TechSpot

Google redirect driving me crazy!

Inactive
By adam34997
Apr 4, 2012
  1. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    The browser I use is firefox. Should I switch to another?

    I had no idea my firewall was off. I went to try and turn it back on and got this error

    Error code 0x8007042c

    I tried to restore it to default settings with the same result.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Can you check if IE is redirected as well?

    Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

    ==============================================================

    Yeah, I can see there is a problem with Windows firewall.

    Download following firewall fix: http://download.bleepingcomputer.com/sUBs/MiniFixes/RestoreBFE.exe
    Double click on downloaded file to run the fix.

    Post new FSS log.
     
  3. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    I tried clicking the bleeping computer firewall fix but it said "this does not apply to you"

    Log for scan is below

    GooredFix by jpshortstuff (03.07.10.1)
    Log created at 13:20 on 07/04/2012 (Adam)
    Firefox version 11.0 (en-US)

    ========== GooredScan ==========


    ========== GooredLog ==========

    C:\Program Files (x86)\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [00:30 02/04/2012]
    {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [16:33 06/04/2012]

    C:\Users\Adam\Application Data\Mozilla\Firefox\Profiles\9yl6vuns.default\extensions\
    {4D144BC3-23FB-47de-90C5-63CCB0139CCF} [13:40 04/05/2011]

    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn" [17:39 12/04/2011]

    -=E.O.F=-
     
  4. Broni

    Broni Malware Annihilator Posts: 47,986   +271

  5. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    I downloaded google chrome and tried IE but still got directed.

    Didnt look like the firewall got turned back on but the log is below

    Farbar Service Scanner Version: 01-03-2012
    Ran by Adam (administrator) on 07-04-2012 at 14:18:44
    Running from "C:\Users\Adam\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.

    MpsSvc Service is not running. Checking service configuration:
    The start type of MpsSvc service is OK.
    The ImagePath of MpsSvc service is OK.
    The ServiceDll of MpsSvc service is OK.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Defender:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  6. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Delete your Combofix filer, download fresh one and post new log.
     
  7. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    ComboFix 12-04-07.03 - Adam 04/07/2012 17:14:11.3.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2591 [GMT -4:00]
    Running from: c:\users\Adam\Desktop\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini
    c:\windows\assembly\temp\@
    c:\windows\assembly\temp\cfg.ini
    c:\windows\system32\consrv.dll
    c:\windows\system32\dds_trash_log.cmd
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-07 21:23 . 2012-04-07 21:23 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-06 16:33 . 2012-04-06 16:33 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-04-06 16:23 . 2012-04-06 16:23 -------- d-----w- C:\_OTL
    2012-04-06 15:54 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B64A7FD8-3BF1-4F79-88D8-5B1C320094B0}\mpengine.dll
    2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\users\Adam\AppData\Roaming\Malwarebytes
    2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-02 15:37 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-02 02:10 . 2012-04-02 18:09 -------- d-----w- c:\program files (x86)\ESET
    2012-04-02 00:49 . 2012-04-02 18:17 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-04-02 00:39 . 2012-04-04 16:58 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-14 18:54 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-14 18:54 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-03-14 18:54 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-03-14 17:29 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 17:29 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 17:29 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-14 14:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-14 14:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-14 14:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-14 14:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-14 14:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-14 14:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-14 14:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-06 16:32 . 2011-03-29 02:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-02-23 13:18 . 2011-03-04 17:59 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-02-20 15:00 . 2011-05-17 14:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-30 03:36 . 2012-01-30 03:36 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-01-30 03:36 . 2012-01-30 03:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-01-30 03:36 . 2012-01-30 03:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-01-30 03:36 . 2012-01-30 03:36 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-01-30 03:36 . 2012-01-30 03:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-01-30 03:36 . 2012-01-30 03:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-01-30 03:36 . 2012-01-30 03:36 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-01-30 03:36 . 2012-01-30 03:36 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-01-30 03:36 . 2012-01-30 03:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-01-30 03:36 . 2012-01-30 03:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-01-30 03:36 . 2012-01-30 03:36 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-01-30 03:36 . 2012-01-30 03:36 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-01-30 03:36 . 2012-01-30 03:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-01-30 03:36 . 2012-01-30 03:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-01-30 03:36 . 2012-01-30 03:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-01-30 03:36 . 2012-01-30 03:36 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-01-30 03:36 . 2012-01-30 03:36 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-01-30 03:36 . 2012-01-30 03:36 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-01-30 03:36 . 2012-01-30 03:36 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-01-30 03:36 . 2012-01-30 03:36 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-01-30 03:36 . 2012-01-30 03:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-01-30 03:36 . 2012-01-30 03:36 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-01-30 03:36 . 2012-01-30 03:36 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-01-30 03:36 . 2012-01-30 03:36 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-01-30 03:36 . 2012-01-30 03:36 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-01-30 03:36 . 2012-01-30 03:36 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-01-30 03:36 . 2012-01-30 03:36 603648 ----a-w- c:\windows\system32\vbscript.dll
    2012-01-30 03:36 . 2012-01-30 03:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-01-30 03:36 . 2012-01-30 03:36 448512 ----a-w- c:\windows\system32\html.iec
    2012-01-30 03:36 . 2012-01-30 03:36 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-01-30 03:36 . 2012-01-30 03:36 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-01-30 03:36 . 2012-01-30 03:36 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-01-30 03:36 . 2012-01-30 03:36 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-01-30 03:36 . 2012-01-30 03:36 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2010-10-25 22:48 . 2011-05-02 16:57 8297472 ----a-w- c:\program files (x86)\AcroPro.msi
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-04-05_18.31.15 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-04-07 15:39 . 2012-04-07 17:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040720120408\index.dat
    + 2012-04-06 15:10 . 2012-04-06 15:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040620120407\index.dat
    + 2012-04-06 02:12 . 2012-04-06 02:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040520120406\index.dat
    - 2012-03-31 23:23 . 2012-04-04 23:52 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2012-03-31 23:23 . 2012-04-07 21:08 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2011-03-04 20:06 . 2012-04-07 18:17 56556 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:10 . 2012-04-05 18:12 43796 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-04-07 18:17 43796 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-03-04 19:09 . 2012-04-07 18:17 22516 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-649968626-1217438032-2407564498-1000_UserData.bin
    - 2011-02-26 08:13 . 2012-04-05 18:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-26 08:13 . 2012-04-07 19:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-04-06 17:21 . 2012-04-07 19:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-02-26 08:13 . 2012-04-05 18:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-07 19:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-05 18:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-03-12 14:01 . 2012-04-05 19:06 4808 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    - 2011-03-12 14:01 . 2012-04-05 17:14 4808 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2011-03-11 23:31 . 2012-04-05 18:32 1874 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
    - 2011-03-11 23:31 . 2012-04-05 14:00 1874 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
    - 2012-04-05 18:30 . 2012-04-05 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-04-07 21:24 . 2012-04-07 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-04-07 21:24 . 2012-04-07 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-04-05 18:30 . 2012-04-05 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-10-23 15:47 . 2011-10-03 09:06 157472 c:\windows\SysWOW64\javaws.exe
    + 2012-04-06 16:32 . 2012-04-06 16:32 157472 c:\windows\SysWOW64\javaws.exe
    + 2012-04-06 16:32 . 2012-04-06 16:32 149280 c:\windows\SysWOW64\javaw.exe
    + 2012-04-06 16:32 . 2012-04-06 16:32 149280 c:\windows\SysWOW64\java.exe
    + 2011-04-17 03:08 . 2012-04-07 21:22 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2011-04-17 03:08 . 2012-04-05 18:27 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 04:54 . 2012-04-07 21:22 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-03-04 23:46 . 2012-04-06 20:19 324050 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    - 2009-07-14 02:36 . 2012-04-05 13:40 663184 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-04-06 13:39 663184 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-04-06 13:39 122052 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-04-05 13:40 122052 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:12 . 2012-04-07 19:36 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 05:12 . 2012-04-05 18:10 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 05:01 . 2012-04-05 18:30 403468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-04-07 21:24 403468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-04-06 16:33 . 2012-04-06 16:33 207360 c:\windows\Installer\6f6f3.msi
    + 2009-07-14 04:54 . 2012-04-07 21:22 2490368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-05 18:27 2490368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-03-04 19:06 . 2012-04-04 16:12 5735840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-03-04 19:06 . 2012-04-07 21:24 5735840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    - 2011-03-07 18:24 . 2012-04-05 18:30 3354252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-649968626-1217438032-2407564498-1000-12288.dat
    + 2011-03-07 18:24 . 2012-04-07 21:24 3354252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-649968626-1217438032-2407564498-1000-12288.dat
    + 2012-03-31 23:36 . 2012-04-07 21:24 7790708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    - 2009-07-14 04:54 . 2012-04-05 18:27 10436608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-07 21:22 10436608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-04-06 16:31 . 2012-04-06 16:31 12938752 c:\windows\Installer\6f6e3.msi
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Akamai NetSession Interface"="c:\users\Adam\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
    "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-12-01 121456]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
    S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
    S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-11-21 1248256]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-10-13 17152]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - LAVASOFT_KERNEXPLORER
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-649968626-1217438032-2407564498-1000Core.job
    - c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-07 17:25]
    .
    2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-649968626-1217438032-2407564498-1000UA.job
    - c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-07 17:25]
    .
    2012-03-30 c:\windows\Tasks\HPCeeScheduleForADAM-HP$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    2012-04-07 c:\windows\Tasks\HPCeeScheduleForAdam.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "combofix"="c:\combofix\CF18807.3XE" [2010-11-20 345088]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    adiusbaw
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    LSP: mswsock.dll
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\9yl6vuns.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - user.js: general.useragent.extra.brc -
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\0a\03\0c\13-5u"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\program files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
    c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-07 17:38:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-07 21:38
    ComboFix2.txt 2012-04-05 19:12
    ComboFix3.txt 2012-04-05 18:43
    ComboFix4.txt 2012-04-05 14:10
    ComboFix5.txt 2012-04-07 21:13
    .
    Pre-Run: 377,045,880,832 bytes free
    Post-Run: 376,731,041,792 bytes free
    .
    - - End Of File - - B8C972925C34A8174970EB32AFAA39D1
     
  8. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\combofix\CF18807.3XE
    
    DDS::
    uInternet Settings,ProxyOverride = <local>
    
    Driver::
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"=-
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  9. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    As it did last time we ran this, everything seems to run very smooth with no redirect.

    Its after I restart it again the problems come back. For some reason, it seems to have trouble loading windows on an restart so it goes through its startup repair tool then it starts fine but the problem is back.

    Anyways.. log below

    ComboFix 12-04-04.02 - Adam 04/08/2012 13:36:06.3.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2572 [GMT -4:00]
    Running from: c:\users\Adam\Desktop\ComboFix.exe
    Command switches used :: c:\users\Adam\Desktop\CFScript.txt
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\combofix\CF18807.3XE"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini
    c:\windows\assembly\temp\@
    c:\windows\assembly\temp\cfg.ini
    c:\windows\system32\consrv.dll
    c:\windows\system32\dds_trash_log.cmd
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-08 17:44 . 2012-04-08 17:44 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-06 16:23 . 2012-04-06 16:23 -------- d-----w- C:\_OTL
    2012-04-06 15:54 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B64A7FD8-3BF1-4F79-88D8-5B1C320094B0}\mpengine.dll
    2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\users\Adam\AppData\Roaming\Malwarebytes
    2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-02 02:10 . 2012-04-02 18:09 -------- d-----w- c:\program files (x86)\ESET
    2012-04-02 00:49 . 2012-04-02 18:17 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-04-02 00:39 . 2012-04-04 16:58 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-14 18:54 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-14 18:54 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-03-14 18:54 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-03-14 17:29 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 17:29 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 17:29 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-14 14:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-14 14:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-14 14:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-14 14:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-14 14:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-14 14:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-14 14:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-23 13:18 . 2011-03-04 17:59 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-02-20 15:00 . 2011-05-17 14:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-30 03:36 . 2012-01-30 03:36 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-01-30 03:36 . 2012-01-30 03:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-01-30 03:36 . 2012-01-30 03:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-01-30 03:36 . 2012-01-30 03:36 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-01-30 03:36 . 2012-01-30 03:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-01-30 03:36 . 2012-01-30 03:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-01-30 03:36 . 2012-01-30 03:36 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-01-30 03:36 . 2012-01-30 03:36 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-01-30 03:36 . 2012-01-30 03:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-01-30 03:36 . 2012-01-30 03:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-01-30 03:36 . 2012-01-30 03:36 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-01-30 03:36 . 2012-01-30 03:36 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-01-30 03:36 . 2012-01-30 03:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-01-30 03:36 . 2012-01-30 03:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-01-30 03:36 . 2012-01-30 03:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-01-30 03:36 . 2012-01-30 03:36 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-01-30 03:36 . 2012-01-30 03:36 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-01-30 03:36 . 2012-01-30 03:36 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-01-30 03:36 . 2012-01-30 03:36 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-01-30 03:36 . 2012-01-30 03:36 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-01-30 03:36 . 2012-01-30 03:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-01-30 03:36 . 2012-01-30 03:36 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-01-30 03:36 . 2012-01-30 03:36 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-01-30 03:36 . 2012-01-30 03:36 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-01-30 03:36 . 2012-01-30 03:36 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-01-30 03:36 . 2012-01-30 03:36 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-01-30 03:36 . 2012-01-30 03:36 603648 ----a-w- c:\windows\system32\vbscript.dll
    2012-01-30 03:36 . 2012-01-30 03:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-01-30 03:36 . 2012-01-30 03:36 448512 ----a-w- c:\windows\system32\html.iec
    2012-01-30 03:36 . 2012-01-30 03:36 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-01-30 03:36 . 2012-01-30 03:36 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-01-30 03:36 . 2012-01-30 03:36 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-01-30 03:36 . 2012-01-30 03:36 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-01-30 03:36 . 2012-01-30 03:36 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2010-10-25 22:48 . 2011-05-02 16:57 8297472 ----a-w- c:\program files (x86)\AcroPro.msi
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-04-05_18.31.15 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-04-08 14:39 . 2012-04-08 15:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040820120409\index.dat
    + 2012-04-06 15:10 . 2012-04-06 15:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040620120407\index.dat
    + 2012-04-06 02:12 . 2012-04-06 02:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040520120406\index.dat
    + 2012-03-31 23:23 . 2012-04-08 16:00 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    - 2012-03-31 23:23 . 2012-04-04 23:52 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2011-03-04 20:06 . 2012-04-08 17:28 56556 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:10 . 2012-04-05 18:12 43796 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-04-08 17:28 43796 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-03-04 19:09 . 2012-04-08 17:28 22548 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-649968626-1217438032-2407564498-1000_UserData.bin
    + 2011-07-09 18:45 . 2012-04-08 03:42 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
    - 2011-07-09 18:45 . 2012-04-05 17:43 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
    - 2011-02-26 08:13 . 2012-04-05 18:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-26 08:13 . 2012-04-08 17:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-02-26 08:13 . 2012-04-05 18:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-04-06 17:21 . 2012-04-08 17:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-08 17:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-05 18:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-03-12 14:01 . 2012-04-05 17:14 4808 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2011-03-12 14:01 . 2012-04-05 19:06 4808 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2011-03-11 23:31 . 2012-04-05 18:32 1874 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
    - 2011-03-11 23:31 . 2012-04-05 14:00 1874 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
    - 2012-04-05 18:30 . 2012-04-05 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-04-08 17:46 . 2012-04-08 17:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-04-05 18:30 . 2012-04-05 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-04-08 17:46 . 2012-04-08 17:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-04-17 03:08 . 2012-04-08 17:42 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2011-04-17 03:08 . 2012-04-05 18:27 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 04:54 . 2012-04-08 17:42 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-03-04 23:46 . 2012-04-07 23:12 325682 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    - 2009-07-14 02:36 . 2012-04-05 13:40 663184 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-04-06 13:39 663184 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-04-06 13:39 122052 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-04-05 13:40 122052 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:38 . 2012-04-08 07:47 262144 c:\windows\system32\config\systemprofile\ntuser.dat
    - 2009-07-14 05:38 . 2012-04-05 22:09 262144 c:\windows\system32\config\systemprofile\ntuser.dat
    - 2009-07-14 05:12 . 2012-04-05 18:10 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 05:12 . 2012-04-08 17:26 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 05:01 . 2012-04-08 17:45 403468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-04-05 18:30 403468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 04:54 . 2012-04-08 17:42 2490368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-05 18:27 2490368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-03-04 19:06 . 2012-04-04 16:12 5735840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-03-04 19:06 . 2012-04-08 04:20 5735840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-03-07 18:24 . 2012-04-08 17:45 3354252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-649968626-1217438032-2407564498-1000-12288.dat
    - 2011-03-07 18:24 . 2012-04-05 18:30 3354252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-649968626-1217438032-2407564498-1000-12288.dat
    + 2012-03-31 23:36 . 2012-04-08 16:02 7853880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    + 2009-07-14 04:54 . 2012-04-08 17:42 10436608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-05 18:27 10436608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Akamai NetSession Interface"="c:\users\Adam\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-12-01 121456]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
    S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
    S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-11-21 1248256]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-10-13 17152]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - LAVASOFT_KERNEXPLORER
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-30 c:\windows\Tasks\HPCeeScheduleForADAM-HP$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    2012-04-08 c:\windows\Tasks\HPCeeScheduleForAdam.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "combofix"="c:\combofix\CF28729.3XE" [2010-11-20 345088]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    adiusbaw
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    LSP: mswsock.dll
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\9yl6vuns.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - user.js: general.useragent.extra.brc -
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\0a\03\0c\13-5u"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\program files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
    c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-08 13:59:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-08 17:59
    ComboFix2.txt 2012-04-07 21:38
    ComboFix3.txt 2012-04-05 19:12
    ComboFix4.txt 2012-04-05 18:43
    ComboFix5.txt 2012-04-08 17:34
    .
    Pre-Run: 379,202,256,896 bytes free
    Post-Run: 378,921,598,976 bytes free
    .
    - - End Of File - - 68AD040BBABB3D14603E9F6CCFD8CADD
     
  10. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Please re-run Combofix one more time (no custom script needed).
     
  11. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    Redirect still happening

    ComboFix 12-04-04.02 - Adam 04/08/2012 15:22:14.4.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2362 [GMT -4:00]
    Running from: c:\users\Adam\Desktop\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\assembly\temp\cfg.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-08 19:27 . 2012-04-08 19:27 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-04-08 19:26 . 2012-04-08 19:26 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-06 16:23 . 2012-04-06 16:23 -------- d-----w- C:\_OTL
    2012-04-06 15:54 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B64A7FD8-3BF1-4F79-88D8-5B1C320094B0}\mpengine.dll
    2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\users\Adam\AppData\Roaming\Malwarebytes
    2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-02 02:10 . 2012-04-02 18:09 -------- d-----w- c:\program files (x86)\ESET
    2012-04-02 00:49 . 2012-04-02 18:17 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-04-02 00:39 . 2012-04-04 16:58 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-14 18:54 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-14 18:54 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-03-14 18:54 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-03-14 17:29 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 17:29 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 17:29 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-14 14:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-14 14:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-14 14:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-14 14:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-14 14:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-14 14:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-14 14:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-23 13:18 . 2011-03-04 17:59 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-02-20 15:00 . 2011-05-17 14:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-30 03:36 . 2012-01-30 03:36 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-01-30 03:36 . 2012-01-30 03:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-01-30 03:36 . 2012-01-30 03:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-01-30 03:36 . 2012-01-30 03:36 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-01-30 03:36 . 2012-01-30 03:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-01-30 03:36 . 2012-01-30 03:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-01-30 03:36 . 2012-01-30 03:36 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-01-30 03:36 . 2012-01-30 03:36 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-01-30 03:36 . 2012-01-30 03:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-01-30 03:36 . 2012-01-30 03:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-01-30 03:36 . 2012-01-30 03:36 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-01-30 03:36 . 2012-01-30 03:36 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-01-30 03:36 . 2012-01-30 03:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-01-30 03:36 . 2012-01-30 03:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-01-30 03:36 . 2012-01-30 03:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-01-30 03:36 . 2012-01-30 03:36 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-01-30 03:36 . 2012-01-30 03:36 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-01-30 03:36 . 2012-01-30 03:36 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-01-30 03:36 . 2012-01-30 03:36 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-01-30 03:36 . 2012-01-30 03:36 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-01-30 03:36 . 2012-01-30 03:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-01-30 03:36 . 2012-01-30 03:36 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-01-30 03:36 . 2012-01-30 03:36 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-01-30 03:36 . 2012-01-30 03:36 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-01-30 03:36 . 2012-01-30 03:36 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-01-30 03:36 . 2012-01-30 03:36 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-01-30 03:36 . 2012-01-30 03:36 603648 ----a-w- c:\windows\system32\vbscript.dll
    2012-01-30 03:36 . 2012-01-30 03:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-01-30 03:36 . 2012-01-30 03:36 448512 ----a-w- c:\windows\system32\html.iec
    2012-01-30 03:36 . 2012-01-30 03:36 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-01-30 03:36 . 2012-01-30 03:36 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-01-30 03:36 . 2012-01-30 03:36 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-01-30 03:36 . 2012-01-30 03:36 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-01-30 03:36 . 2012-01-30 03:36 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2010-10-25 22:48 . 2011-05-02 16:57 8297472 ----a-w- c:\program files (x86)\AcroPro.msi
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-04-05_18.31.15 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-04-08 14:39 . 2012-04-08 15:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040820120409\index.dat
    + 2012-04-06 15:10 . 2012-04-06 15:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040620120407\index.dat
    + 2012-04-06 02:12 . 2012-04-06 02:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040520120406\index.dat
    + 2012-03-31 23:23 . 2012-04-08 16:00 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    - 2012-03-31 23:23 . 2012-04-04 23:52 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2011-03-04 20:06 . 2012-04-08 17:28 56556 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:10 . 2012-04-05 18:12 43796 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-04-08 19:14 43796 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-03-04 19:09 . 2012-04-08 19:14 22580 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-649968626-1217438032-2407564498-1000_UserData.bin
    + 2011-07-09 18:45 . 2012-04-08 18:38 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
    - 2011-07-09 18:45 . 2012-04-05 17:43 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
    - 2011-02-26 08:13 . 2012-04-05 18:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-26 08:13 . 2012-04-08 19:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-02-26 08:13 . 2012-04-05 18:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-04-06 17:21 . 2012-04-08 19:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-08 19:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-05 18:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-03-12 14:01 . 2012-04-05 17:14 4808 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2011-03-12 14:01 . 2012-04-05 19:06 4808 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2011-03-11 23:31 . 2012-04-05 18:32 1874 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
    - 2011-03-11 23:31 . 2012-04-05 14:00 1874 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
    - 2012-04-05 18:30 . 2012-04-05 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-04-08 19:27 . 2012-04-08 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-04-05 18:30 . 2012-04-05 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-04-08 19:27 . 2012-04-08 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-04-17 03:08 . 2012-04-08 19:12 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2011-04-17 03:08 . 2012-04-05 18:27 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 04:54 . 2012-04-08 19:12 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-03-04 23:46 . 2012-04-07 23:12 325682 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    - 2009-07-14 02:36 . 2012-04-05 13:40 663184 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-04-06 13:39 663184 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-04-06 13:39 122052 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-04-05 13:40 122052 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:38 . 2012-04-08 22:59 262144 c:\windows\system32\config\systemprofile\ntuser.dat
    - 2009-07-14 05:38 . 2012-04-05 22:09 262144 c:\windows\system32\config\systemprofile\ntuser.dat
    - 2009-07-14 05:12 . 2012-04-05 18:10 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 05:12 . 2012-04-08 19:12 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 05:01 . 2012-04-08 19:27 403468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-04-05 18:30 403468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 04:54 . 2012-04-08 19:12 2490368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-05 18:27 2490368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-03-04 19:06 . 2012-04-04 16:12 5735840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-03-04 19:06 . 2012-04-08 04:20 5735840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-03-07 18:24 . 2012-04-08 19:27 3354252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-649968626-1217438032-2407564498-1000-12288.dat
    - 2011-03-07 18:24 . 2012-04-05 18:30 3354252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-649968626-1217438032-2407564498-1000-12288.dat
    + 2012-03-31 23:36 . 2012-04-08 16:02 7853880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    + 2009-07-14 04:54 . 2012-04-08 19:12 10436608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-05 18:27 10436608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Akamai NetSession Interface"="c:\users\Adam\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-12-01 121456]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-11-21 1248256]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
    S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-10-13 17152]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
    .
    2012-03-30 c:\windows\Tasks\HPCeeScheduleForADAM-HP$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    2012-04-08 c:\windows\Tasks\HPCeeScheduleForAdam.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "combofix"="c:\combofix\CF16675.3XE" [2010-11-20 345088]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    adiusbaw
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    LSP: mswsock.dll
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\9yl6vuns.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - user.js: general.useragent.extra.brc -
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\0a\03\0c\13-5u"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\program files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-08 15:33:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-08 19:33
    ComboFix2.txt 2012-04-08 19:18
    ComboFix3.txt 2012-04-08 17:59
    ComboFix4.txt 2012-04-07 21:38
    ComboFix5.txt 2012-04-08 19:21
    .
    Pre-Run: 378,471,964,672 bytes free
    Post-Run: 378,413,010,944 bytes free
    .
    - - End Of File - - A1D547A1F6DF37AAECE259D56F676701
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Please re-run TDSSKiller one more time.
     
  13. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    16:30:41.0232 4816 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
    16:30:41.0700 4816 ============================================================
    16:30:41.0700 4816 Current date / time: 2012/04/08 16:30:41.0700
    16:30:41.0700 4816 SystemInfo:
    16:30:41.0700 4816
    16:30:41.0700 4816 OS Version: 6.1.7601 ServicePack: 1.0
    16:30:41.0700 4816 Product type: Workstation
    16:30:41.0700 4816 ComputerName: ADAM-HP
    16:30:41.0700 4816 UserName: Adam
    16:30:41.0700 4816 Windows directory: C:\Windows
    16:30:41.0700 4816 System windows directory: C:\Windows
    16:30:41.0700 4816 Running under WOW64
    16:30:41.0700 4816 Processor architecture: Intel x64
    16:30:41.0700 4816 Number of processors: 2
    16:30:41.0700 4816 Page size: 0x1000
    16:30:41.0700 4816 Boot type: Normal boot
    16:30:41.0700 4816 ============================================================
    16:30:42.0870 4816 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:30:42.0870 4816 \Device\Harddisk0\DR0:
    16:30:42.0870 4816 MBR used
    16:30:42.0870 4816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    16:30:42.0870 4816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x387C3000
    16:30:42.0870 4816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x387F5800, BlocksNum 0x1B90000
    16:30:42.0950 4816 Initialize success
    16:30:42.0950 4816 ============================================================
    16:30:44.0327 4964 ============================================================
    16:30:44.0327 4964 Scan started
    16:30:44.0327 4964 Mode: Manual;
    16:30:44.0327 4964 ============================================================
    16:30:46.0230 4964 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    16:30:46.0246 4964 1394ohci - ok
    16:30:46.0277 4964 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    16:30:46.0277 4964 ACPI - ok
    16:30:46.0308 4964 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    16:30:46.0308 4964 AcpiPmi - ok
    16:30:46.0355 4964 ACPIService (de7e8d852a806be6091983838bf9697f) C:\Windows\system32\DRIVERS\OSDACPI.SYS
    16:30:46.0355 4964 ACPIService - ok
    16:30:46.0433 4964 adiusbaw (5f22132c9153639762708909f156b33d) C:\Windows\system32\kraidsvc.dll
    16:30:46.0433 4964 adiusbaw ( Backdoor.Multi.ZAccess.gen ) - infected
    16:30:46.0433 4964 adiusbaw - detected Backdoor.Multi.ZAccess.gen (0)
    16:30:46.0480 4964 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    16:30:46.0480 4964 adp94xx - ok
    16:30:46.0511 4964 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    16:30:46.0511 4964 adpahci - ok
    16:30:46.0526 4964 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    16:30:46.0526 4964 adpu320 - ok
    16:30:46.0558 4964 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    16:30:46.0558 4964 AeLookupSvc - ok
    16:30:46.0636 4964 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
    16:30:46.0636 4964 AERTFilters - ok
    16:30:46.0698 4964 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    16:30:46.0698 4964 AFD - ok
    16:30:46.0729 4964 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    16:30:46.0729 4964 agp440 - ok
    16:30:46.0760 4964 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    16:30:46.0760 4964 ALG - ok
    16:30:46.0776 4964 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    16:30:46.0776 4964 aliide - ok
    16:30:46.0807 4964 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe
    16:30:46.0807 4964 AMD External Events Utility - ok
    16:30:46.0823 4964 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    16:30:46.0823 4964 amdide - ok
    16:30:46.0838 4964 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    16:30:46.0838 4964 AmdK8 - ok
    16:30:46.0979 4964 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
    16:30:47.0088 4964 amdkmdag - ok
    16:30:47.0135 4964 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
    16:30:47.0135 4964 amdkmdap - ok
    16:30:47.0197 4964 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    16:30:47.0197 4964 AmdPPM - ok
    16:30:47.0213 4964 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys
    16:30:47.0213 4964 amdsata - ok
    16:30:47.0244 4964 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    16:30:47.0244 4964 amdsbs - ok
    16:30:47.0266 4964 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys
    16:30:47.0266 4964 amdxata - ok
    16:30:47.0297 4964 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    16:30:47.0297 4964 AppID - ok
    16:30:47.0312 4964 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    16:30:47.0328 4964 AppIDSvc - ok
    16:30:47.0390 4964 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    16:30:47.0406 4964 Appinfo - ok
    16:30:47.0734 4964 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    16:30:47.0734 4964 Apple Mobile Device - ok
    16:30:47.0874 4964 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    16:30:47.0874 4964 arc - ok
    16:30:47.0890 4964 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    16:30:47.0890 4964 arcsas - ok
    16:30:47.0983 4964 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    16:30:47.0999 4964 aspnet_state - ok
    16:30:48.0030 4964 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    16:30:48.0030 4964 AsyncMac - ok
    16:30:48.0092 4964 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    16:30:48.0092 4964 atapi - ok
    16:30:48.0139 4964 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
    16:30:48.0139 4964 AtiPcie - ok
    16:30:48.0217 4964 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    16:30:48.0217 4964 AudioEndpointBuilder - ok
    16:30:48.0233 4964 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    16:30:48.0233 4964 AudioSrv - ok
    16:30:48.0264 4964 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    16:30:48.0264 4964 AxInstSV - ok
    16:30:48.0295 4964 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    16:30:48.0295 4964 b06bdrv - ok
    16:30:48.0326 4964 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    16:30:48.0326 4964 b57nd60a - ok
    16:30:48.0342 4964 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    16:30:48.0358 4964 BDESVC - ok
    16:30:48.0373 4964 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    16:30:48.0373 4964 Beep - ok
    16:30:48.0436 4964 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    16:30:48.0451 4964 BFE - ok
    16:30:48.0482 4964 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
    16:30:48.0482 4964 BITS - ok
    16:30:48.0498 4964 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    16:30:48.0498 4964 blbdrive - ok
    16:30:48.0592 4964 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    16:30:48.0592 4964 Bonjour Service - ok
    16:30:48.0638 4964 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    16:30:48.0638 4964 bowser - ok
    16:30:48.0654 4964 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    16:30:48.0654 4964 BrFiltLo - ok
    16:30:48.0670 4964 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    16:30:48.0670 4964 BrFiltUp - ok
    16:30:48.0716 4964 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    16:30:48.0732 4964 BridgeMP - ok
    16:30:48.0763 4964 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    16:30:48.0763 4964 Browser - ok
    16:30:48.0779 4964 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    16:30:48.0779 4964 Brserid - ok
    16:30:48.0794 4964 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    16:30:48.0810 4964 BrSerWdm - ok
    16:30:48.0810 4964 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    16:30:48.0826 4964 BrUsbMdm - ok
    16:30:48.0826 4964 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    16:30:48.0826 4964 BrUsbSer - ok
    16:30:48.0841 4964 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    16:30:48.0841 4964 BTHMODEM - ok
    16:30:48.0904 4964 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    16:30:48.0904 4964 bthserv - ok
    16:30:48.0950 4964 catchme - ok
    16:30:48.0966 4964 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    16:30:48.0966 4964 cdfs - ok
    16:30:49.0013 4964 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    16:30:49.0028 4964 cdrom - ok
    16:30:49.0075 4964 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    16:30:49.0075 4964 CertPropSvc - ok
    16:30:49.0122 4964 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    16:30:49.0122 4964 circlass - ok
    16:30:49.0138 4964 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    16:30:49.0153 4964 CLFS - ok
    16:30:49.0184 4964 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:30:49.0184 4964 clr_optimization_v2.0.50727_32 - ok
    16:30:49.0231 4964 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    16:30:49.0231 4964 clr_optimization_v2.0.50727_64 - ok
    16:30:49.0309 4964 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:30:49.0309 4964 clr_optimization_v4.0.30319_32 - ok
    16:30:49.0340 4964 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    16:30:49.0340 4964 clr_optimization_v4.0.30319_64 - ok
    16:30:49.0403 4964 clwvd (d68d9f4d53010b7e84d4e80a2e485554) C:\Windows\system32\DRIVERS\clwvd.sys
    16:30:49.0403 4964 clwvd - ok
    16:30:49.0434 4964 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    16:30:49.0450 4964 CmBatt - ok
    16:30:49.0465 4964 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    16:30:49.0465 4964 cmdide - ok
    16:30:49.0496 4964 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    16:30:49.0496 4964 CNG - ok
    16:30:49.0512 4964 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    16:30:49.0528 4964 Compbatt - ok
    16:30:49.0574 4964 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    16:30:49.0574 4964 CompositeBus - ok
    16:30:49.0606 4964 COMSysApp - ok
    16:30:49.0652 4964 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    16:30:49.0652 4964 crcdisk - ok
    16:30:49.0715 4964 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    16:30:49.0715 4964 CryptSvc - ok
    16:30:49.0777 4964 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    16:30:49.0793 4964 DcomLaunch - ok
    16:30:49.0824 4964 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    16:30:49.0840 4964 defragsvc - ok
    16:30:49.0886 4964 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    16:30:49.0886 4964 DfsC - ok
    16:30:49.0918 4964 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    16:30:49.0918 4964 Dhcp - ok
    16:30:49.0933 4964 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    16:30:49.0933 4964 discache - ok
    16:30:49.0996 4964 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    16:30:49.0996 4964 Disk - ok
    16:30:50.0011 4964 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    16:30:50.0027 4964 Dnscache - ok
    16:30:50.0058 4964 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    16:30:50.0058 4964 dot3svc - ok
    16:30:50.0120 4964 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    16:30:50.0120 4964 Dot4 - ok
    16:30:50.0183 4964 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
    16:30:50.0183 4964 Dot4Print - ok
    16:30:50.0198 4964 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    16:30:50.0198 4964 dot4usb - ok
    16:30:50.0230 4964 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    16:30:50.0245 4964 DPS - ok
    16:30:50.0276 4964 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    16:30:50.0276 4964 drmkaud - ok
    16:30:50.0354 4964 DTSRVC (b1b7de1ea520c84ab689be8c964fb850) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    16:30:50.0354 4964 DTSRVC - ok
    16:30:50.0401 4964 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    16:30:50.0417 4964 DXGKrnl - ok
    16:30:50.0479 4964 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    16:30:50.0479 4964 EapHost - ok
    16:30:50.0573 4964 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    16:30:50.0635 4964 ebdrv - ok
    16:30:50.0651 4964 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    16:30:50.0651 4964 EFS - ok
    16:30:50.0698 4964 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    16:30:50.0698 4964 ehRecvr - ok
    16:30:50.0729 4964 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    16:30:50.0729 4964 ehSched - ok
    16:30:50.0791 4964 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    16:30:50.0791 4964 elxstor - ok
    16:30:50.0838 4964 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    16:30:50.0838 4964 ErrDev - ok
    16:30:50.0900 4964 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    16:30:50.0916 4964 EventSystem - ok
    16:30:50.0932 4964 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    16:30:50.0932 4964 exfat - ok
    16:30:50.0963 4964 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    16:30:50.0963 4964 fastfat - ok
    16:30:51.0025 4964 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    16:30:51.0041 4964 Fax - ok
    16:30:51.0056 4964 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    16:30:51.0056 4964 fdc - ok
    16:30:51.0103 4964 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    16:30:51.0103 4964 fdPHost - ok
    16:30:51.0119 4964 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    16:30:51.0119 4964 FDResPub - ok
    16:30:51.0166 4964 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    16:30:51.0166 4964 FileInfo - ok
    16:30:51.0181 4964 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    16:30:51.0181 4964 Filetrace - ok
    16:30:51.0197 4964 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    16:30:51.0197 4964 flpydisk - ok
    16:30:51.0244 4964 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    16:30:51.0244 4964 FltMgr - ok
    16:30:51.0306 4964 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    16:30:51.0337 4964 FontCache - ok
    16:30:51.0400 4964 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    16:30:51.0400 4964 FontCache3.0.0.0 - ok
    16:30:51.0431 4964 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    16:30:51.0431 4964 FsDepends - ok
    16:30:51.0446 4964 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    16:30:51.0446 4964 Fs_Rec - ok
    16:30:51.0509 4964 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    16:30:51.0509 4964 fvevol - ok
    16:30:51.0556 4964 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    16:30:51.0571 4964 gagp30kx - ok
    16:30:51.0634 4964 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    16:30:51.0634 4964 GEARAspiWDM - ok
    16:30:51.0665 4964 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    16:30:51.0680 4964 gpsvc - ok
    16:30:51.0712 4964 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    16:30:51.0712 4964 hcw85cir - ok
    16:30:51.0774 4964 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    16:30:51.0790 4964 HdAudAddService - ok
    16:30:51.0836 4964 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    16:30:51.0836 4964 HDAudBus - ok
    16:30:51.0852 4964 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    16:30:51.0852 4964 HidBatt - ok
    16:30:51.0883 4964 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    16:30:51.0883 4964 HidBth - ok
    16:30:51.0914 4964 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    16:30:51.0914 4964 HidIr - ok
    16:30:51.0930 4964 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    16:30:51.0946 4964 hidserv - ok
    16:30:51.0961 4964 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    16:30:51.0961 4964 HidUsb - ok
    16:30:51.0992 4964 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    16:30:51.0992 4964 hkmsvc - ok
    16:30:52.0024 4964 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    16:30:52.0024 4964 HomeGroupListener - ok
    16:30:52.0070 4964 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    16:30:52.0070 4964 HomeGroupProvider - ok
    16:30:52.0180 4964 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    16:30:52.0180 4964 HP Support Assistant Service - ok
    16:30:52.0226 4964 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    16:30:52.0226 4964 HPClientSvc - ok
    16:30:52.0242 4964 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    16:30:52.0242 4964 HPDrvMntSvc.exe - ok
    16:30:52.0273 4964 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    16:30:52.0273 4964 hpqwmiex - ok
    16:30:52.0382 4964 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    16:30:52.0382 4964 HpSAMD - ok
    16:30:52.0460 4964 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    16:30:52.0476 4964 HTTP - ok
    16:30:52.0538 4964 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    16:30:52.0538 4964 hwpolicy - ok
    16:30:52.0585 4964 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    16:30:52.0585 4964 i8042prt - ok
    16:30:52.0663 4964 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    16:30:52.0663 4964 iaStorV - ok
    16:30:52.0757 4964 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    16:30:52.0772 4964 idsvc - ok
    16:30:52.0804 4964 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    16:30:52.0804 4964 iirsp - ok
    16:30:52.0913 4964 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    16:30:52.0944 4964 IKEEXT - ok
    16:30:53.0162 4964 IntcAzAudAddService (cb5fd9b681ad43b560490b5283ddc1c1) C:\Windows\system32\drivers\RTKVHD64.sys
    16:30:53.0178 4964 IntcAzAudAddService - ok
    16:30:53.0194 4964 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    16:30:53.0194 4964 intelide - ok
    16:30:53.0240 4964 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    16:30:53.0256 4964 intelppm - ok
    16:30:53.0272 4964 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    16:30:53.0287 4964 IPBusEnum - ok
    16:30:53.0318 4964 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:30:53.0318 4964 IpFilterDriver - ok
    16:30:53.0412 4964 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    16:30:53.0428 4964 iphlpsvc - ok
    16:30:53.0459 4964 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    16:30:53.0459 4964 IPMIDRV - ok
    16:30:53.0474 4964 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    16:30:53.0474 4964 IPNAT - ok
    16:30:53.0552 4964 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
    16:30:53.0552 4964 iPod Service - ok
    16:30:53.0615 4964 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    16:30:53.0615 4964 IRENUM - ok
    16:30:53.0630 4964 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    16:30:53.0630 4964 isapnp - ok
    16:30:53.0646 4964 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    16:30:53.0646 4964 iScsiPrt - ok
    16:30:53.0677 4964 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    16:30:53.0677 4964 kbdclass - ok
    16:30:53.0708 4964 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    16:30:53.0708 4964 kbdhid - ok
    16:30:53.0740 4964 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    16:30:53.0740 4964 KeyIso - ok
    16:30:53.0755 4964 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    16:30:53.0755 4964 KSecDD - ok
    16:30:53.0771 4964 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    16:30:53.0771 4964 KSecPkg - ok
    16:30:53.0786 4964 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    16:30:53.0786 4964 ksthunk - ok
    16:30:53.0833 4964 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    16:30:53.0849 4964 KtmRm - ok
    16:30:53.0927 4964 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
    16:30:53.0927 4964 LanmanServer - ok
    16:30:53.0974 4964 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    16:30:53.0974 4964 LanmanWorkstation - ok
    16:30:54.0130 4964 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    16:30:54.0145 4964 Lavasoft Ad-Aware Service - ok
    16:30:54.0208 4964 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
    16:30:54.0208 4964 Lbd - ok
    16:30:54.0286 4964 LightScribeService (b1e1c8bb1392537e4d415fcdcb93b1d3) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    16:30:54.0286 4964 LightScribeService - ok
    16:30:54.0348 4964 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    16:30:54.0348 4964 lltdio - ok
    16:30:54.0410 4964 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    16:30:54.0410 4964 lltdsvc - ok
    16:30:54.0442 4964 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    16:30:54.0442 4964 lmhosts - ok
    16:30:54.0473 4964 lmzkntba (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\lmzkntba.sys
    16:30:54.0473 4964 lmzkntba - ok
    16:30:54.0520 4964 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    16:30:54.0520 4964 LSI_FC - ok
    16:30:54.0535 4964 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    16:30:54.0551 4964 LSI_SAS - ok
    16:30:54.0566 4964 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    16:30:54.0566 4964 LSI_SAS2 - ok
    16:30:54.0566 4964 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    16:30:54.0582 4964 LSI_SCSI - ok
    16:30:54.0598 4964 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    16:30:54.0598 4964 luafv - ok
    16:30:54.0644 4964 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    16:30:54.0644 4964 Mcx2Svc - ok
    16:30:54.0676 4964 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    16:30:54.0676 4964 megasas - ok
     
  14. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    16:30:54.0691 4964 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    16:30:54.0691 4964 MegaSR - ok
    16:30:54.0785 4964 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    16:30:54.0785 4964 Microsoft Office Groove Audit Service - ok
    16:30:54.0816 4964 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    16:30:54.0816 4964 MMCSS - ok
    16:30:54.0847 4964 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    16:30:54.0847 4964 Modem - ok
    16:30:54.0863 4964 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    16:30:54.0863 4964 monitor - ok
    16:30:54.0925 4964 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    16:30:54.0925 4964 mouclass - ok
    16:30:54.0988 4964 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    16:30:54.0988 4964 mouhid - ok
    16:30:55.0206 4964 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    16:30:55.0222 4964 mountmgr - ok
    16:30:55.0253 4964 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    16:30:55.0253 4964 mpio - ok
    16:30:55.0284 4964 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    16:30:55.0284 4964 mpsdrv - ok
    16:30:55.0378 4964 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    16:30:55.0393 4964 MpsSvc - ok
    16:30:55.0440 4964 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    16:30:55.0440 4964 MRxDAV - ok
    16:30:55.0487 4964 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:30:55.0487 4964 mrxsmb - ok
    16:30:55.0534 4964 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:30:55.0534 4964 mrxsmb10 - ok
    16:30:55.0565 4964 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:30:55.0565 4964 mrxsmb20 - ok
    16:30:55.0596 4964 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    16:30:55.0596 4964 msahci - ok
    16:30:55.0643 4964 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    16:30:55.0643 4964 msdsm - ok
    16:30:55.0658 4964 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    16:30:55.0658 4964 MSDTC - ok
    16:30:55.0721 4964 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    16:30:55.0721 4964 Msfs - ok
    16:30:55.0736 4964 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    16:30:55.0736 4964 mshidkmdf - ok
    16:30:55.0768 4964 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    16:30:55.0768 4964 msisadrv - ok
    16:30:55.0830 4964 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    16:30:55.0830 4964 MSiSCSI - ok
    16:30:55.0846 4964 msiserver - ok
    16:30:55.0892 4964 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    16:30:55.0892 4964 MSKSSRV - ok
    16:30:55.0924 4964 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    16:30:55.0939 4964 MSPCLOCK - ok
    16:30:55.0955 4964 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    16:30:55.0955 4964 MSPQM - ok
    16:30:55.0986 4964 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    16:30:56.0002 4964 MsRPC - ok
    16:30:56.0017 4964 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    16:30:56.0017 4964 mssmbios - ok
    16:30:56.0033 4964 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    16:30:56.0033 4964 MSTEE - ok
    16:30:56.0048 4964 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    16:30:56.0048 4964 MTConfig - ok
    16:30:56.0064 4964 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    16:30:56.0064 4964 Mup - ok
    16:30:56.0111 4964 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    16:30:56.0111 4964 napagent - ok
    16:30:56.0189 4964 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    16:30:56.0189 4964 NativeWifiP - ok
    16:30:56.0282 4964 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    16:30:56.0298 4964 NDIS - ok
    16:30:56.0376 4964 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    16:30:56.0376 4964 NdisCap - ok
    16:30:56.0423 4964 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    16:30:56.0423 4964 NdisTapi - ok
    16:30:56.0470 4964 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    16:30:56.0470 4964 Ndisuio - ok
    16:30:56.0516 4964 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    16:30:56.0516 4964 NdisWan - ok
    16:30:56.0548 4964 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    16:30:56.0548 4964 NDProxy - ok
    16:30:56.0610 4964 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
    16:30:56.0626 4964 Net Driver HPZ12 - ok
    16:30:56.0641 4964 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    16:30:56.0641 4964 NetBIOS - ok
    16:30:56.0672 4964 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    16:30:56.0688 4964 NetBT - ok
    16:30:56.0704 4964 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    16:30:56.0704 4964 Netlogon - ok
    16:30:56.0766 4964 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    16:30:56.0782 4964 Netman - ok
    16:30:56.0875 4964 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:30:56.0891 4964 NetMsmqActivator - ok
    16:30:56.0906 4964 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:30:56.0906 4964 NetPipeActivator - ok
    16:30:56.0938 4964 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    16:30:56.0938 4964 netprofm - ok
    16:30:57.0016 4964 netr28x (1982b291df9833fb3adc397ebd310a18) C:\Windows\system32\DRIVERS\netr28x.sys
    16:30:57.0031 4964 netr28x - ok
    16:30:57.0047 4964 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:30:57.0047 4964 NetTcpActivator - ok
    16:30:57.0062 4964 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:30:57.0062 4964 NetTcpPortSharing - ok
    16:30:57.0109 4964 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    16:30:57.0109 4964 nfrd960 - ok
    16:30:57.0172 4964 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    16:30:57.0187 4964 NlaSvc - ok
    16:30:57.0203 4964 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    16:30:57.0203 4964 Npfs - ok
    16:30:57.0218 4964 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    16:30:57.0218 4964 nsi - ok
    16:30:57.0234 4964 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    16:30:57.0234 4964 nsiproxy - ok
    16:30:57.0296 4964 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    16:30:57.0343 4964 Ntfs - ok
    16:30:57.0359 4964 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    16:30:57.0359 4964 Null - ok
    16:30:57.0406 4964 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    16:30:57.0421 4964 nvraid - ok
    16:30:57.0468 4964 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    16:30:57.0468 4964 nvstor - ok
    16:30:57.0484 4964 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    16:30:57.0499 4964 nv_agp - ok
    16:30:57.0546 4964 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    16:30:57.0562 4964 odserv - ok
    16:30:57.0593 4964 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    16:30:57.0608 4964 ohci1394 - ok
    16:30:57.0671 4964 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:30:57.0671 4964 ose - ok
    16:30:57.0718 4964 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    16:30:57.0733 4964 p2pimsvc - ok
    16:30:57.0764 4964 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    16:30:57.0780 4964 p2psvc - ok
    16:30:57.0827 4964 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    16:30:57.0842 4964 Parport - ok
    16:30:57.0874 4964 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    16:30:57.0874 4964 partmgr - ok
    16:30:57.0889 4964 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    16:30:57.0889 4964 PcaSvc - ok
    16:30:57.0936 4964 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    16:30:57.0936 4964 pci - ok
    16:30:57.0967 4964 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    16:30:57.0967 4964 pciide - ok
    16:30:57.0967 4964 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    16:30:57.0983 4964 pcmcia - ok
    16:30:57.0983 4964 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    16:30:57.0998 4964 pcw - ok
    16:30:58.0014 4964 PdiService (0a098df98ec8facaa30bd7db4c7aea06) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    16:30:58.0014 4964 PdiService - ok
    16:30:58.0045 4964 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    16:30:58.0061 4964 PEAUTH - ok
    16:30:58.0092 4964 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    16:30:58.0092 4964 PerfHost - ok
    16:30:58.0295 4964 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    16:30:58.0310 4964 pla - ok
    16:30:58.0373 4964 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    16:30:58.0388 4964 PlugPlay - ok
    16:30:58.0435 4964 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
    16:30:58.0435 4964 Pml Driver HPZ12 - ok
    16:30:58.0451 4964 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    16:30:58.0451 4964 PNRPAutoReg - ok
    16:30:58.0466 4964 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    16:30:58.0482 4964 PNRPsvc - ok
    16:30:58.0529 4964 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    16:30:58.0529 4964 PolicyAgent - ok
    16:30:58.0560 4964 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    16:30:58.0560 4964 Power - ok
    16:30:58.0638 4964 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    16:30:58.0638 4964 PptpMiniport - ok
    16:30:58.0669 4964 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    16:30:58.0685 4964 Processor - ok
    16:30:58.0716 4964 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    16:30:58.0732 4964 ProfSvc - ok
    16:30:58.0747 4964 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    16:30:58.0763 4964 ProtectedStorage - ok
    16:30:58.0794 4964 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    16:30:58.0794 4964 Psched - ok
    16:30:58.0919 4964 QBCFMonitorService (91195091f449699b176fe1305dad40da) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    16:30:58.0919 4964 QBCFMonitorService - ok
    16:30:58.0981 4964 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    16:30:58.0981 4964 QBFCService - ok
    16:30:59.0044 4964 QBVSS (0c7b65c8743442a37152fcfac5f7d16a) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    16:30:59.0059 4964 QBVSS - ok
    16:30:59.0137 4964 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    16:30:59.0168 4964 ql2300 - ok
    16:30:59.0200 4964 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    16:30:59.0200 4964 ql40xx - ok
    16:30:59.0215 4964 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    16:30:59.0231 4964 QWAVE - ok
    16:30:59.0246 4964 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    16:30:59.0246 4964 QWAVEdrv - ok
    16:30:59.0262 4964 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    16:30:59.0262 4964 RasAcd - ok
    16:30:59.0324 4964 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    16:30:59.0324 4964 RasAgileVpn - ok
    16:30:59.0340 4964 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    16:30:59.0356 4964 RasAuto - ok
    16:30:59.0387 4964 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:30:59.0402 4964 Rasl2tp - ok
    16:30:59.0434 4964 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    16:30:59.0449 4964 RasMan - ok
    16:30:59.0465 4964 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    16:30:59.0465 4964 RasPppoe - ok
    16:30:59.0512 4964 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    16:30:59.0512 4964 RasSstp - ok
    16:30:59.0543 4964 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    16:30:59.0543 4964 rdbss - ok
    16:30:59.0558 4964 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    16:30:59.0558 4964 rdpbus - ok
    16:30:59.0574 4964 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:30:59.0574 4964 RDPCDD - ok
    16:30:59.0668 4964 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    16:30:59.0668 4964 RDPENCDD - ok
    16:30:59.0683 4964 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    16:30:59.0683 4964 RDPREFMP - ok
    16:30:59.0714 4964 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
    16:30:59.0714 4964 RDPWD - ok
    16:30:59.0746 4964 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    16:30:59.0746 4964 rdyboost - ok
    16:30:59.0824 4964 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    16:30:59.0824 4964 RemoteAccess - ok
    16:30:59.0839 4964 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    16:30:59.0839 4964 RemoteRegistry - ok
    16:30:59.0855 4964 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    16:30:59.0870 4964 RpcEptMapper - ok
    16:30:59.0886 4964 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    16:30:59.0886 4964 RpcLocator - ok
    16:30:59.0933 4964 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
    16:30:59.0933 4964 RpcSs - ok
    16:30:59.0948 4964 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    16:30:59.0948 4964 rspndr - ok
    16:31:00.0011 4964 RTL8167 (fcaf9c2c9eadf8f397c3350760ef500f) C:\Windows\system32\DRIVERS\Rt64win7.sys
    16:31:00.0026 4964 RTL8167 - ok
    16:31:00.0042 4964 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    16:31:00.0042 4964 SamSs - ok
    16:31:00.0089 4964 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    16:31:00.0089 4964 sbp2port - ok
    16:31:00.0214 4964 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    16:31:00.0229 4964 SBSDWSCService - ok
    16:31:00.0260 4964 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    16:31:00.0260 4964 SCardSvr - ok
    16:31:00.0292 4964 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    16:31:00.0292 4964 scfilter - ok
    16:31:00.0338 4964 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    16:31:00.0354 4964 Schedule - ok
    16:31:00.0385 4964 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    16:31:00.0385 4964 SCPolicySvc - ok
    16:31:00.0416 4964 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    16:31:00.0432 4964 SDRSVC - ok
    16:31:00.0479 4964 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    16:31:00.0479 4964 secdrv - ok
    16:31:00.0526 4964 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    16:31:00.0541 4964 seclogon - ok
    16:31:00.0557 4964 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    16:31:00.0557 4964 SENS - ok
    16:31:00.0572 4964 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    16:31:00.0588 4964 SensrSvc - ok
    16:31:00.0619 4964 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    16:31:00.0619 4964 Serenum - ok
    16:31:00.0650 4964 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    16:31:00.0650 4964 Serial - ok
    16:31:00.0682 4964 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    16:31:00.0682 4964 sermouse - ok
    16:31:00.0728 4964 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    16:31:00.0728 4964 SessionEnv - ok
    16:31:00.0775 4964 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    16:31:00.0775 4964 sffdisk - ok
    16:31:00.0791 4964 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    16:31:00.0791 4964 sffp_mmc - ok
    16:31:00.0806 4964 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    16:31:00.0806 4964 sffp_sd - ok
    16:31:00.0822 4964 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    16:31:00.0838 4964 sfloppy - ok
    16:31:00.0900 4964 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    16:31:00.0900 4964 SharedAccess - ok
    16:31:00.0962 4964 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    16:31:00.0962 4964 ShellHWDetection - ok
    16:31:01.0009 4964 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    16:31:01.0009 4964 SiSRaid2 - ok
    16:31:01.0040 4964 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    16:31:01.0040 4964 SiSRaid4 - ok
    16:31:01.0056 4964 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    16:31:01.0056 4964 Smb - ok
    16:31:01.0118 4964 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    16:31:01.0118 4964 SNMPTRAP - ok
    16:31:01.0134 4964 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    16:31:01.0134 4964 spldr - ok
    16:31:01.0165 4964 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    16:31:01.0165 4964 Spooler - ok
    16:31:01.0243 4964 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    16:31:01.0274 4964 sppsvc - ok
    16:31:01.0306 4964 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    16:31:01.0306 4964 sppuinotify - ok
    16:31:01.0352 4964 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    16:31:01.0352 4964 srv - ok
    16:31:01.0384 4964 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    16:31:01.0399 4964 srv2 - ok
    16:31:01.0415 4964 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    16:31:01.0415 4964 srvnet - ok
    16:31:01.0462 4964 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    16:31:01.0462 4964 SSDPSRV - ok
    16:31:01.0477 4964 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    16:31:01.0477 4964 SstpSvc - ok
    16:31:01.0493 4964 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    16:31:01.0508 4964 stexstor - ok
    16:31:01.0555 4964 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    16:31:01.0555 4964 StillCam - ok
    16:31:01.0633 4964 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    16:31:01.0649 4964 stisvc - ok
    16:31:01.0680 4964 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    16:31:01.0680 4964 swenum - ok
    16:31:01.0696 4964 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    16:31:01.0711 4964 swprv - ok
    16:31:01.0789 4964 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    16:31:01.0820 4964 SysMain - ok
    16:31:01.0852 4964 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    16:31:01.0852 4964 TabletInputService - ok
    16:31:01.0898 4964 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    16:31:01.0898 4964 TapiSrv - ok
    16:31:01.0930 4964 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    16:31:01.0930 4964 TBS - ok
    16:31:01.0992 4964 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    16:31:02.0023 4964 Tcpip - ok
    16:31:02.0070 4964 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    16:31:02.0086 4964 TCPIP6 - ok
    16:31:02.0117 4964 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    16:31:02.0117 4964 tcpipreg - ok
    16:31:02.0148 4964 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    16:31:02.0148 4964 TDPIPE - ok
    16:31:02.0164 4964 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    16:31:02.0164 4964 TDTCP - ok
    16:31:02.0210 4964 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    16:31:02.0210 4964 tdx - ok
    16:31:02.0242 4964 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    16:31:02.0242 4964 TermDD - ok
    16:31:02.0288 4964 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    16:31:02.0304 4964 TermService - ok
    16:31:02.0320 4964 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    16:31:02.0335 4964 Themes - ok
    16:31:02.0351 4964 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    16:31:02.0366 4964 THREADORDER - ok
    16:31:02.0382 4964 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    16:31:02.0382 4964 TrkWks - ok
    16:31:02.0429 4964 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    16:31:02.0429 4964 TrustedInstaller - ok
    16:31:02.0476 4964 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:31:02.0476 4964 tssecsrv - ok
    16:31:02.0538 4964 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    16:31:02.0538 4964 TsUsbFlt - ok
    16:31:02.0616 4964 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    16:31:02.0616 4964 tunnel - ok
    16:31:02.0632 4964 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    16:31:02.0647 4964 uagp35 - ok
    16:31:02.0663 4964 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    16:31:02.0678 4964 udfs - ok
    16:31:02.0694 4964 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    16:31:02.0710 4964 UI0Detect - ok
    16:31:02.0741 4964 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    16:31:02.0741 4964 uliagpkx - ok
    16:31:02.0788 4964 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    16:31:02.0788 4964 umbus - ok
    16:31:02.0819 4964 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    16:31:02.0819 4964 UmPass - ok
    16:31:02.0834 4964 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    16:31:02.0834 4964 upnphost - ok
    16:31:02.0881 4964 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    16:31:02.0881 4964 USBAAPL64 - ok
    16:31:02.0897 4964 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    16:31:02.0897 4964 usbccgp - ok
    16:31:02.0959 4964 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    16:31:02.0959 4964 usbcir - ok
    16:31:02.0959 4964 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    16:31:02.0959 4964 usbehci - ok
    16:31:02.0990 4964 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
    16:31:02.0990 4964 usbfilter - ok
    16:31:03.0053 4964 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    16:31:03.0053 4964 usbhub - ok
    16:31:03.0068 4964 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    16:31:03.0068 4964 usbohci - ok
    16:31:03.0115 4964 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    16:31:03.0115 4964 usbprint - ok
    16:31:03.0146 4964 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    16:31:03.0146 4964 usbscan - ok
    16:31:03.0178 4964 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:31:03.0193 4964 USBSTOR - ok
    16:31:03.0209 4964 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    16:31:03.0209 4964 usbuhci - ok
    16:31:03.0256 4964 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    16:31:03.0256 4964 usbvideo - ok
    16:31:03.0287 4964 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    16:31:03.0302 4964 UxSms - ok
    16:31:03.0334 4964 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    16:31:03.0334 4964 VaultSvc - ok
    16:31:03.0380 4964 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    16:31:03.0380 4964 vdrvroot - ok
    16:31:03.0427 4964 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    16:31:03.0443 4964 vds - ok
    16:31:03.0474 4964 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    16:31:03.0474 4964 vga - ok
    16:31:03.0490 4964 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    16:31:03.0490 4964 VgaSave - ok
    16:31:03.0521 4964 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    16:31:03.0521 4964 vhdmp - ok
    16:31:03.0568 4964 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    16:31:03.0568 4964 viaide - ok
    16:31:03.0599 4964 VMnetAdapter - ok
    16:31:03.0630 4964 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    16:31:03.0630 4964 volmgr - ok
    16:31:03.0677 4964 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    16:31:03.0677 4964 volmgrx - ok
    16:31:03.0724 4964 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    16:31:03.0724 4964 volsnap - ok
    16:31:03.0770 4964 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    16:31:03.0770 4964 vsmraid - ok
    16:31:03.0833 4964 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    16:31:03.0833 4964 VSS - ok
    16:31:03.0848 4964 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    16:31:03.0848 4964 vwifibus - ok
    16:31:03.0895 4964 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    16:31:03.0911 4964 vwififlt - ok
    16:31:03.0973 4964 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    16:31:03.0989 4964 W32Time - ok
    16:31:04.0004 4964 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    16:31:04.0004 4964 WacomPen - ok
    16:31:04.0051 4964 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    16:31:04.0067 4964 WANARP - ok
    16:31:04.0082 4964 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    16:31:04.0082 4964 Wanarpv6 - ok
    16:31:04.0160 4964 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    16:31:04.0207 4964 WatAdminSvc - ok
    16:31:04.0238 4964 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    16:31:04.0270 4964 wbengine - ok
    16:31:04.0285 4964 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    16:31:04.0285 4964 WbioSrvc - ok
    16:31:04.0332 4964 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    16:31:04.0332 4964 wcncsvc - ok
    16:31:04.0348 4964 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    16:31:04.0348 4964 WcsPlugInService - ok
    16:31:04.0363 4964 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    16:31:04.0363 4964 Wd - ok
    16:31:04.0394 4964 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    16:31:04.0394 4964 Wdf01000 - ok
    16:31:04.0410 4964 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    16:31:04.0410 4964 WdiServiceHost - ok
    16:31:04.0410 4964 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    16:31:04.0426 4964 WdiSystemHost - ok
    16:31:04.0441 4964 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    16:31:04.0441 4964 WebClient - ok
    16:31:04.0457 4964 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    16:31:04.0472 4964 Wecsvc - ok
    16:31:04.0488 4964 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    16:31:04.0488 4964 wercplsupport - ok
    16:31:04.0519 4964 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    16:31:04.0535 4964 WerSvc - ok
    16:31:04.0566 4964 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    16:31:04.0566 4964 WfpLwf - ok
    16:31:04.0597 4964 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    16:31:04.0597 4964 WIMMount - ok
    16:31:04.0660 4964 WinDefend - ok
    16:31:04.0675 4964 WinHttpAutoProxySvc - ok
    16:31:04.0722 4964 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    16:31:04.0722 4964 Winmgmt - ok
    16:31:04.0784 4964 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    16:31:04.0816 4964 WinRM - ok
    16:31:04.0878 4964 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    16:31:04.0894 4964 Wlansvc - ok
    16:31:05.0003 4964 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    16:31:05.0018 4964 wlidsvc - ok
    16:31:05.0081 4964 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    16:31:05.0081 4964 WmiAcpi - ok
    16:31:05.0143 4964 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    16:31:05.0159 4964 wmiApSrv - ok
    16:31:05.0174 4964 WMPNetworkSvc - ok
    16:31:05.0206 4964 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    16:31:05.0221 4964 WPCSvc - ok
    16:31:05.0252 4964 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    16:31:05.0268 4964 WPDBusEnum - ok
    16:31:05.0284 4964 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    16:31:05.0284 4964 ws2ifsl - ok
    16:31:05.0346 4964 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    16:31:05.0346 4964 wscsvc - ok
    16:31:05.0393 4964 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
    16:31:05.0408 4964 WSDPrintDevice - ok
    16:31:05.0408 4964 WSearch - ok
    16:31:05.0502 4964 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    16:31:05.0549 4964 wuauserv - ok
    16:31:05.0580 4964 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    16:31:05.0580 4964 WudfPf - ok
    16:31:05.0596 4964 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:31:05.0596 4964 WUDFRd - ok
    16:31:05.0642 4964 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    16:31:05.0642 4964 wudfsvc - ok
    16:31:05.0658 4964 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    16:31:05.0674 4964 WwanSvc - ok
    16:31:05.0720 4964 MBR (0x1B8) (af00fc1920e1cf861b39b90a4375edf3) \Device\Harddisk0\DR0
    16:31:05.0783 4964 \Device\Harddisk0\DR0 - ok
    16:31:05.0798 4964 Boot (0x1200) (8b05c54413af6f186dc25575d2c8cbfe) \Device\Harddisk0\DR0\Partition0
    16:31:05.0798 4964 \Device\Harddisk0\DR0\Partition0 - ok
    16:31:05.0814 4964 Boot (0x1200) (1a3b96d9cb41e651a1749ac924a68720) \Device\Harddisk0\DR0\Partition1
    16:31:05.0814 4964 \Device\Harddisk0\DR0\Partition1 - ok
    16:31:05.0845 4964 Boot (0x1200) (4afc0feaaa98f6cbf82a99d22a405f0b) \Device\Harddisk0\DR0\Partition2
    16:31:05.0845 4964 \Device\Harddisk0\DR0\Partition2 - ok
    16:31:05.0845 4964 ============================================================
    16:31:05.0845 4964 Scan finished
    16:31:05.0845 4964 ============================================================
    16:31:05.0876 4972 Detected object count: 1
    16:31:05.0876 4972 Actual detected object count: 1
    16:31:20.0415 4972 C:\Windows\system32\kraidsvc.dll - copied to quarantine
    16:31:20.0415 4972 HKLM\SYSTEM\ControlSet001\services\adiusbaw - will be deleted on reboot
    16:31:20.0446 4972 HKLM\SYSTEM\ControlSet002\services\adiusbaw - will be deleted on reboot
    16:31:20.0539 4972 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
    16:31:20.0602 4972 C:\Windows\system32\kraidsvc.dll - will be deleted on reboot
    16:31:20.0602 4972 adiusbaw ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
     
  15. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Re-run it one more time please.
     
  16. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    16:40:17.0466 3572 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
    16:40:17.0902 3572 ============================================================
    16:40:17.0902 3572 Current date / time: 2012/04/08 16:40:17.0902
    16:40:17.0902 3572 SystemInfo:
    16:40:17.0902 3572
    16:40:17.0902 3572 OS Version: 6.1.7601 ServicePack: 1.0
    16:40:17.0902 3572 Product type: Workstation
    16:40:17.0902 3572 ComputerName: ADAM-HP
    16:40:17.0902 3572 UserName: Adam
    16:40:17.0902 3572 Windows directory: C:\Windows
    16:40:17.0902 3572 System windows directory: C:\Windows
    16:40:17.0902 3572 Running under WOW64
    16:40:17.0902 3572 Processor architecture: Intel x64
    16:40:17.0902 3572 Number of processors: 2
    16:40:17.0902 3572 Page size: 0x1000
    16:40:17.0902 3572 Boot type: Normal boot
    16:40:17.0902 3572 ============================================================
    16:40:19.0166 3572 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:40:19.0166 3572 \Device\Harddisk0\DR0:
    16:40:19.0166 3572 MBR used
    16:40:19.0166 3572 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    16:40:19.0166 3572 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x387C3000
    16:40:19.0166 3572 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x387F5800, BlocksNum 0x1B90000
    16:40:19.0400 3572 Initialize success
    16:40:19.0400 3572 ============================================================
    16:40:20.0461 2968 ============================================================
    16:40:20.0461 2968 Scan started
    16:40:20.0461 2968 Mode: Manual;
    16:40:20.0461 2968 ============================================================
    16:40:21.0662 2968 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    16:40:21.0662 2968 1394ohci - ok
    16:40:21.0693 2968 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    16:40:21.0709 2968 ACPI - ok
    16:40:21.0740 2968 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    16:40:21.0740 2968 AcpiPmi - ok
    16:40:21.0771 2968 ACPIService (de7e8d852a806be6091983838bf9697f) C:\Windows\system32\DRIVERS\OSDACPI.SYS
    16:40:21.0771 2968 ACPIService - ok
    16:40:21.0802 2968 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    16:40:21.0802 2968 adp94xx - ok
    16:40:21.0818 2968 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    16:40:21.0818 2968 adpahci - ok
    16:40:21.0834 2968 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    16:40:21.0834 2968 adpu320 - ok
    16:40:21.0865 2968 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    16:40:21.0865 2968 AeLookupSvc - ok
    16:40:21.0927 2968 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
    16:40:21.0927 2968 AERTFilters - ok
    16:40:22.0021 2968 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    16:40:22.0021 2968 AFD - ok
    16:40:22.0052 2968 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    16:40:22.0052 2968 agp440 - ok
    16:40:22.0083 2968 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    16:40:22.0083 2968 ALG - ok
    16:40:22.0114 2968 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    16:40:22.0114 2968 aliide - ok
    16:40:22.0130 2968 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe
    16:40:22.0146 2968 AMD External Events Utility - ok
    16:40:22.0161 2968 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    16:40:22.0161 2968 amdide - ok
    16:40:22.0192 2968 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    16:40:22.0192 2968 AmdK8 - ok
    16:40:22.0442 2968 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
    16:40:22.0520 2968 amdkmdag - ok
    16:40:22.0629 2968 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
    16:40:22.0629 2968 amdkmdap - ok
    16:40:22.0692 2968 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    16:40:22.0692 2968 AmdPPM - ok
    16:40:22.0707 2968 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys
    16:40:22.0707 2968 amdsata - ok
    16:40:22.0754 2968 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    16:40:22.0754 2968 amdsbs - ok
    16:40:22.0770 2968 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys
    16:40:22.0770 2968 amdxata - ok
    16:40:22.0832 2968 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    16:40:22.0832 2968 AppID - ok
    16:40:22.0848 2968 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    16:40:22.0848 2968 AppIDSvc - ok
    16:40:22.0879 2968 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    16:40:22.0879 2968 Appinfo - ok
    16:40:22.0972 2968 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    16:40:22.0972 2968 Apple Mobile Device - ok
    16:40:23.0035 2968 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    16:40:23.0035 2968 arc - ok
    16:40:23.0035 2968 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    16:40:23.0050 2968 arcsas - ok
    16:40:23.0160 2968 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    16:40:23.0160 2968 aspnet_state - ok
    16:40:23.0175 2968 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    16:40:23.0175 2968 AsyncMac - ok
    16:40:23.0222 2968 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    16:40:23.0222 2968 atapi - ok
    16:40:23.0284 2968 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
    16:40:23.0284 2968 AtiPcie - ok
    16:40:23.0347 2968 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    16:40:23.0347 2968 AudioEndpointBuilder - ok
    16:40:23.0362 2968 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    16:40:23.0362 2968 AudioSrv - ok
    16:40:23.0409 2968 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    16:40:23.0409 2968 AxInstSV - ok
    16:40:23.0425 2968 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    16:40:23.0440 2968 b06bdrv - ok
    16:40:23.0456 2968 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    16:40:23.0456 2968 b57nd60a - ok
    16:40:23.0503 2968 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    16:40:23.0503 2968 BDESVC - ok
    16:40:23.0534 2968 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    16:40:23.0534 2968 Beep - ok
    16:40:23.0596 2968 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    16:40:23.0612 2968 BFE - ok
    16:40:23.0628 2968 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
    16:40:23.0643 2968 BITS - ok
    16:40:23.0643 2968 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    16:40:23.0643 2968 blbdrive - ok
    16:40:23.0752 2968 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    16:40:23.0752 2968 Bonjour Service - ok
    16:40:23.0815 2968 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    16:40:23.0815 2968 bowser - ok
    16:40:23.0830 2968 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    16:40:23.0830 2968 BrFiltLo - ok
    16:40:23.0846 2968 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    16:40:23.0846 2968 BrFiltUp - ok
    16:40:23.0893 2968 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    16:40:23.0893 2968 BridgeMP - ok
    16:40:23.0924 2968 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    16:40:23.0924 2968 Browser - ok
    16:40:23.0955 2968 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    16:40:23.0955 2968 Brserid - ok
    16:40:23.0971 2968 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    16:40:23.0971 2968 BrSerWdm - ok
    16:40:23.0986 2968 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    16:40:23.0986 2968 BrUsbMdm - ok
    16:40:24.0002 2968 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    16:40:24.0002 2968 BrUsbSer - ok
    16:40:24.0018 2968 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    16:40:24.0018 2968 BTHMODEM - ok
    16:40:24.0064 2968 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    16:40:24.0080 2968 bthserv - ok
    16:40:24.0111 2968 catchme - ok
    16:40:24.0127 2968 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    16:40:24.0142 2968 cdfs - ok
    16:40:24.0189 2968 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    16:40:24.0189 2968 cdrom - ok
    16:40:24.0236 2968 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    16:40:24.0252 2968 CertPropSvc - ok
    16:40:24.0252 2968 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    16:40:24.0252 2968 circlass - ok
    16:40:24.0298 2968 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    16:40:24.0298 2968 CLFS - ok
    16:40:24.0345 2968 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:40:24.0345 2968 clr_optimization_v2.0.50727_32 - ok
    16:40:24.0376 2968 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    16:40:24.0376 2968 clr_optimization_v2.0.50727_64 - ok
    16:40:24.0454 2968 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:40:24.0454 2968 clr_optimization_v4.0.30319_32 - ok
    16:40:24.0564 2968 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    16:40:24.0564 2968 clr_optimization_v4.0.30319_64 - ok
    16:40:24.0610 2968 clwvd (d68d9f4d53010b7e84d4e80a2e485554) C:\Windows\system32\DRIVERS\clwvd.sys
    16:40:24.0610 2968 clwvd - ok
    16:40:24.0657 2968 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    16:40:24.0657 2968 CmBatt - ok
    16:40:24.0688 2968 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    16:40:24.0688 2968 cmdide - ok
    16:40:24.0751 2968 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    16:40:24.0751 2968 CNG - ok
    16:40:24.0766 2968 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    16:40:24.0766 2968 Compbatt - ok
    16:40:24.0829 2968 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    16:40:24.0829 2968 CompositeBus - ok
    16:40:24.0860 2968 COMSysApp - ok
    16:40:24.0876 2968 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    16:40:24.0876 2968 crcdisk - ok
    16:40:24.0907 2968 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    16:40:24.0907 2968 CryptSvc - ok
    16:40:24.0954 2968 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    16:40:24.0954 2968 DcomLaunch - ok
    16:40:25.0016 2968 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    16:40:25.0032 2968 defragsvc - ok
    16:40:25.0063 2968 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    16:40:25.0063 2968 DfsC - ok
    16:40:25.0094 2968 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    16:40:25.0094 2968 Dhcp - ok
    16:40:25.0110 2968 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    16:40:25.0110 2968 discache - ok
    16:40:25.0125 2968 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    16:40:25.0125 2968 Disk - ok
    16:40:25.0156 2968 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    16:40:25.0156 2968 Dnscache - ok
    16:40:25.0188 2968 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    16:40:25.0188 2968 dot3svc - ok
    16:40:25.0250 2968 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    16:40:25.0250 2968 Dot4 - ok
    16:40:25.0297 2968 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
    16:40:25.0297 2968 Dot4Print - ok
    16:40:25.0328 2968 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    16:40:25.0328 2968 dot4usb - ok
    16:40:25.0359 2968 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    16:40:25.0359 2968 DPS - ok
    16:40:25.0406 2968 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    16:40:25.0406 2968 drmkaud - ok
    16:40:25.0484 2968 DTSRVC (b1b7de1ea520c84ab689be8c964fb850) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    16:40:25.0484 2968 DTSRVC - ok
    16:40:25.0531 2968 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    16:40:25.0531 2968 DXGKrnl - ok
    16:40:25.0593 2968 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    16:40:25.0593 2968 EapHost - ok
    16:40:25.0718 2968 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    16:40:25.0812 2968 ebdrv - ok
    16:40:25.0843 2968 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    16:40:25.0843 2968 EFS - ok
    16:40:26.0014 2968 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    16:40:26.0014 2968 ehRecvr - ok
    16:40:26.0046 2968 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    16:40:26.0061 2968 ehSched - ok
    16:40:26.0124 2968 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    16:40:26.0139 2968 elxstor - ok
    16:40:26.0170 2968 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    16:40:26.0170 2968 ErrDev - ok
    16:40:26.0248 2968 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    16:40:26.0248 2968 EventSystem - ok
    16:40:26.0280 2968 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    16:40:26.0280 2968 exfat - ok
    16:40:26.0311 2968 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    16:40:26.0311 2968 fastfat - ok
    16:40:26.0358 2968 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    16:40:26.0373 2968 Fax - ok
    16:40:26.0389 2968 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    16:40:26.0389 2968 fdc - ok
    16:40:26.0436 2968 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    16:40:26.0436 2968 fdPHost - ok
    16:40:26.0451 2968 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    16:40:26.0451 2968 FDResPub - ok
    16:40:26.0467 2968 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    16:40:26.0467 2968 FileInfo - ok
    16:40:26.0482 2968 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    16:40:26.0498 2968 Filetrace - ok
    16:40:26.0514 2968 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    16:40:26.0514 2968 flpydisk - ok
    16:40:26.0545 2968 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    16:40:26.0545 2968 FltMgr - ok
    16:40:26.0607 2968 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    16:40:26.0623 2968 FontCache - ok
    16:40:26.0685 2968 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    16:40:26.0685 2968 FontCache3.0.0.0 - ok
    16:40:26.0701 2968 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    16:40:26.0701 2968 FsDepends - ok
    16:40:26.0732 2968 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    16:40:26.0732 2968 Fs_Rec - ok
    16:40:26.0763 2968 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    16:40:26.0779 2968 fvevol - ok
    16:40:26.0794 2968 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    16:40:26.0794 2968 gagp30kx - ok
    16:40:26.0857 2968 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    16:40:26.0857 2968 GEARAspiWDM - ok
    16:40:26.0904 2968 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    16:40:26.0919 2968 gpsvc - ok
    16:40:26.0935 2968 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    16:40:26.0935 2968 hcw85cir - ok
    16:40:26.0997 2968 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    16:40:27.0013 2968 HdAudAddService - ok
    16:40:27.0060 2968 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    16:40:27.0060 2968 HDAudBus - ok
    16:40:27.0075 2968 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    16:40:27.0091 2968 HidBatt - ok
    16:40:27.0106 2968 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    16:40:27.0106 2968 HidBth - ok
    16:40:27.0122 2968 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    16:40:27.0122 2968 HidIr - ok
    16:40:27.0153 2968 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    16:40:27.0153 2968 hidserv - ok
    16:40:27.0184 2968 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    16:40:27.0184 2968 HidUsb - ok
    16:40:27.0216 2968 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    16:40:27.0216 2968 hkmsvc - ok
    16:40:27.0247 2968 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    16:40:27.0247 2968 HomeGroupListener - ok
    16:40:27.0294 2968 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    16:40:27.0294 2968 HomeGroupProvider - ok
    16:40:27.0403 2968 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    16:40:27.0403 2968 HP Support Assistant Service - ok
    16:40:27.0465 2968 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    16:40:27.0481 2968 HPClientSvc - ok
    16:40:27.0528 2968 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    16:40:27.0528 2968 HPDrvMntSvc.exe - ok
    16:40:27.0715 2968 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    16:40:27.0730 2968 hpqwmiex - ok
    16:40:27.0824 2968 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    16:40:27.0824 2968 HpSAMD - ok
    16:40:27.0902 2968 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    16:40:27.0918 2968 HTTP - ok
    16:40:27.0933 2968 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    16:40:27.0933 2968 hwpolicy - ok
    16:40:27.0980 2968 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    16:40:27.0980 2968 i8042prt - ok
    16:40:28.0027 2968 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    16:40:28.0042 2968 iaStorV - ok
    16:40:28.0105 2968 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    16:40:28.0120 2968 idsvc - ok
    16:40:28.0152 2968 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    16:40:28.0152 2968 iirsp - ok
    16:40:28.0198 2968 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    16:40:28.0214 2968 IKEEXT - ok
    16:40:28.0308 2968 IntcAzAudAddService (cb5fd9b681ad43b560490b5283ddc1c1) C:\Windows\system32\drivers\RTKVHD64.sys
    16:40:28.0339 2968 IntcAzAudAddService - ok
    16:40:28.0401 2968 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    16:40:28.0417 2968 intelide - ok
    16:40:28.0432 2968 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    16:40:28.0448 2968 intelppm - ok
    16:40:28.0495 2968 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    16:40:28.0495 2968 IPBusEnum - ok
    16:40:28.0526 2968 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:40:28.0542 2968 IpFilterDriver - ok
    16:40:28.0620 2968 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    16:40:28.0635 2968 iphlpsvc - ok
    16:40:28.0666 2968 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    16:40:28.0666 2968 IPMIDRV - ok
    16:40:28.0713 2968 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    16:40:28.0729 2968 IPNAT - ok
    16:40:28.0807 2968 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
    16:40:28.0822 2968 iPod Service - ok
    16:40:28.0838 2968 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    16:40:28.0838 2968 IRENUM - ok
    16:40:28.0869 2968 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    16:40:28.0869 2968 isapnp - ok
    16:40:28.0885 2968 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    16:40:28.0900 2968 iScsiPrt - ok
    16:40:28.0900 2968 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    16:40:28.0916 2968 kbdclass - ok
    16:40:28.0947 2968 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    16:40:28.0947 2968 kbdhid - ok
    16:40:28.0963 2968 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    16:40:28.0978 2968 KeyIso - ok
    16:40:28.0978 2968 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    16:40:28.0994 2968 KSecDD - ok
    16:40:28.0994 2968 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    16:40:29.0010 2968 KSecPkg - ok
    16:40:29.0010 2968 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    16:40:29.0025 2968 ksthunk - ok
    16:40:29.0072 2968 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    16:40:29.0072 2968 KtmRm - ok
    16:40:29.0134 2968 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
    16:40:29.0150 2968 LanmanServer - ok
    16:40:29.0181 2968 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    16:40:29.0197 2968 LanmanWorkstation - ok
    16:40:29.0400 2968 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    16:40:29.0415 2968 Lavasoft Ad-Aware Service - ok
    16:40:29.0509 2968 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
    16:40:29.0509 2968 Lbd - ok
    16:40:29.0587 2968 LightScribeService (b1e1c8bb1392537e4d415fcdcb93b1d3) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    16:40:29.0587 2968 LightScribeService - ok
    16:40:29.0649 2968 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    16:40:29.0649 2968 lltdio - ok
    16:40:29.0758 2968 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    16:40:29.0758 2968 lltdsvc - ok
    16:40:29.0790 2968 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    16:40:29.0790 2968 lmhosts - ok
    16:40:29.0836 2968 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    16:40:29.0836 2968 LSI_FC - ok
    16:40:29.0852 2968 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    16:40:29.0868 2968 LSI_SAS - ok
    16:40:29.0883 2968 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    16:40:29.0883 2968 LSI_SAS2 - ok
    16:40:29.0899 2968 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    16:40:29.0914 2968 LSI_SCSI - ok
    16:40:29.0930 2968 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    16:40:29.0930 2968 luafv - ok
    16:40:29.0961 2968 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    16:40:29.0961 2968 Mcx2Svc - ok
    16:40:29.0992 2968 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    16:40:29.0992 2968 megasas - ok
    16:40:30.0008 2968 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    16:40:30.0008 2968 MegaSR - ok
    16:40:30.0102 2968 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    16:40:30.0102 2968 Microsoft Office Groove Audit Service - ok
    16:40:30.0148 2968 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    16:40:30.0148 2968 MMCSS - ok
    16:40:30.0164 2968 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    16:40:30.0164 2968 Modem - ok
    16:40:30.0195 2968 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    16:40:30.0195 2968 monitor - ok
    16:40:30.0242 2968 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    16:40:30.0242 2968 mouclass - ok
    16:40:30.0304 2968 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    16:40:30.0304 2968 mouhid - ok
    16:40:30.0336 2968 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    16:40:30.0336 2968 mountmgr - ok
    16:40:30.0367 2968 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    16:40:30.0367 2968 mpio - ok
    16:40:30.0398 2968 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    16:40:30.0398 2968 mpsdrv - ok
    16:40:30.0476 2968 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    16:40:30.0492 2968 MpsSvc - ok
    16:40:30.0523 2968 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    16:40:30.0523 2968 MRxDAV - ok
    16:40:30.0538 2968 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:40:30.0554 2968 mrxsmb - ok
    16:40:30.0585 2968 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:40:30.0585 2968 mrxsmb10 - ok
    16:40:30.0601 2968 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:40:30.0616 2968 mrxsmb20 - ok
    16:40:30.0648 2968 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    16:40:30.0648 2968 msahci - ok
    16:40:30.0679 2968 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    16:40:30.0679 2968 msdsm - ok
    16:40:30.0710 2968 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    16:40:30.0710 2968 MSDTC - ok
    16:40:30.0757 2968 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    16:40:30.0757 2968 Msfs - ok
    16:40:30.0772 2968 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    16:40:30.0772 2968 mshidkmdf - ok
    16:40:30.0819 2968 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    16:40:30.0819 2968 msisadrv - ok
    16:40:30.0866 2968 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    16:40:30.0866 2968 MSiSCSI - ok
    16:40:30.0882 2968 msiserver - ok
    16:40:30.0944 2968 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    16:40:30.0944 2968 MSKSSRV - ok
    16:40:30.0975 2968 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    16:40:30.0975 2968 MSPCLOCK - ok
    16:40:31.0131 2968 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    16:40:31.0147 2968 MSPQM - ok
    16:40:31.0194 2968 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    16:40:31.0209 2968 MsRPC - ok
    16:40:31.0240 2968 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    16:40:31.0240 2968 mssmbios - ok
    16:40:31.0256 2968 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    16:40:31.0256 2968 MSTEE - ok
    16:40:31.0272 2968 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    16:40:31.0272 2968 MTConfig - ok
    16:40:31.0318 2968 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    16:40:31.0318 2968 Mup - ok
    16:40:31.0350 2968 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    16:40:31.0365 2968 napagent - ok
    16:40:31.0412 2968 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    16:40:31.0428 2968 NativeWifiP - ok
    16:40:31.0490 2968 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    16:40:31.0506 2968 NDIS - ok
    16:40:31.0552 2968 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    16:40:31.0568 2968 NdisCap - ok
    16:40:31.0599 2968 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    16:40:31.0599 2968 NdisTapi - ok
    16:40:31.0662 2968 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    16:40:31.0662 2968 Ndisuio - ok
    16:40:31.0693 2968 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    16:40:31.0693 2968 NdisWan - ok
    16:40:31.0740 2968 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    16:40:31.0740 2968 NDProxy - ok
    16:40:31.0818 2968 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
    16:40:31.0818 2968 Net Driver HPZ12 - ok
    16:40:31.0833 2968 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    16:40:31.0849 2968 NetBIOS - ok
    16:40:31.0896 2968 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    16:40:31.0911 2968 NetBT - ok
    16:40:31.0927 2968 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    16:40:31.0927 2968 Netlogon - ok
    16:40:31.0989 2968 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    16:40:32.0005 2968 Netman - ok
    16:40:32.0130 2968 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:40:32.0130 2968 NetMsmqActivator - ok
    16:40:32.0161 2968 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:40:32.0161 2968 NetPipeActivator - ok
    16:40:32.0192 2968 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    16:40:32.0192 2968 netprofm - ok
    16:40:32.0270 2968 netr28x (1982b291df9833fb3adc397ebd310a18) C:\Windows\system32\DRIVERS\netr28x.sys
    16:40:32.0286 2968 netr28x - ok
    16:40:32.0286 2968 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:40:32.0301 2968 NetTcpActivator - ok
    16:40:32.0301 2968 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:40:32.0301 2968 NetTcpPortSharing - ok
    16:40:32.0348 2968 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    16:40:32.0348 2968 nfrd960 - ok
    16:40:32.0473 2968 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    16:40:32.0473 2968 NlaSvc - ok
    16:40:32.0504 2968 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    16:40:32.0504 2968 Npfs - ok
    16:40:32.0520 2968 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    16:40:32.0520 2968 nsi - ok
    16:40:32.0535 2968 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    16:40:32.0535 2968 nsiproxy - ok
    16:40:32.0598 2968 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    16:40:32.0629 2968 Ntfs - ok
    16:40:32.0644 2968 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    16:40:32.0660 2968 Null - ok
    16:40:32.0707 2968 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    16:40:32.0707 2968 nvraid - ok
    16:40:32.0769 2968 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    16:40:32.0769 2968 nvstor - ok
    16:40:32.0816 2968 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    16:40:32.0816 2968 nv_agp - ok
    16:40:32.0878 2968 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    16:40:32.0894 2968 odserv - ok
    16:40:32.0925 2968 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    16:40:32.0925 2968 ohci1394 - ok
    16:40:32.0988 2968 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:40:32.0988 2968 ose - ok
    16:40:33.0019 2968 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    16:40:33.0034 2968 p2pimsvc - ok
    16:40:33.0050 2968 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    16:40:33.0066 2968 p2psvc - ok
    16:40:33.0112 2968 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    16:40:33.0112 2968 Parport - ok
    16:40:33.0144 2968 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    16:40:33.0144 2968 partmgr - ok
    16:40:33.0159 2968 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    16:40:33.0175 2968 PcaSvc - ok
    16:40:33.0206 2968 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    16:40:33.0206 2968 pci - ok
    16:40:33.0253 2968 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    16:40:33.0268 2968 pciide - ok
    16:40:33.0284 2968 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    16:40:33.0284 2968 pcmcia - ok
    16:40:33.0300 2968 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    16:40:33.0300 2968 pcw - ok
    16:40:33.0346 2968 PdiService (0a098df98ec8facaa30bd7db4c7aea06) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    16:40:33.0346 2968 PdiService - ok
    16:40:33.0378 2968 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    16:40:33.0393 2968 PEAUTH - ok
    16:40:33.0440 2968 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    16:40:33.0440 2968 PerfHost - ok
     
  17. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    16:40:33.0518 2968 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    16:40:33.0549 2968 pla - ok
    16:40:33.0612 2968 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    16:40:33.0627 2968 PlugPlay - ok
    16:40:33.0658 2968 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
    16:40:33.0658 2968 Pml Driver HPZ12 - ok
    16:40:33.0674 2968 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    16:40:33.0674 2968 PNRPAutoReg - ok
    16:40:33.0705 2968 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    16:40:33.0705 2968 PNRPsvc - ok
    16:40:33.0721 2968 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    16:40:33.0721 2968 PolicyAgent - ok
    16:40:33.0752 2968 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    16:40:33.0752 2968 Power - ok
    16:40:33.0830 2968 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    16:40:33.0830 2968 PptpMiniport - ok
    16:40:33.0861 2968 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    16:40:33.0877 2968 Processor - ok
    16:40:33.0892 2968 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    16:40:33.0908 2968 ProfSvc - ok
    16:40:33.0924 2968 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    16:40:33.0924 2968 ProtectedStorage - ok
    16:40:33.0970 2968 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    16:40:33.0970 2968 Psched - ok
    16:40:34.0126 2968 QBCFMonitorService (91195091f449699b176fe1305dad40da) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    16:40:34.0126 2968 QBCFMonitorService - ok
    16:40:34.0204 2968 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    16:40:34.0204 2968 QBFCService - ok
    16:40:34.0282 2968 QBVSS (0c7b65c8743442a37152fcfac5f7d16a) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    16:40:34.0298 2968 QBVSS - ok
    16:40:34.0392 2968 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    16:40:34.0423 2968 ql2300 - ok
    16:40:34.0438 2968 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    16:40:34.0438 2968 ql40xx - ok
    16:40:34.0470 2968 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    16:40:34.0470 2968 QWAVE - ok
    16:40:34.0485 2968 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    16:40:34.0485 2968 QWAVEdrv - ok
    16:40:34.0501 2968 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    16:40:34.0501 2968 RasAcd - ok
    16:40:34.0563 2968 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    16:40:34.0563 2968 RasAgileVpn - ok
    16:40:34.0594 2968 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    16:40:34.0594 2968 RasAuto - ok
    16:40:34.0641 2968 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:40:34.0641 2968 Rasl2tp - ok
    16:40:34.0688 2968 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    16:40:34.0704 2968 RasMan - ok
    16:40:34.0719 2968 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    16:40:34.0719 2968 RasPppoe - ok
    16:40:34.0750 2968 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    16:40:34.0766 2968 RasSstp - ok
    16:40:34.0797 2968 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    16:40:34.0797 2968 rdbss - ok
    16:40:34.0828 2968 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    16:40:34.0828 2968 rdpbus - ok
    16:40:34.0844 2968 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:40:34.0844 2968 RDPCDD - ok
    16:40:34.0906 2968 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    16:40:34.0906 2968 RDPENCDD - ok
    16:40:34.0922 2968 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    16:40:34.0922 2968 RDPREFMP - ok
    16:40:34.0953 2968 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
    16:40:34.0953 2968 RDPWD - ok
    16:40:34.0984 2968 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    16:40:35.0000 2968 rdyboost - ok
    16:40:35.0062 2968 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    16:40:35.0062 2968 RemoteAccess - ok
    16:40:35.0094 2968 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    16:40:35.0094 2968 RemoteRegistry - ok
    16:40:35.0125 2968 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    16:40:35.0125 2968 RpcEptMapper - ok
    16:40:35.0156 2968 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    16:40:35.0156 2968 RpcLocator - ok
    16:40:35.0187 2968 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
    16:40:35.0187 2968 RpcSs - ok
    16:40:35.0203 2968 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    16:40:35.0203 2968 rspndr - ok
    16:40:35.0265 2968 RTL8167 (fcaf9c2c9eadf8f397c3350760ef500f) C:\Windows\system32\DRIVERS\Rt64win7.sys
    16:40:35.0265 2968 RTL8167 - ok
    16:40:35.0296 2968 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    16:40:35.0312 2968 SamSs - ok
    16:40:35.0343 2968 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    16:40:35.0343 2968 sbp2port - ok
    16:40:35.0468 2968 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    16:40:35.0484 2968 SBSDWSCService - ok
    16:40:35.0515 2968 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    16:40:35.0530 2968 SCardSvr - ok
    16:40:35.0562 2968 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    16:40:35.0562 2968 scfilter - ok
    16:40:35.0608 2968 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    16:40:35.0608 2968 Schedule - ok
    16:40:35.0640 2968 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    16:40:35.0640 2968 SCPolicySvc - ok
    16:40:35.0686 2968 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    16:40:35.0686 2968 SDRSVC - ok
    16:40:35.0749 2968 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    16:40:35.0749 2968 secdrv - ok
    16:40:35.0796 2968 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    16:40:35.0796 2968 seclogon - ok
    16:40:35.0827 2968 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    16:40:35.0827 2968 SENS - ok
    16:40:35.0858 2968 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    16:40:35.0858 2968 SensrSvc - ok
    16:40:35.0905 2968 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    16:40:35.0905 2968 Serenum - ok
    16:40:35.0920 2968 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    16:40:35.0936 2968 Serial - ok
    16:40:35.0967 2968 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    16:40:35.0967 2968 sermouse - ok
    16:40:36.0030 2968 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    16:40:36.0030 2968 SessionEnv - ok
    16:40:36.0061 2968 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    16:40:36.0061 2968 sffdisk - ok
    16:40:36.0076 2968 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    16:40:36.0076 2968 sffp_mmc - ok
    16:40:36.0092 2968 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    16:40:36.0092 2968 sffp_sd - ok
    16:40:36.0139 2968 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    16:40:36.0139 2968 sfloppy - ok
    16:40:36.0201 2968 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    16:40:36.0217 2968 SharedAccess - ok
    16:40:36.0264 2968 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    16:40:36.0264 2968 ShellHWDetection - ok
    16:40:36.0310 2968 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    16:40:36.0310 2968 SiSRaid2 - ok
    16:40:36.0326 2968 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    16:40:36.0326 2968 SiSRaid4 - ok
    16:40:36.0357 2968 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    16:40:36.0357 2968 Smb - ok
    16:40:36.0420 2968 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    16:40:36.0420 2968 SNMPTRAP - ok
    16:40:36.0451 2968 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    16:40:36.0451 2968 spldr - ok
    16:40:36.0498 2968 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    16:40:36.0498 2968 Spooler - ok
    16:40:36.0654 2968 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    16:40:36.0669 2968 sppsvc - ok
    16:40:36.0700 2968 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    16:40:36.0700 2968 sppuinotify - ok
    16:40:36.0747 2968 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    16:40:36.0747 2968 srv - ok
    16:40:36.0825 2968 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    16:40:36.0825 2968 srv2 - ok
    16:40:36.0841 2968 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    16:40:36.0856 2968 srvnet - ok
    16:40:36.0888 2968 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    16:40:36.0903 2968 SSDPSRV - ok
    16:40:36.0919 2968 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    16:40:36.0919 2968 SstpSvc - ok
    16:40:36.0934 2968 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    16:40:36.0950 2968 stexstor - ok
    16:40:36.0997 2968 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    16:40:36.0997 2968 StillCam - ok
    16:40:37.0090 2968 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    16:40:37.0106 2968 stisvc - ok
    16:40:37.0137 2968 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    16:40:37.0137 2968 swenum - ok
    16:40:37.0246 2968 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    16:40:37.0262 2968 swprv - ok
    16:40:37.0324 2968 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    16:40:37.0340 2968 SysMain - ok
    16:40:37.0371 2968 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    16:40:37.0371 2968 TabletInputService - ok
    16:40:37.0402 2968 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    16:40:37.0418 2968 TapiSrv - ok
    16:40:37.0434 2968 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    16:40:37.0434 2968 TBS - ok
    16:40:37.0824 2968 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    16:40:37.0855 2968 Tcpip - ok
    16:40:37.0870 2968 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    16:40:37.0886 2968 TCPIP6 - ok
    16:40:37.0964 2968 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    16:40:37.0980 2968 tcpipreg - ok
    16:40:38.0026 2968 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    16:40:38.0026 2968 TDPIPE - ok
    16:40:38.0073 2968 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    16:40:38.0073 2968 TDTCP - ok
    16:40:38.0089 2968 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    16:40:38.0104 2968 tdx - ok
    16:40:38.0136 2968 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    16:40:38.0136 2968 TermDD - ok
    16:40:38.0167 2968 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    16:40:38.0198 2968 TermService - ok
    16:40:38.0229 2968 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    16:40:38.0229 2968 Themes - ok
    16:40:38.0260 2968 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    16:40:38.0260 2968 THREADORDER - ok
    16:40:38.0276 2968 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    16:40:38.0276 2968 TrkWks - ok
    16:40:38.0338 2968 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    16:40:38.0338 2968 TrustedInstaller - ok
    16:40:38.0401 2968 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:40:38.0401 2968 tssecsrv - ok
    16:40:38.0463 2968 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    16:40:38.0463 2968 TsUsbFlt - ok
    16:40:38.0541 2968 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    16:40:38.0541 2968 tunnel - ok
    16:40:38.0557 2968 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    16:40:38.0572 2968 uagp35 - ok
    16:40:38.0619 2968 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    16:40:38.0619 2968 udfs - ok
    16:40:38.0650 2968 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    16:40:38.0650 2968 UI0Detect - ok
    16:40:38.0713 2968 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    16:40:38.0713 2968 uliagpkx - ok
    16:40:38.0775 2968 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    16:40:38.0775 2968 umbus - ok
    16:40:38.0791 2968 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    16:40:38.0806 2968 UmPass - ok
    16:40:38.0822 2968 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    16:40:38.0838 2968 upnphost - ok
    16:40:38.0869 2968 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    16:40:38.0869 2968 USBAAPL64 - ok
    16:40:38.0900 2968 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    16:40:38.0900 2968 usbccgp - ok
    16:40:38.0947 2968 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    16:40:38.0962 2968 usbcir - ok
    16:40:38.0978 2968 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    16:40:38.0978 2968 usbehci - ok
    16:40:39.0009 2968 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
    16:40:39.0009 2968 usbfilter - ok
    16:40:39.0056 2968 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    16:40:39.0072 2968 usbhub - ok
    16:40:39.0087 2968 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    16:40:39.0087 2968 usbohci - ok
    16:40:39.0134 2968 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    16:40:39.0134 2968 usbprint - ok
    16:40:39.0150 2968 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    16:40:39.0165 2968 usbscan - ok
    16:40:39.0196 2968 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:40:39.0196 2968 USBSTOR - ok
    16:40:39.0212 2968 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    16:40:39.0212 2968 usbuhci - ok
    16:40:39.0274 2968 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    16:40:39.0290 2968 usbvideo - ok
    16:40:39.0306 2968 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    16:40:39.0321 2968 UxSms - ok
    16:40:39.0352 2968 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    16:40:39.0352 2968 VaultSvc - ok
    16:40:39.0368 2968 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    16:40:39.0368 2968 vdrvroot - ok
    16:40:39.0430 2968 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    16:40:39.0446 2968 vds - ok
    16:40:39.0477 2968 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    16:40:39.0477 2968 vga - ok
    16:40:39.0493 2968 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    16:40:39.0493 2968 VgaSave - ok
    16:40:39.0508 2968 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    16:40:39.0508 2968 vhdmp - ok
    16:40:39.0540 2968 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    16:40:39.0540 2968 viaide - ok
    16:40:39.0571 2968 VMnetAdapter - ok
    16:40:39.0602 2968 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    16:40:39.0602 2968 volmgr - ok
    16:40:39.0649 2968 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    16:40:39.0664 2968 volmgrx - ok
    16:40:39.0711 2968 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    16:40:39.0711 2968 volsnap - ok
    16:40:39.0774 2968 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    16:40:39.0774 2968 vsmraid - ok
    16:40:39.0836 2968 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    16:40:39.0883 2968 VSS - ok
    16:40:39.0898 2968 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    16:40:39.0914 2968 vwifibus - ok
    16:40:39.0945 2968 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    16:40:39.0961 2968 vwififlt - ok
    16:40:40.0023 2968 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    16:40:40.0039 2968 W32Time - ok
    16:40:40.0070 2968 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    16:40:40.0070 2968 WacomPen - ok
    16:40:40.0086 2968 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    16:40:40.0101 2968 WANARP - ok
    16:40:40.0101 2968 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    16:40:40.0101 2968 Wanarpv6 - ok
    16:40:40.0195 2968 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    16:40:40.0242 2968 WatAdminSvc - ok
    16:40:40.0304 2968 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    16:40:40.0351 2968 wbengine - ok
    16:40:40.0366 2968 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    16:40:40.0366 2968 WbioSrvc - ok
    16:40:40.0413 2968 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    16:40:40.0413 2968 wcncsvc - ok
    16:40:40.0429 2968 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    16:40:40.0429 2968 WcsPlugInService - ok
    16:40:40.0444 2968 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    16:40:40.0444 2968 Wd - ok
    16:40:40.0476 2968 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    16:40:40.0476 2968 Wdf01000 - ok
    16:40:40.0491 2968 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    16:40:40.0491 2968 WdiServiceHost - ok
    16:40:40.0507 2968 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    16:40:40.0507 2968 WdiSystemHost - ok
    16:40:40.0538 2968 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    16:40:40.0554 2968 WebClient - ok
    16:40:40.0569 2968 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    16:40:40.0569 2968 Wecsvc - ok
    16:40:40.0585 2968 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    16:40:40.0585 2968 wercplsupport - ok
    16:40:40.0632 2968 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    16:40:40.0632 2968 WerSvc - ok
    16:40:40.0663 2968 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    16:40:40.0678 2968 WfpLwf - ok
    16:40:40.0678 2968 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    16:40:40.0678 2968 WIMMount - ok
    16:40:40.0741 2968 WinDefend - ok
    16:40:40.0772 2968 WinHttpAutoProxySvc - ok
    16:40:40.0819 2968 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    16:40:40.0819 2968 Winmgmt - ok
    16:40:40.0912 2968 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    16:40:40.0959 2968 WinRM - ok
    16:40:41.0022 2968 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    16:40:41.0037 2968 Wlansvc - ok
    16:40:41.0209 2968 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    16:40:41.0240 2968 wlidsvc - ok
    16:40:41.0365 2968 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    16:40:41.0365 2968 WmiAcpi - ok
    16:40:41.0427 2968 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    16:40:41.0427 2968 wmiApSrv - ok
    16:40:41.0474 2968 WMPNetworkSvc - ok
    16:40:41.0521 2968 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    16:40:41.0521 2968 WPCSvc - ok
    16:40:41.0568 2968 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    16:40:41.0568 2968 WPDBusEnum - ok
    16:40:41.0583 2968 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    16:40:41.0599 2968 ws2ifsl - ok
    16:40:41.0646 2968 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
    16:40:41.0661 2968 wscsvc - ok
    16:40:41.0724 2968 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
    16:40:41.0724 2968 WSDPrintDevice - ok
    16:40:41.0739 2968 WSearch - ok
    16:40:41.0973 2968 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    16:40:42.0020 2968 wuauserv - ok
    16:40:42.0067 2968 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    16:40:42.0067 2968 WudfPf - ok
    16:40:42.0082 2968 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:40:42.0082 2968 WUDFRd - ok
    16:40:42.0114 2968 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    16:40:42.0129 2968 wudfsvc - ok
    16:40:42.0160 2968 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    16:40:42.0176 2968 WwanSvc - ok
    16:40:42.0207 2968 MBR (0x1B8) (af00fc1920e1cf861b39b90a4375edf3) \Device\Harddisk0\DR0
    16:40:42.0285 2968 \Device\Harddisk0\DR0 - ok
    16:40:42.0285 2968 Boot (0x1200) (8b05c54413af6f186dc25575d2c8cbfe) \Device\Harddisk0\DR0\Partition0
    16:40:42.0285 2968 \Device\Harddisk0\DR0\Partition0 - ok
    16:40:42.0301 2968 Boot (0x1200) (1a3b96d9cb41e651a1749ac924a68720) \Device\Harddisk0\DR0\Partition1
    16:40:42.0348 2968 \Device\Harddisk0\DR0\Partition1 - ok
    16:40:42.0379 2968 Boot (0x1200) (4afc0feaaa98f6cbf82a99d22a405f0b) \Device\Harddisk0\DR0\Partition2
    16:40:42.0426 2968 \Device\Harddisk0\DR0\Partition2 - ok
    16:40:42.0426 2968 ============================================================
    16:40:42.0426 2968 Scan finished
    16:40:42.0426 2968 ============================================================
    16:40:42.0441 2296 Detected object count: 0
    16:40:42.0441 2296 Actual detected object count: 0
     
  18. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    How is redirection now?

    Post new Combofix log.
     
  19. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    ComboFix 12-04-04.02 - Adam 04/08/2012 16:51:54.5.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2591 [GMT -4:00]
    Running from: c:\users\Adam\Desktop\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini
    c:\windows\assembly\temp\@
    c:\windows\assembly\temp\cfg.ini
    c:\windows\system32\consrv.dll
    c:\windows\system32\dds_trash_log.cmd
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-08 20:56 . 2012-04-08 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-06 16:23 . 2012-04-06 16:23 -------- d-----w- C:\_OTL
    2012-04-06 15:54 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B64A7FD8-3BF1-4F79-88D8-5B1C320094B0}\mpengine.dll
    2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\users\Adam\AppData\Roaming\Malwarebytes
    2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-02 02:10 . 2012-04-02 18:09 -------- d-----w- c:\program files (x86)\ESET
    2012-04-02 00:49 . 2012-04-02 18:17 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-04-02 00:39 . 2012-04-08 20:31 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-14 18:54 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-14 18:54 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-03-14 18:54 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-03-14 17:29 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 17:29 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 17:29 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-14 14:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-14 14:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-14 14:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-14 14:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-14 14:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-14 14:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-14 14:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-23 13:18 . 2011-03-04 17:59 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-02-20 15:00 . 2011-05-17 14:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-30 03:36 . 2012-01-30 03:36 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-01-30 03:36 . 2012-01-30 03:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-01-30 03:36 . 2012-01-30 03:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-01-30 03:36 . 2012-01-30 03:36 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-01-30 03:36 . 2012-01-30 03:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-01-30 03:36 . 2012-01-30 03:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-01-30 03:36 . 2012-01-30 03:36 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-01-30 03:36 . 2012-01-30 03:36 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-01-30 03:36 . 2012-01-30 03:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-01-30 03:36 . 2012-01-30 03:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-01-30 03:36 . 2012-01-30 03:36 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-01-30 03:36 . 2012-01-30 03:36 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-01-30 03:36 . 2012-01-30 03:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-01-30 03:36 . 2012-01-30 03:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-01-30 03:36 . 2012-01-30 03:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-01-30 03:36 . 2012-01-30 03:36 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-01-30 03:36 . 2012-01-30 03:36 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-01-30 03:36 . 2012-01-30 03:36 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-01-30 03:36 . 2012-01-30 03:36 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-01-30 03:36 . 2012-01-30 03:36 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-01-30 03:36 . 2012-01-30 03:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-01-30 03:36 . 2012-01-30 03:36 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-01-30 03:36 . 2012-01-30 03:36 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-01-30 03:36 . 2012-01-30 03:36 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-01-30 03:36 . 2012-01-30 03:36 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-01-30 03:36 . 2012-01-30 03:36 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-01-30 03:36 . 2012-01-30 03:36 603648 ----a-w- c:\windows\system32\vbscript.dll
    2012-01-30 03:36 . 2012-01-30 03:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-01-30 03:36 . 2012-01-30 03:36 448512 ----a-w- c:\windows\system32\html.iec
    2012-01-30 03:36 . 2012-01-30 03:36 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-01-30 03:36 . 2012-01-30 03:36 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-01-30 03:36 . 2012-01-30 03:36 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-01-30 03:36 . 2012-01-30 03:36 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-01-30 03:36 . 2012-01-30 03:36 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2010-10-25 22:48 . 2011-05-02 16:57 8297472 ----a-w- c:\program files (x86)\AcroPro.msi
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-04-05_18.31.15 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-04-08 14:39 . 2012-04-08 15:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040820120409\index.dat
    + 2012-04-06 15:10 . 2012-04-06 15:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040620120407\index.dat
    + 2012-04-06 02:12 . 2012-04-06 02:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040520120406\index.dat
    + 2012-03-31 23:23 . 2012-04-08 20:26 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    - 2012-03-31 23:23 . 2012-04-04 23:52 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2011-03-04 20:06 . 2012-04-08 20:44 56698 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-04-08 20:44 43944 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-03-04 19:09 . 2012-04-08 20:44 22676 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-649968626-1217438032-2407564498-1000_UserData.bin
    + 2011-07-09 18:45 . 2012-04-08 18:38 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
    - 2011-07-09 18:45 . 2012-04-05 17:43 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
    - 2011-02-26 08:13 . 2012-04-05 18:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-02-26 08:13 . 2012-04-08 19:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-04-06 17:21 . 2012-04-08 19:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-02-26 08:13 . 2012-04-05 18:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-05 18:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-08 19:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-03-12 14:01 . 2012-04-05 19:06 4808 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    - 2011-03-12 14:01 . 2012-04-05 17:14 4808 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2011-03-11 23:31 . 2012-04-05 18:32 1874 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
    - 2011-03-11 23:31 . 2012-04-05 14:00 1874 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
    + 2009-07-13 23:31 . 2009-07-14 01:39 6656 c:\windows\system32\nim32.dll
    - 2012-04-05 18:30 . 2012-04-05 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-04-08 20:57 . 2012-04-08 20:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-04-08 20:57 . 2012-04-08 20:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-04-05 18:30 . 2012-04-05 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-04-17 03:08 . 2012-04-08 20:56 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2011-04-17 03:08 . 2012-04-05 18:27 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 04:54 . 2012-04-08 20:56 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-03-04 23:46 . 2012-04-07 23:12 325682 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
    - 2009-07-14 02:36 . 2012-04-05 13:40 663184 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-04-06 13:39 663184 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-04-06 13:39 122052 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-04-05 13:40 122052 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:38 . 2012-04-08 22:59 262144 c:\windows\system32\config\systemprofile\ntuser.dat
    - 2009-07-14 05:38 . 2012-04-05 22:09 262144 c:\windows\system32\config\systemprofile\ntuser.dat
    - 2009-07-14 05:12 . 2012-04-05 18:10 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 05:12 . 2012-04-08 19:27 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 05:01 . 2012-04-08 20:57 403468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-04-05 18:30 403468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 04:54 . 2012-04-08 20:56 2490368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-05 18:27 2490368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-03-04 19:06 . 2012-04-04 16:12 5735840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-03-04 19:06 . 2012-04-08 04:20 5735840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-03-07 18:24 . 2012-04-08 20:57 3354252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-649968626-1217438032-2407564498-1000-12288.dat
    - 2011-03-07 18:24 . 2012-04-05 18:30 3354252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-649968626-1217438032-2407564498-1000-12288.dat
    + 2012-03-31 23:36 . 2012-04-08 20:33 7853880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
    + 2009-07-14 04:54 . 2012-04-08 20:56 10436608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-05 18:27 10436608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Akamai NetSession Interface"="c:\users\Adam\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-12-01 121456]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
    S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
    S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-11-21 1248256]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-10-13 17152]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - LAVASOFT_KERNEXPLORER
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-30 c:\windows\Tasks\HPCeeScheduleForADAM-HP$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    2012-04-08 c:\windows\Tasks\HPCeeScheduleForAdam.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "combofix"="c:\combofix\CF1685.3XE" [2010-11-20 345088]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    JRAID
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    LSP: mswsock.dll
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\9yl6vuns.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - user.js: general.useragent.extra.brc -
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-78413125.sys
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\0a\03\0c\13-5u"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\program files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-08 17:03:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-08 21:03
    ComboFix2.txt 2012-04-08 19:33
    ComboFix3.txt 2012-04-08 19:18
    ComboFix4.txt 2012-04-08 17:59
    ComboFix5.txt 2012-04-08 20:51
    .
    Pre-Run: 379,001,122,816 bytes free
    Post-Run: 378,522,308,608 bytes free
    .
    - - End Of File - - F3CCB926D6189E8218536E2AA16584D9
     
  20. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    Still redirecting?
     
  21. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    Still redirecting.

    Again it seems to run great, then I have to eventually reboot where it fails to boot so I am forced to restore it to a previous period which probably still has the virus.

    Will reformatting the HD get rid of it?
     
  22. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    You can't make some steps without telling me.
    I've been trying to figure out what's going on and you're using system restore without telling me.
    That's a horrible time wasting.
    Did you just use system restore again?
     
  23. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    I thought I mentioned this issue in post #34 where i wrote

    "As it did last time we ran this, everything seems to run very smooth with no redirect. Its after I restart it again the problems come back. For some reason, it seems to have trouble loading windows on an restart so it goes through its startup repair tool then it starts fine but the problem is back."

    Again - after I run comboxfix, it restarts automatically okay. But after I try to restart it again, windows fails to boot and start up repair tool forces me into a restore.
     
  24. Broni

    Broni Malware Annihilator Posts: 47,986   +271

    There is a difference between startup repair and system restore.
    Which one you used? System restore?
     
  25. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    I selected the startup repair too which failed to boot windows. This prompted a box to come up giving me a choice to restore or repair. I tried to select repair but got the message "repair is already running" - which is a result of the failed repair.

    I manually rebooted the computer several times to try and get it to boot windows with me clicking "restore" which was my only option.

    I did not pick a restore date however, it seemed to choose that automatically.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.