Inactive Google redirect driving me crazy!

[Broni]

OK, from now on no more system restore.

Please Boot to the System Recovery Options
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...
NOTE. If none of the above apply you can create System Repair Disc (link in "Option two") and boot from it.

On the System Recovery Options menu you will get the following options:

• Startup Repair
• System Restore
• Windows Complete PC Restore
• Windows Memory Diagnostic Tool
• Command Prompt

Choose Command Prompt
You should see X:\SOURCES>...

Execute the following commands in bold.
Press Enter after every one of them.

bootrec /fixmbr (<--- there is a "space" after "bootrec")

bootrec /fixboot (<--- there is a "space" after "bootrec")

exit

Restart computer.

Re-run TDSSKiller.

 

[adam34997]

23:29:19.0229 4280 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
23:29:19.0728 4280 ============================================================
23:29:19.0728 4280 Current date / time: 2012/04/08 23:29:19.0728
23:29:19.0728 4280 SystemInfo:
23:29:19.0728 4280
23:29:19.0728 4280 OS Version: 6.1.7601 ServicePack: 1.0
23:29:19.0728 4280 Product type: Workstation
23:29:19.0729 4280 ComputerName: ADAM-HP
23:29:19.0729 4280 UserName: Adam
23:29:19.0729 4280 Windows directory: C:\Windows
23:29:19.0729 4280 System windows directory: C:\Windows
23:29:19.0729 4280 Running under WOW64
23:29:19.0729 4280 Processor architecture: Intel x64
23:29:19.0729 4280 Number of processors: 2
23:29:19.0729 4280 Page size: 0x1000
23:29:19.0729 4280 Boot type: Normal boot
23:29:19.0729 4280 ============================================================
23:29:21.0075 4280 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:29:21.0078 4280 \Device\Harddisk0\DR0:
23:29:21.0079 4280 MBR used
23:29:21.0079 4280 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:29:21.0079 4280 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x387C3000
23:29:21.0079 4280 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x387F5800, BlocksNum 0x1B90000
23:29:21.0146 4280 Initialize success
23:29:21.0146 4280 ============================================================

 

[Broni]

Did the command executed successfully?

TDSSKiller log looks incomplete.
Please re-run it.

 

[adam34997]

Yes the commands said they were successful.

Full log is below.

09:52:52.0384 4588 TDSS rootkit removing tool 2.7.27.0 Apr 9 2012 09:53:37
09:52:52.0775 4588 ============================================================
09:52:52.0775 4588 Current date / time: 2012/04/09 09:52:52.0775
09:52:52.0775 4588 SystemInfo:
09:52:52.0775 4588
09:52:52.0775 4588 OS Version: 6.1.7601 ServicePack: 1.0
09:52:52.0775 4588 Product type: Workstation
09:52:52.0775 4588 ComputerName: ADAM-HP
09:52:52.0775 4588 UserName: Adam
09:52:52.0775 4588 Windows directory: C:\Windows
09:52:52.0775 4588 System windows directory: C:\Windows
09:52:52.0775 4588 Running under WOW64
09:52:52.0775 4588 Processor architecture: Intel x64
09:52:52.0775 4588 Number of processors: 2
09:52:52.0775 4588 Page size: 0x1000
09:52:52.0775 4588 Boot type: Normal boot
09:52:52.0775 4588 ============================================================
09:52:54.0159 4588 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:52:54.0163 4588 \Device\Harddisk0\DR0:
09:52:54.0163 4588 MBR used
09:52:54.0163 4588 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:52:54.0163 4588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x387C3000
09:52:54.0163 4588 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x387F5800, BlocksNum 0x1B90000
09:52:54.0230 4588 Initialize success
09:52:54.0230 4588 ============================================================
09:52:57.0921 4640 ============================================================
09:52:57.0921 4640 Scan started
09:52:57.0921 4640 Mode: Manual;
09:52:57.0921 4640 ============================================================
09:52:58.0685 4640 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:52:58.0688 4640 1394ohci - ok
09:52:58.0712 4640 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:52:58.0716 4640 ACPI - ok
09:52:58.0749 4640 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:52:58.0750 4640 AcpiPmi - ok
09:52:58.0785 4640 ACPIService (de7e8d852a806be6091983838bf9697f) C:\Windows\system32\DRIVERS\OSDACPI.SYS
09:52:58.0785 4640 ACPIService - ok
09:52:58.0818 4640 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:52:58.0823 4640 adp94xx - ok
09:52:58.0840 4640 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:52:58.0844 4640 adpahci - ok
09:52:58.0852 4640 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:52:58.0855 4640 adpu320 - ok
09:52:58.0880 4640 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:52:58.0881 4640 AeLookupSvc - ok
09:52:58.0924 4640 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
09:52:58.0925 4640 AERTFilters - ok
09:52:58.0965 4640 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
09:52:58.0971 4640 AFD - ok
09:52:58.0989 4640 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:52:58.0991 4640 agp440 - ok
09:52:59.0009 4640 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:52:59.0011 4640 ALG - ok
09:52:59.0028 4640 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:52:59.0028 4640 aliide - ok
09:52:59.0049 4640 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe
09:52:59.0050 4640 AMD External Events Utility - ok
09:52:59.0063 4640 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:52:59.0064 4640 amdide - ok
09:52:59.0082 4640 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:52:59.0083 4640 AmdK8 - ok
09:52:59.0195 4640 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
09:52:59.0292 4640 amdkmdag - ok
09:52:59.0319 4640 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
09:52:59.0320 4640 amdkmdap - ok
09:52:59.0353 4640 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:52:59.0354 4640 AmdPPM - ok
09:52:59.0375 4640 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys
09:52:59.0376 4640 amdsata - ok
09:52:59.0393 4640 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:52:59.0396 4640 amdsbs - ok
09:52:59.0413 4640 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys
09:52:59.0414 4640 amdxata - ok
09:52:59.0456 4640 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:52:59.0457 4640 AppID - ok
09:52:59.0482 4640 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:52:59.0483 4640 AppIDSvc - ok
09:52:59.0509 4640 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
09:52:59.0510 4640 Appinfo - ok
09:52:59.0586 4640 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:52:59.0588 4640 Apple Mobile Device - ok
09:52:59.0636 4640 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:52:59.0639 4640 arc - ok
09:52:59.0651 4640 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:52:59.0653 4640 arcsas - ok
09:52:59.0761 4640 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:52:59.0763 4640 aspnet_state - ok
09:52:59.0777 4640 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:52:59.0779 4640 AsyncMac - ok
09:52:59.0818 4640 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:52:59.0819 4640 atapi - ok
09:52:59.0865 4640 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
09:52:59.0865 4640 AtiPcie - ok
09:52:59.0920 4640 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:52:59.0931 4640 AudioEndpointBuilder - ok
09:52:59.0949 4640 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:52:59.0955 4640 AudioSrv - ok
09:52:59.0990 4640 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
09:52:59.0992 4640 AxInstSV - ok
09:53:00.0017 4640 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:53:00.0024 4640 b06bdrv - ok
09:53:00.0046 4640 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:53:00.0050 4640 b57nd60a - ok
09:53:00.0087 4640 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:53:00.0089 4640 BDESVC - ok
09:53:00.0106 4640 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:53:00.0107 4640 Beep - ok
09:53:00.0176 4640 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
09:53:00.0191 4640 BFE - ok
09:53:00.0222 4640 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
09:53:00.0231 4640 BITS - ok
09:53:00.0251 4640 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:53:00.0252 4640 blbdrive - ok
09:53:00.0315 4640 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
09:53:00.0322 4640 Bonjour Service - ok
09:53:00.0362 4640 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:53:00.0363 4640 bowser - ok
09:53:00.0378 4640 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:53:00.0379 4640 BrFiltLo - ok
09:53:00.0393 4640 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:53:00.0394 4640 BrFiltUp - ok
09:53:00.0444 4640 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
09:53:00.0445 4640 BridgeMP - ok
09:53:00.0472 4640 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
09:53:00.0474 4640 Browser - ok
09:53:00.0495 4640 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:53:00.0499 4640 Brserid - ok
09:53:00.0514 4640 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:53:00.0515 4640 BrSerWdm - ok
09:53:00.0531 4640 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:53:00.0532 4640 BrUsbMdm - ok
09:53:00.0541 4640 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:53:00.0542 4640 BrUsbSer - ok
09:53:00.0555 4640 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:53:00.0557 4640 BTHMODEM - ok
09:53:00.0592 4640 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:53:00.0594 4640 bthserv - ok
09:53:00.0610 4640 catchme - ok
09:53:00.0631 4640 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:53:00.0633 4640 cdfs - ok
09:53:00.0683 4640 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
09:53:00.0687 4640 cdrom - ok
09:53:00.0732 4640 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:53:00.0733 4640 CertPropSvc - ok
09:53:00.0754 4640 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:53:00.0755 4640 circlass - ok
09:53:00.0780 4640 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:53:00.0785 4640 CLFS - ok
09:53:00.0826 4640 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:53:00.0828 4640 clr_optimization_v2.0.50727_32 - ok
09:53:00.0867 4640 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:53:00.0870 4640 clr_optimization_v2.0.50727_64 - ok
09:53:00.0918 4640 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:53:00.0921 4640 clr_optimization_v4.0.30319_32 - ok
09:53:00.0959 4640 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:53:00.0962 4640 clr_optimization_v4.0.30319_64 - ok
09:53:01.0005 4640 clwvd (d68d9f4d53010b7e84d4e80a2e485554) C:\Windows\system32\DRIVERS\clwvd.sys
09:53:01.0006 4640 clwvd - ok
09:53:01.0038 4640 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:53:01.0040 4640 CmBatt - ok
09:53:01.0068 4640 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:53:01.0070 4640 cmdide - ok
09:53:01.0111 4640 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
09:53:01.0120 4640 CNG - ok
09:53:01.0140 4640 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:53:01.0141 4640 Compbatt - ok
09:53:01.0179 4640 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:53:01.0180 4640 CompositeBus - ok
09:53:01.0196 4640 COMSysApp - ok
09:53:01.0217 4640 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:53:01.0218 4640 crcdisk - ok
09:53:01.0260 4640 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
09:53:01.0263 4640 CryptSvc - ok
09:53:01.0312 4640 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:53:01.0324 4640 DcomLaunch - ok
09:53:01.0363 4640 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:53:01.0368 4640 defragsvc - ok
09:53:01.0402 4640 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:53:01.0404 4640 DfsC - ok
09:53:01.0444 4640 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
09:53:01.0450 4640 Dhcp - ok
09:53:01.0468 4640 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:53:01.0469 4640 discache - ok
09:53:01.0494 4640 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:53:01.0495 4640 Disk - ok
09:53:01.0524 4640 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
09:53:01.0526 4640 Dnscache - ok
09:53:01.0557 4640 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
09:53:01.0561 4640 dot3svc - ok
09:53:01.0610 4640 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
09:53:01.0613 4640 Dot4 - ok
09:53:01.0657 4640 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
09:53:01.0658 4640 Dot4Print - ok
09:53:01.0676 4640 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
09:53:01.0677 4640 dot4usb - ok
09:53:01.0706 4640 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
09:53:01.0708 4640 DPS - ok
09:53:01.0733 4640 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:53:01.0734 4640 drmkaud - ok
09:53:01.0777 4640 DTSRVC (b1b7de1ea520c84ab689be8c964fb850) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
09:53:01.0779 4640 DTSRVC - ok
09:53:01.0840 4640 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:53:01.0854 4640 DXGKrnl - ok
09:53:01.0880 4640 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:53:01.0882 4640 EapHost - ok
09:53:01.0957 4640 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:53:02.0022 4640 ebdrv - ok
09:53:02.0057 4640 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
09:53:02.0059 4640 EFS - ok
09:53:02.0108 4640 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
09:53:02.0122 4640 ehRecvr - ok
09:53:02.0149 4640 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:53:02.0151 4640 ehSched - ok
09:53:02.0188 4640 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:53:02.0195 4640 elxstor - ok
09:53:02.0227 4640 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:53:02.0228 4640 ErrDev - ok
09:53:02.0264 4640 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:53:02.0268 4640 EventSystem - ok
09:53:02.0290 4640 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:53:02.0293 4640 exfat - ok
09:53:02.0311 4640 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:53:02.0314 4640 fastfat - ok
09:53:02.0355 4640 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
09:53:02.0364 4640 Fax - ok
09:53:02.0382 4640 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:53:02.0383 4640 fdc - ok
09:53:02.0402 4640 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:53:02.0403 4640 fdPHost - ok
09:53:02.0417 4640 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:53:02.0419 4640 FDResPub - ok
09:53:02.0440 4640 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:53:02.0441 4640 FileInfo - ok
09:53:02.0461 4640 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:53:02.0462 4640 Filetrace - ok
09:53:02.0479 4640 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:53:02.0480 4640 flpydisk - ok
09:53:02.0519 4640 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:53:02.0525 4640 FltMgr - ok
09:53:02.0589 4640 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
09:53:02.0624 4640 FontCache - ok
09:53:02.0683 4640 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:53:02.0685 4640 FontCache3.0.0.0 - ok
09:53:02.0707 4640 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:53:02.0709 4640 FsDepends - ok
09:53:02.0722 4640 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:53:02.0722 4640 Fs_Rec - ok
09:53:02.0765 4640 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:53:02.0770 4640 fvevol - ok
09:53:02.0808 4640 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:53:02.0809 4640 gagp30kx - ok
09:53:02.0859 4640 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:53:02.0860 4640 GEARAspiWDM - ok
09:53:02.0909 4640 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
09:53:02.0922 4640 gpsvc - ok
09:53:02.0943 4640 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:53:02.0944 4640 hcw85cir - ok
09:53:02.0999 4640 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
09:53:03.0007 4640 HdAudAddService - ok
09:53:03.0042 4640 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
09:53:03.0045 4640 HDAudBus - ok
09:53:03.0071 4640 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:53:03.0072 4640 HidBatt - ok
09:53:03.0090 4640 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:53:03.0092 4640 HidBth - ok
09:53:03.0114 4640 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:53:03.0115 4640 HidIr - ok
09:53:03.0142 4640 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
09:53:03.0143 4640 hidserv - ok
09:53:03.0159 4640 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
09:53:03.0161 4640 HidUsb - ok
09:53:03.0193 4640 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
09:53:03.0195 4640 hkmsvc - ok
09:53:03.0226 4640 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
09:53:03.0231 4640 HomeGroupListener - ok
09:53:03.0270 4640 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
09:53:03.0276 4640 HomeGroupProvider - ok
09:53:03.0378 4640 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
09:53:03.0380 4640 HP Support Assistant Service - ok
09:53:03.0425 4640 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
09:53:03.0430 4640 HPClientSvc - ok
09:53:03.0451 4640 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
09:53:03.0453 4640 HPDrvMntSvc.exe - ok
09:53:03.0489 4640 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
09:53:03.0505 4640 hpqwmiex - ok
09:53:03.0564 4640 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:53:03.0566 4640 HpSAMD - ok
09:53:03.0630 4640 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:53:03.0640 4640 HTTP - ok
09:53:03.0677 4640 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:53:03.0678 4640 hwpolicy - ok
09:53:03.0693 4640 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:53:03.0695 4640 i8042prt - ok
09:53:03.0733 4640 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:53:03.0739 4640 iaStorV - ok
09:53:03.0806 4640 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:53:03.0827 4640 idsvc - ok
09:53:03.0867 4640 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:53:03.0869 4640 iirsp - ok
09:53:03.0914 4640 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
09:53:03.0936 4640 IKEEXT - ok
09:53:04.0019 4640 IntcAzAudAddService (cb5fd9b681ad43b560490b5283ddc1c1) C:\Windows\system32\drivers\RTKVHD64.sys
09:53:04.0034 4640 IntcAzAudAddService - ok
09:53:04.0053 4640 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:53:04.0054 4640 intelide - ok
09:53:04.0076 4640 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:53:04.0077 4640 intelppm - ok
09:53:04.0097 4640 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:53:04.0099 4640 IPBusEnum - ok
09:53:04.0129 4640 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:53:04.0131 4640 IpFilterDriver - ok
09:53:04.0202 4640 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
09:53:04.0211 4640 iphlpsvc - ok
09:53:04.0233 4640 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:53:04.0235 4640 IPMIDRV - ok
09:53:04.0273 4640 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:53:04.0277 4640 IPNAT - ok
09:53:04.0343 4640 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
09:53:04.0354 4640 iPod Service - ok
09:53:04.0373 4640 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:53:04.0374 4640 IRENUM - ok
09:53:04.0396 4640 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:53:04.0397 4640 isapnp - ok
09:53:04.0419 4640 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:53:04.0423 4640 iScsiPrt - ok
09:53:04.0454 4640 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
09:53:04.0455 4640 kbdclass - ok
09:53:04.0489 4640 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
09:53:04.0490 4640 kbdhid - ok
09:53:04.0516 4640 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:53:04.0517 4640 KeyIso - ok
09:53:04.0531 4640 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
09:53:04.0533 4640 KSecDD - ok
09:53:04.0548 4640 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
09:53:04.0550 4640 KSecPkg - ok
09:53:04.0563 4640 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:53:04.0564 4640 ksthunk - ok
09:53:04.0596 4640 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:53:04.0602 4640 KtmRm - ok
09:53:04.0645 4640 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
09:53:04.0648 4640 LanmanServer - ok
09:53:04.0682 4640 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
09:53:04.0685 4640 LanmanWorkstation - ok
09:53:04.0802 4640 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
09:53:04.0832 4640 Lavasoft Ad-Aware Service - ok
09:53:04.0875 4640 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
09:53:04.0876 4640 Lbd - ok
09:53:04.0926 4640 LightScribeService (b1e1c8bb1392537e4d415fcdcb93b1d3) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
09:53:04.0928 4640 LightScribeService - ok
09:53:04.0973 4640 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:53:04.0975 4640 lltdio - ok
09:53:05.0009 4640 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:53:05.0018 4640 lltdsvc - ok
09:53:05.0038 4640 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:53:05.0041 4640 lmhosts - ok
09:53:05.0078 4640 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:53:05.0082 4640 LSI_FC - ok
09:53:05.0105 4640 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:53:05.0107 4640 LSI_SAS - ok
09:53:05.0124 4640 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:53:05.0126 4640 LSI_SAS2 - ok
09:53:05.0136 4640 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:53:05.0138 4640 LSI_SCSI - ok
09:53:05.0153 4640 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:53:05.0155 4640 luafv - ok
09:53:05.0194 4640 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
09:53:05.0199 4640 Mcx2Svc - ok
09:53:05.0216 4640 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:53:05.0218 4640 megasas - ok
09:53:05.0240 4640 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:53:05.0247 4640 MegaSR - ok
09:53:05.0351 4640 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
09:53:05.0354 4640 Microsoft Office Groove Audit Service - ok
09:53:05.0387 4640 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:53:05.0391 4640 MMCSS - ok
09:53:05.0407 4640 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:53:05.0409 4640 Modem - ok
09:53:05.0428 4640 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:53:05.0429 4640 monitor - ok
09:53:05.0467 4640 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:53:05.0468 4640 mouclass - ok
09:53:05.0507 4640 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:53:05.0508 4640 mouhid - ok
09:53:05.0539 4640 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:53:05.0540 4640 mountmgr - ok
09:53:05.0573 4640 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:53:05.0576 4640 mpio - ok
09:53:05.0596 4640 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:53:05.0598 4640 mpsdrv - ok
09:53:05.0679 4640 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
09:53:05.0701 4640 MpsSvc - ok
09:53:05.0739 4640 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:53:05.0742 4640 MRxDAV - ok
09:53:05.0775 4640 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:53:05.0778 4640 mrxsmb - ok
09:53:05.0807 4640 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:53:05.0811 4640 mrxsmb10 - ok
09:53:05.0828 4640 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:53:05.0831 4640 mrxsmb20 - ok
09:53:05.0846 4640 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:53:05.0847 4640 msahci - ok
09:53:05.0876 4640 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:53:05.0878 4640 msdsm - ok
09:53:05.0909 4640 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:53:05.0912 4640 MSDTC - ok
09:53:05.0939 4640 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:53:05.0940 4640 Msfs - ok
09:53:05.0966 4640 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:53:05.0967 4640 mshidkmdf - ok
09:53:05.0994 4640 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:53:05.0994 4640 msisadrv - ok
09:53:06.0020 4640 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:53:06.0024 4640 MSiSCSI - ok
09:53:06.0031 4640 msiserver - ok
09:53:06.0058 4640 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:53:06.0059 4640 MSKSSRV - ok
09:53:06.0085 4640 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:53:06.0086 4640 MSPCLOCK - ok
09:53:06.0105 4640 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:53:06.0106 4640 MSPQM - ok
09:53:06.0145 4640 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:53:06.0150 4640 MsRPC - ok
09:53:06.0170 4640 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:53:06.0171 4640 mssmbios - ok
09:53:06.0188 4640 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:53:06.0189 4640 MSTEE - ok
09:53:06.0204 4640 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:53:06.0205 4640 MTConfig - ok
09:53:06.0228 4640 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:53:06.0229 4640 Mup - ok
09:53:06.0271 4640 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
09:53:06.0284 4640 napagent - ok
09:53:06.0331 4640 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:53:06.0338 4640 NativeWifiP - ok
09:53:06.0384 4640 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:53:06.0394 4640 NDIS - ok
09:53:06.0413 4640 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:53:06.0415 4640 NdisCap - ok
09:53:06.0445 4640 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:53:06.0447 4640 NdisTapi - ok
09:53:06.0485 4640 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:53:06.0486 4640 Ndisuio - ok
09:53:06.0523 4640 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:53:06.0525 4640 NdisWan - ok
09:53:06.0562 4640 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:53:06.0564 4640 NDProxy - ok
09:53:06.0605 4640 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
09:53:06.0606 4640 Net Driver HPZ12 - ok
09:53:06.0620 4640 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:53:06.0621 4640 NetBIOS - ok
09:53:06.0655 4640 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:53:06.0658 4640 NetBT - ok
09:53:06.0671 4640 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:53:06.0673 4640 Netlogon - ok
09:53:06.0708 4640 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:53:06.0713 4640 Netman - ok
09:53:06.0794 4640 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:53:06.0798 4640 NetMsmqActivator - ok
09:53:06.0817 4640 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:53:06.0820 4640 NetPipeActivator - ok
09:53:06.0842 4640 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:53:06.0847 4640 netprofm - ok
09:53:06.0892 4640 netr28x (1982b291df9833fb3adc397ebd310a18) C:\Windows\system32\DRIVERS\netr28x.sys
09:53:06.0900 4640 netr28x - ok
09:53:06.0906 4640 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:53:06.0908 4640 NetTcpActivator - ok
09:53:06.0913 4640 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:53:06.0915 4640 NetTcpPortSharing - ok
09:53:06.0947 4640 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:53:06.0948 4640 nfrd960 - ok
09:53:06.0995 4640 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
09:53:07.0002 4640 NlaSvc - ok
09:53:07.0018 4640 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:53:07.0020 4640 Npfs - ok
09:53:07.0034 4640 nsi (d54bfdf3e0c953f823b3d0bfe4732528)

 

[adam34997]

C:\Windows\system32\nsisvc.dll
09:53:07.0036 4640 nsi - ok
09:53:07.0047 4640 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:53:07.0048 4640 nsiproxy - ok
09:53:07.0115 4640 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:53:07.0151 4640 Ntfs - ok
09:53:07.0164 4640 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:53:07.0165 4640 Null - ok
09:53:07.0199 4640 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:53:07.0204 4640 nvraid - ok
09:53:07.0239 4640 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:53:07.0243 4640 nvstor - ok
09:53:07.0261 4640 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:53:07.0264 4640 nv_agp - ok
09:53:07.0325 4640 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:53:07.0334 4640 odserv - ok
09:53:07.0397 4640 odysseyIM4 (5f22132c9153639762708909f156b33d) C:\Windows\system32\cvsnt.dll
09:53:07.0398 4640 odysseyIM4 ( Backdoor.Multi.ZAccess.gen ) - infected
09:53:07.0399 4640 odysseyIM4 - detected Backdoor.Multi.ZAccess.gen (0)
09:53:07.0440 4640 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:53:07.0442 4640 ohci1394 - ok
09:53:07.0490 4640 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:53:07.0493 4640 ose - ok
09:53:07.0527 4640 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:53:07.0531 4640 p2pimsvc - ok
09:53:07.0551 4640 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:53:07.0559 4640 p2psvc - ok
09:53:07.0595 4640 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:53:07.0597 4640 Parport - ok
09:53:07.0615 4640 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
09:53:07.0617 4640 partmgr - ok
09:53:07.0638 4640 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:53:07.0641 4640 PcaSvc - ok
09:53:07.0676 4640 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:53:07.0678 4640 pci - ok
09:53:07.0723 4640 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:53:07.0725 4640 pciide - ok
09:53:07.0740 4640 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:53:07.0745 4640 pcmcia - ok
09:53:07.0770 4640 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:53:07.0771 4640 pcw - ok
09:53:07.0808 4640 PdiService (0a098df98ec8facaa30bd7db4c7aea06) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
09:53:07.0810 4640 PdiService - ok
09:53:07.0841 4640 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:53:07.0848 4640 PEAUTH - ok
09:53:07.0896 4640 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:53:07.0900 4640 PerfHost - ok
09:53:07.0974 4640 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
09:53:08.0017 4640 pla - ok
09:53:08.0060 4640 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
09:53:08.0071 4640 PlugPlay - ok
09:53:08.0100 4640 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
09:53:08.0104 4640 Pml Driver HPZ12 - ok
09:53:08.0126 4640 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:53:08.0131 4640 PNRPAutoReg - ok
09:53:08.0162 4640 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:53:08.0169 4640 PNRPsvc - ok
09:53:08.0195 4640 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
09:53:08.0207 4640 PolicyAgent - ok
09:53:08.0234 4640 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:53:08.0238 4640 Power - ok
09:53:08.0293 4640 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:53:08.0296 4640 PptpMiniport - ok
09:53:08.0330 4640 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:53:08.0331 4640 Processor - ok
09:53:08.0355 4640 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
09:53:08.0359 4640 ProfSvc - ok
09:53:08.0382 4640 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:53:08.0384 4640 ProtectedStorage - ok
09:53:08.0419 4640 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:53:08.0420 4640 Psched - ok
09:53:08.0524 4640 QBCFMonitorService (91195091f449699b176fe1305dad40da) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
09:53:08.0525 4640 QBCFMonitorService - ok
09:53:08.0580 4640 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
09:53:08.0583 4640 QBFCService - ok
09:53:08.0647 4640 QBVSS (0c7b65c8743442a37152fcfac5f7d16a) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
09:53:08.0665 4640 QBVSS - ok
09:53:08.0727 4640 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:53:08.0772 4640 ql2300 - ok
09:53:08.0791 4640 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:53:08.0793 4640 ql40xx - ok
09:53:08.0818 4640 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:53:08.0823 4640 QWAVE - ok
09:53:08.0842 4640 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:53:08.0843 4640 QWAVEdrv - ok
09:53:08.0861 4640 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:53:08.0862 4640 RasAcd - ok
09:53:08.0904 4640 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:53:08.0906 4640 RasAgileVpn - ok
09:53:08.0924 4640 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:53:08.0928 4640 RasAuto - ok
09:53:08.0961 4640 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:53:08.0964 4640 Rasl2tp - ok
09:53:09.0001 4640 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
09:53:09.0007 4640 RasMan - ok
09:53:09.0023 4640 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:53:09.0025 4640 RasPppoe - ok
09:53:09.0053 4640 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:53:09.0055 4640 RasSstp - ok
09:53:09.0092 4640 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:53:09.0097 4640 rdbss - ok
09:53:09.0111 4640 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:53:09.0112 4640 rdpbus - ok
09:53:09.0138 4640 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:53:09.0139 4640 RDPCDD - ok
09:53:09.0156 4640 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:53:09.0158 4640 RDPENCDD - ok
09:53:09.0179 4640 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:53:09.0180 4640 RDPREFMP - ok
09:53:09.0212 4640 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
09:53:09.0215 4640 RDPWD - ok
09:53:09.0253 4640 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:53:09.0256 4640 rdyboost - ok
09:53:09.0298 4640 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:53:09.0303 4640 RemoteAccess - ok
09:53:09.0326 4640 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:53:09.0333 4640 RemoteRegistry - ok
09:53:09.0357 4640 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:53:09.0362 4640 RpcEptMapper - ok
09:53:09.0395 4640 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:53:09.0398 4640 RpcLocator - ok
09:53:09.0443 4640 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
09:53:09.0448 4640 RpcSs - ok
09:53:09.0461 4640 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:53:09.0463 4640 rspndr - ok
09:53:09.0499 4640 RTL8167 (fcaf9c2c9eadf8f397c3350760ef500f) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:53:09.0502 4640 RTL8167 - ok
09:53:09.0532 4640 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:53:09.0534 4640 SamSs - ok
09:53:09.0570 4640 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:53:09.0573 4640 sbp2port - ok
09:53:09.0676 4640 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
09:53:09.0693 4640 SBSDWSCService - ok
09:53:09.0742 4640 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:53:09.0750 4640 SCardSvr - ok
09:53:09.0793 4640 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:53:09.0794 4640 scfilter - ok
09:53:09.0856 4640 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
09:53:09.0877 4640 Schedule - ok
09:53:09.0906 4640 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:53:09.0907 4640 SCPolicySvc - ok
09:53:09.0943 4640 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
09:53:09.0946 4640 SDRSVC - ok
09:53:09.0976 4640 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:53:09.0977 4640 secdrv - ok
09:53:10.0010 4640 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
09:53:10.0013 4640 seclogon - ok
09:53:10.0029 4640 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
09:53:10.0032 4640 SENS - ok
09:53:10.0049 4640 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:53:10.0052 4640 SensrSvc - ok
09:53:10.0078 4640 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:53:10.0079 4640 Serenum - ok
09:53:10.0098 4640 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:53:10.0100 4640 Serial - ok
09:53:10.0138 4640 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:53:10.0139 4640 sermouse - ok
09:53:10.0193 4640 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
09:53:10.0197 4640 SessionEnv - ok
09:53:10.0227 4640 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:53:10.0228 4640 sffdisk - ok
09:53:10.0243 4640 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:53:10.0244 4640 sffp_mmc - ok
09:53:10.0261 4640 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:53:10.0262 4640 sffp_sd - ok
09:53:10.0283 4640 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:53:10.0285 4640 sfloppy - ok
09:53:10.0320 4640 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
09:53:10.0326 4640 SharedAccess - ok
09:53:10.0358 4640 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
09:53:10.0363 4640 ShellHWDetection - ok
09:53:10.0385 4640 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:53:10.0386 4640 SiSRaid2 - ok
09:53:10.0404 4640 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:53:10.0406 4640 SiSRaid4 - ok
09:53:10.0424 4640 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:53:10.0426 4640 Smb - ok
09:53:10.0477 4640 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:53:10.0480 4640 SNMPTRAP - ok
09:53:10.0499 4640 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:53:10.0500 4640 spldr - ok
09:53:10.0522 4640 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
09:53:10.0528 4640 Spooler - ok
09:53:10.0632 4640 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
09:53:10.0658 4640 sppsvc - ok
09:53:10.0677 4640 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:53:10.0680 4640 sppuinotify - ok
09:53:10.0722 4640 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:53:10.0727 4640 srv - ok
09:53:10.0762 4640 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:53:10.0767 4640 srv2 - ok
09:53:10.0782 4640 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:53:10.0784 4640 srvnet - ok
09:53:10.0815 4640 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:53:10.0817 4640 SSDPSRV - ok
09:53:10.0835 4640 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:53:10.0837 4640 SstpSvc - ok
09:53:10.0863 4640 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:53:10.0864 4640 stexstor - ok
09:53:10.0899 4640 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
09:53:10.0901 4640 StillCam - ok
09:53:10.0959 4640 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
09:53:10.0975 4640 stisvc - ok
09:53:11.0015 4640 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:53:11.0016 4640 swenum - ok
09:53:11.0054 4640 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:53:11.0062 4640 swprv - ok
09:53:11.0139 4640 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
09:53:11.0185 4640 SysMain - ok
09:53:11.0221 4640 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
09:53:11.0228 4640 TabletInputService - ok
09:53:11.0276 4640 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
09:53:11.0287 4640 TapiSrv - ok
09:53:11.0308 4640 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:53:11.0313 4640 TBS - ok
09:53:11.0370 4640 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
09:53:11.0405 4640 Tcpip - ok
09:53:11.0445 4640 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
09:53:11.0457 4640 TCPIP6 - ok
09:53:11.0491 4640 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:53:11.0492 4640 tcpipreg - ok
09:53:11.0516 4640 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:53:11.0517 4640 TDPIPE - ok
09:53:11.0534 4640 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
09:53:11.0535 4640 TDTCP - ok
09:53:11.0566 4640 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:53:11.0567 4640 tdx - ok
09:53:11.0605 4640 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:53:11.0606 4640 TermDD - ok
09:53:11.0632 4640 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
09:53:11.0641 4640 TermService - ok
09:53:11.0660 4640 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:53:11.0662 4640 Themes - ok
09:53:11.0687 4640 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:53:11.0688 4640 THREADORDER - ok
09:53:11.0699 4640 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:53:11.0701 4640 TrkWks - ok
09:53:11.0751 4640 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
09:53:11.0755 4640 TrustedInstaller - ok
09:53:11.0799 4640 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:53:11.0801 4640 tssecsrv - ok
09:53:11.0867 4640 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:53:11.0870 4640 TsUsbFlt - ok
09:53:11.0922 4640 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:53:11.0925 4640 tunnel - ok
09:53:11.0959 4640 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:53:11.0961 4640 uagp35 - ok
09:53:11.0992 4640 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:53:12.0000 4640 udfs - ok
09:53:12.0030 4640 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:53:12.0033 4640 UI0Detect - ok
09:53:12.0064 4640 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:53:12.0065 4640 uliagpkx - ok
09:53:12.0112 4640 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
09:53:12.0114 4640 umbus - ok
09:53:12.0135 4640 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:53:12.0136 4640 UmPass - ok
09:53:12.0164 4640 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:53:12.0170 4640 upnphost - ok
09:53:12.0211 4640 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
09:53:12.0213 4640 USBAAPL64 - ok
09:53:12.0238 4640 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:53:12.0240 4640 usbccgp - ok
09:53:12.0281 4640 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:53:12.0283 4640 usbcir - ok
09:53:12.0292 4640 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
09:53:12.0293 4640 usbehci - ok
09:53:12.0326 4640 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
09:53:12.0327 4640 usbfilter - ok
09:53:12.0358 4640 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:53:12.0362 4640 usbhub - ok
09:53:12.0373 4640 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
09:53:12.0374 4640 usbohci - ok
09:53:12.0401 4640 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:53:12.0402 4640 usbprint - ok
09:53:12.0427 4640 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
09:53:12.0428 4640 usbscan - ok
09:53:12.0462 4640 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:53:12.0464 4640 USBSTOR - ok
09:53:12.0485 4640 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
09:53:12.0487 4640 usbuhci - ok
09:53:12.0523 4640 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
09:53:12.0526 4640 usbvideo - ok
09:53:12.0563 4640 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:53:12.0566 4640 UxSms - ok
09:53:12.0590 4640 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:53:12.0592 4640 VaultSvc - ok
09:53:12.0616 4640 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:53:12.0617 4640 vdrvroot - ok
09:53:12.0668 4640 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
09:53:12.0677 4640 vds - ok
09:53:12.0691 4640 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:53:12.0693 4640 vga - ok
09:53:12.0716 4640 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:53:12.0717 4640 VgaSave - ok
09:53:12.0740 4640 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:53:12.0743 4640 vhdmp - ok
09:53:12.0781 4640 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:53:12.0783 4640 viaide - ok
09:53:12.0801 4640 VMnetAdapter - ok
09:53:12.0826 4640 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:53:12.0828 4640 volmgr - ok
09:53:12.0876 4640 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:53:12.0884 4640 volmgrx - ok
09:53:12.0925 4640 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:53:12.0931 4640 volsnap - ok
09:53:12.0962 4640 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:53:12.0966 4640 vsmraid - ok
09:53:13.0039 4640 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
09:53:13.0061 4640 VSS - ok
09:53:13.0069 4640 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:53:13.0070 4640 vwifibus - ok
09:53:13.0090 4640 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:53:13.0091 4640 vwififlt - ok
09:53:13.0124 4640 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:53:13.0130 4640 W32Time - ok
09:53:13.0151 4640 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:53:13.0153 4640 WacomPen - ok
09:53:13.0178 4640 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:53:13.0180 4640 WANARP - ok
09:53:13.0187 4640 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:53:13.0188 4640 Wanarpv6 - ok
09:53:13.0254 4640 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:53:13.0282 4640 WatAdminSvc - ok
09:53:13.0350 4640 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
09:53:13.0394 4640 wbengine - ok
09:53:13.0414 4640 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:53:13.0418 4640 WbioSrvc - ok
09:53:13.0445 4640 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
09:53:13.0452 4640 wcncsvc - ok
09:53:13.0468 4640 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:53:13.0471 4640 WcsPlugInService - ok
09:53:13.0484 4640 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:53:13.0485 4640 Wd - ok
09:53:13.0510 4640 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:53:13.0517 4640 Wdf01000 - ok
09:53:13.0531 4640 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:53:13.0533 4640 WdiServiceHost - ok
09:53:13.0537 4640 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:53:13.0540 4640 WdiSystemHost - ok
09:53:13.0579 4640 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
09:53:13.0584 4640 WebClient - ok
09:53:13.0607 4640 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:53:13.0612 4640 Wecsvc - ok
09:53:13.0627 4640 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:53:13.0630 4640 wercplsupport - ok
09:53:13.0647 4640 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:53:13.0650 4640 WerSvc - ok
09:53:13.0674 4640 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:53:13.0675 4640 WfpLwf - ok
09:53:13.0689 4640 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:53:13.0690 4640 WIMMount - ok
09:53:13.0725 4640 WinDefend - ok
09:53:13.0734 4640 WinHttpAutoProxySvc - ok
09:53:13.0779 4640 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:53:13.0784 4640 Winmgmt - ok
09:53:13.0861 4640 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
09:53:13.0921 4640 WinRM - ok
09:53:13.0975 4640 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:53:13.0987 4640 Wlansvc - ok
09:53:14.0114 4640 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:53:14.0137 4640 wlidsvc - ok
09:53:14.0189 4640 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:53:14.0191 4640 WmiAcpi - ok
09:53:14.0259 4640 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:53:14.0264 4640 wmiApSrv - ok
09:53:14.0295 4640 WMPNetworkSvc - ok
09:53:14.0340 4640 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:53:14.0345 4640 WPCSvc - ok
09:53:14.0386 4640 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
09:53:14.0393 4640 WPDBusEnum - ok
09:53:14.0412 4640 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:53:14.0413 4640 ws2ifsl - ok
09:53:14.0456 4640 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
09:53:14.0463 4640 wscsvc - ok
09:53:14.0502 4640 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
09:53:14.0504 4640 WSDPrintDevice - ok
09:53:14.0515 4640 WSearch - ok
09:53:14.0608 4640 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
09:53:14.0663 4640 wuauserv - ok
09:53:14.0697 4640 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:53:14.0699 4640 WudfPf - ok
09:53:14.0716 4640 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:53:14.0719 4640 WUDFRd - ok
09:53:14.0756 4640 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
09:53:14.0759 4640 wudfsvc - ok
09:53:14.0784 4640 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:53:14.0789 4640 WwanSvc - ok
09:53:14.0818 4640 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:53:14.0875 4640 \Device\Harddisk0\DR0 - ok
09:53:14.0880 4640 Boot (0x1200) (8b05c54413af6f186dc25575d2c8cbfe) \Device\Harddisk0\DR0\Partition0
09:53:14.0882 4640 \Device\Harddisk0\DR0\Partition0 - ok
09:53:14.0895 4640 Boot (0x1200) (1a3b96d9cb41e651a1749ac924a68720) \Device\Harddisk0\DR0\Partition1
09:53:14.0898 4640 \Device\Harddisk0\DR0\Partition1 - ok
09:53:14.0928 4640 Boot (0x1200) (4afc0feaaa98f6cbf82a99d22a405f0b) \Device\Harddisk0\DR0\Partition2
09:53:14.0929 4640 \Device\Harddisk0\DR0\Partition2 - ok
09:53:14.0929 4640 ============================================================
09:53:14.0929 4640 Scan finished
09:53:14.0929 4640 ============================================================
09:53:14.0940 4632 Detected object count: 1
09:53:14.0940 4632 Actual detected object count: 1
09:53:20.0703 4632 C:\Windows\system32\cvsnt.dll - copied to quarantine
09:53:20.0704 4632 HKLM\SYSTEM\ControlSet001\services\odysseyIM4 - will be deleted on reboot
09:53:20.0739 4632 HKLM\SYSTEM\ControlSet002\services\odysseyIM4 - will be deleted on reboot
09:53:20.0843 4632 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
09:53:20.0890 4632 C:\Windows\system32\cvsnt.dll - will be deleted on reboot
09:53:20.0891 4632 odysseyIM4 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete

 

[Broni]

Good.
Now re-run Combofix and post new log.

IMPORTANT! If Combofix restarts computer and you can't boot normally do NOT use system restore but reply from another working computer and let me know.

 

[adam34997]

Computer restarted okay. It usually happens after I restart it a second time without running combo-fix where it has trouble restarting. I will wait before I reboot again and contact you from another computer if I have issues. Log is below

ComboFix 12-04-09.04 - Adam 04/09/2012 12:04:04.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2086 [GMT -4:00]
Running from: c:\users\Adam\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 16:08 . 2012-04-09 16:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\users\Adam\AppData\Roaming\Malwarebytes
2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\programdata\Malwarebytes
2012-04-02 02:10 . 2012-04-02 18:09 -------- d-----w- c:\program files (x86)\ESET
2012-04-02 00:49 . 2012-04-02 18:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-02 00:39 . 2012-04-09 13:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-14 18:54 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 18:54 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 18:54 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 17:29 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 17:29 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 17:29 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 14:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 14:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 14:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 14:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 14:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 14:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 14:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-08 20:12 . 2012-04-08 20:12 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B64A7FD8-3BF1-4F79-88D8-5B1C320094B0}\offreg.dll
2012-03-20 07:51 . 2012-04-06 15:54 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B64A7FD8-3BF1-4F79-88D8-5B1C320094B0}\mpengine.dll
2012-02-23 13:18 . 2011-03-04 17:59 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-20 15:00 . 2011-05-17 14:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-30 03:36 . 2012-01-30 03:36 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-30 03:36 . 2012-01-30 03:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-30 03:36 . 2012-01-30 03:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-30 03:36 . 2012-01-30 03:36 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-30 03:36 . 2012-01-30 03:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-30 03:36 . 2012-01-30 03:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-30 03:36 . 2012-01-30 03:36 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-30 03:36 . 2012-01-30 03:36 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-30 03:36 . 2012-01-30 03:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-30 03:36 . 2012-01-30 03:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-30 03:36 . 2012-01-30 03:36 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-30 03:36 . 2012-01-30 03:36 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-30 03:36 . 2012-01-30 03:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-30 03:36 . 2012-01-30 03:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-30 03:36 . 2012-01-30 03:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-30 03:36 . 2012-01-30 03:36 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-30 03:36 . 2012-01-30 03:36 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-30 03:36 . 2012-01-30 03:36 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-30 03:36 . 2012-01-30 03:36 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-30 03:36 . 2012-01-30 03:36 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-30 03:36 . 2012-01-30 03:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-30 03:36 . 2012-01-30 03:36 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-30 03:36 . 2012-01-30 03:36 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-30 03:36 . 2012-01-30 03:36 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-30 03:36 . 2012-01-30 03:36 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-30 03:36 . 2012-01-30 03:36 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-30 03:36 . 2012-01-30 03:36 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-30 03:36 . 2012-01-30 03:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-30 03:36 . 2012-01-30 03:36 448512 ----a-w- c:\windows\system32\html.iec
2012-01-30 03:36 . 2012-01-30 03:36 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-30 03:36 . 2012-01-30 03:36 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-30 03:36 . 2012-01-30 03:36 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-30 03:36 . 2012-01-30 03:36 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-30 03:36 . 2012-01-30 03:36 111616 ----a-w- c:\windows\system32\iesysprep.dll
2010-10-25 22:48 . 2011-05-02 16:57 8297472 ----a-w- c:\program files (x86)\AcroPro.msi
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-05_18.31.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-09 15:52 . 2012-04-09 15:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040920120410\index.dat
+ 2012-04-09 15:52 . 2012-04-09 15:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040220120409\index.dat
+ 2012-03-31 23:23 . 2012-04-09 15:59 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-03-31 23:23 . 2012-04-04 23:52 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-03-04 20:06 . 2012-04-09 13:58 56698 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-09 13:58 44260 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-04 19:09 . 2012-04-09 13:58 23094 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-649968626-1217438032-2407564498-1000_UserData.bin
+ 2011-07-09 18:45 . 2012-04-08 23:23 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-07-09 18:45 . 2012-04-05 17:43 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-02-26 08:13 . 2012-04-05 18:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-26 08:13 . 2012-04-09 13:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-06 17:21 . 2012-04-09 13:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-26 08:13 . 2012-04-05 18:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-05 18:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-09 13:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-12 14:01 . 2012-04-05 17:14 4808 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-03-12 14:01 . 2012-04-05 19:06 4808 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-03-11 23:31 . 2012-04-05 14:00 1874 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
+ 2011-03-11 23:31 . 2012-04-05 18:32 1874 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
+ 2009-07-13 23:31 . 2009-07-14 01:39 6656 c:\windows\system32\USBModem.dll
- 2012-04-05 18:30 . 2012-04-05 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-09 16:09 . 2012-04-09 16:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-09 16:09 . 2012-04-09 16:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-05 18:30 . 2012-04-05 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-04-17 03:08 . 2012-04-05 18:27 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-04-17 03:08 . 2012-04-09 16:09 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-04-09 16:09 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-04 23:46 . 2012-04-09 01:50 328954 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-04-05 13:40 663184 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 13:39 663184 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 13:39 122052 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-05 13:40 122052 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:38 . 2012-04-09 03:28 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:38 . 2012-04-05 22:09 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:12 . 2012-04-05 18:10 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-04-09 13:56 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-04-09 16:09 403468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-05 18:30 403468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-04-09 16:08 2490368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-05 18:27 2490368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-04 19:06 . 2012-04-04 16:12 5735840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-04 19:06 . 2012-04-08 04:20 5735840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-03-07 18:24 . 2012-04-05 18:30 3354252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-649968626-1217438032-2407564498-1000-12288.dat
+ 2011-03-07 18:24 . 2012-04-09 16:09 3354252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-649968626-1217438032-2407564498-1000-12288.dat
+ 2012-03-31 23:36 . 2012-04-09 16:09 8138844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2009-07-14 04:54 . 2012-04-05 18:27 10436608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-09 16:08 10436608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Adam\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-12-01 121456]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-11-21 1248256]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-10-13 17152]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-30 c:\windows\Tasks\HPCeeScheduleForADAM-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-04-08 c:\windows\Tasks\HPCeeScheduleForAdam.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"combofix"="c:\combofix\CF30836.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pdlndoem
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\9yl6vuns.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: general.useragent.extra.brc -
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-19811869.sys
SafeBoot-19917072.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\03\0c\13-5u"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
.
**************************************************************************
.
Completion time: 2012-04-09 12:15:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-09 16:15
ComboFix2.txt 2012-04-08 21:03
ComboFix3.txt 2012-04-08 19:33
ComboFix4.txt 2012-04-08 19:18
ComboFix5.txt 2012-04-09 16:03
.
Pre-Run: 378,052,632,576 bytes free
Post-Run: 377,756,164,096 bytes free
.
- - End Of File - - 9F04806BB69714BC28700A32ABEB3A5E

 

[Broni]

Go ahead and restart one more time.

 

[adam34997]

I am contact you from another computer. Start up repair tool ran, then it was "attempting repairs" for a few min. Then it asked me if I wanted to restore, I click cancel. It is now still "attempting repairs" and not going anywhere.

 

[adam34997]

It now brought me to the HP recovery manager screen. I can choose between restore,repair, and revocery, along with file back up

 

[Broni]

Re-run steps from my reply #51 and see if you can boot normally.

 

[adam34997]

it failed to load again. back in start up repair mode.

Both commands were executed successfully

 

[Broni]

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

• When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
• Reboot your system using the boot CD you just created.
  • Note : If you do not know how to set your computer to boot from CD follow the steps here
• Your system should now display a REATOGO-X-PE desktop.
• Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
• Double-click on the OTLPE icon.
• When asked Do you wish to load the remote registry, select Yes
• When asked Do you wish to load remote user profile(s) for scanning, select Yes
• Ensure the box Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.

 

[adam34997]

got a blue screen error when I tried to boot with disc.

 

[Broni]

Try USB flash drive...
OTLPE on flash drive: http://forums.majorgeeks.com/showthread.php?t=216844

 

[adam34997]

Sorry - I am Having difficulties with this step. I will try again and get back to you