3892 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

22:49:34.0806 3892 stisvc - ok

22:49:34.0852 3892 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

22:49:34.0852 3892 storflt - ok

22:49:34.0899 3892 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

22:49:34.0899 3892 storvsc - ok

22:49:34.0915 3892 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

22:49:34.0915 3892 swenum - ok

22:49:34.0962 3892 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

22:49:34.0977 3892 swprv - ok

22:49:34.0993 3892 Synth3dVsc - ok

22:49:35.0071 3892 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

22:49:35.0102 3892 SysMain - ok

22:49:35.0211 3892 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

22:49:35.0211 3892 TabletInputService - ok

22:49:35.0227 3892 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

22:49:35.0242 3892 TapiSrv - ok

22:49:35.0274 3892 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

22:49:35.0274 3892 TBS - ok

22:49:35.0383 3892 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

22:49:35.0430 3892 Tcpip - ok

22:49:35.0617 3892 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

22:49:35.0632 3892 TCPIP6 - ok

22:49:35.0726 3892 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

22:49:35.0726 3892 tcpipreg - ok

22:49:35.0773 3892 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

22:49:35.0773 3892 TDPIPE - ok

22:49:35.0804 3892 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

22:49:35.0804 3892 TDTCP - ok

22:49:35.0835 3892 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

22:49:35.0835 3892 tdx - ok

22:49:35.0882 3892 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

22:49:35.0882 3892 TermDD - ok

22:49:35.0944 3892 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

22:49:35.0960 3892 TermService - ok

22:49:36.0007 3892 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

22:49:36.0007 3892 Themes - ok

22:49:36.0038 3892 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

22:49:36.0038 3892 THREADORDER - ok

22:49:36.0069 3892 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

22:49:36.0069 3892 TrkWks - ok

22:49:36.0147 3892 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

22:49:36.0147 3892 TrustedInstaller - ok

22:49:36.0178 3892 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:49:36.0178 3892 tssecsrv - ok

22:49:36.0225 3892 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

22:49:36.0225 3892 TsUsbFlt - ok

22:49:36.0225 3892 tsusbhub - ok

22:49:36.0272 3892 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

22:49:36.0288 3892 tunnel - ok

22:49:36.0303 3892 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

22:49:36.0303 3892 uagp35 - ok

22:49:36.0366 3892 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

22:49:36.0381 3892 udfs - ok

22:49:36.0428 3892 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

22:49:36.0444 3892 UI0Detect - ok

22:49:36.0475 3892 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

22:49:36.0475 3892 uliagpkx - ok

22:49:36.0522 3892 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

22:49:36.0522 3892 umbus - ok

22:49:36.0553 3892 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

22:49:36.0553 3892 UmPass - ok

22:49:36.0600 3892 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

22:49:36.0615 3892 UmRdpService - ok

22:49:36.0646 3892 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

22:49:36.0662 3892 upnphost - ok

22:49:36.0709 3892 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

22:49:36.0709 3892 usbccgp - ok

22:49:36.0740 3892 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

22:49:36.0740 3892 usbcir - ok

22:49:36.0756 3892 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

22:49:36.0756 3892 usbehci - ok

22:49:36.0802 3892 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

22:49:36.0802 3892 usbhub - ok

22:49:36.0818 3892 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

22:49:36.0818 3892 usbohci - ok

22:49:36.0865 3892 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

22:49:36.0865 3892 usbprint - ok

22:49:36.0912 3892 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

22:49:36.0912 3892 usbscan - ok

22:49:36.0943 3892 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:49:36.0943 3892 USBSTOR - ok

22:49:36.0974 3892 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

22:49:36.0974 3892 usbuhci - ok

22:49:37.0021 3892 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

22:49:37.0021 3892 UxSms - ok

22:49:37.0052 3892 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

22:49:37.0052 3892 VaultSvc - ok

22:49:37.0083 3892 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

22:49:37.0083 3892 vdrvroot - ok

22:49:37.0130 3892 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

22:49:37.0146 3892 vds - ok

22:49:37.0192 3892 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

22:49:37.0192 3892 vga - ok

22:49:37.0208 3892 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

22:49:37.0208 3892 VgaSave - ok

22:49:37.0224 3892 VGPU - ok

22:49:37.0255 3892 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

22:49:37.0270 3892 vhdmp - ok

22:49:37.0302 3892 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

22:49:37.0302 3892 viaide - ok

22:49:37.0317 3892 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

22:49:37.0333 3892 vmbus - ok

22:49:37.0348 3892 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

22:49:37.0348 3892 VMBusHID - ok

22:49:37.0364 3892 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

22:49:37.0364 3892 volmgr - ok

22:49:37.0395 3892 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

22:49:37.0411 3892 volmgrx - ok

22:49:37.0426 3892 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

22:49:37.0442 3892 volsnap - ok

22:49:37.0489 3892 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

22:49:37.0504 3892 vsmraid - ok

22:49:37.0614 3892 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

22:49:37.0692 3892 VSS - ok

22:49:37.0832 3892 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

22:49:37.0832 3892 vwifibus - ok

22:49:37.0848 3892 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

22:49:37.0848 3892 vwififlt - ok

22:49:37.0894 3892 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

22:49:37.0910 3892 W32Time - ok

22:49:37.0941 3892 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

22:49:37.0941 3892 WacomPen - ok

22:49:37.0988 3892 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

22:49:37.0988 3892 WANARP - ok

22:49:38.0004 3892 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

22:49:38.0004 3892 Wanarpv6 - ok

22:49:38.0097 3892 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

22:49:38.0113 3892 WatAdminSvc - ok

22:49:38.0191 3892 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

22:49:38.0238 3892 wbengine - ok

22:49:38.0347 3892 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

22:49:38.0362 3892 WbioSrvc - ok

22:49:38.0425 3892 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

22:49:38.0440 3892 wcncsvc - ok

22:49:38.0456 3892 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

22:49:38.0456 3892 WcsPlugInService - ok

22:49:38.0534 3892 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

22:49:38.0534 3892 Wd - ok

22:49:38.0581 3892 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

22:49:38.0596 3892 Wdf01000 - ok

22:49:38.0612 3892 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

22:49:38.0612 3892 WdiServiceHost - ok

22:49:38.0628 3892 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

22:49:38.0628 3892 WdiSystemHost - ok

22:49:38.0659 3892 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

22:49:38.0674 3892 WebClient - ok

22:49:38.0690 3892 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

22:49:38.0706 3892 Wecsvc - ok

22:49:38.0721 3892 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

22:49:38.0737 3892 wercplsupport - ok

22:49:38.0768 3892 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

22:49:38.0784 3892 WerSvc - ok

22:49:38.0846 3892 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

22:49:38.0846 3892 WfpLwf - ok

22:49:38.0862 3892 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

22:49:38.0862 3892 WIMMount - ok

22:49:38.0924 3892 WinDefend - ok

22:49:38.0924 3892 WinHttpAutoProxySvc - ok

22:49:38.0986 3892 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

22:49:39.0002 3892 Winmgmt - ok

22:49:39.0096 3892 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

22:49:39.0174 3892 WinRM - ok

22:49:39.0330 3892 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

22:49:39.0345 3892 Wlansvc - ok

22:49:39.0408 3892 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

22:49:39.0408 3892 WmiAcpi - ok

22:49:39.0470 3892 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

22:49:39.0486 3892 wmiApSrv - ok

22:49:39.0548 3892 WMPNetworkSvc - ok

22:49:39.0579 3892 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

22:49:39.0579 3892 WPCSvc - ok

22:49:39.0626 3892 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

22:49:39.0626 3892 WPDBusEnum - ok

22:49:39.0657 3892 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

22:49:39.0657 3892 ws2ifsl - ok

22:49:39.0688 3892 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

22:49:39.0688 3892 wscsvc - ok

22:49:39.0704 3892 WSearch - ok

22:49:39.0844 3892 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

22:49:39.0907 3892 wuauserv - ok

22:49:40.0047 3892 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

22:49:40.0063 3892 WudfPf - ok

22:49:40.0078 3892 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:49:40.0078 3892 WUDFRd - ok

22:49:40.0125 3892 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

22:49:40.0125 3892 wudfsvc - ok

22:49:40.0156 3892 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

22:49:40.0172 3892 WwanSvc - ok

22:49:40.0234 3892 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys

22:49:40.0234 3892 yukonw7 - ok

22:49:40.0266 3892 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

22:49:40.0406 3892 \Device\Harddisk0\DR0 - ok

22:49:40.0422 3892 Boot (0x1200) (7deb62472d9e170088ed068d8f4d3ded) \Device\Harddisk0\DR0\Partition0

22:49:40.0422 3892 \Device\Harddisk0\DR0\Partition0 - ok

22:49:40.0422 3892 Boot (0x1200) (d1e62c7079fb1c700b94cd21019020c8) \Device\Harddisk0\DR0\Partition1

22:49:40.0422 3892 \Device\Harddisk0\DR0\Partition1 - ok

22:49:40.0437 3892 ============================================================

22:49:40.0437 3892 Scan finished

22:49:40.0437 3892 ============================================================

22:49:40.0437 4060 Detected object count: 0

22:49:40.0437 4060 Actual detected object count: 0

[johncrimi]

scan still running.

I am running scan on c: (instead of default quick scan)

Hopefully it will complete soon....

Thx

[johncrimi]

By the way - it's still there...

WHile scan is running - I did a google search for Bridgeport Lake rental properties - first click got me the Butterfly search engine. I immediately clicked 'back' - then the same link again and I got where I wanted to go.

All of this is using Google Chrome.

Thanks.

[gringo_pr]

OK let me have the report when it is done

[johncrimi]

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-05-30 22:51:23

-----------------------------

22:51:23.595 OS Version: Windows x64 6.1.7601 Service Pack 1

22:51:23.595 Number of processors: 2 586 0x4B02

22:51:23.595 ComputerName: JOHN-PC UserName: John

22:51:24.313 Initialize success

22:52:27.492 AVAST engine defs: 12053002

22:54:30.517 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a

22:54:30.517 Disk 0 Vendor: ST332082 3.AA Size: 305245MB BusType: 3

22:54:30.532 Disk 0 MBR read successfully

22:54:30.548 Disk 0 MBR scan

22:54:30.563 Disk 0 Windows 7 default MBR code

22:54:30.563 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 9954 MB offset 63

22:54:30.626 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 295289 MB offset 20386485

22:54:30.735 Disk 0 scanning C:\Windows\system32\drivers

22:54:45.165 Service scanning

22:55:25.694 Modules scanning

22:55:25.709 Disk 0 trace - called modules:

22:55:25.725 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys

22:55:25.741 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800439c400]

22:55:26.255 3 CLASSPNP.SYS[fffff88001bbb43f] -> nt!IofCallDriver -> [0xfffffa8004245a20]

22:55:26.255 5 ACPI.sys[fffff88000f257a1] -> nt!IofCallDriver -> \Device\0000005a[0xfffffa80042429c0]

22:55:26.973 AVAST engine scan C:\

00:11:01.632 Scan finished successfully

00:11:22.873 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"

00:11:22.953 The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR.txt"

[gringo_pr]

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
  
• Under Output, ensure that Minimal Output is selected.
  
• Under Extra Registry section, select Use SafeList.
  
• Click the Scan All Users checkbox.
  
• Click on Run Scan at the top left hand corner.
  
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened and the that I need posted back here
    
  • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
    

  [*]Please post the contents of OTL.txt in your next reply.

Gringo

[johncrimi]

OTL logfile created on: 5/31/2012 7:09:11 AM - Run 1

OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\John\Downloads

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 65.45% Memory free

7.75 Gb Paging File | 5.67 Gb Available in Paging File | 73.14% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 288.37 Gb Total Space | 217.48 Gb Free Space | 75.42% Space Free | Partition Type: NTFS

Drive D: | 9.72 Gb Total Space | 9.64 Gb Free Space | 99.22% Space Free | Partition Type: NTFS

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - C:\Users\John\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Users\John\Downloads\aswMBR.exe (AVAST Software)

PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\LibreOffice 3.4\program\soffice.exe (The Document Foundation)

PRC - C:\Program Files (x86)\LibreOffice 3.4\program\soffice.bin (The Document Foundation)

PRC - C:\Program Files (x86)\LibreOffice 3.4\program\swriter.exe (The Document Foundation)

PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Users\John\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll ()

MOD - C:\Users\John\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll ()

MOD - C:\Users\John\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll ()

MOD - C:\Users\John\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll ()

MOD - C:\Users\John\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll ()

MOD - C:\Users\John\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll ()

MOD - C:\Users\John\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll ()

MOD - C:\Program Files (x86)\LibreOffice 3.4\program\xomi.dll ()

MOD - C:\Program Files (x86)\LibreOffice 3.4\program\unoxmlmi.dll ()

MOD - C:\Program Files (x86)\LibreOffice 3.4\program\tkmi.dll ()

MOD - C:\Program Files (x86)\LibreOffice 3.4\program\tlmi.dll ()

MOD - C:\Program Files (x86)\LibreOffice 3.4\program\unordfmi.dll ()

MOD - C:\Program Files (x86)\LibreOffice 3.4\program\swmi.dll ()

MOD - C:\Program Files (x86)\LibreOffice 3.4\program\svxcoremi.dll ()

MOD - C:\Program Files (x86)\LibreOffice 3.4\program\svtmi.dll ()

MOD - C:\Program Files (x86)\LibreOffice 3.4\program\svxmi.dll ()

MOD - C:\Program Files (x86)\LibreOffice 3.4\program\svlmi.dll ()

MOD - C:\Program Files (x86)\LibreOffice 3.4\program\swdmi.dll ()

MOD - C:\Program Files (x86)\LibreOffice 3.4\program\sfxmi.dll ()

MOD - C:\Program Files (x86)\LibreOffice 3.4\program\sotmi.dll ()

MOD - C:\Program Files (x86)\LibreOffice 3.4\program\libxml2.dll ()

MOD - C:\Program Files (x86)\LibreOffice 3.4\program\fwkmi.dll ()

MOD - C:\Program Files (x86)\LibreOffice 3.4\program\fwemi.dll ()

MOD - C:\Program Files (x86)\LibreOffice 3.4\program\fwimi.dll ()

MOD - C:\Program Files (x86)\LibreOffice 3.4\program\fsstorage.uno.dll ()

MOD - C:\Program Files (x86)\LibreOffice 3.4\program\editengmi.dll ()

MOD - C:\Program Files (x86)\LibreOffice 3.4\program\comphelpMSC.dll ()

MOD - C:\Program Files (x86)\LibreOffice 3.4\program\libxslt.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()

MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (udfs) -- C:\Windows\SysNative\drivers\udfs.sys (Microsoft Corporation)

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()

DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (cdfs) -- C:\Windows\SysNative\drivers\cdfs.sys (Microsoft Corporation)

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2300757923-2495358467-2577583169-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-2300757923-2495358467-2577583169-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 00 FE AB C7 33 CD 01 [binary data]

IE - HKU\S-1-5-21-2300757923-2495358467-2577583169-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2300757923-2495358467-2577583169-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2300757923-2495358467-2577583169-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2300757923-2495358467-2577583169-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\John\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\John\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\John\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\John\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: Java Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\John\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/30 20:25:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKU\S-1-5-21-2300757923-2495358467-2577583169-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2300757923-2495358467-2577583169-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2300757923-2495358467-2577583169-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-2300757923-2495358467-2577583169-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.96.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1C8C2CC-FECC-41DA-99E7-B1807A842CB0}: DhcpNameServer = 192.168.1.1 68.238.96.12

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 90 Days ==========

[2012/05/30 20:41:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/05/30 20:38:46 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/05/30 20:14:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/05/30 20:14:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/05/30 20:14:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/05/30 20:14:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/05/30 20:09:37 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/05/28 20:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2012/05/26 11:19:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe

[2012/05/15 08:03:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle

[2012/05/15 08:02:25 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012/05/15 08:02:16 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2012/05/15 08:02:16 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2012/05/14 07:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software

[2012/05/13 21:17:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FF97BDA9-9D6A-11E1-826F-B8AC6F996F26}

[2012/05/13 21:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\needthis_F4D56268000078330003BE83B4EB2331

[2012/05/09 23:16:26 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2012/05/09 23:16:25 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012/05/09 23:16:24 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012/05/09 23:16:24 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012/05/01 07:40:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2012/04/14 15:06:03 | 008,769,696 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012/04/11 03:05:27 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/04/11 03:05:27 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/04/11 03:05:24 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/04/11 03:05:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/04/11 03:05:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/04/11 03:05:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/04/11 03:05:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/04/11 03:05:23 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/04/11 03:05:22 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/04/11 03:05:22 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/04/11 03:05:22 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/04/11 03:01:46 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll

[2012/04/11 03:01:46 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys

[2012/04/11 03:01:45 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2012/04/09 07:03:08 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/04/02 22:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/04/02 22:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/04/02 22:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/04/02 22:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/03/13 20:31:17 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe

[2012/03/13 20:31:16 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll

[2012/03/13 20:31:16 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll

[2012/03/13 20:31:14 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll

[2012/03/13 20:31:14 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll

[2012/03/13 20:31:14 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll

========== Files - Modified Within 90 Days ==========

[2012/05/31 07:06:53 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2300757923-2495358467-2577583169-1001UA.job

[2012/05/31 07:06:51 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/05/31 07:06:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/31 00:14:03 | 000,000,091 | -H-- | M] () -- C:\Users\John\Desktop\.~lock.test..test...odt#

[2012/05/31 00:11:22 | 000,000,512 | ---- | M] () -- C:\Users\John\Desktop\MBR.dat

[2012/05/31 00:03:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2300757923-2495358467-2577583169-1001Core.job

[2012/05/30 22:49:15 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/30 22:49:15 | 000,013,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/30 22:46:16 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/05/30 22:46:16 | 000,626,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/05/30 22:46:16 | 000,107,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/05/30 22:41:26 | 3119,374,336 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/30 20:25:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/05/30 19:54:40 | 000,009,493 | ---- | M] () -- C:\Users\John\Desktop\test..test...odt

[2012/05/15 08:02:11 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2012/05/15 08:02:11 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2012/05/13 21:24:48 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/13 21:20:03 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/05/13 21:20:03 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/05/10 07:15:26 | 000,447,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/05/09 07:44:22 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat

[2012/05/09 07:44:22 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat

[2012/05/04 21:50:50 | 008,769,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012/05/01 07:40:22 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/05/01 07:40:10 | 000,743,470 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/04/04 18:47:24 | 000,227,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012/04/04 18:47:08 | 000,772,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll

[2012/04/04 18:47:02 | 000,687,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/04/02 22:21:38 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/03/31 01:05:57 | 005,559,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012/03/30 23:39:37 | 003,968,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012/03/30 23:39:37 | 003,913,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys

[2012/03/03 01:35:38 | 001,544,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

========== Files Created - No Company Name ==========

[2012/05/31 00:14:03 | 000,000,091 | -H-- | C] () -- C:\Users\John\Desktop\.~lock.test..test...odt#

[2012/05/31 00:11:22 | 000,000,512 | ---- | C] () -- C:\Users\John\Desktop\MBR.dat

[2012/05/30 20:14:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/05/30 20:14:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/05/30 20:14:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/05/30 20:14:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/05/30 20:14:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/05/30 19:54:37 | 000,009,493 | ---- | C] () -- C:\Users\John\Desktop\test..test...odt

[2012/05/13 21:24:48 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/09 07:03:09 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/04/02 22:21:38 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/02/16 22:35:02 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2012/02/15 08:42:34 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat

[2012/02/15 08:42:34 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat

[2011/10/29 10:19:49 | 000,743,470 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

< End of report >

[gringo_pr]

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

• Double-click OTL.exe to start the program.
  
• Copy and Paste the following code into the textbox. Do not include the word Code
  

  
  :OTL
  FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
  FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
  O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
  O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
  [2012/05/13 21:17:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\{FF97BDA9-9D6A-11E1-826F-B8AC6F996F26}
  :Files
  ipconfig /flushdns /c
  :Commands
  [PURITY]
  [emptyjava]
  [EMPTYFLASH]
  

  
  

• Then click the Run Fix button at the top.
  
• Click .
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
  

Let me know How things are doing

Gringo

[johncrimi]

no reboot needed...

here is the log

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.

File Protocol\Handler\ms-help - No CLSID value found not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

C:\Users\John\AppData\Local\{FF97BDA9-9D6A-11E1-826F-B8AC6F996F26} folder moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\John\Downloads\cmd.bat deleted successfully.

C:\Users\John\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: JLK

->Java cache emptied: 0 bytes

User: John

->Java cache emptied: 5479113 bytes

User: Public

Total Java Files Cleaned = 5.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

->Flash cache emptied: 56475 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: JLK

->Flash cache emptied: 925 bytes

User: John

->Flash cache emptied: 2800 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.44.0 log created on 05312012_080003

[johncrimi]

still there....

I just repeated my search from last night - same results...

[gringo_pr]

Greetings

does this happen only in firefox?

gringo

[johncrimi]

No - I do not use Firefox. I use Google Chrome.

[gringo_pr]

lets uninstall chrome and if asked about user datra or settings then remove that also

restart the computer and reinstall chrome and see if it is any better

gringo

[johncrimi]

I had thought about doing that....OK - will give it a try. Will take a few min - thanks...

[johncrimi]

so far so good. Removed (it removed VERY quickly - too quickly - so I'm assuming not all files really removed - but anyway..)

Initial tests by searching, clicking, etc - are all positive.

Question: both Smart Fortress and Butterfly Search engine. Are they primarily just annoying? Or do they really try to swipe personal information? I have read both...

Please let me know - thanks for your help, John

[johncrimi]

also - I assume many of the recommended test programs we used will show up as 'PUP.....' next time I run Malwarebytest - fair statement?

Thanks

[gringo_pr]

Glad That worked out

MBAM was created by one of us so it should not complain about our tools

Clean Out Temp Files

• This small application you may want to keep and use once a week to keep the computer clean.
  Download CCleaner from here http://www.ccleaner.com/
  
  • Run the installer to install the application.
    
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    
  • Click Run Cleaner.
    
  • Close CCleaner.
    

: Malwarebytes' Anti-Malware :

• I would like you to rerun MBAM
  
• Double-click mbam icon
  
• go to the update tab at the top
  
• click on check for updates
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
  • If you accidentally close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

• Go Here to download HijackThis Installer
  
• Save HijackThis Installer to your desktop.
  
• Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
  
• Click on Install.
  
• It will create a HijackThis icon on the desktop.
  
• Once installed it will launch Hijackthis.
  
• Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  
• Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  
• Come back here to this thread and Paste the log in your next reply.
  
• DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
  

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

"information and logs"

• In your next post I need the following
  

1. Log From MBAM
   
2. report from Hijackthis
   
3. let me know of any problems you may have had
   
4. How is the computer doing now?
   

Gringo