Cannot check "Enable malicious website blocking

[Hirize]

Aloha, As the title says cannot get this checkbox to work. Also on this forum the enter key will not give me a carrage return to start a new line so the logs may look messed up but will post them here. Thanks in advance!DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16576

Run by Peter Luchsinger at 11:03:19 on 2013-05-27

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4562 [GMT -10:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\TECO\Teco.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe

C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe

C:\Users\Peter Luchsinger\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\windows\system32\igfxext.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Page_URL = hxxp://start.toshiba.com/

uProxyOverride = <local>;*.local

mWinlogon: Userinit = userinit.exe

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden

uRun: [sanDiskSecureAccess_Manager.exe] C:\Users\Peter Luchsinger\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe

mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED

mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: NameServer = 24.25.227.55 209.18.47.61 24.25.227.53

TCP: Interfaces\{2EB8F068-E180-45CF-BB1F-0AD0C12C653C} : DHCPNameServer = 24.25.227.55 209.18.47.61 24.25.227.53

TCP: Interfaces\{2EB8F068-E180-45CF-BB1F-0AD0C12C653C}\7414F535550505F42545 : DHCPNameServer = 10.1.3.1 10.1.7.1

TCP: Interfaces\{2EB8F068-E180-45CF-BB1F-0AD0C12C653C}\94E666F627D616E45647 : DHCPNameServer = 8.8.8.8 8.8.4.4

TCP: Interfaces\{2EB8F068-E180-45CF-BB1F-0AD0C12C653C}\96261686E6 : DHCPNameServer = 172.16.2.5 172.18.82.11 4.2.2.2

TCP: Interfaces\{2EB8F068-E180-45CF-BB1F-0AD0C12C653C}\C696E6B6379737 : DHCPNameServer = 24.25.227.55 209.18.47.61 24.25.227.53

TCP: Interfaces\{2EB8F068-E180-45CF-BB1F-0AD0C12C653C}\E45445745414256393 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{3FD70B0C-950D-476B-9993-A4B64EFAC318} : DHCPNameServer = 50.30.0.50

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe

x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r

x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-2-8 71480]

R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-2-8 311096]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]

R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]

R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-2-8 206136]

R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-3-21 240952]

R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-9-26 45856]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-14 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-14 701512]

R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2011-7-22 135608]

R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-7-22 126392]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-3-2 266680]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-22 2656280]

R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-5-20 1015984]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-14 317440]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912]

R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-6-26 25928]

R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-7-22 38096]

R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-7-22 1109096]

R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-7-22 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]

R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-12-20 822704]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-7-22 250984]

S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-7-22 307304]

S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-10-1 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-05-20 19:50:31 -------- d-----w- C:\Users\Peter Luchsinger\Joyce

2013-05-15 16:02:29 983400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys

2013-05-07 07:00:41 -------- d-----w- C:\Users\Peter Luchsinger\AppData\Roaming\WildTangent

.

==================== Find3M ====================

.

2013-05-27 16:01:33 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-27 16:01:33 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-05-21 06:24:36 45856 ----a-w- C:\windows\System32\drivers\avgtpx64.sys

2013-04-13 05:49:23 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys

2013-04-10 06:01:54 265064 ----a-w- C:\windows\System32\drivers\dxgmms1.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\windows\System32\win32k.sys

2013-04-05 06:52:14 2242048 ----a-w- C:\windows\System32\wininet.dll

2013-04-05 06:50:36 3958784 ----a-w- C:\windows\System32\jscript9.dll

2013-04-05 06:50:31 67072 ----a-w- C:\windows\System32\iesetup.dll

2013-04-05 06:50:31 136704 ----a-w- C:\windows\System32\iesysprep.dll

2013-04-05 05:28:24 1767424 ----a-w- C:\windows\SysWow64\wininet.dll

2013-04-05 05:26:26 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-04-05 05:26:21 61440 ----a-w- C:\windows\SysWow64\iesetup.dll

2013-04-05 05:26:21 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll

2013-04-05 04:43:00 2706432 ----a-w- C:\windows\System32\mshtml.tlb

2013-04-05 04:29:45 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb

2013-04-05 03:51:11 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe

2013-04-05 03:38:25 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe

2013-04-05 00:50:32 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-04-04 15:36:01 866720 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

2013-04-04 15:35:52 788896 ----a-w- C:\windows\SysWow64\deployJava1.dll

2013-04-04 15:35:05 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-29 12:53:48 246072 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys

2013-03-21 13:08:24 240952 ----a-w- C:\windows\System32\drivers\avgtdia.sys

2013-03-19 06:04:06 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe

2013-03-19 05:53:58 48640 ----a-w- C:\windows\System32\wwanprotdim.dll

2013-03-19 05:53:58 230400 ----a-w- C:\windows\System32\wwansvc.dll

2013-03-19 05:46:56 43520 ----a-w- C:\windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\windows\System32\smss.exe

2013-02-27 06:02:44 111448 ----a-w- C:\windows\System32\consent.exe

2013-02-27 05:48:00 1930752 ----a-w- C:\windows\System32\authui.dll

2013-02-27 05:47:10 70144 ----a-w- C:\windows\System32\appinfo.dll

2013-02-27 04:49:24 1796096 ----a-w- C:\windows\SysWow64\authui.dll

.

============= FINISH: 11:03:52.85 =============== DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 9/30/2011 8:55:34 PM

System Uptime: 5/27/2013 10:18:59 AM (1 hours ago)

.

Motherboard: Intel Corp. | | Base Board Product Name

Processor: Intel® Core i5-2410M CPU @ 2.30GHz | CPU1 | 1587/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 581 GiB total, 520.604 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP79: 3/25/2013 10:46:42 AM - Installed AVG 2013

RP80: 3/25/2013 10:47:33 AM - Installed AVG 2013

RP81: 3/26/2013 5:20:09 AM - Windows Update

RP82: 4/11/2013 5:48:29 AM - Windows Update

RP83: 4/15/2013 9:33:06 AM - Removed CoffeeCup Free FTP

RP84: 4/15/2013 9:34:05 AM - Installed CoffeeCup Free FTP

RP85: 4/19/2013 6:08:47 AM - Installed Java 7 Update 21

RP86: 4/24/2013 6:20:33 AM - Windows Update

RP87: 4/30/2013 6:06:33 AM - Windows Update

RP88: 5/15/2013 10:10:28 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.7) MUI

Amazon Links

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

AVG 2013

AVG Security Toolbar

Bejeweled 3

Bonjour

Chuzzle Deluxe

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

CoffeeCup Free FTP

Conexant HD Audio

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

ESET Online Scanner v3

FATE - The Traitor Soul

FileHippo.com Update Checker

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 5.5.0.1133

HP Photosmart 5510 series Basic Device Software

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

iTunes

Java 7 Update 21

Java Auto Updater

Jewel Quest: The Sleepless Star - Collector's Edition

Junk Mail filter update

KONICA MINOLTA C360Series

Label@Once 1.0

Malwarebytes Anti-Malware version 1.75.0.1300

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft PowerPoint Viewer

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MozBackup 1.5.1

Mozilla Maintenance Service

Mozilla Thunderbird 17.0.4 (x86 en-US)

MSVCRT

MSVCRT_amd64

Penguins!

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime amd64

PlayReady PC Runtime x86

PokerStars.net

Polar Bowler

Realtek USB 2.0 Reader Driver

Realtek WLAN Driver

SanDiskSecureAccess_Manager.exe

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Skype Launcher

Skype™ 5.10

Synaptics Pointing Device Driver

Tom Clancy's Splinter Cell

Toshiba App Place

TOSHIBA Application Installer

TOSHIBA Assist

Toshiba Book Place

TOSHIBA Bulletin Board

TOSHIBA Disc Creator

TOSHIBA eco Utility

TOSHIBA Face Recognition

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

Toshiba Laptop Checkup

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

Toshiba Online Backup

TOSHIBA PC Health Monitor

TOSHIBA Quality Application

TOSHIBA Recovery Media Creator

TOSHIBA ReelTime

TOSHIBA Resolution+ Plug-in for Windows Media Player

TOSHIBA Service Station

TOSHIBA Sleep Utility

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

TOSHIBA Wireless LAN Indicator

ToshibaRegistration

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Update Installer for WildTangent Games App

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

WildTangent Games

WildTangent Games App (Toshiba Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WSOP-USA.com

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

5/27/2013 7:47:44 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

5/27/2013 6:01:42 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

5/27/2013 6:01:42 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.

5/27/2013 6:01:42 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.

5/27/2013 6:00:42 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.

5/27/2013 5:59:42 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/27/2013 5:59:42 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/27/2013 5:59:42 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/27/2013 5:59:42 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/27/2013 5:59:42 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/27/2013 5:59:42 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/27/2013 5:59:42 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/27/2013 5:59:42 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/27/2013 5:59:42 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/27/2013 5:59:42 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/27/2013 10:19:37 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

5/27/2013 10:19:37 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

5/27/2013 10:19:37 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

5/26/2013 8:24:38 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

5/24/2013 12:38:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

5/24/2013 12:38:34 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

[Maurice Naggar]

Hello Hirize,

I will be helping you. Please follow my guidance and do not run tools or fixes nor do changes on your own.

Please confirm for me that you are the owner of this system.

If it is owned by someone else, or if it belongs to a company or an organization, please Stop and tell me that.

As a reminder, please just only Copy & Paste all log contents directly into main-body of reply box.

Use 1 reply per each log as needed. IF you hit some log that is way too huge, then you may attach.

Please do a backup of any documents/personal files that you cannot afford to lose.

Malware cleanups can sometimes be unpredictable. So do a backup to Offline media as a precaution.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

• Press Windows-key +R key on your keyboard to get RUN option.
  
• Type in

  explorer.exe

  and press Enter to start Windows Explorer.
  

• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
  If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
  Skip and click on Continue
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Step 5

• Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
• Then Click on Scan button at upper right of screen.
  
• Wait until the Status box shows "Scan Finished"
  
• Click on Report and copy/paste the content of the Notepad into your next reply.
  
• The log should be found in RKreport[1].txt on your Desktop
  
• Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program.

Then copy/paste the following into your post (in order):

• the contents of C:\AdwCleaner[R1].txt;
  
• the contents of TDSSKILLER log;
  
• the contents of RKReport log;
  

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

[Hirize]

Maurice, I think you helped me once before. This is my computer. I have always owned it. If the question is because of a printer connection it would be for Green Acres Nursery in Folsom Calif. I can describe more privately. If it is something else I'll be interested when we finish. Right now I will get working on my assignments

[Maurice Naggar]

Given that this is your system, that's all I need to know.

Post the logs as you go along.

[Hirize]

# AdwCleaner v2.301 - Logfile created 05/28/2013 at 16:47:13

# Updated 16/05/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Peter Luchsinger - PETERLUCHSINGER

# Boot Mode : Normal

# Running from : C:\Users\Peter Luchsinger\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\AVG Secure Search

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Found : C:\ProgramData\AVG Secure Search

Folder Found : C:\Users\Peter Luchsinger\AppData\Local\AVG Secure Search

Folder Found : C:\Users\Peter Luchsinger\AppData\LocalLow\AVG Secure Search

Folder Found : C:\Users\PETERL~1\AppData\Local\Temp\avg@toolbar

Folder Found : C:\Users\PETERL~1\AppData\Local\Temp\boost_interprocess

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\Software\AVG Security Toolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\S

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Software

Key Found : HKU\S-1-5-21-1834209392-3163751540-927480992-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [5556 octets] - [28/05/2013 16:47:13]

########## EOF - C:\AdwCleaner[R1].txt - [5616 octets] ##########

[Hirize]

16:52:08.0801 1924 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

16:52:09.0659 1924 ============================================================

16:52:09.0659 1924 Current date / time: 2013/05/28 16:52:09.0659

16:52:09.0659 1924 SystemInfo:

16:52:09.0659 1924

16:52:09.0659 1924 OS Version: 6.1.7601 ServicePack: 1.0

16:52:09.0659 1924 Product type: Workstation

16:52:09.0659 1924 ComputerName: PETERLUCHSINGER

16:52:09.0674 1924 UserName: Peter Luchsinger

16:52:09.0674 1924 Windows directory: C:\windows

16:52:09.0674 1924 System windows directory: C:\windows

16:52:09.0674 1924 Running under WOW64

16:52:09.0674 1924 Processor architecture: Intel x64

16:52:09.0674 1924 Number of processors: 4

16:52:09.0674 1924 Page size: 0x1000

16:52:09.0674 1924 Boot type: Normal boot

16:52:09.0674 1924 ============================================================

16:52:10.0064 1924 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:52:10.0080 1924 ============================================================

16:52:10.0080 1924 \Device\Harddisk0\DR0:

16:52:10.0080 1924 MBR partitions:

16:52:10.0080 1924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x489F4800

16:52:10.0080 1924 ============================================================

16:52:10.0111 1924 C: <-> \Device\Harddisk0\DR0\Partition1

16:52:10.0111 1924 ============================================================

16:52:10.0111 1924 Initialize success

16:52:10.0111 1924 ============================================================

16:52:25.0181 10616 ============================================================

16:52:25.0181 10616 Scan started

16:52:25.0181 10616 Mode: Manual;

16:52:25.0181 10616 ============================================================

16:52:25.0664 10616 ================ Scan system memory ========================

16:52:25.0664 10616 System memory - ok

16:52:25.0664 10616 ================ Scan services =============================

16:52:25.0883 10616 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

16:52:25.0898 10616 1394ohci - ok

16:52:25.0930 10616 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys

16:52:25.0930 10616 ACPI - ok

16:52:25.0961 10616 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

16:52:25.0961 10616 AcpiPmi - ok

16:52:26.0070 10616 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

16:52:26.0070 10616 AdobeARMservice - ok

16:52:26.0132 10616 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys

16:52:26.0132 10616 adp94xx - ok

16:52:26.0179 10616 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys

16:52:26.0179 10616 adpahci - ok

16:52:26.0195 10616 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys

16:52:26.0195 10616 adpu320 - ok

16:52:26.0210 10616 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

16:52:26.0226 10616 AeLookupSvc - ok

16:52:26.0273 10616 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys

16:52:26.0288 10616 AFD - ok

16:52:26.0320 10616 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys

16:52:26.0320 10616 agp440 - ok

16:52:26.0366 10616 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe

16:52:26.0366 10616 ALG - ok

16:52:26.0413 10616 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys

16:52:26.0413 10616 aliide - ok

16:52:26.0413 10616 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys

16:52:26.0413 10616 amdide - ok

16:52:26.0476 10616 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys

16:52:26.0491 10616 AmdK8 - ok

16:52:26.0507 10616 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys

16:52:26.0507 10616 AmdPPM - ok

16:52:26.0554 10616 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys

16:52:26.0554 10616 amdsata - ok

16:52:26.0569 10616 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys

16:52:26.0585 10616 amdsbs - ok

16:52:26.0600 10616 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys

16:52:26.0600 10616 amdxata - ok

16:52:26.0647 10616 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys

16:52:26.0647 10616 AppID - ok

16:52:26.0678 10616 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll

16:52:26.0678 10616 AppIDSvc - ok

16:52:26.0710 10616 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\windows\System32\appinfo.dll

16:52:26.0710 10616 Appinfo - ok

16:52:26.0772 10616 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

16:52:26.0772 10616 Apple Mobile Device - ok

16:52:26.0819 10616 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys

16:52:26.0819 10616 arc - ok

16:52:26.0834 10616 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys

16:52:26.0850 10616 arcsas - ok

16:52:26.0866 10616 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

16:52:26.0866 10616 AsyncMac - ok

16:52:26.0897 10616 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys

16:52:26.0897 10616 atapi - ok

16:52:26.0959 10616 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

16:52:26.0975 10616 AudioEndpointBuilder - ok

16:52:26.0990 10616 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll

16:52:26.0990 10616 AudioSrv - ok

16:52:27.0178 10616 [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

16:52:27.0224 10616 AVGIDSAgent - ok

16:52:27.0271 10616 [ 139BD30C32BEE830D0CF39C5324D79DE ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdrivera.sys

16:52:27.0287 10616 AVGIDSDriver - ok

16:52:27.0349 10616 [ 2940FACB6EF92BD1936E4A1E2502468E ] AVGIDSHA C:\windows\system32\DRIVERS\avgidsha.sys

16:52:27.0349 10616 AVGIDSHA - ok

16:52:27.0380 10616 [ 54B66C4AEEC6C4F742F3569EBA03EBB8 ] Avgldx64 C:\windows\system32\DRIVERS\avgldx64.sys

16:52:27.0380 10616 Avgldx64 - ok

16:52:27.0458 10616 [ 13667B5D6310228A9FEF2BA5FCD9081F ] Avgloga C:\windows\system32\DRIVERS\avgloga.sys

16:52:27.0458 10616 Avgloga - ok

16:52:27.0505 10616 [ BE82F9A1F2CCF4CE746D0C645D94079E ] Avgmfx64 C:\windows\system32\DRIVERS\avgmfx64.sys

16:52:27.0505 10616 Avgmfx64 - ok

16:52:27.0536 10616 [ 5D11620DEF66F9DC9468FEE385A8429B ] Avgrkx64 C:\windows\system32\DRIVERS\avgrkx64.sys

16:52:27.0536 10616 Avgrkx64 - ok

16:52:27.0583 10616 [ 69BD90E337625F96C718CACE7A9C9E29 ] Avgtdia C:\windows\system32\DRIVERS\avgtdia.sys

16:52:27.0583 10616 Avgtdia - ok

16:52:27.0630 10616 [ 3B5657B6C11CDA87F664DD6F7DD0702D ] avgtp C:\windows\system32\drivers\avgtpx64.sys

16:52:27.0630 10616 avgtp - ok

16:52:27.0677 10616 [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

16:52:27.0677 10616 avgwd - ok

16:52:27.0739 10616 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll

16:52:27.0739 10616 AxInstSV - ok

16:52:27.0786 10616 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys

16:52:27.0802 10616 b06bdrv - ok

16:52:27.0864 10616 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

16:52:27.0864 10616 b57nd60a - ok

16:52:27.0911 10616 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll

16:52:27.0911 10616 BDESVC - ok

16:52:27.0942 10616 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys

16:52:27.0942 10616 Beep - ok

16:52:27.0989 10616 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll

16:52:28.0004 10616 BITS - ok

16:52:28.0020 10616 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

16:52:28.0020 10616 blbdrive - ok

16:52:28.0114 10616 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

16:52:28.0129 10616 Bonjour Service - ok

16:52:28.0160 10616 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys

16:52:28.0160 10616 bowser - ok

16:52:28.0207 10616 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys

16:52:28.0207 10616 BrFiltLo - ok

16:52:28.0238 10616 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys

16:52:28.0238 10616 BrFiltUp - ok

16:52:28.0270 10616 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll

16:52:28.0270 10616 Browser - ok

16:52:28.0301 10616 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys

16:52:28.0301 10616 Brserid - ok

16:52:28.0316 10616 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

16:52:28.0316 10616 BrSerWdm - ok

16:52:28.0348 10616 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

16:52:28.0348 10616 BrUsbMdm - ok

16:52:28.0363 10616 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

16:52:28.0363 10616 BrUsbSer - ok

16:52:28.0379 10616 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys

16:52:28.0379 10616 BTHMODEM - ok

16:52:28.0410 10616 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll

16:52:28.0410 10616 bthserv - ok

16:52:28.0426 10616 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

16:52:28.0441 10616 cdfs - ok

16:52:28.0472 10616 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

16:52:28.0488 10616 cdrom - ok

16:52:28.0519 10616 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll

16:52:28.0519 10616 CertPropSvc - ok

16:52:28.0550 10616 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys

16:52:28.0550 10616 circlass - ok

16:52:28.0566 10616 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys

16:52:28.0582 10616 CLFS - ok

16:52:28.0644 10616 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:52:28.0644 10616 clr_optimization_v2.0.50727_32 - ok

16:52:28.0691 10616 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

16:52:28.0691 10616 clr_optimization_v2.0.50727_64 - ok

16:52:28.0753 10616 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:52:28.0769 10616 clr_optimization_v4.0.30319_32 - ok

16:52:28.0800 10616 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

16:52:28.0800 10616 clr_optimization_v4.0.30319_64 - ok

16:52:28.0816 10616 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

16:52:28.0816 10616 CmBatt - ok

16:52:28.0847 10616 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys

16:52:28.0847 10616 cmdide - ok

16:52:28.0909 10616 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys

16:52:28.0909 10616 CNG - ok

16:52:29.0003 10616 [ 66847C979893A11CFCC2280E772D7EA1 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys

16:52:29.0034 10616 CnxtHdAudService - ok

16:52:29.0081 10616 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys

16:52:29.0096 10616 Compbatt - ok

16:52:29.0112 10616 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys

16:52:29.0112 10616 CompositeBus - ok

16:52:29.0128 10616 COMSysApp - ok

16:52:29.0143 10616 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys

16:52:29.0143 10616 crcdisk - ok

16:52:29.0174 10616 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll

16:52:29.0174 10616 CryptSvc - ok

16:52:29.0268 10616 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

16:52:29.0284 10616 cvhsvc - ok

16:52:29.0346 10616 [ 1CA90212A99DB6975C344826D11055C9 ] dc3d C:\windows\system32\DRIVERS\dc3d.sys

16:52:29.0346 10616 dc3d - ok

16:52:29.0408 10616 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll

16:52:29.0424 10616 DcomLaunch - ok

16:52:29.0471 10616 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll

16:52:29.0471 10616 defragsvc - ok

16:52:29.0502 10616 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys

16:52:29.0502 10616 DfsC - ok

16:52:29.0549 10616 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll

16:52:29.0549 10616 Dhcp - ok

16:52:29.0580 10616 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys

16:52:29.0580 10616 discache - ok

16:52:29.0611 10616 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys

16:52:29.0611 10616 Disk - ok

16:52:29.0674 10616 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll

16:52:29.0674 10616 Dnscache - ok

16:52:29.0705 10616 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll

16:52:29.0720 10616 dot3svc - ok

16:52:29.0736 10616 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll

16:52:29.0736 10616 DPS - ok

16:52:29.0814 10616 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

16:52:29.0814 10616 drmkaud - ok

16:52:29.0876 10616 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

16:52:29.0892 10616 DXGKrnl - ok

16:52:29.0923 10616 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll

16:52:29.0939 10616 EapHost - ok

16:52:30.0032 10616 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys

16:52:30.0079 10616 ebdrv - ok

16:52:30.0126 10616 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe

16:52:30.0126 10616 EFS - ok

16:52:30.0188 10616 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe

16:52:30.0204 10616 ehRecvr - ok

16:52:30.0220 10616 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe

16:52:30.0220 10616 ehSched - ok

16:52:30.0251 10616 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys

16:52:30.0266 10616 elxstor - ok

16:52:30.0282 10616 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys

16:52:30.0282 10616 ErrDev - ok

16:52:30.0329 10616 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll

16:52:30.0329 10616 EventSystem - ok

16:52:30.0360 10616 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys

16:52:30.0360 10616 exfat - ok

16:52:30.0407 10616 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys

16:52:30.0407 10616 fastfat - ok

16:52:30.0469 10616 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe

16:52:30.0485 10616 Fax - ok

16:52:30.0516 10616 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys

16:52:30.0516 10616 fdc - ok

16:52:30.0547 10616 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll

16:52:30.0547 10616 fdPHost - ok

16:52:30.0578 10616 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll

16:52:30.0578 10616 FDResPub - ok

16:52:30.0625 10616 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

16:52:30.0625 10616 FileInfo - ok

16:52:30.0641 10616 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys

16:52:30.0641 10616 Filetrace - ok

16:52:30.0672 10616 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys

16:52:30.0672 10616 flpydisk - ok

16:52:30.0703 10616 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

16:52:30.0719 10616 FltMgr - ok

16:52:30.0781 10616 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll

16:52:30.0812 10616 FontCache - ok

16:52:30.0859 10616 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

16:52:30.0859 10616 FontCache3.0.0.0 - ok

16:52:30.0875 10616 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys

16:52:30.0875 10616 FsDepends - ok

16:52:30.0906 10616 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

16:52:30.0906 10616 Fs_Rec - ok

16:52:30.0937 10616 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

16:52:30.0953 10616 fvevol - ok

16:52:30.0984 10616 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys

16:52:30.0984 10616 gagp30kx - ok

16:52:31.0078 10616 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

16:52:31.0078 10616 GamesAppService - ok

16:52:31.0124 10616 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys

16:52:31.0124 10616 GEARAspiWDM - ok

16:52:31.0187 10616 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll

16:52:31.0187 10616 gpsvc - ok

16:52:31.0249 10616 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:52:31.0249 10616 gupdate - ok

16:52:31.0265 10616 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:52:31.0265 10616 gupdatem - ok

16:52:31.0327 10616 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

16:52:31.0327 10616 gusvc - ok

16:52:31.0374 10616 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

16:52:31.0374 10616 hcw85cir - ok

16:52:31.0421 10616 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

16:52:31.0421 10616 HdAudAddService - ok

16:52:31.0468 10616 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys

16:52:31.0468 10616 HDAudBus - ok

16:52:31.0483 10616 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys

16:52:31.0483 10616 HidBatt - ok

16:52:31.0530 10616 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys

16:52:31.0530 10616 HidBth - ok

16:52:31.0561 10616 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys

16:52:31.0561 10616 HidIr - ok

16:52:31.0592 10616 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll

16:52:31.0608 10616 hidserv - ok

16:52:31.0655 10616 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys

16:52:31.0655 10616 HidUsb - ok

16:52:31.0702 10616 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll

16:52:31.0702 10616 hkmsvc - ok

16:52:31.0717 10616 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

16:52:31.0733 10616 HomeGroupListener - ok

16:52:31.0780 10616 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

16:52:31.0795 10616 HomeGroupProvider - ok

16:52:31.0826 10616 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

16:52:31.0826 10616 HpSAMD - ok

16:52:31.0873 10616 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys

16:52:31.0889 10616 HTTP - ok

16:52:31.0936 10616 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

16:52:31.0936 10616 hwpolicy - ok

16:52:31.0951 10616 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys

16:52:31.0967 10616 i8042prt - ok

16:52:32.0014 10616 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys

16:52:32.0014 10616 iaStor - ok

16:52:32.0060 10616 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

16:52:32.0060 10616 iaStorV - ok

16:52:32.0138 10616 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

16:52:32.0154 10616 IDriverT - ok

16:52:32.0201 10616 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

16:52:32.0216 10616 idsvc - ok

16:52:32.0528 10616 [ 370C2A8629B30F910F740387795DDC6F ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys

16:52:32.0794 10616 igfx - ok

16:52:32.0825 10616 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys

16:52:32.0825 10616 iirsp - ok

16:52:32.0903 10616 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll

16:52:32.0903 10616 IKEEXT - ok

16:52:32.0965 10616 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys

16:52:32.0965 10616 IntcDAud - ok

16:52:32.0996 10616 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys

16:52:32.0996 10616 intelide - ok

16:52:33.0028 10616 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

16:52:33.0028 10616 intelppm - ok

16:52:33.0059 10616 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll

16:52:33.0059 10616 IPBusEnum - ok

16:52:33.0106 10616 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

16:52:33.0106 10616 IpFilterDriver - ok

16:52:33.0137 10616 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

16:52:33.0137 10616 IPMIDRV - ok

16:52:33.0168 10616 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys

16:52:33.0168 10616 IPNAT - ok

16:52:33.0230 10616 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

16:52:33.0246 10616 iPod Service - ok

16:52:33.0277 10616 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys

16:52:33.0277 10616 IRENUM - ok

16:52:33.0308 10616 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys

16:52:33.0308 10616 isapnp - ok

16:52:33.0324 10616 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

16:52:33.0324 10616 iScsiPrt - ok

16:52:33.0371 10616 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys

16:52:33.0371 10616 kbdclass - ok

16:52:33.0418 10616 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys

16:52:33.0418 10616 kbdhid - ok

16:52:33.0433 10616 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe

16:52:33.0433 10616 KeyIso - ok

16:52:33.0464 10616 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

16:52:33.0464 10616 KSecDD - ok

16:52:33.0480 10616 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

16:52:33.0480 10616 KSecPkg - ok

16:52:33.0496 10616 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys

16:52:33.0496 10616 ksthunk - ok

16:52:33.0558 10616 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll

16:52:33.0574 10616 KtmRm - ok

16:52:33.0589 10616 [ EBED8B3FF4A823C1A6EEBEED7B29353F ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys

16:52:33.0605 10616 L1C - ok

16:52:33.0636 10616 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll

16:52:33.0652 10616 LanmanServer - ok

16:52:33.0667 10616 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

16:52:33.0667 10616 LanmanWorkstation - ok

16:52:33.0714 10616 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

16:52:33.0714 10616 lltdio - ok

16:52:33.0761 10616 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll

16:52:33.0776 10616 lltdsvc - ok

16:52:33.0792 10616 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll

16:52:33.0808 10616 lmhosts - ok

16:52:33.0870 10616 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

16:52:33.0870 10616 LMS - ok

16:52:33.0917 10616 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys

16:52:33.0917 10616 LSI_FC - ok

16:52:33.0932 10616 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys

16:52:33.0932 10616 LSI_SAS - ok

16:52:33.0948 10616 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys

16:52:33.0948 10616 LSI_SAS2 - ok

16:52:33.0964 10616 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys

16:52:33.0964 10616 LSI_SCSI - ok

16:52:33.0979 10616 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys

16:52:33.0979 10616 luafv - ok

16:52:34.0042 10616 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\windows\system32\drivers\mbam.sys

16:52:34.0042 10616 MBAMProtector - ok

16:52:34.0104 10616 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

16:52:34.0120 10616 MBAMScheduler - ok

16:52:34.0166 10616 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

16:52:34.0182 10616 MBAMService - ok

16:52:34.0213 10616 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

16:52:34.0213 10616 Mcx2Svc - ok

16:52:34.0244 10616 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys

16:52:34.0244 10616 megasas - ok

16:52:34.0291 10616 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys

16:52:34.0291 10616 MegaSR - ok

16:52:34.0322 10616 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys

16:52:34.0338 10616 MEIx64 - ok

16:52:34.0354 10616 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll

16:52:34.0369 10616 MMCSS - ok

16:52:34.0400 10616 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys

16:52:34.0400 10616 Modem - ok

16:52:34.0432 10616 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys

16:52:34.0432 10616 monitor - ok

16:52:34.0447 10616 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys

16:52:34.0447 10616 mouclass - ok

16:52:34.0478 10616 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

16:52:34.0494 10616 mouhid - ok

16:52:34.0525 10616 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys

16:52:34.0525 10616 mountmgr - ok

16:52:34.0619 10616 [ 2024F4CC36D1954ECD00C07C3BCE6BE3 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

16:52:34.0619 10616 MozillaMaintenance - ok

16:52:34.0634 10616 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys

16:52:34.0634 10616 mpio - ok

16:52:34.0681 10616 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

16:52:34.0681 10616 mpsdrv - ok

16:52:34.0697 10616 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

16:52:34.0697 10616 MRxDAV - ok

16:52:34.0728 10616 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

16:52:34.0728 10616 mrxsmb - ok

16:52:34.0759 10616 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

16:52:34.0759 10616 mrxsmb10 - ok

16:52:34.0775 10616 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

16:52:34.0790 10616 mrxsmb20 - ok

16:52:34.0806 10616 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys

16:52:34.0806 10616 msahci - ok

16:52:34.0822 10616 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys

16:52:34.0837 10616 msdsm - ok

16:52:34.0853 10616 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe

16:52:34.0853 10616 MSDTC - ok

16:52:34.0900 10616 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys

16:52:34.0900 10616 Msfs - ok

16:52:34.0900 10616 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

16:52:34.0900 10616 mshidkmdf - ok

16:52:34.0915 10616 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys

16:52:34.0915 10616 msisadrv - ok

16:52:34.0962 10616 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll

16:52:34.0962 10616 MSiSCSI - ok

16:52:34.0978 10616 msiserver - ok

16:52:35.0009 10616 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

16:52:35.0009 10616 MSKSSRV - ok

16:52:35.0024 10616 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

16:52:35.0024 10616 MSPCLOCK - ok

16:52:35.0040 10616 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

16:52:35.0040 10616 MSPQM - ok

16:52:35.0071 10616 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys

16:52:35.0071 10616 MsRPC - ok

16:52:35.0087 10616 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys

16:52:35.0087 10616 mssmbios - ok

16:52:35.0118 10616 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

16:52:35.0118 10616 MSTEE - ok

16:52:35.0134 10616 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys

16:52:35.0134 10616 MTConfig - ok

16:52:35.0165 10616 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys

16:52:35.0165 10616 Mup - ok

16:52:35.0196 10616 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll

16:52:35.0212 10616 napagent - ok

16:52:35.0243 10616 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

16:52:35.0258 10616 NativeWifiP - ok

16:52:35.0321 10616 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys

16:52:35.0321 10616 NDIS - ok

16:52:35.0368 10616 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

16:52:35.0368 10616 NdisCap - ok

16:52:35.0383 10616 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

16:52:35.0383 10616 NdisTapi - ok

16:52:35.0414 10616 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

16:52:35.0414 10616 Ndisuio - ok

16:52:35.0430 10616 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

16:52:35.0446 10616 NdisWan - ok

16:52:35.0477 10616 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

16:52:35.0477 10616 NDProxy - ok

16:52:35.0508 10616 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

16:52:35.0508 10616 NetBIOS - ok

16:52:35.0524 10616 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

16:52:35.0539 10616 NetBT - ok

16:52:35.0555 10616 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe

16:52:35.0555 10616 Netlogon - ok

16:52:35.0586 10616 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll

16:52:35.0602 10616 Netman - ok

16:52:35.0617 10616 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll

16:52:35.0633 10616 netprofm - ok

16:52:35.0664 10616 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:52:35.0664 10616 NetTcpPortSharing - ok

16:52:35.0695 10616 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys

16:52:35.0695 10616 nfrd960 - ok

16:52:35.0742 10616 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll

16:52:35.0758 10616 NlaSvc - ok

16:52:35.0820 10616 Norton PC Checkup Application Launcher - ok

16:52:35.0851 10616 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys

16:52:35.0851 10616 Npfs - ok

16:52:35.0882 10616 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll

16:52:35.0882 10616 nsi - ok

16:52:35.0914 10616 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

16:52:35.0914 10616 nsiproxy - ok

16:52:35.0992 10616 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\windows\system32\drivers\Ntfs.sys

16:52:36.0038 10616 Ntfs - ok

16:52:36.0070 10616 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\windows\system32\DRIVERS\NuidFltr.sys

16:52:36.0070 10616 NuidFltr - ok

16:52:36.0101 10616 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys

16:52:36.0101 10616 Null - ok

16:52:36.0132 10616 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys

16:52:36.0148 10616 nvraid - ok

16:52:36.0163 10616 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys

16:52:36.0163 10616 nvstor - ok

16:52:36.0179 10616 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys

16:52:36.0179 10616 nv_agp - ok

16:52:36.0194 10616 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

16:52:36.0194 10616 ohci1394 - ok

16:52:36.0241 10616 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:52:36.0241 10616 ose - ok

16:52:36.0413 10616 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

16:52:36.0538 10616 osppsvc - ok

16:52:36.0569 10616 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll

16:52:36.0569 10616 p2pimsvc - ok

16:52:36.0584 10616 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll

16:52:36.0600 10616 p2psvc - ok

16:52:36.0616 10616 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys

16:52:36.0616 10616 Parport - ok

16:52:36.0647 10616 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys

16:52:36.0647 10616 partmgr - ok

16:52:36.0694 10616 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll

16:52:36.0694 10616 PcaSvc - ok

16:52:36.0725 10616 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe

16:52:36.0725 10616 PCCUJobMgr - ok

16:52:36.0756 10616 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys

16:52:36.0756 10616 pci - ok

16:52:36.0772 10616 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys

16:52:36.0772 10616 pciide - ok

16:52:36.0787 10616 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys

16:52:36.0787 10616 pcmcia - ok

16:52:36.0803 10616 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys

16:52:36.0803 10616 pcw - ok

16:52:36.0834 10616 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys

16:52:36.0850 10616 PEAUTH - ok

16:52:36.0928 10616 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe

16:52:36.0928 10616 PerfHost - ok

16:52:36.0974 10616 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys

16:52:36.0974 10616 PGEffect - ok

16:52:37.0037 10616 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll

16:52:37.0052 10616 pla - ok

16:52:37.0084 10616 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll

16:52:37.0099 10616 PlugPlay - ok

16:52:37.0130 10616 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

16:52:37.0130 10616 PNRPAutoReg - ok

16:52:37.0146 10616 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll

16:52:37.0146 10616 PNRPsvc - ok

16:52:37.0177 10616 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\windows\system32\DRIVERS\point64.sys

16:52:37.0177 10616 Point64 - ok

16:52:37.0224 10616 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

16:52:37.0240 10616 PolicyAgent - ok

16:52:37.0286 10616 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll

16:52:37.0286 10616 Power - ok

16:52:37.0318 10616 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

16:52:37.0333 10616 PptpMiniport - ok

16:52:37.0349 10616 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys

16:52:37.0349 10616 Processor - ok

16:52:37.0380 10616 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll

16:52:37.0396 10616 ProfSvc - ok

16:52:37.0411 10616 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

16:52:37.0411 10616 ProtectedStorage - ok

16:52:37.0442 10616 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys

16:52:37.0442 10616 Psched - ok

16:52:37.0520 10616 [ C8FCB4899F8B70CC34E0D9876A80963C ] QIOMem C:\windows\system32\DRIVERS\QIOMem.sys

16:52:37.0536 10616 QIOMem - ok

16:52:37.0614 10616 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys

16:52:37.0645 10616 ql2300 - ok

16:52:37.0661 10616 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys

16:52:37.0661 10616 ql40xx - ok

16:52:37.0692 10616 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll

16:52:37.0708 10616 QWAVE - ok

16:52:37.0723 10616 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

16:52:37.0723 10616 QWAVEdrv - ok

16:52:37.0754 10616 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

16:52:37.0754 10616 RasAcd - ok

16:52:37.0817 10616 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

16:52:37.0817 10616 RasAgileVpn - ok

16:52:37.0864 10616 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll

16:52:37.0864 10616 RasAuto - ok

16:52:37.0895 10616 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

16:52:37.0895 10616 Rasl2tp - ok

16:52:37.0973 10616 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll

16:52:37.0973 10616 RasMan - ok

16:52:38.0020 10616 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

16:52:38.0020 10616 RasPppoe - ok

16:52:38.0051 10616 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

16:52:38.0051 10616 RasSstp - ok

16:52:38.0082 10616 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

16:52:38.0082 10616 rdbss - ok

16:52:38.0113 10616 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys

16:52:38.0113 10616 rdpbus - ok

16:52:38.0129 10616 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

16:52:38.0129 10616 RDPCDD - ok

16:52:38.0144 10616 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

16:52:38.0144 10616 RDPENCDD - ok

16:52:38.0160 10616 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

16:52:38.0160 10616 RDPREFMP - ok

16:52:38.0191 10616 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys

16:52:38.0207 10616 RDPWD - ok

16:52:38.0238 10616 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

16:52:38.0254 10616 rdyboost - ok

16:52:38.0300 10616 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll

16:52:38.0300 10616 RemoteAccess - ok

16:52:38.0347 10616 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll

16:52:38.0347 10616 RemoteRegistry - ok

16:52:38.0363 10616 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

16:52:38.0363 10616 RpcEptMapper - ok

16:52:38.0394 10616 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe

16:52:38.0410 10616 RpcLocator - ok

16:52:38.0441 10616 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll

16:52:38.0441 10616 RpcSs - ok

16:52:38.0488 10616 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

16:52:38.0488 10616 rspndr - ok

16:52:38.0534 10616 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys

16:52:38.0534 10616 RSUSBSTOR - ok

16:52:38.0566 10616 [ E54A5586A28D0630A79A68BBAB84BFCF ] RSUSBVSTOR C:\windows\system32\Drivers\RTSUVSTOR.sys

16:52:38.0566 10616 RSUSBVSTOR - ok

16:52:38.0644 10616 [ 64FDF4FE366CA42DA2B7D9D424B6E39B ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys

16:52:38.0659 10616 RTL8192Ce - ok

16:52:38.0675 10616 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe

16:52:38.0675 10616 SamSs - ok

16:52:38.0706 10616 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys

16:52:38.0706 10616 sbp2port - ok

16:52:38.0737 10616 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll

16:52:38.0737 10616 SCardSvr - ok

16:52:38.0753 10616 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

16:52:38.0753 10616 scfilter - ok

16:52:38.0800 10616 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll

16:52:38.0815 10616 Schedule - ok

16:52:38.0831 10616 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll

16:52:38.0831 10616 SCPolicySvc - ok

16:52:38.0862 10616 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll

16:52:38.0862 10616 SDRSVC - ok

16:52:38.0909 10616 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys

16:52:38.0909 10616 secdrv - ok

16:52:38.0924 10616 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll

16:52:38.0940 10616 seclogon - ok

16:52:38.0956 10616 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll

16:52:38.0971 10616 SENS - ok

16:52:38.0971 10616 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll

16:52:38.0987 10616 SensrSvc - ok

16:52:39.0002 10616 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys

16:52:39.0002 10616 Serenum - ok

16:52:39.0034 10616 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys

16:52:39.0034 10616 Serial - ok

16:52:39.0049 10616 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys

16:52:39.0049 10616 sermouse - ok

16:52:39.0096 10616 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll

16:52:39.0096 10616 SessionEnv - ok

16:52:39.0112 10616 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys

16:52:39.0112 10616 sffdisk - ok

16:52:39.0143 10616 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

16:52:39.0143 10616 sffp_mmc - ok

16:52:39.0158 10616 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

16:52:39.0158 10616 sffp_sd - ok

16:52:39.0190 10616 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys

16:52:39.0190 10616 sfloppy - ok

16:52:39.0252 10616 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys

16:52:39.0268 10616 Sftfs - ok

16:52:39.0299 10616 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

16:52:39.0314 10616 sftlist - ok

16:52:39.0346 10616 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys

16:52:39.0361 10616 Sftplay - ok

16:52:39.0377 10616 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys

16:52:39.0377 10616 Sftredir - ok

16:52:39.0408 10616 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys

16:52:39.0408 10616 Sftvol - ok

16:52:39.0424 10616 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

16:52:39.0424 10616 sftvsa - ok

16:52:39.0470 10616 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll

16:52:39.0486 10616 SharedAccess - ok

16:52:39.0517 10616 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

16:52:39.0533 10616 ShellHWDetection - ok

16:52:39.0548 10616 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys

16:52:39.0548 10616 SiSRaid2 - ok

16:52:39.0595 10616 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys

16:52:39.0595 10616 SiSRaid4 - ok

16:52:39.0658 10616 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

16:52:39.0658 10616 SkypeUpdate - ok

16:52:39.0689 10616 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys

16:52:39.0689 10616 Smb - ok

16:52:39.0751 10616 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe

16:52:39.0751 10616 SNMPTRAP - ok

16:52:39.0782 10616 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys

16:52:39.0782 10616 spldr - ok

16:52:39.0829 10616 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe

16:52:39.0845 10616 Spooler - ok

16:52:39.0954 10616 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe

16:52:39.0985 10616 sppsvc - ok

16:52:40.0001 10616 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll

16:52:40.0001 10616 sppuinotify - ok

16:52:40.0048 10616 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys

16:52:40.0048 10616 srv - ok

16:52:40.0079 10616 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

16:52:40.0079 10616 srv2 - ok

16:52:40.0126 10616 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\windows\system32\DRIVERS\VSTAZL6.SYS

16:52:40.0141 10616 SrvHsfHDA - ok

16:52:40.0188 10616 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\windows\system32\DRIVERS\VSTDPV6.SYS

16:52:40.0204 10616 SrvHsfV92 - ok

16:52:40.0219 10616 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\windows\system32\DRIVERS\VSTCNXT6.SYS

16:52:40.0235 10616 SrvHsfWinac - ok

16:52:40.0250 10616 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

16:52:40.0250 10616 srvnet - ok

16:52:40.0297 10616 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

16:52:40.0297 10616 SSDPSRV - ok

16:52:40.0313 10616 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll

16:52:40.0313 10616 SstpSvc - ok

16:52:40.0328 10616 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys

16:52:40.0344 10616 stexstor - ok

16:52:40.0375 10616 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys

16:52:40.0375 10616 StillCam - ok

16:52:40.0438 10616 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll

16:52:40.0453 10616 stisvc - ok

16:52:40.0469 10616 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys

16:52:40.0469 10616 swenum - ok

16:52:40.0516 10616 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll

16:52:40.0531 10616 swprv - ok

16:52:40.0594 10616 [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys

16:52:40.0609 10616 SynTP - ok

16:52:40.0672 10616 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll

16:52:40.0687 10616 SysMain - ok

16:52:40.0703 10616 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

16:52:40.0718 10616 TabletInputService - ok

16:52:40.0718 10616 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll

16:52:40.0734 10616 TapiSrv - ok

16:52:40.0750 10616 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll

16:52:40.0750 10616 TBS - ok

16:52:40.0828 10616 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys

16:52:40.0859 10616 Tcpip - ok

16:52:40.0890 10616 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

16:52:40.0906 10616 TCPIP6 - ok

16:52:40.0921 10616 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

16:52:40.0937 10616 tcpipreg - ok

16:52:40.0952 10616 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys

16:52:40.0968 10616 tdcmdpst - ok

16:52:40.0984 10616 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

16:52:40.0984 10616 TDPIPE - ok

16:52:41.0015 10616 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

16:52:41.0015 10616 TDTCP - ok

16:52:41.0030 10616 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys

16:52:41.0030 10616 tdx - ok

16:52:41.0062 10616 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys

16:52:41.0062 10616 TermDD - ok

16:52:41.0108 10616 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll

16:52:41.0124 10616 TermService - ok

16:52:41.0124 10616 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll

16:52:41.0140 10616 Themes - ok

16:52:41.0155 10616 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll

16:52:41.0155 10616 THREADORDER - ok

16:52:41.0233 10616 [ F120967184A27E927052E8DDBB727851 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

16:52:41.0249 10616 TMachInfo - ok

16:52:41.0280 10616 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\Windows\system32\TODDSrv.exe

16:52:41.0296 10616 TODDSrv - ok

16:52:41.0389 10616 [ CDC97FA5C42B07FB0D4600E17C32F582 ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

16:52:41.0389 10616 TosCoSrv - ok

16:52:41.0452 10616 [ D0F868A67CB4D817A3F7ABEF8C42F49C ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe

16:52:41.0452 10616 TOSHIBA eco Utility Service - ok

16:52:41.0498 10616 [ EDB4B432DB13EA3D1EB2356310D33263 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

16:52:41.0498 10616 TOSHIBA HDD SSD Alert Service - ok

16:52:41.0545 10616 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys

16:52:41.0561 10616 tos_sps64 - ok

16:52:41.0608 10616 [ D65C6B0C070534336B72005391B6168A ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

16:52:41.0623 10616 TPCHSrv - ok

16:52:41.0654 10616 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll

16:52:41.0654 10616 TrkWks - ok

16:52:41.0701 10616 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

16:52:41.0701 10616 TrustedInstaller - ok

16:52:41.0732 10616 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

16:52:41.0732 10616 tssecsrv - ok

16:52:41.0779 10616 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

16:52:41.0779 10616 TsUsbFlt - ok

16:52:41.0842 10616 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys

16:52:41.0842 10616 TsUsbGD - ok

16:52:41.0888 10616 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

16:52:41.0888 10616 tunnel - ok

16:52:41.0935 10616 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS

16:52:41.0935 10616 TVALZ - ok

16:52:41.0966 10616 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys

16:52:41.0966 10616 TVALZFL - ok

16:52:41.0998 10616 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys

16:52:41.0998 10616 uagp35 - ok

16:52:42.0029 10616 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys

16:52:42.0029 10616 udfs - ok

16:52:42.0060 10616 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe

16:52:42.0060 10616 UI0Detect - ok

16:52:42.0076 10616 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

16:52:42.0076 10616 uliagpkx - ok

16:52:42.0107 10616 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys

16:52:42.0122 10616 umbus - ok

16:52:42.0138 10616 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys

16:52:42.0138 10616 UmPass - ok

16:52:42.0263 10616 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

16:52:42.0310 10616 UNS - ok

16:52:42.0341 10616 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll

16:52:42.0356 10616 upnphost - ok

16:52:42.0403 10616 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys

16:52:42.0403 10616 USBAAPL64 - ok

16:52:42.0450 10616 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

16:52:42.0450 10616 usbccgp - ok

16:52:42.0497 10616 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys

16:52:42.0497 10616 usbcir - ok

16:52:42.0528 10616 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys

16:52:42.0528 10616 usbehci - ok

16:52:42.0575 10616 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

16:52:42.0575 10616 usbhub - ok

16:52:42.0606 10616 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys

16:52:42.0606 10616 usbohci - ok

16:52:42.0637 10616 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys

16:52:42.0637 10616 usbprint - ok

16:52:42.0653 10616 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

16:52:42.0653 10616 USBSTOR - ok

16:52:42.0684 10616 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys

16:52:42.0684 10616 usbuhci - ok

16:52:42.0715 10616 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys

16:52:42.0715 10616 usbvideo - ok

16:52:42.0731 10616 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll

16:52:42.0731 10616 UxSms - ok

16:52:42.0746 10616 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe

16:52:42.0746 10616 VaultSvc - ok

16:52:42.0778 10616 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

16:52:42.0778 10616 vdrvroot - ok

16:52:42.0793 10616 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe

16:52:42.0809 10616 vds - ok

16:52:42.0840 10616 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys

16:52:42.0840 10616 vga - ok

16:52:42.0856 10616 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys

16:52:42.0856 10616 VgaSave - ok

16:52:42.0887 10616 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys

16:52:42.0887 10616 vhdmp - ok

16:52:42.0902 10616 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys

16:52:42.0902 10616 viaide - ok

16:52:42.0918 10616 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys

16:52:42.0918 10616 volmgr - ok

16:52:42.0949 10616 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys

16:52:42.0965 10616 volmgrx - ok

16:52:42.0980 10616 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys

16:52:42.0980 10616 volsnap - ok

16:52:43.0012 10616 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys

16:52:43.0012 10616 vsmraid - ok

16:52:43.0074 10616 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe

16:52:43.0090 10616 VSS - ok

16:52:43.0214 10616 [ 4B817450226F93C31ADD5BCC27FED27A ] vToolbarUpdater15.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

16:52:43.0230 10616 vToolbarUpdater15.2.0 - ok

16:52:43.0261 10616 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

16:52:43.0261 10616 vwifibus - ok

16:52:43.0292 10616 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

16:52:43.0292 10616 vwififlt - ok

16:52:43.0324 10616 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys

16:52:43.0324 10616 vwifimp - ok

16:52:43.0370 10616 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll

16:52:43.0386 10616 W32Time - ok

16:52:43.0402 10616 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys

16:52:43.0402 10616 WacomPen - ok

16:52:43.0433 10616 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

16:52:43.0448 10616 WANARP - ok

16:52:43.0448 10616 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

16:52:43.0448 10616 Wanarpv6 - ok

16:52:43.0526 10616 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

16:52:43.0558 10616 WatAdminSvc - ok

16:52:43.0604 10616 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe

16:52:43.0636 10616 wbengine - ok

16:52:43.0651 10616 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

16:52:43.0667 10616 WbioSrvc - ok

16:52:43.0682 10616 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll

16:52:43.0682 10616 wcncsvc - ok

16:52:43.0714 10616 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

16:52:43.0714 10616 WcsPlugInService - ok

16:52:43.0745 10616 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys

16:52:43.0745 10616 Wd - ok

16:52:43.0776 10616 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

16:52:43.0792 10616 Wdf01000 - ok

16:52:43.0823 10616 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll

16:52:43.0823 10616 WdiServiceHost - ok

16:52:43.0838 10616 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll

16:52:43.0838 10616 WdiSystemHost - ok

16:52:43.0885 10616 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll

16:52:43.0885 10616 WebClient - ok

16:52:43.0901 10616 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll

16:52:43.0901 10616 Wecsvc - ok

16:52:43.0916 10616 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll

16:52:43.0916 10616 wercplsupport - ok

16:52:43.0932 10616 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll

16:52:43.0932 10616 WerSvc - ok

16:52:43.0979 10616 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

16:52:43.0979 10616 WfpLwf - ok

16:52:43.0994 10616 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys

16:52:43.0994 10616 WIMMount - ok

16:52:44.0010 10616 WinHttpAutoProxySvc - ok

16:52:44.0072 10616 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

16:52:44.0088 10616 Winmgmt - ok

16:52:44.0166 10616 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll

16:52:44.0197 10616 WinRM - ok

16:52:44.0260 10616 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys

16:52:44.0260 10616 WinUsb - ok

16:52:44.0306 10616 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll

16:52:44.0322 10616 Wlansvc - ok

16:52:44.0400 10616 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

16:52:44.0400 10616 wlcrasvc - ok

16:52:44.0525 10616 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

16:52:44.0556 10616 wlidsvc - ok

16:52:44.0587 10616 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys

16:52:44.0603 10616 WmiAcpi - ok

16:52:44.0618 10616 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

16:52:44.0618 10616 wmiApSrv - ok

16:52:44.0665 10616 WMPNetworkSvc - ok

16:52:44.0696 10616 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll

16:52:44.0696 10616 WPCSvc - ok

16:52:44.0712 10616 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

16:52:44.0728 10616 WPDBusEnum - ok

16:52:44.0743 10616 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

16:52:44.0743 10616 ws2ifsl - ok

16:52:44.0790 10616 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys

16:52:44.0790 10616 WSDPrintDevice - ok

16:52:44.0806 10616 WSearch - ok

16:52:44.0899 10616 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll

16:52:44.0930 10616 wuauserv - ok

16:52:44.0946 10616 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys

16:52:44.0946 10616 WudfPf - ok

16:52:44.0977 10616 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

16:52:44.0977 10616 WUDFRd - ok

16:52:45.0008 10616 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll

16:52:45.0008 10616 wudfsvc - ok

16:52:45.0040 10616 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\windows\System32\wwansvc.dll

16:52:45.0040 10616 WwanSvc - ok

16:52:45.0071 10616 ================ Scan global ===============================

16:52:45.0102 10616 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

16:52:45.0133 10616 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll

16:52:45.0149 10616 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll

16:52:45.0180 10616 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

16:52:45.0211 10616 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

16:52:45.0227 10616 [Global] - ok

16:52:45.0227 10616 ================ Scan MBR ==================================

16:52:45.0242 10616 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0

16:52:45.0414 10616 \Device\Harddisk0\DR0 - ok

16:52:45.0414 10616 ================ Scan VBR ==================================

16:52:45.0430 10616 [ 4EB1E2B90BED742042FAA8A67B61B3EC ] \Device\Harddisk0\DR0\Partition1

16:52:45.0430 10616 \Device\Harddisk0\DR0\Partition1 - ok

16:52:45.0430 10616 ============================================================

16:52:45.0430 10616 Scan finished

16:52:45.0430 10616 ============================================================

16:52:45.0445 4408 Detected object count: 0

16:52:45.0445 4408 Actual detected object count: 0

[Hirize]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Peter Luchsinger [Admin rights]

Mode : Scan -- Date : 05/28/2013 16:56:22

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++

--- User ---

[MBR] 442aaa6927b31297461e6f5031d50495

[bSP] 63885d87e66f1c5e0588240d5acca9d1 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 594921 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1221472256 | Size: 14058 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05282013_02d1656.txt >>

RKreport[1]_S_05282013_02d1656.txt

[Maurice Naggar]

The TDsskiller report is good, as is the roguekiller too.

But this does have some adwares.

• Close any open documents/programs & all internet browsers you have running.
  
• Please start AdwCleaner
  
• Click on Delete button.
  
• Confirm each time with OK.
  
• Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
  
• Note: You can find the logfile at C:\AdwCleaner[s1]

Task 2 / Windows services

This will be a batch-fix .

• Press the Windows-key on keyboard.
  
• In the box, type notepad and press Enter.
  
• Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
  

  @Echo off
  sc stop wuauserv
  sc stop bits
  sc config dcomlaunch start= auto
  sc config nsi start= auto
  sc config dhcp start= auto
  sc config rpcss start= auto
  sc config winmgmt start= auto
  sc config wscsvc start= delayed-auto
  sc config bits start= delayed-auto
  sc config wuauserv start= delayed-auto
  sc config sdrsvc start= manual
  sc config vss start= auto
  sc config eventlog start= auto
  sc config bfe start= auto
  sc config eventsystem start= auto
  sc start sdrsvc
  sc start vss
  sc start rpcss
  sc start eventsystem
  sc start bfe
  sc start bits
  sc start wuauserv
  shutdown -r -t 1
  del %0

  
  

• Select File -> Save AS.
  
• Press the Desktop button on the left side of the save dialog.
  
• In the box, type in Fix.bat.
  
• Press .
  
• Close Notepad.
  
• Right click Fix.bat on your desktop, and choose .
  
• Press Yes if prompted by User Account Control.
  

This procedure will do its tasks and then it will Restart Windows.

Task 3

1. Download Malwarebytes Anti-Rootkit from http://www.malwarebytes.org/products/mbar/

2. Unzip the contents to a folder in a convenient location.

3. Open the folder where the contents were unzipped and run mbar.exe

IF your Windows is Windows 8 or 7 or Vista, do a RIGHT-Click on mbar.exe and select Run As Administrator and allow to run.

If your Windows is XP, double-click to start.

4. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5. Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6. Wait while the system shuts down and the cleanup process is performed.

7. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

[Hirize]

Maurice, Got it all done. The reports are below. Rootkit found nothing. Still cannot use the enter key to get a carriage return on this text box and still no icon on desktop for MBAM.

# AdwCleaner v2.301 - Logfile created 05/29/2013 at 07:52:30

# Updated 16/05/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Peter Luchsinger - PETERLUCHSINGER

# Boot Mode : Normal

# Running from : C:\Users\Peter Luchsinger\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Program Files (x86)\AVG Secure Search

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\Users\Peter Luchsinger\AppData\Local\AVG Secure Search

Folder Deleted : C:\Users\Peter Luchsinger\AppData\LocalLow\AVG Secure Search

Folder Deleted : C:\Users\PETERL~1\AppData\Local\Temp\avg@toolbar

Folder Deleted : C:\Users\PETERL~1\AppData\Local\Temp\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Software

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [5671 octets] - [28/05/2013 16:47:13]

AdwCleaner[s1].txt - [5583 octets] - [29/05/2013 07:52:30]

########## EOF - C:\AdwCleaner[s1].txt - [5643 octets] ##########

[Hirize]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Peter Luchsinger [Admin rights]

Mode : Scan -- Date : 05/28/2013 16:56:22

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++

--- User ---

[MBR] 442aaa6927b31297461e6f5031d50495

[bSP] 63885d87e66f1c5e0588240d5acca9d1 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 594921 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1221472256 | Size: 14058 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05282013_02d1656.txt >>

RKreport[1]_S_05282013_02d1656.txt

[Hirize]

Will be offline till this evening for me which is Hawaii time around 4pm. May not answer you till tomorrow. Thanks again so far!!!

[Maurice Naggar]

The adwcleaner run is good. The roguekiller report is good.

Have you done the Fix.bat procedure ?

Have you managed to run MBAR and what was the result?

[Maurice Naggar]

Sorry, I'd overlooked your reply ....

Maurice, Got it all done. The reports are below. Rootkit found nothing. Still cannot use the enter key to get a carriage return on this text box and still no icon on desktop for MBAM.

Given that MBAR found nothing, then that is great.

As to the "carriage return" when replying on the forum, you need to look very close AND turn OFF the "special toolbar" at the top of the reply box.

make sure that the "toolbar at top of LEFT the reply box" is OFF. If it is on, click 1 time on the light-switch icon so that it is off.

This shows a good setting:

This shows an "undersired" setting:

NEXT:

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Hirize only. If you are a casual viewer, do NOT try this on your system!

If you are not Hirize and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

• A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
  

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh

Reply & Copy & Paste contents of the C:\Combofix.txt log

and tell me, How is the system now

Re-enable your antivirus program.

[Hirize]

Maurice,

Posting from my wifescomputer.

Combofix worked fine but it asked me to turn off my antivirus, which I had already done but it insisted it was still active??????

Now the problem is that IE opens but does not connect anywhere, almost like clicking on a fav has no link. Tried typing in url and nothing.

My email program works fine.

Here is the combofix file.......and thanks for the tip on the editing menu above, as you can see it works!!!

ComboFix 13-05-30.01 - Peter Luchsinger 05/29/2013 17:47:17.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4442 [GMT -10:00]

Running from: c:\users\Peter Luchsinger\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\430266g8g434x342c241p4vjs8y0

.

.

((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-30 )))))))))))))))))))))))))))))))

.

.

2013-05-30 03:51 . 2013-05-30 03:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-29 18:07 . 2013-05-29 18:30 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-05-29 17:52 . 2013-05-29 17:52 121 ----a-w- c:\windows\DeleteOnReboot.bat

2013-05-29 02:39 . 2013-05-29 02:39 -------- d-----w- c:\program files (x86)\ERUNT

2013-05-20 19:50 . 2013-05-20 19:50 -------- d-----w- c:\users\Peter Luchsinger\Joyce

2013-05-15 16:02 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-07 07:00 . 2013-05-07 07:00 -------- d-----w- c:\users\Peter Luchsinger\AppData\Roaming\WildTangent

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-27 16:01 . 2012-04-17 00:11 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-27 16:01 . 2011-10-08 14:48 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-21 06:24 . 2012-09-26 20:13 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-05-16 08:15 . 2011-10-02 01:40 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-10 16:18 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-04-15 19:34 . 2013-04-15 19:34 715776 ----a-r- c:\users\Peter Luchsinger\AppData\Roaming\Microsoft\Installer\{66F43DBE-6D46-4BCE-831D-0D4C13639BE8}\Icon66F43DBE.exe

2013-04-13 05:49 . 2013-05-15 16:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 16:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 16:02 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 16:02 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 16:02 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 16:02 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-24 14:49 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-05 00:50 . 2012-06-26 16:17 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-04-04 15:36 . 2012-06-28 17:30 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-04-04 15:35 . 2011-03-24 02:26 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-04-04 15:35 . 2013-04-19 16:09 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-29 12:53 . 2013-03-29 12:53 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2013-03-21 13:08 . 2013-03-21 13:08 240952 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2013-03-19 06:04 . 2013-04-09 17:13 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-09 17:13 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-09 17:13 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-09 17:13 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-09 17:13 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-09 17:13 112640 ----a-w- c:\windows\system32\smss.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SanDiskSecureAccess_Manager.exe"="c:\users\Peter Luchsinger\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2012-04-04 30705792]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]

"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]

"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-29 59280]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-05 701512]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-02 45416]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]

R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-11-30 307304]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-21 822704]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-02 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-08 71480]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-08 311096]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-08 116536]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-08 45880]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-03-29 246072]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-08 206136]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-03-21 240952]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-05-21 45856]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-05-14 4937264]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-04-18 283136]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-05 418376]

S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2011-12-11 135608]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-02-03 126392]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-03-02 266680]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-05-21 1015984]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-08-02 52584]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-05 25928]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]

S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-05-24 22:04 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-22 11:24]

.

2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-22 11:24]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-Desktop Software - c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe

Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

Toolbar-Locked - (no file)

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2013-05-29 17:58:50 - machine was rebooted

ComboFix-quarantined-files.txt 2013-05-30 03:58

.

Pre-Run: 561,725,317,120 bytes free

Post-Run: 562,353,848,320 bytes free

.

- - End Of File - - B1A10133C3685ADE83CB0FD947BAF25F

[Maurice Naggar]

Hello Hirize,

Is IE the only browser with an issue? If you have another browser, is it (they) doing ok?

Using Internet Explorer browser (only!) go to http://support.microsoft.com/kb/923737

[ignore any DOES NOT APPLY warning as well as the APPLIES TO section],

run the Fix It and then reboot.

Tip: For optimal results, enable the Delete personal settings option.

While in IE, press Shift+CTRL+Delete keys and delete temporary internet cache files.

Task 2

Please download Windows Repair (all in one) from here.

• Install the program.
  
• Please proceed to run it. On Vista, Windows 7 or 8, Right-click the executable and select Run as Administrator.
  
• Please go to Step 3 and allow it to run the System File Check by clicking on the Do It button:
  
  
• Go to Step 4 and under System Restore click on the Create button:
  
  
• Next, go to the Start Repairs tab and click the Start button.
  
  
• Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
  
  
• Click on the box next to the Restart System when Finished. Then click on Start.

Task 3

Download and SAVE & then run mbam-clean.exe from >> here <<

It will ask to restart your computer, please allow it to do so very important

After the computer restarts, temporarily disable your Anti-Virus

If you need how-to guidance, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Next Download & SAVE the latest version of Malwarebytes' Anti-Malware from >> here <<

Run the mbam-setup.

Note: You will need to reactivate the program using the license you were sent via email if using the Pro version

Launch the program and set the Protection and Registration, if you have a license. Then go to the UPDATE tab if not done during installation and check for updates.

Restart the computer again and verify that Malwarebytes Anti-Malware is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications.

You may use the guides posted in the FAQ's >> here << or ask and we'll explain how to do it.

Re-enable the anti-virus application that you turned off before.

[Hirize]

Hello Hirize,

Is IE the only browser with an issue? If you have another browser, is it (they) doing ok?

Using Internet Explorer browser (only!) go to http://support.microsoft.com/kb/923737.

Maurice,

Chrome browser works fine. When you tell me to go to microsoft using only IE but IE does not connect to anything......a paradox.....

Everything else I can do.

Aloha, Pete

[Maurice Naggar]

Have you finished all the others steps outlined for Windows repair?

If not, please do so.

It is odd that Chrome would connect, but IE would not. which perhaps indicates that IE is somehow messed up.

For the latter, you can "start Internet Explorer" in "safe mode of IE" .....

Go to Start > Run

Type in

iexplore.exe -extoff

then Press Enter

then

Using Internet Explorer browser (only!) go to http://support.microsoft.com/kb/923737

[ignore any DOES NOT APPLY warning as well as the APPLIES TO section],

run the Fix It and then reboot.

Tip: For optimal results, enable the Delete personal settings option.

While in IE, press Shift+CTRL+Delete keys and delete temporary internet cache files.

[Hirize]

Maurice,

Got all the other things done but when I followed your directions to run IE in safe mode it still would not connect.

To tell you the truth (Implying I've been lying about everything else....LOL) I was planning on changing to Chrome anyway so does having IE work matter much?

Anyway let me know next steps and.............THANKS!

Aloha, Pete

[Maurice Naggar]

Generally speaking, yes, it is important that your IE browser works (at least for some uses of Windows Updates and for IE security updates)

IF need be, restart the System into Safe Mode with Networking, and do this too

Using Internet Explorer browser, run the Microsoft Fix-It on the following MS page

http://support.microsoft.com/mats/ie_performance_and_safety

Be sure to tell me if the issue with MBAM has been resolved as well, in your next reply.

[Hirize]

Will get to this tonight and get back to you. Thanks!

[Maurice Naggar]

OK. I'll catch you later.

[Hirize]

Maurice,

Works!

Got IE working again, had to download program could not run it in safe mode.

So now MBAM and IE work fine.

Anything in reports you want run again to check?

Also how to delete all the extra programs? Through Windows or??

My wife Joyce says "Hi!" You helped her about a year ago. Right after that she told me to purchase the full MBAM program for all the computers ASAP.....LOL! Before that she was always "Do we really need that?".

Thanks!

Aloha, Pete

[Maurice Naggar]

My kudos to you and salutations to your wife. It's been a pleasure to work with you.

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

• Highlight the line in this CODEBOX.
  Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
  

  c:\users\Peter Luchsinger\Desktop\ComboFix.exe /uninstall

  
  

• Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
  Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
  Then tap Enter
  

IF in the case Combofix un-install has an issue, skip that step.

NEXT

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

adwcleaner.exe

tdsskiller.exe

roguekiller.exe

mbar.exe

You should create a "system repair disc" for your Windows 7 either to a CD, DVD, or new USB-flash-thumb drive {if your hardware can boot from USB}.

The following is a reference page at Microsoft and also has a link to a how-to-video.

Create a Windows 7 system repair disc

This "repair disc" is a very handy tool that one may use when and IF you are not able to start Windows 7 normally.

This "repair disc" or "rescue disc" is not intended as a replacement for having the Windows 7 operating system DVD.

Make a rescue disc, put a label on it, store it away for a "rainy day".

Java vulnerabilities are a never ending occurence. Bottom line is, if your system does not have an installed 3rd-party application that needs it, then unistall it.

If you do have that dependency, then turn off Java in your browsers.

If somehow, you have a often-used website that needs Java to display all information, then just use a specific browser and only allow Java in that one.

• A: If you decide to keep Java:
  The Java runtime components are typically located at
  C:\Program Files (x86)\Java\jre7\bin
  Locate javacpl.exe the Java control panel.
  Right click and select Open
  Click on the Update tab
  Put a checkmark at "Check for updates automatically"
  On the General tab, under Temporary Internet Files, click the Settings button.
  Next, click on the Delete Files button
  Checkmark (select) all boxes you can & Click OK on Delete Temporary Files Window.
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  Click OK to leave the Temporary Files Window
  Click on the Advanced tab
  Expand Miscellaneous:
  Un-check "place Java icon in system tray"
  Un-check "Java quick starter"
  Exit/close
  You need to remove older versions of Java runtime. Do this:
  Download & Save to your Desktop or a new folder Javara.zip
  Extract the contents of the zip file. Then double click Javara.exe to run it.
  JavaRa is a simple tool that does a simple job: it removes old and redundant versions of the Java Runtime Environment (JRE).
  
• B: If you want to disable Java in your browser:
  How to disable Java in various browsers : http://blog.eset.com/2012/08/29/disabling-java-a-safer-way-to-browse
  Also see No, Seriously, Just Disable Java in Your Browser Right Now
  

As noted by Brian Krebs,

Most consumers can get by without Java installed, or least not plugged into the browser. Because of the prevalence of threats targeting Java installations, I’d urge these users to remove Java or unplug it from the browser. If this is too much trouble, consider adopting a dual-browser approach, keeping Java unplugged from your main browser, and plugged in to a secondary browser that you only use to visit sites that require the plugin.

Also see How to protect your computer against dangerous Java Applets

Print out &/or Copy and save the Safer practices to your system for future reference.

Safer practices & malware prevention

• Have a hardware router between the incoming internet-modem and your computer.
  
• Use a Standard user account rather than an administrator-rights account when "surfing" the web.
  
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
• Check in at Windows Update and install any Important Updates offered.
  
• Make certain that Automatic Updates is enabled.
  How to configure and use Automatic Updates in Windows
  http://support.microsoft.com/kb/306525
  
• Check on other update issues as well, by getting, installing and using Secunia Personal Software Inspector (OSI) on a monthly basis.
  See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)
  Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  Get notified when the MVPS HOSTS file is updated
  http://winhelp2002.mvps.org/updates.htm
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  Having a total image backup of your system stored on DVD/CD is highly important.
  Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if a disaster hits.
  How to create a Windows system image in Windows 7 and Windows 8
  http://www.bleepingcomputer.com/tutorials/create-system-image-in-windows-7-8/
  How to use System Image Recovery in the Windows 7 and Windows 8 Recovery Environment
  http://www.bleepingcomputer.com/tutorials/system-image-recovery-in-windows-7-8/
  
  
• Consider using Web of Trust WOT add-on for your browser(s)
  http://www.mywot.com/en/download
  http://www.mywot.com/en/faq/add-on
  
• Take extreme care if you share USB-flash/thumb drives from other people {even from friends, roommates, relatives}
  Don't plug in an unknown flash/thumb drive into your PC.
  IF you must do so, hold down the SHIFT-key when you insert the drive.
  Scan any file with your Antivirus prior to opening or using.
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  
  ESET Online Scanner
  BitDefender Quickscan
  Trend Micro Housecall
  F-Secure Online Scanner
  Microsoft Safety Scanner
  Panda ActiveScan
  
  
• See Six tips to help you stay safer online
  
• Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !
  

We are finished here. Best regards.

[Hirize]

Maurice,

Think I'm not getting something here.

I pasted the following into the command prompt "c:\users\Peter Luchsinger\Desktop\ComboFix.exe /uninstall"

But it tells me that "c:\users\Peter" is not a valid command.

I'm sure something is just not getting in my head from your instructions.

I did get the CMD and used the shift-ctrl=enter to start the command prompt.

Aloha, Pete

[Maurice Naggar]

Aloha, Pete.

You can just RENAME combofix.exe to UNINSTALL.exe

Then run UNINSTALL and it will remove itself.

IFF that does not work, then just get and run OTC and it will remove combofix as well as some others.