Inactive Google redirect driving me crazy!

[adam34997]

The browser I use is firefox. Should I switch to another?

I had no idea my firewall was off. I went to try and turn it back on and got this error

Error code 0x8007042c

I tried to restore it to default settings with the same result.

 

[Broni]

Can you check if IE is redirected as well?

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
• When prompted to run the scan, click Yes.
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

==============================================================

Yeah, I can see there is a problem with Windows firewall.

Download following firewall fix: http://download.bleepingcomputer.com/sUBs/MiniFixes/RestoreBFE.exe
Double click on downloaded file to run the fix.

Post new FSS log.

 

[adam34997]

I tried clicking the bleeping computer firewall fix but it said "this does not apply to you"

Log for scan is below

GooredFix by jpshortstuff (03.07.10.1)
Log created at 13:20 on 07/04/2012 (Adam)
Firefox version 11.0 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [00:30 02/04/2012]
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [16:33 06/04/2012]

C:\Users\Adam\Application Data\Mozilla\Firefox\Profiles\9yl6vuns.default\extensions\
{4D144BC3-23FB-47de-90C5-63CCB0139CCF} [13:40 04/05/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn" [17:39 12/04/2011]

-=E.O.F=-

 

[Broni]

Did you check IE for redirection?

Let's try different firewall fix...
Download following firewall fix: http://www.bleepstatic.com/fhost/uploads/0/repairw7fw.bat
Right click on downloaded file, click "Run As Administrator".
Restart computer and post new FSS log.

 

[adam34997]

I downloaded google chrome and tried IE but still got directed.

Didnt look like the firewall got turned back on but the log is below

Farbar Service Scanner Version: 01-03-2012
Ran by Adam (administrator) on 07-04-2012 at 14:18:44
Running from "C:\Users\Adam\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

[Broni]

Delete your Combofix filer, download fresh one and post new log.

 

[adam34997]

ComboFix 12-04-07.03 - Adam 04/07/2012 17:14:11.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2591 [GMT -4:00]
Running from: c:\users\Adam\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-07 21:23 . 2012-04-07 21:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 16:33 . 2012-04-06 16:33 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-06 16:23 . 2012-04-06 16:23 -------- d-----w- C:\_OTL
2012-04-06 15:54 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B64A7FD8-3BF1-4F79-88D8-5B1C320094B0}\mpengine.dll
2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\users\Adam\AppData\Roaming\Malwarebytes
2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\programdata\Malwarebytes
2012-04-02 15:37 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 02:10 . 2012-04-02 18:09 -------- d-----w- c:\program files (x86)\ESET
2012-04-02 00:49 . 2012-04-02 18:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-02 00:39 . 2012-04-04 16:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-14 18:54 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 18:54 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 18:54 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 17:29 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 17:29 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 17:29 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 14:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 14:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 14:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 14:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 14:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 14:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 14:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 16:32 . 2011-03-29 02:03 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 13:18 . 2011-03-04 17:59 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-20 15:00 . 2011-05-17 14:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-30 03:36 . 2012-01-30 03:36 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-30 03:36 . 2012-01-30 03:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-30 03:36 . 2012-01-30 03:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-30 03:36 . 2012-01-30 03:36 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-30 03:36 . 2012-01-30 03:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-30 03:36 . 2012-01-30 03:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-30 03:36 . 2012-01-30 03:36 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-30 03:36 . 2012-01-30 03:36 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-30 03:36 . 2012-01-30 03:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-30 03:36 . 2012-01-30 03:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-30 03:36 . 2012-01-30 03:36 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-30 03:36 . 2012-01-30 03:36 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-30 03:36 . 2012-01-30 03:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-30 03:36 . 2012-01-30 03:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-30 03:36 . 2012-01-30 03:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-30 03:36 . 2012-01-30 03:36 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-30 03:36 . 2012-01-30 03:36 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-30 03:36 . 2012-01-30 03:36 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-30 03:36 . 2012-01-30 03:36 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-30 03:36 . 2012-01-30 03:36 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-30 03:36 . 2012-01-30 03:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-30 03:36 . 2012-01-30 03:36 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-30 03:36 . 2012-01-30 03:36 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-30 03:36 . 2012-01-30 03:36 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-30 03:36 . 2012-01-30 03:36 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-30 03:36 . 2012-01-30 03:36 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-30 03:36 . 2012-01-30 03:36 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-30 03:36 . 2012-01-30 03:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-30 03:36 . 2012-01-30 03:36 448512 ----a-w- c:\windows\system32\html.iec
2012-01-30 03:36 . 2012-01-30 03:36 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-30 03:36 . 2012-01-30 03:36 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-30 03:36 . 2012-01-30 03:36 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-30 03:36 . 2012-01-30 03:36 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-30 03:36 . 2012-01-30 03:36 111616 ----a-w- c:\windows\system32\iesysprep.dll
2010-10-25 22:48 . 2011-05-02 16:57 8297472 ----a-w- c:\program files (x86)\AcroPro.msi
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-05_18.31.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-07 15:39 . 2012-04-07 17:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040720120408\index.dat
+ 2012-04-06 15:10 . 2012-04-06 15:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040620120407\index.dat
+ 2012-04-06 02:12 . 2012-04-06 02:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040520120406\index.dat
- 2012-03-31 23:23 . 2012-04-04 23:52 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-03-31 23:23 . 2012-04-07 21:08 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-03-04 20:06 . 2012-04-07 18:17 56556 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-04-05 18:12 43796 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-07 18:17 43796 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-04 19:09 . 2012-04-07 18:17 22516 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-649968626-1217438032-2407564498-1000_UserData.bin
- 2011-02-26 08:13 . 2012-04-05 18:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-26 08:13 . 2012-04-07 19:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-06 17:21 . 2012-04-07 19:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-26 08:13 . 2012-04-05 18:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-07 19:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-05 18:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-12 14:01 . 2012-04-05 19:06 4808 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-03-12 14:01 . 2012-04-05 17:14 4808 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-03-11 23:31 . 2012-04-05 18:32 1874 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
- 2011-03-11 23:31 . 2012-04-05 14:00 1874 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
- 2012-04-05 18:30 . 2012-04-05 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-07 21:24 . 2012-04-07 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-07 21:24 . 2012-04-07 21:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-05 18:30 . 2012-04-05 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-23 15:47 . 2011-10-03 09:06 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-04-06 16:32 . 2012-04-06 16:32 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-04-06 16:32 . 2012-04-06 16:32 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-04-06 16:32 . 2012-04-06 16:32 149280 c:\windows\SysWOW64\java.exe
+ 2011-04-17 03:08 . 2012-04-07 21:22 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-04-17 03:08 . 2012-04-05 18:27 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-04-07 21:22 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-04 23:46 . 2012-04-06 20:19 324050 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-04-05 13:40 663184 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 13:39 663184 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 13:39 122052 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-05 13:40 122052 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:12 . 2012-04-07 19:36 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-04-05 18:10 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-04-05 18:30 403468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-07 21:24 403468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-06 16:33 . 2012-04-06 16:33 207360 c:\windows\Installer\6f6f3.msi
+ 2009-07-14 04:54 . 2012-04-07 21:22 2490368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-05 18:27 2490368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-04 19:06 . 2012-04-04 16:12 5735840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-04 19:06 . 2012-04-07 21:24 5735840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-03-07 18:24 . 2012-04-05 18:30 3354252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-649968626-1217438032-2407564498-1000-12288.dat
+ 2011-03-07 18:24 . 2012-04-07 21:24 3354252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-649968626-1217438032-2407564498-1000-12288.dat
+ 2012-03-31 23:36 . 2012-04-07 21:24 7790708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2009-07-14 04:54 . 2012-04-05 18:27 10436608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-07 21:22 10436608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-06 16:31 . 2012-04-06 16:31 12938752 c:\windows\Installer\6f6e3.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Adam\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-12-01 121456]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-11-21 1248256]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-10-13 17152]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-649968626-1217438032-2407564498-1000Core.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-07 17:25]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-649968626-1217438032-2407564498-1000UA.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-07 17:25]
.
2012-03-30 c:\windows\Tasks\HPCeeScheduleForADAM-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-04-07 c:\windows\Tasks\HPCeeScheduleForAdam.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"combofix"="c:\combofix\CF18807.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
adiusbaw
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\9yl6vuns.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: general.useragent.extra.brc -
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\03\0c\13-5u"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2012-04-07 17:38:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-07 21:38
ComboFix2.txt 2012-04-05 19:12
ComboFix3.txt 2012-04-05 18:43
ComboFix4.txt 2012-04-05 14:10
ComboFix5.txt 2012-04-07 21:13
.
Pre-Run: 377,045,880,832 bytes free
Post-Run: 376,731,041,792 bytes free
.
- - End Of File - - B8C972925C34A8174970EB32AFAA39D1

 

[Broni]

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\combofix\CF18807.3XE

DDS::
uInternet Settings,ProxyOverride = <local>

Driver::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[adam34997]

As it did last time we ran this, everything seems to run very smooth with no redirect.

Its after I restart it again the problems come back. For some reason, it seems to have trouble loading windows on an restart so it goes through its startup repair tool then it starts fine but the problem is back.

Anyways.. log below

ComboFix 12-04-04.02 - Adam 04/08/2012 13:36:06.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2572 [GMT -4:00]
Running from: c:\users\Adam\Desktop\ComboFix.exe
Command switches used :: c:\users\Adam\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\combofix\CF18807.3XE"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 17:44 . 2012-04-08 17:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 16:23 . 2012-04-06 16:23 -------- d-----w- C:\_OTL
2012-04-06 15:54 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B64A7FD8-3BF1-4F79-88D8-5B1C320094B0}\mpengine.dll
2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\users\Adam\AppData\Roaming\Malwarebytes
2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\programdata\Malwarebytes
2012-04-02 02:10 . 2012-04-02 18:09 -------- d-----w- c:\program files (x86)\ESET
2012-04-02 00:49 . 2012-04-02 18:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-02 00:39 . 2012-04-04 16:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-14 18:54 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 18:54 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 18:54 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 17:29 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 17:29 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 17:29 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 14:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 14:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 14:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 14:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 14:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 14:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 14:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 13:18 . 2011-03-04 17:59 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-20 15:00 . 2011-05-17 14:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-30 03:36 . 2012-01-30 03:36 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-30 03:36 . 2012-01-30 03:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-30 03:36 . 2012-01-30 03:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-30 03:36 . 2012-01-30 03:36 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-30 03:36 . 2012-01-30 03:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-30 03:36 . 2012-01-30 03:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-30 03:36 . 2012-01-30 03:36 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-30 03:36 . 2012-01-30 03:36 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-30 03:36 . 2012-01-30 03:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-30 03:36 . 2012-01-30 03:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-30 03:36 . 2012-01-30 03:36 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-30 03:36 . 2012-01-30 03:36 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-30 03:36 . 2012-01-30 03:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-30 03:36 . 2012-01-30 03:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-30 03:36 . 2012-01-30 03:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-30 03:36 . 2012-01-30 03:36 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-30 03:36 . 2012-01-30 03:36 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-30 03:36 . 2012-01-30 03:36 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-30 03:36 . 2012-01-30 03:36 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-30 03:36 . 2012-01-30 03:36 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-30 03:36 . 2012-01-30 03:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-30 03:36 . 2012-01-30 03:36 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-30 03:36 . 2012-01-30 03:36 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-30 03:36 . 2012-01-30 03:36 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-30 03:36 . 2012-01-30 03:36 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-30 03:36 . 2012-01-30 03:36 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-30 03:36 . 2012-01-30 03:36 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-30 03:36 . 2012-01-30 03:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-30 03:36 . 2012-01-30 03:36 448512 ----a-w- c:\windows\system32\html.iec
2012-01-30 03:36 . 2012-01-30 03:36 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-30 03:36 . 2012-01-30 03:36 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-30 03:36 . 2012-01-30 03:36 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-30 03:36 . 2012-01-30 03:36 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-30 03:36 . 2012-01-30 03:36 111616 ----a-w- c:\windows\system32\iesysprep.dll
2010-10-25 22:48 . 2011-05-02 16:57 8297472 ----a-w- c:\program files (x86)\AcroPro.msi
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-05_18.31.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-08 14:39 . 2012-04-08 15:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040820120409\index.dat
+ 2012-04-06 15:10 . 2012-04-06 15:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040620120407\index.dat
+ 2012-04-06 02:12 . 2012-04-06 02:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040520120406\index.dat
+ 2012-03-31 23:23 . 2012-04-08 16:00 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-03-31 23:23 . 2012-04-04 23:52 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-03-04 20:06 . 2012-04-08 17:28 56556 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-04-05 18:12 43796 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-08 17:28 43796 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-04 19:09 . 2012-04-08 17:28 22548 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-649968626-1217438032-2407564498-1000_UserData.bin
+ 2011-07-09 18:45 . 2012-04-08 03:42 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-07-09 18:45 . 2012-04-05 17:43 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-02-26 08:13 . 2012-04-05 18:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-26 08:13 . 2012-04-08 17:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-26 08:13 . 2012-04-05 18:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-04-06 17:21 . 2012-04-08 17:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-08 17:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-05 18:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-12 14:01 . 2012-04-05 17:14 4808 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-03-12 14:01 . 2012-04-05 19:06 4808 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-03-11 23:31 . 2012-04-05 18:32 1874 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
- 2011-03-11 23:31 . 2012-04-05 14:00 1874 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
- 2012-04-05 18:30 . 2012-04-05 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-08 17:46 . 2012-04-08 17:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-05 18:30 . 2012-04-05 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-08 17:46 . 2012-04-08 17:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-17 03:08 . 2012-04-08 17:42 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-04-17 03:08 . 2012-04-05 18:27 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-04-08 17:42 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-04 23:46 . 2012-04-07 23:12 325682 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-04-05 13:40 663184 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 13:39 663184 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 13:39 122052 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-05 13:40 122052 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:38 . 2012-04-08 07:47 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:38 . 2012-04-05 22:09 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:12 . 2012-04-05 18:10 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-04-08 17:26 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-04-08 17:45 403468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-05 18:30 403468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-04-08 17:42 2490368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-05 18:27 2490368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-04 19:06 . 2012-04-04 16:12 5735840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-04 19:06 . 2012-04-08 04:20 5735840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-07 18:24 . 2012-04-08 17:45 3354252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-649968626-1217438032-2407564498-1000-12288.dat
- 2011-03-07 18:24 . 2012-04-05 18:30 3354252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-649968626-1217438032-2407564498-1000-12288.dat
+ 2012-03-31 23:36 . 2012-04-08 16:02 7853880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-04-08 17:42 10436608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-05 18:27 10436608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Adam\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-12-01 121456]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-11-21 1248256]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-10-13 17152]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-30 c:\windows\Tasks\HPCeeScheduleForADAM-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-04-08 c:\windows\Tasks\HPCeeScheduleForAdam.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"combofix"="c:\combofix\CF28729.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
adiusbaw
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\9yl6vuns.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: general.useragent.extra.brc -
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\03\0c\13-5u"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2012-04-08 13:59:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-08 17:59
ComboFix2.txt 2012-04-07 21:38
ComboFix3.txt 2012-04-05 19:12
ComboFix4.txt 2012-04-05 18:43
ComboFix5.txt 2012-04-08 17:34
.
Pre-Run: 379,202,256,896 bytes free
Post-Run: 378,921,598,976 bytes free
.
- - End Of File - - 68AD040BBABB3D14603E9F6CCFD8CADD

 

[Broni]

Please re-run Combofix one more time (no custom script needed).

 

[adam34997]

Redirect still happening

ComboFix 12-04-04.02 - Adam 04/08/2012 15:22:14.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2362 [GMT -4:00]
Running from: c:\users\Adam\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\cfg.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 19:27 . 2012-04-08 19:27 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-08 19:26 . 2012-04-08 19:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 16:23 . 2012-04-06 16:23 -------- d-----w- C:\_OTL
2012-04-06 15:54 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B64A7FD8-3BF1-4F79-88D8-5B1C320094B0}\mpengine.dll
2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\users\Adam\AppData\Roaming\Malwarebytes
2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\programdata\Malwarebytes
2012-04-02 02:10 . 2012-04-02 18:09 -------- d-----w- c:\program files (x86)\ESET
2012-04-02 00:49 . 2012-04-02 18:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-02 00:39 . 2012-04-04 16:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-14 18:54 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 18:54 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 18:54 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 17:29 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 17:29 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 17:29 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 14:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 14:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 14:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 14:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 14:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 14:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 14:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 13:18 . 2011-03-04 17:59 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-20 15:00 . 2011-05-17 14:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-30 03:36 . 2012-01-30 03:36 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-30 03:36 . 2012-01-30 03:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-30 03:36 . 2012-01-30 03:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-30 03:36 . 2012-01-30 03:36 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-30 03:36 . 2012-01-30 03:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-30 03:36 . 2012-01-30 03:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-30 03:36 . 2012-01-30 03:36 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-30 03:36 . 2012-01-30 03:36 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-30 03:36 . 2012-01-30 03:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-30 03:36 . 2012-01-30 03:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-30 03:36 . 2012-01-30 03:36 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-30 03:36 . 2012-01-30 03:36 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-30 03:36 . 2012-01-30 03:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-30 03:36 . 2012-01-30 03:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-30 03:36 . 2012-01-30 03:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-30 03:36 . 2012-01-30 03:36 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-30 03:36 . 2012-01-30 03:36 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-30 03:36 . 2012-01-30 03:36 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-30 03:36 . 2012-01-30 03:36 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-30 03:36 . 2012-01-30 03:36 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-30 03:36 . 2012-01-30 03:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-30 03:36 . 2012-01-30 03:36 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-30 03:36 . 2012-01-30 03:36 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-30 03:36 . 2012-01-30 03:36 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-30 03:36 . 2012-01-30 03:36 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-30 03:36 . 2012-01-30 03:36 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-30 03:36 . 2012-01-30 03:36 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-30 03:36 . 2012-01-30 03:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-30 03:36 . 2012-01-30 03:36 448512 ----a-w- c:\windows\system32\html.iec
2012-01-30 03:36 . 2012-01-30 03:36 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-30 03:36 . 2012-01-30 03:36 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-30 03:36 . 2012-01-30 03:36 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-30 03:36 . 2012-01-30 03:36 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-30 03:36 . 2012-01-30 03:36 111616 ----a-w- c:\windows\system32\iesysprep.dll
2010-10-25 22:48 . 2011-05-02 16:57 8297472 ----a-w- c:\program files (x86)\AcroPro.msi
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-05_18.31.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-08 14:39 . 2012-04-08 15:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040820120409\index.dat
+ 2012-04-06 15:10 . 2012-04-06 15:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040620120407\index.dat
+ 2012-04-06 02:12 . 2012-04-06 02:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040520120406\index.dat
+ 2012-03-31 23:23 . 2012-04-08 16:00 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-03-31 23:23 . 2012-04-04 23:52 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-03-04 20:06 . 2012-04-08 17:28 56556 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-04-05 18:12 43796 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-08 19:14 43796 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-04 19:09 . 2012-04-08 19:14 22580 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-649968626-1217438032-2407564498-1000_UserData.bin
+ 2011-07-09 18:45 . 2012-04-08 18:38 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-07-09 18:45 . 2012-04-05 17:43 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-02-26 08:13 . 2012-04-05 18:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-26 08:13 . 2012-04-08 19:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-26 08:13 . 2012-04-05 18:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-04-06 17:21 . 2012-04-08 19:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-08 19:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-05 18:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-12 14:01 . 2012-04-05 17:14 4808 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-03-12 14:01 . 2012-04-05 19:06 4808 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-03-11 23:31 . 2012-04-05 18:32 1874 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
- 2011-03-11 23:31 . 2012-04-05 14:00 1874 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
- 2012-04-05 18:30 . 2012-04-05 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-08 19:27 . 2012-04-08 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-05 18:30 . 2012-04-05 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-08 19:27 . 2012-04-08 19:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-17 03:08 . 2012-04-08 19:12 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-04-17 03:08 . 2012-04-05 18:27 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-04-08 19:12 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-04 23:46 . 2012-04-07 23:12 325682 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-04-05 13:40 663184 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 13:39 663184 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 13:39 122052 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-05 13:40 122052 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:38 . 2012-04-08 22:59 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:38 . 2012-04-05 22:09 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:12 . 2012-04-05 18:10 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-04-08 19:12 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-04-08 19:27 403468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-05 18:30 403468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-04-08 19:12 2490368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-05 18:27 2490368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-04 19:06 . 2012-04-04 16:12 5735840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-04 19:06 . 2012-04-08 04:20 5735840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-07 18:24 . 2012-04-08 19:27 3354252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-649968626-1217438032-2407564498-1000-12288.dat
- 2011-03-07 18:24 . 2012-04-05 18:30 3354252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-649968626-1217438032-2407564498-1000-12288.dat
+ 2012-03-31 23:36 . 2012-04-08 16:02 7853880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-04-08 19:12 10436608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-05 18:27 10436608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Adam\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-12-01 121456]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-11-21 1248256]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-10-13 17152]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
.
2012-03-30 c:\windows\Tasks\HPCeeScheduleForADAM-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-04-08 c:\windows\Tasks\HPCeeScheduleForAdam.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"combofix"="c:\combofix\CF16675.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
adiusbaw
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\9yl6vuns.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: general.useragent.extra.brc -
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\03\0c\13-5u"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
.
**************************************************************************
.
Completion time: 2012-04-08 15:33:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-08 19:33
ComboFix2.txt 2012-04-08 19:18
ComboFix3.txt 2012-04-08 17:59
ComboFix4.txt 2012-04-07 21:38
ComboFix5.txt 2012-04-08 19:21
.
Pre-Run: 378,471,964,672 bytes free
Post-Run: 378,413,010,944 bytes free
.
- - End Of File - - A1D547A1F6DF37AAECE259D56F676701

 

[Broni]

Please re-run TDSSKiller one more time.

 

[adam34997]

16:30:41.0232 4816 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
16:30:41.0700 4816 ============================================================
16:30:41.0700 4816 Current date / time: 2012/04/08 16:30:41.0700
16:30:41.0700 4816 SystemInfo:
16:30:41.0700 4816
16:30:41.0700 4816 OS Version: 6.1.7601 ServicePack: 1.0
16:30:41.0700 4816 Product type: Workstation
16:30:41.0700 4816 ComputerName: ADAM-HP
16:30:41.0700 4816 UserName: Adam
16:30:41.0700 4816 Windows directory: C:\Windows
16:30:41.0700 4816 System windows directory: C:\Windows
16:30:41.0700 4816 Running under WOW64
16:30:41.0700 4816 Processor architecture: Intel x64
16:30:41.0700 4816 Number of processors: 2
16:30:41.0700 4816 Page size: 0x1000
16:30:41.0700 4816 Boot type: Normal boot
16:30:41.0700 4816 ============================================================
16:30:42.0870 4816 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:30:42.0870 4816 \Device\Harddisk0\DR0:
16:30:42.0870 4816 MBR used
16:30:42.0870 4816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:30:42.0870 4816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x387C3000
16:30:42.0870 4816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x387F5800, BlocksNum 0x1B90000
16:30:42.0950 4816 Initialize success
16:30:42.0950 4816 ============================================================
16:30:44.0327 4964 ============================================================
16:30:44.0327 4964 Scan started
16:30:44.0327 4964 Mode: Manual;
16:30:44.0327 4964 ============================================================
16:30:46.0230 4964 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:30:46.0246 4964 1394ohci - ok
16:30:46.0277 4964 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:30:46.0277 4964 ACPI - ok
16:30:46.0308 4964 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:30:46.0308 4964 AcpiPmi - ok
16:30:46.0355 4964 ACPIService (de7e8d852a806be6091983838bf9697f) C:\Windows\system32\DRIVERS\OSDACPI.SYS
16:30:46.0355 4964 ACPIService - ok
16:30:46.0433 4964 adiusbaw (5f22132c9153639762708909f156b33d) C:\Windows\system32\kraidsvc.dll
16:30:46.0433 4964 adiusbaw ( Backdoor.Multi.ZAccess.gen ) - infected
16:30:46.0433 4964 adiusbaw - detected Backdoor.Multi.ZAccess.gen (0)
16:30:46.0480 4964 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:30:46.0480 4964 adp94xx - ok
16:30:46.0511 4964 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:30:46.0511 4964 adpahci - ok
16:30:46.0526 4964 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:30:46.0526 4964 adpu320 - ok
16:30:46.0558 4964 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:30:46.0558 4964 AeLookupSvc - ok
16:30:46.0636 4964 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
16:30:46.0636 4964 AERTFilters - ok
16:30:46.0698 4964 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:30:46.0698 4964 AFD - ok
16:30:46.0729 4964 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:30:46.0729 4964 agp440 - ok
16:30:46.0760 4964 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:30:46.0760 4964 ALG - ok
16:30:46.0776 4964 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:30:46.0776 4964 aliide - ok
16:30:46.0807 4964 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe
16:30:46.0807 4964 AMD External Events Utility - ok
16:30:46.0823 4964 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:30:46.0823 4964 amdide - ok
16:30:46.0838 4964 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:30:46.0838 4964 AmdK8 - ok
16:30:46.0979 4964 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
16:30:47.0088 4964 amdkmdag - ok
16:30:47.0135 4964 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
16:30:47.0135 4964 amdkmdap - ok
16:30:47.0197 4964 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:30:47.0197 4964 AmdPPM - ok
16:30:47.0213 4964 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys
16:30:47.0213 4964 amdsata - ok
16:30:47.0244 4964 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:30:47.0244 4964 amdsbs - ok
16:30:47.0266 4964 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys
16:30:47.0266 4964 amdxata - ok
16:30:47.0297 4964 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:30:47.0297 4964 AppID - ok
16:30:47.0312 4964 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:30:47.0328 4964 AppIDSvc - ok
16:30:47.0390 4964 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:30:47.0406 4964 Appinfo - ok
16:30:47.0734 4964 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:30:47.0734 4964 Apple Mobile Device - ok
16:30:47.0874 4964 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:30:47.0874 4964 arc - ok
16:30:47.0890 4964 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:30:47.0890 4964 arcsas - ok
16:30:47.0983 4964 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:30:47.0999 4964 aspnet_state - ok
16:30:48.0030 4964 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:30:48.0030 4964 AsyncMac - ok
16:30:48.0092 4964 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:30:48.0092 4964 atapi - ok
16:30:48.0139 4964 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
16:30:48.0139 4964 AtiPcie - ok
16:30:48.0217 4964 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:30:48.0217 4964 AudioEndpointBuilder - ok
16:30:48.0233 4964 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:30:48.0233 4964 AudioSrv - ok
16:30:48.0264 4964 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:30:48.0264 4964 AxInstSV - ok
16:30:48.0295 4964 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:30:48.0295 4964 b06bdrv - ok
16:30:48.0326 4964 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:30:48.0326 4964 b57nd60a - ok
16:30:48.0342 4964 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:30:48.0358 4964 BDESVC - ok
16:30:48.0373 4964 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:30:48.0373 4964 Beep - ok
16:30:48.0436 4964 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:30:48.0451 4964 BFE - ok
16:30:48.0482 4964 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:30:48.0482 4964 BITS - ok
16:30:48.0498 4964 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:30:48.0498 4964 blbdrive - ok
16:30:48.0592 4964 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:30:48.0592 4964 Bonjour Service - ok
16:30:48.0638 4964 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:30:48.0638 4964 bowser - ok
16:30:48.0654 4964 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:30:48.0654 4964 BrFiltLo - ok
16:30:48.0670 4964 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:30:48.0670 4964 BrFiltUp - ok
16:30:48.0716 4964 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:30:48.0732 4964 BridgeMP - ok
16:30:48.0763 4964 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:30:48.0763 4964 Browser - ok
16:30:48.0779 4964 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:30:48.0779 4964 Brserid - ok
16:30:48.0794 4964 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:30:48.0810 4964 BrSerWdm - ok
16:30:48.0810 4964 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:30:48.0826 4964 BrUsbMdm - ok
16:30:48.0826 4964 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:30:48.0826 4964 BrUsbSer - ok
16:30:48.0841 4964 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:30:48.0841 4964 BTHMODEM - ok
16:30:48.0904 4964 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:30:48.0904 4964 bthserv - ok
16:30:48.0950 4964 catchme - ok
16:30:48.0966 4964 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:30:48.0966 4964 cdfs - ok
16:30:49.0013 4964 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:30:49.0028 4964 cdrom - ok
16:30:49.0075 4964 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:30:49.0075 4964 CertPropSvc - ok
16:30:49.0122 4964 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:30:49.0122 4964 circlass - ok
16:30:49.0138 4964 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:30:49.0153 4964 CLFS - ok
16:30:49.0184 4964 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:30:49.0184 4964 clr_optimization_v2.0.50727_32 - ok
16:30:49.0231 4964 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:30:49.0231 4964 clr_optimization_v2.0.50727_64 - ok
16:30:49.0309 4964 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:30:49.0309 4964 clr_optimization_v4.0.30319_32 - ok
16:30:49.0340 4964 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:30:49.0340 4964 clr_optimization_v4.0.30319_64 - ok
16:30:49.0403 4964 clwvd (d68d9f4d53010b7e84d4e80a2e485554) C:\Windows\system32\DRIVERS\clwvd.sys
16:30:49.0403 4964 clwvd - ok
16:30:49.0434 4964 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:30:49.0450 4964 CmBatt - ok
16:30:49.0465 4964 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:30:49.0465 4964 cmdide - ok
16:30:49.0496 4964 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:30:49.0496 4964 CNG - ok
16:30:49.0512 4964 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:30:49.0528 4964 Compbatt - ok
16:30:49.0574 4964 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:30:49.0574 4964 CompositeBus - ok
16:30:49.0606 4964 COMSysApp - ok
16:30:49.0652 4964 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:30:49.0652 4964 crcdisk - ok
16:30:49.0715 4964 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:30:49.0715 4964 CryptSvc - ok
16:30:49.0777 4964 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:30:49.0793 4964 DcomLaunch - ok
16:30:49.0824 4964 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:30:49.0840 4964 defragsvc - ok
16:30:49.0886 4964 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:30:49.0886 4964 DfsC - ok
16:30:49.0918 4964 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:30:49.0918 4964 Dhcp - ok
16:30:49.0933 4964 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:30:49.0933 4964 discache - ok
16:30:49.0996 4964 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:30:49.0996 4964 Disk - ok
16:30:50.0011 4964 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:30:50.0027 4964 Dnscache - ok
16:30:50.0058 4964 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:30:50.0058 4964 dot3svc - ok
16:30:50.0120 4964 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:30:50.0120 4964 Dot4 - ok
16:30:50.0183 4964 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
16:30:50.0183 4964 Dot4Print - ok
16:30:50.0198 4964 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:30:50.0198 4964 dot4usb - ok
16:30:50.0230 4964 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:30:50.0245 4964 DPS - ok
16:30:50.0276 4964 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:30:50.0276 4964 drmkaud - ok
16:30:50.0354 4964 DTSRVC (b1b7de1ea520c84ab689be8c964fb850) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
16:30:50.0354 4964 DTSRVC - ok
16:30:50.0401 4964 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:30:50.0417 4964 DXGKrnl - ok
16:30:50.0479 4964 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:30:50.0479 4964 EapHost - ok
16:30:50.0573 4964 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:30:50.0635 4964 ebdrv - ok
16:30:50.0651 4964 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:30:50.0651 4964 EFS - ok
16:30:50.0698 4964 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:30:50.0698 4964 ehRecvr - ok
16:30:50.0729 4964 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:30:50.0729 4964 ehSched - ok
16:30:50.0791 4964 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:30:50.0791 4964 elxstor - ok
16:30:50.0838 4964 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:30:50.0838 4964 ErrDev - ok
16:30:50.0900 4964 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:30:50.0916 4964 EventSystem - ok
16:30:50.0932 4964 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:30:50.0932 4964 exfat - ok
16:30:50.0963 4964 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:30:50.0963 4964 fastfat - ok
16:30:51.0025 4964 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:30:51.0041 4964 Fax - ok
16:30:51.0056 4964 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:30:51.0056 4964 fdc - ok
16:30:51.0103 4964 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:30:51.0103 4964 fdPHost - ok
16:30:51.0119 4964 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:30:51.0119 4964 FDResPub - ok
16:30:51.0166 4964 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:30:51.0166 4964 FileInfo - ok
16:30:51.0181 4964 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:30:51.0181 4964 Filetrace - ok
16:30:51.0197 4964 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:30:51.0197 4964 flpydisk - ok
16:30:51.0244 4964 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:30:51.0244 4964 FltMgr - ok
16:30:51.0306 4964 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:30:51.0337 4964 FontCache - ok
16:30:51.0400 4964 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:30:51.0400 4964 FontCache3.0.0.0 - ok
16:30:51.0431 4964 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:30:51.0431 4964 FsDepends - ok
16:30:51.0446 4964 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:30:51.0446 4964 Fs_Rec - ok
16:30:51.0509 4964 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:30:51.0509 4964 fvevol - ok
16:30:51.0556 4964 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:30:51.0571 4964 gagp30kx - ok
16:30:51.0634 4964 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:30:51.0634 4964 GEARAspiWDM - ok
16:30:51.0665 4964 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:30:51.0680 4964 gpsvc - ok
16:30:51.0712 4964 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:30:51.0712 4964 hcw85cir - ok
16:30:51.0774 4964 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:30:51.0790 4964 HdAudAddService - ok
16:30:51.0836 4964 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:30:51.0836 4964 HDAudBus - ok
16:30:51.0852 4964 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:30:51.0852 4964 HidBatt - ok
16:30:51.0883 4964 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:30:51.0883 4964 HidBth - ok
16:30:51.0914 4964 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:30:51.0914 4964 HidIr - ok
16:30:51.0930 4964 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:30:51.0946 4964 hidserv - ok
16:30:51.0961 4964 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:30:51.0961 4964 HidUsb - ok
16:30:51.0992 4964 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:30:51.0992 4964 hkmsvc - ok
16:30:52.0024 4964 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:30:52.0024 4964 HomeGroupListener - ok
16:30:52.0070 4964 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:30:52.0070 4964 HomeGroupProvider - ok
16:30:52.0180 4964 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
16:30:52.0180 4964 HP Support Assistant Service - ok
16:30:52.0226 4964 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
16:30:52.0226 4964 HPClientSvc - ok
16:30:52.0242 4964 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
16:30:52.0242 4964 HPDrvMntSvc.exe - ok
16:30:52.0273 4964 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
16:30:52.0273 4964 hpqwmiex - ok
16:30:52.0382 4964 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:30:52.0382 4964 HpSAMD - ok
16:30:52.0460 4964 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:30:52.0476 4964 HTTP - ok
16:30:52.0538 4964 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:30:52.0538 4964 hwpolicy - ok
16:30:52.0585 4964 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:30:52.0585 4964 i8042prt - ok
16:30:52.0663 4964 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:30:52.0663 4964 iaStorV - ok
16:30:52.0757 4964 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:30:52.0772 4964 idsvc - ok
16:30:52.0804 4964 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:30:52.0804 4964 iirsp - ok
16:30:52.0913 4964 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:30:52.0944 4964 IKEEXT - ok
16:30:53.0162 4964 IntcAzAudAddService (cb5fd9b681ad43b560490b5283ddc1c1) C:\Windows\system32\drivers\RTKVHD64.sys
16:30:53.0178 4964 IntcAzAudAddService - ok
16:30:53.0194 4964 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:30:53.0194 4964 intelide - ok
16:30:53.0240 4964 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:30:53.0256 4964 intelppm - ok
16:30:53.0272 4964 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:30:53.0287 4964 IPBusEnum - ok
16:30:53.0318 4964 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:30:53.0318 4964 IpFilterDriver - ok
16:30:53.0412 4964 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:30:53.0428 4964 iphlpsvc - ok
16:30:53.0459 4964 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:30:53.0459 4964 IPMIDRV - ok
16:30:53.0474 4964 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:30:53.0474 4964 IPNAT - ok
16:30:53.0552 4964 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
16:30:53.0552 4964 iPod Service - ok
16:30:53.0615 4964 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:30:53.0615 4964 IRENUM - ok
16:30:53.0630 4964 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:30:53.0630 4964 isapnp - ok
16:30:53.0646 4964 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:30:53.0646 4964 iScsiPrt - ok
16:30:53.0677 4964 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:30:53.0677 4964 kbdclass - ok
16:30:53.0708 4964 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:30:53.0708 4964 kbdhid - ok
16:30:53.0740 4964 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:30:53.0740 4964 KeyIso - ok
16:30:53.0755 4964 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:30:53.0755 4964 KSecDD - ok
16:30:53.0771 4964 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:30:53.0771 4964 KSecPkg - ok
16:30:53.0786 4964 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:30:53.0786 4964 ksthunk - ok
16:30:53.0833 4964 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:30:53.0849 4964 KtmRm - ok
16:30:53.0927 4964 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:30:53.0927 4964 LanmanServer - ok
16:30:53.0974 4964 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:30:53.0974 4964 LanmanWorkstation - ok
16:30:54.0130 4964 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
16:30:54.0145 4964 Lavasoft Ad-Aware Service - ok
16:30:54.0208 4964 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
16:30:54.0208 4964 Lbd - ok
16:30:54.0286 4964 LightScribeService (b1e1c8bb1392537e4d415fcdcb93b1d3) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
16:30:54.0286 4964 LightScribeService - ok
16:30:54.0348 4964 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:30:54.0348 4964 lltdio - ok
16:30:54.0410 4964 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:30:54.0410 4964 lltdsvc - ok
16:30:54.0442 4964 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:30:54.0442 4964 lmhosts - ok
16:30:54.0473 4964 lmzkntba (37de5c89d49d8842c29504a7377c8bdc) C:\Windows\system32\drivers\lmzkntba.sys
16:30:54.0473 4964 lmzkntba - ok
16:30:54.0520 4964 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:30:54.0520 4964 LSI_FC - ok
16:30:54.0535 4964 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:30:54.0551 4964 LSI_SAS - ok
16:30:54.0566 4964 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:30:54.0566 4964 LSI_SAS2 - ok
16:30:54.0566 4964 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:30:54.0582 4964 LSI_SCSI - ok
16:30:54.0598 4964 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:30:54.0598 4964 luafv - ok
16:30:54.0644 4964 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:30:54.0644 4964 Mcx2Svc - ok
16:30:54.0676 4964 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:30:54.0676 4964 megasas - ok

 

[adam34997]

16:30:54.0691 4964 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:30:54.0691 4964 MegaSR - ok
16:30:54.0785 4964 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:30:54.0785 4964 Microsoft Office Groove Audit Service - ok
16:30:54.0816 4964 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:30:54.0816 4964 MMCSS - ok
16:30:54.0847 4964 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:30:54.0847 4964 Modem - ok
16:30:54.0863 4964 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:30:54.0863 4964 monitor - ok
16:30:54.0925 4964 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:30:54.0925 4964 mouclass - ok
16:30:54.0988 4964 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:30:54.0988 4964 mouhid - ok
16:30:55.0206 4964 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:30:55.0222 4964 mountmgr - ok
16:30:55.0253 4964 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:30:55.0253 4964 mpio - ok
16:30:55.0284 4964 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:30:55.0284 4964 mpsdrv - ok
16:30:55.0378 4964 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:30:55.0393 4964 MpsSvc - ok
16:30:55.0440 4964 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:30:55.0440 4964 MRxDAV - ok
16:30:55.0487 4964 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:30:55.0487 4964 mrxsmb - ok
16:30:55.0534 4964 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:30:55.0534 4964 mrxsmb10 - ok
16:30:55.0565 4964 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:30:55.0565 4964 mrxsmb20 - ok
16:30:55.0596 4964 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:30:55.0596 4964 msahci - ok
16:30:55.0643 4964 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:30:55.0643 4964 msdsm - ok
16:30:55.0658 4964 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:30:55.0658 4964 MSDTC - ok
16:30:55.0721 4964 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:30:55.0721 4964 Msfs - ok
16:30:55.0736 4964 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:30:55.0736 4964 mshidkmdf - ok
16:30:55.0768 4964 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:30:55.0768 4964 msisadrv - ok
16:30:55.0830 4964 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:30:55.0830 4964 MSiSCSI - ok
16:30:55.0846 4964 msiserver - ok
16:30:55.0892 4964 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:30:55.0892 4964 MSKSSRV - ok
16:30:55.0924 4964 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:30:55.0939 4964 MSPCLOCK - ok
16:30:55.0955 4964 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:30:55.0955 4964 MSPQM - ok
16:30:55.0986 4964 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:30:56.0002 4964 MsRPC - ok
16:30:56.0017 4964 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:30:56.0017 4964 mssmbios - ok
16:30:56.0033 4964 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:30:56.0033 4964 MSTEE - ok
16:30:56.0048 4964 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:30:56.0048 4964 MTConfig - ok
16:30:56.0064 4964 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:30:56.0064 4964 Mup - ok
16:30:56.0111 4964 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:30:56.0111 4964 napagent - ok
16:30:56.0189 4964 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:30:56.0189 4964 NativeWifiP - ok
16:30:56.0282 4964 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:30:56.0298 4964 NDIS - ok
16:30:56.0376 4964 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:30:56.0376 4964 NdisCap - ok
16:30:56.0423 4964 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:30:56.0423 4964 NdisTapi - ok
16:30:56.0470 4964 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:30:56.0470 4964 Ndisuio - ok
16:30:56.0516 4964 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:30:56.0516 4964 NdisWan - ok
16:30:56.0548 4964 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:30:56.0548 4964 NDProxy - ok
16:30:56.0610 4964 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
16:30:56.0626 4964 Net Driver HPZ12 - ok
16:30:56.0641 4964 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:30:56.0641 4964 NetBIOS - ok
16:30:56.0672 4964 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:30:56.0688 4964 NetBT - ok
16:30:56.0704 4964 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:30:56.0704 4964 Netlogon - ok
16:30:56.0766 4964 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:30:56.0782 4964 Netman - ok
16:30:56.0875 4964 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:30:56.0891 4964 NetMsmqActivator - ok
16:30:56.0906 4964 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:30:56.0906 4964 NetPipeActivator - ok
16:30:56.0938 4964 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:30:56.0938 4964 netprofm - ok
16:30:57.0016 4964 netr28x (1982b291df9833fb3adc397ebd310a18) C:\Windows\system32\DRIVERS\netr28x.sys
16:30:57.0031 4964 netr28x - ok
16:30:57.0047 4964 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:30:57.0047 4964 NetTcpActivator - ok
16:30:57.0062 4964 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:30:57.0062 4964 NetTcpPortSharing - ok
16:30:57.0109 4964 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:30:57.0109 4964 nfrd960 - ok
16:30:57.0172 4964 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:30:57.0187 4964 NlaSvc - ok
16:30:57.0203 4964 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:30:57.0203 4964 Npfs - ok
16:30:57.0218 4964 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:30:57.0218 4964 nsi - ok
16:30:57.0234 4964 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:30:57.0234 4964 nsiproxy - ok
16:30:57.0296 4964 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:30:57.0343 4964 Ntfs - ok
16:30:57.0359 4964 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:30:57.0359 4964 Null - ok
16:30:57.0406 4964 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:30:57.0421 4964 nvraid - ok
16:30:57.0468 4964 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:30:57.0468 4964 nvstor - ok
16:30:57.0484 4964 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:30:57.0499 4964 nv_agp - ok
16:30:57.0546 4964 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:30:57.0562 4964 odserv - ok
16:30:57.0593 4964 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:30:57.0608 4964 ohci1394 - ok
16:30:57.0671 4964 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:30:57.0671 4964 ose - ok
16:30:57.0718 4964 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:30:57.0733 4964 p2pimsvc - ok
16:30:57.0764 4964 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:30:57.0780 4964 p2psvc - ok
16:30:57.0827 4964 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:30:57.0842 4964 Parport - ok
16:30:57.0874 4964 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:30:57.0874 4964 partmgr - ok
16:30:57.0889 4964 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:30:57.0889 4964 PcaSvc - ok
16:30:57.0936 4964 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:30:57.0936 4964 pci - ok
16:30:57.0967 4964 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:30:57.0967 4964 pciide - ok
16:30:57.0967 4964 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:30:57.0983 4964 pcmcia - ok
16:30:57.0983 4964 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:30:57.0998 4964 pcw - ok
16:30:58.0014 4964 PdiService (0a098df98ec8facaa30bd7db4c7aea06) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
16:30:58.0014 4964 PdiService - ok
16:30:58.0045 4964 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:30:58.0061 4964 PEAUTH - ok
16:30:58.0092 4964 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:30:58.0092 4964 PerfHost - ok
16:30:58.0295 4964 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:30:58.0310 4964 pla - ok
16:30:58.0373 4964 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:30:58.0388 4964 PlugPlay - ok
16:30:58.0435 4964 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
16:30:58.0435 4964 Pml Driver HPZ12 - ok
16:30:58.0451 4964 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:30:58.0451 4964 PNRPAutoReg - ok
16:30:58.0466 4964 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:30:58.0482 4964 PNRPsvc - ok
16:30:58.0529 4964 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:30:58.0529 4964 PolicyAgent - ok
16:30:58.0560 4964 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:30:58.0560 4964 Power - ok
16:30:58.0638 4964 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:30:58.0638 4964 PptpMiniport - ok
16:30:58.0669 4964 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:30:58.0685 4964 Processor - ok
16:30:58.0716 4964 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:30:58.0732 4964 ProfSvc - ok
16:30:58.0747 4964 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:30:58.0763 4964 ProtectedStorage - ok
16:30:58.0794 4964 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:30:58.0794 4964 Psched - ok
16:30:58.0919 4964 QBCFMonitorService (91195091f449699b176fe1305dad40da) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
16:30:58.0919 4964 QBCFMonitorService - ok
16:30:58.0981 4964 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
16:30:58.0981 4964 QBFCService - ok
16:30:59.0044 4964 QBVSS (0c7b65c8743442a37152fcfac5f7d16a) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
16:30:59.0059 4964 QBVSS - ok
16:30:59.0137 4964 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:30:59.0168 4964 ql2300 - ok
16:30:59.0200 4964 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:30:59.0200 4964 ql40xx - ok
16:30:59.0215 4964 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:30:59.0231 4964 QWAVE - ok
16:30:59.0246 4964 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:30:59.0246 4964 QWAVEdrv - ok
16:30:59.0262 4964 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:30:59.0262 4964 RasAcd - ok
16:30:59.0324 4964 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:30:59.0324 4964 RasAgileVpn - ok
16:30:59.0340 4964 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:30:59.0356 4964 RasAuto - ok
16:30:59.0387 4964 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:30:59.0402 4964 Rasl2tp - ok
16:30:59.0434 4964 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:30:59.0449 4964 RasMan - ok
16:30:59.0465 4964 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:30:59.0465 4964 RasPppoe - ok
16:30:59.0512 4964 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:30:59.0512 4964 RasSstp - ok
16:30:59.0543 4964 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:30:59.0543 4964 rdbss - ok
16:30:59.0558 4964 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:30:59.0558 4964 rdpbus - ok
16:30:59.0574 4964 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:30:59.0574 4964 RDPCDD - ok
16:30:59.0668 4964 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:30:59.0668 4964 RDPENCDD - ok
16:30:59.0683 4964 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:30:59.0683 4964 RDPREFMP - ok
16:30:59.0714 4964 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:30:59.0714 4964 RDPWD - ok
16:30:59.0746 4964 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:30:59.0746 4964 rdyboost - ok
16:30:59.0824 4964 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:30:59.0824 4964 RemoteAccess - ok
16:30:59.0839 4964 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:30:59.0839 4964 RemoteRegistry - ok
16:30:59.0855 4964 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:30:59.0870 4964 RpcEptMapper - ok
16:30:59.0886 4964 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:30:59.0886 4964 RpcLocator - ok
16:30:59.0933 4964 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
16:30:59.0933 4964 RpcSs - ok
16:30:59.0948 4964 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:30:59.0948 4964 rspndr - ok
16:31:00.0011 4964 RTL8167 (fcaf9c2c9eadf8f397c3350760ef500f) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:31:00.0026 4964 RTL8167 - ok
16:31:00.0042 4964 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:31:00.0042 4964 SamSs - ok
16:31:00.0089 4964 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:31:00.0089 4964 sbp2port - ok
16:31:00.0214 4964 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
16:31:00.0229 4964 SBSDWSCService - ok
16:31:00.0260 4964 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:31:00.0260 4964 SCardSvr - ok
16:31:00.0292 4964 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:31:00.0292 4964 scfilter - ok
16:31:00.0338 4964 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:31:00.0354 4964 Schedule - ok
16:31:00.0385 4964 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:31:00.0385 4964 SCPolicySvc - ok
16:31:00.0416 4964 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:31:00.0432 4964 SDRSVC - ok
16:31:00.0479 4964 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:31:00.0479 4964 secdrv - ok
16:31:00.0526 4964 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:31:00.0541 4964 seclogon - ok
16:31:00.0557 4964 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:31:00.0557 4964 SENS - ok
16:31:00.0572 4964 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:31:00.0588 4964 SensrSvc - ok
16:31:00.0619 4964 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:31:00.0619 4964 Serenum - ok
16:31:00.0650 4964 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:31:00.0650 4964 Serial - ok
16:31:00.0682 4964 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:31:00.0682 4964 sermouse - ok
16:31:00.0728 4964 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:31:00.0728 4964 SessionEnv - ok
16:31:00.0775 4964 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:31:00.0775 4964 sffdisk - ok
16:31:00.0791 4964 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:31:00.0791 4964 sffp_mmc - ok
16:31:00.0806 4964 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:31:00.0806 4964 sffp_sd - ok
16:31:00.0822 4964 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:31:00.0838 4964 sfloppy - ok
16:31:00.0900 4964 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:31:00.0900 4964 SharedAccess - ok
16:31:00.0962 4964 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:31:00.0962 4964 ShellHWDetection - ok
16:31:01.0009 4964 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:31:01.0009 4964 SiSRaid2 - ok
16:31:01.0040 4964 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:31:01.0040 4964 SiSRaid4 - ok
16:31:01.0056 4964 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:31:01.0056 4964 Smb - ok
16:31:01.0118 4964 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:31:01.0118 4964 SNMPTRAP - ok
16:31:01.0134 4964 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:31:01.0134 4964 spldr - ok
16:31:01.0165 4964 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:31:01.0165 4964 Spooler - ok
16:31:01.0243 4964 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:31:01.0274 4964 sppsvc - ok
16:31:01.0306 4964 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:31:01.0306 4964 sppuinotify - ok
16:31:01.0352 4964 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:31:01.0352 4964 srv - ok
16:31:01.0384 4964 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:31:01.0399 4964 srv2 - ok
16:31:01.0415 4964 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:31:01.0415 4964 srvnet - ok
16:31:01.0462 4964 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:31:01.0462 4964 SSDPSRV - ok
16:31:01.0477 4964 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:31:01.0477 4964 SstpSvc - ok
16:31:01.0493 4964 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:31:01.0508 4964 stexstor - ok
16:31:01.0555 4964 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
16:31:01.0555 4964 StillCam - ok
16:31:01.0633 4964 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:31:01.0649 4964 stisvc - ok
16:31:01.0680 4964 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:31:01.0680 4964 swenum - ok
16:31:01.0696 4964 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:31:01.0711 4964 swprv - ok
16:31:01.0789 4964 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:31:01.0820 4964 SysMain - ok
16:31:01.0852 4964 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:31:01.0852 4964 TabletInputService - ok
16:31:01.0898 4964 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:31:01.0898 4964 TapiSrv - ok
16:31:01.0930 4964 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:31:01.0930 4964 TBS - ok
16:31:01.0992 4964 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:31:02.0023 4964 Tcpip - ok
16:31:02.0070 4964 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:31:02.0086 4964 TCPIP6 - ok
16:31:02.0117 4964 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:31:02.0117 4964 tcpipreg - ok
16:31:02.0148 4964 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:31:02.0148 4964 TDPIPE - ok
16:31:02.0164 4964 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:31:02.0164 4964 TDTCP - ok
16:31:02.0210 4964 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:31:02.0210 4964 tdx - ok
16:31:02.0242 4964 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:31:02.0242 4964 TermDD - ok
16:31:02.0288 4964 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:31:02.0304 4964 TermService - ok
16:31:02.0320 4964 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:31:02.0335 4964 Themes - ok
16:31:02.0351 4964 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:31:02.0366 4964 THREADORDER - ok
16:31:02.0382 4964 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:31:02.0382 4964 TrkWks - ok
16:31:02.0429 4964 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:31:02.0429 4964 TrustedInstaller - ok
16:31:02.0476 4964 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:31:02.0476 4964 tssecsrv - ok
16:31:02.0538 4964 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:31:02.0538 4964 TsUsbFlt - ok
16:31:02.0616 4964 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:31:02.0616 4964 tunnel - ok
16:31:02.0632 4964 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:31:02.0647 4964 uagp35 - ok
16:31:02.0663 4964 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:31:02.0678 4964 udfs - ok
16:31:02.0694 4964 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:31:02.0710 4964 UI0Detect - ok
16:31:02.0741 4964 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:31:02.0741 4964 uliagpkx - ok
16:31:02.0788 4964 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:31:02.0788 4964 umbus - ok
16:31:02.0819 4964 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:31:02.0819 4964 UmPass - ok
16:31:02.0834 4964 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:31:02.0834 4964 upnphost - ok
16:31:02.0881 4964 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:31:02.0881 4964 USBAAPL64 - ok
16:31:02.0897 4964 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:31:02.0897 4964 usbccgp - ok
16:31:02.0959 4964 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:31:02.0959 4964 usbcir - ok
16:31:02.0959 4964 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:31:02.0959 4964 usbehci - ok
16:31:02.0990 4964 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
16:31:02.0990 4964 usbfilter - ok
16:31:03.0053 4964 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:31:03.0053 4964 usbhub - ok
16:31:03.0068 4964 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:31:03.0068 4964 usbohci - ok
16:31:03.0115 4964 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:31:03.0115 4964 usbprint - ok
16:31:03.0146 4964 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:31:03.0146 4964 usbscan - ok
16:31:03.0178 4964 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:31:03.0193 4964 USBSTOR - ok
16:31:03.0209 4964 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:31:03.0209 4964 usbuhci - ok
16:31:03.0256 4964 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:31:03.0256 4964 usbvideo - ok
16:31:03.0287 4964 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:31:03.0302 4964 UxSms - ok
16:31:03.0334 4964 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:31:03.0334 4964 VaultSvc - ok
16:31:03.0380 4964 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:31:03.0380 4964 vdrvroot - ok
16:31:03.0427 4964 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:31:03.0443 4964 vds - ok
16:31:03.0474 4964 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:31:03.0474 4964 vga - ok
16:31:03.0490 4964 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:31:03.0490 4964 VgaSave - ok
16:31:03.0521 4964 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:31:03.0521 4964 vhdmp - ok
16:31:03.0568 4964 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:31:03.0568 4964 viaide - ok
16:31:03.0599 4964 VMnetAdapter - ok
16:31:03.0630 4964 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:31:03.0630 4964 volmgr - ok
16:31:03.0677 4964 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:31:03.0677 4964 volmgrx - ok
16:31:03.0724 4964 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:31:03.0724 4964 volsnap - ok
16:31:03.0770 4964 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:31:03.0770 4964 vsmraid - ok
16:31:03.0833 4964 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:31:03.0833 4964 VSS - ok
16:31:03.0848 4964 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:31:03.0848 4964 vwifibus - ok
16:31:03.0895 4964 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:31:03.0911 4964 vwififlt - ok
16:31:03.0973 4964 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:31:03.0989 4964 W32Time - ok
16:31:04.0004 4964 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:31:04.0004 4964 WacomPen - ok
16:31:04.0051 4964 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:31:04.0067 4964 WANARP - ok
16:31:04.0082 4964 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:31:04.0082 4964 Wanarpv6 - ok
16:31:04.0160 4964 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:31:04.0207 4964 WatAdminSvc - ok
16:31:04.0238 4964 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:31:04.0270 4964 wbengine - ok
16:31:04.0285 4964 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:31:04.0285 4964 WbioSrvc - ok
16:31:04.0332 4964 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:31:04.0332 4964 wcncsvc - ok
16:31:04.0348 4964 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:31:04.0348 4964 WcsPlugInService - ok
16:31:04.0363 4964 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:31:04.0363 4964 Wd - ok
16:31:04.0394 4964 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:31:04.0394 4964 Wdf01000 - ok
16:31:04.0410 4964 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:31:04.0410 4964 WdiServiceHost - ok
16:31:04.0410 4964 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:31:04.0426 4964 WdiSystemHost - ok
16:31:04.0441 4964 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:31:04.0441 4964 WebClient - ok
16:31:04.0457 4964 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:31:04.0472 4964 Wecsvc - ok
16:31:04.0488 4964 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:31:04.0488 4964 wercplsupport - ok
16:31:04.0519 4964 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:31:04.0535 4964 WerSvc - ok
16:31:04.0566 4964 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:31:04.0566 4964 WfpLwf - ok
16:31:04.0597 4964 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:31:04.0597 4964 WIMMount - ok
16:31:04.0660 4964 WinDefend - ok
16:31:04.0675 4964 WinHttpAutoProxySvc - ok
16:31:04.0722 4964 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:31:04.0722 4964 Winmgmt - ok
16:31:04.0784 4964 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:31:04.0816 4964 WinRM - ok
16:31:04.0878 4964 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:31:04.0894 4964 Wlansvc - ok
16:31:05.0003 4964 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:31:05.0018 4964 wlidsvc - ok
16:31:05.0081 4964 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:31:05.0081 4964 WmiAcpi - ok
16:31:05.0143 4964 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:31:05.0159 4964 wmiApSrv - ok
16:31:05.0174 4964 WMPNetworkSvc - ok
16:31:05.0206 4964 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:31:05.0221 4964 WPCSvc - ok
16:31:05.0252 4964 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:31:05.0268 4964 WPDBusEnum - ok
16:31:05.0284 4964 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:31:05.0284 4964 ws2ifsl - ok
16:31:05.0346 4964 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:31:05.0346 4964 wscsvc - ok
16:31:05.0393 4964 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
16:31:05.0408 4964 WSDPrintDevice - ok
16:31:05.0408 4964 WSearch - ok
16:31:05.0502 4964 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:31:05.0549 4964 wuauserv - ok
16:31:05.0580 4964 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:31:05.0580 4964 WudfPf - ok
16:31:05.0596 4964 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:31:05.0596 4964 WUDFRd - ok
16:31:05.0642 4964 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:31:05.0642 4964 wudfsvc - ok
16:31:05.0658 4964 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:31:05.0674 4964 WwanSvc - ok
16:31:05.0720 4964 MBR (0x1B8) (af00fc1920e1cf861b39b90a4375edf3) \Device\Harddisk0\DR0
16:31:05.0783 4964 \Device\Harddisk0\DR0 - ok
16:31:05.0798 4964 Boot (0x1200) (8b05c54413af6f186dc25575d2c8cbfe) \Device\Harddisk0\DR0\Partition0
16:31:05.0798 4964 \Device\Harddisk0\DR0\Partition0 - ok
16:31:05.0814 4964 Boot (0x1200) (1a3b96d9cb41e651a1749ac924a68720) \Device\Harddisk0\DR0\Partition1
16:31:05.0814 4964 \Device\Harddisk0\DR0\Partition1 - ok
16:31:05.0845 4964 Boot (0x1200) (4afc0feaaa98f6cbf82a99d22a405f0b) \Device\Harddisk0\DR0\Partition2
16:31:05.0845 4964 \Device\Harddisk0\DR0\Partition2 - ok
16:31:05.0845 4964 ============================================================
16:31:05.0845 4964 Scan finished
16:31:05.0845 4964 ============================================================
16:31:05.0876 4972 Detected object count: 1
16:31:05.0876 4972 Actual detected object count: 1
16:31:20.0415 4972 C:\Windows\system32\kraidsvc.dll - copied to quarantine
16:31:20.0415 4972 HKLM\SYSTEM\ControlSet001\services\adiusbaw - will be deleted on reboot
16:31:20.0446 4972 HKLM\SYSTEM\ControlSet002\services\adiusbaw - will be deleted on reboot
16:31:20.0539 4972 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
16:31:20.0602 4972 C:\Windows\system32\kraidsvc.dll - will be deleted on reboot
16:31:20.0602 4972 adiusbaw ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete

 

[Broni]

Re-run it one more time please.

 

[adam34997]

16:40:17.0466 3572 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
16:40:17.0902 3572 ============================================================
16:40:17.0902 3572 Current date / time: 2012/04/08 16:40:17.0902
16:40:17.0902 3572 SystemInfo:
16:40:17.0902 3572
16:40:17.0902 3572 OS Version: 6.1.7601 ServicePack: 1.0
16:40:17.0902 3572 Product type: Workstation
16:40:17.0902 3572 ComputerName: ADAM-HP
16:40:17.0902 3572 UserName: Adam
16:40:17.0902 3572 Windows directory: C:\Windows
16:40:17.0902 3572 System windows directory: C:\Windows
16:40:17.0902 3572 Running under WOW64
16:40:17.0902 3572 Processor architecture: Intel x64
16:40:17.0902 3572 Number of processors: 2
16:40:17.0902 3572 Page size: 0x1000
16:40:17.0902 3572 Boot type: Normal boot
16:40:17.0902 3572 ============================================================
16:40:19.0166 3572 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:40:19.0166 3572 \Device\Harddisk0\DR0:
16:40:19.0166 3572 MBR used
16:40:19.0166 3572 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:40:19.0166 3572 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x387C3000
16:40:19.0166 3572 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x387F5800, BlocksNum 0x1B90000
16:40:19.0400 3572 Initialize success
16:40:19.0400 3572 ============================================================
16:40:20.0461 2968 ============================================================
16:40:20.0461 2968 Scan started
16:40:20.0461 2968 Mode: Manual;
16:40:20.0461 2968 ============================================================
16:40:21.0662 2968 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:40:21.0662 2968 1394ohci - ok
16:40:21.0693 2968 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:40:21.0709 2968 ACPI - ok
16:40:21.0740 2968 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:40:21.0740 2968 AcpiPmi - ok
16:40:21.0771 2968 ACPIService (de7e8d852a806be6091983838bf9697f) C:\Windows\system32\DRIVERS\OSDACPI.SYS
16:40:21.0771 2968 ACPIService - ok
16:40:21.0802 2968 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:40:21.0802 2968 adp94xx - ok
16:40:21.0818 2968 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:40:21.0818 2968 adpahci - ok
16:40:21.0834 2968 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:40:21.0834 2968 adpu320 - ok
16:40:21.0865 2968 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:40:21.0865 2968 AeLookupSvc - ok
16:40:21.0927 2968 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
16:40:21.0927 2968 AERTFilters - ok
16:40:22.0021 2968 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:40:22.0021 2968 AFD - ok
16:40:22.0052 2968 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:40:22.0052 2968 agp440 - ok
16:40:22.0083 2968 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:40:22.0083 2968 ALG - ok
16:40:22.0114 2968 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:40:22.0114 2968 aliide - ok
16:40:22.0130 2968 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe
16:40:22.0146 2968 AMD External Events Utility - ok
16:40:22.0161 2968 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:40:22.0161 2968 amdide - ok
16:40:22.0192 2968 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:40:22.0192 2968 AmdK8 - ok
16:40:22.0442 2968 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
16:40:22.0520 2968 amdkmdag - ok
16:40:22.0629 2968 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
16:40:22.0629 2968 amdkmdap - ok
16:40:22.0692 2968 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:40:22.0692 2968 AmdPPM - ok
16:40:22.0707 2968 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys
16:40:22.0707 2968 amdsata - ok
16:40:22.0754 2968 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:40:22.0754 2968 amdsbs - ok
16:40:22.0770 2968 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys
16:40:22.0770 2968 amdxata - ok
16:40:22.0832 2968 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:40:22.0832 2968 AppID - ok
16:40:22.0848 2968 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:40:22.0848 2968 AppIDSvc - ok
16:40:22.0879 2968 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:40:22.0879 2968 Appinfo - ok
16:40:22.0972 2968 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:40:22.0972 2968 Apple Mobile Device - ok
16:40:23.0035 2968 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:40:23.0035 2968 arc - ok
16:40:23.0035 2968 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:40:23.0050 2968 arcsas - ok
16:40:23.0160 2968 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:40:23.0160 2968 aspnet_state - ok
16:40:23.0175 2968 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:40:23.0175 2968 AsyncMac - ok
16:40:23.0222 2968 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:40:23.0222 2968 atapi - ok
16:40:23.0284 2968 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
16:40:23.0284 2968 AtiPcie - ok
16:40:23.0347 2968 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:40:23.0347 2968 AudioEndpointBuilder - ok
16:40:23.0362 2968 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:40:23.0362 2968 AudioSrv - ok
16:40:23.0409 2968 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:40:23.0409 2968 AxInstSV - ok
16:40:23.0425 2968 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:40:23.0440 2968 b06bdrv - ok
16:40:23.0456 2968 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:40:23.0456 2968 b57nd60a - ok
16:40:23.0503 2968 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:40:23.0503 2968 BDESVC - ok
16:40:23.0534 2968 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:40:23.0534 2968 Beep - ok
16:40:23.0596 2968 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:40:23.0612 2968 BFE - ok
16:40:23.0628 2968 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:40:23.0643 2968 BITS - ok
16:40:23.0643 2968 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:40:23.0643 2968 blbdrive - ok
16:40:23.0752 2968 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:40:23.0752 2968 Bonjour Service - ok
16:40:23.0815 2968 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:40:23.0815 2968 bowser - ok
16:40:23.0830 2968 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:40:23.0830 2968 BrFiltLo - ok
16:40:23.0846 2968 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:40:23.0846 2968 BrFiltUp - ok
16:40:23.0893 2968 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:40:23.0893 2968 BridgeMP - ok
16:40:23.0924 2968 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:40:23.0924 2968 Browser - ok
16:40:23.0955 2968 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:40:23.0955 2968 Brserid - ok
16:40:23.0971 2968 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:40:23.0971 2968 BrSerWdm - ok
16:40:23.0986 2968 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:40:23.0986 2968 BrUsbMdm - ok
16:40:24.0002 2968 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:40:24.0002 2968 BrUsbSer - ok
16:40:24.0018 2968 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:40:24.0018 2968 BTHMODEM - ok
16:40:24.0064 2968 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:40:24.0080 2968 bthserv - ok
16:40:24.0111 2968 catchme - ok
16:40:24.0127 2968 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:40:24.0142 2968 cdfs - ok
16:40:24.0189 2968 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:40:24.0189 2968 cdrom - ok
16:40:24.0236 2968 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:40:24.0252 2968 CertPropSvc - ok
16:40:24.0252 2968 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:40:24.0252 2968 circlass - ok
16:40:24.0298 2968 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:40:24.0298 2968 CLFS - ok
16:40:24.0345 2968 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:40:24.0345 2968 clr_optimization_v2.0.50727_32 - ok
16:40:24.0376 2968 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:40:24.0376 2968 clr_optimization_v2.0.50727_64 - ok
16:40:24.0454 2968 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:40:24.0454 2968 clr_optimization_v4.0.30319_32 - ok
16:40:24.0564 2968 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:40:24.0564 2968 clr_optimization_v4.0.30319_64 - ok
16:40:24.0610 2968 clwvd (d68d9f4d53010b7e84d4e80a2e485554) C:\Windows\system32\DRIVERS\clwvd.sys
16:40:24.0610 2968 clwvd - ok
16:40:24.0657 2968 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:40:24.0657 2968 CmBatt - ok
16:40:24.0688 2968 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:40:24.0688 2968 cmdide - ok
16:40:24.0751 2968 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:40:24.0751 2968 CNG - ok
16:40:24.0766 2968 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:40:24.0766 2968 Compbatt - ok
16:40:24.0829 2968 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:40:24.0829 2968 CompositeBus - ok
16:40:24.0860 2968 COMSysApp - ok
16:40:24.0876 2968 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:40:24.0876 2968 crcdisk - ok
16:40:24.0907 2968 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:40:24.0907 2968 CryptSvc - ok
16:40:24.0954 2968 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:40:24.0954 2968 DcomLaunch - ok
16:40:25.0016 2968 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:40:25.0032 2968 defragsvc - ok
16:40:25.0063 2968 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:40:25.0063 2968 DfsC - ok
16:40:25.0094 2968 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:40:25.0094 2968 Dhcp - ok
16:40:25.0110 2968 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:40:25.0110 2968 discache - ok
16:40:25.0125 2968 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:40:25.0125 2968 Disk - ok
16:40:25.0156 2968 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:40:25.0156 2968 Dnscache - ok
16:40:25.0188 2968 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:40:25.0188 2968 dot3svc - ok
16:40:25.0250 2968 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:40:25.0250 2968 Dot4 - ok
16:40:25.0297 2968 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
16:40:25.0297 2968 Dot4Print - ok
16:40:25.0328 2968 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:40:25.0328 2968 dot4usb - ok
16:40:25.0359 2968 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:40:25.0359 2968 DPS - ok
16:40:25.0406 2968 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:40:25.0406 2968 drmkaud - ok
16:40:25.0484 2968 DTSRVC (b1b7de1ea520c84ab689be8c964fb850) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
16:40:25.0484 2968 DTSRVC - ok
16:40:25.0531 2968 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:40:25.0531 2968 DXGKrnl - ok
16:40:25.0593 2968 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:40:25.0593 2968 EapHost - ok
16:40:25.0718 2968 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:40:25.0812 2968 ebdrv - ok
16:40:25.0843 2968 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:40:25.0843 2968 EFS - ok
16:40:26.0014 2968 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:40:26.0014 2968 ehRecvr - ok
16:40:26.0046 2968 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:40:26.0061 2968 ehSched - ok
16:40:26.0124 2968 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:40:26.0139 2968 elxstor - ok
16:40:26.0170 2968 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:40:26.0170 2968 ErrDev - ok
16:40:26.0248 2968 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:40:26.0248 2968 EventSystem - ok
16:40:26.0280 2968 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:40:26.0280 2968 exfat - ok
16:40:26.0311 2968 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:40:26.0311 2968 fastfat - ok
16:40:26.0358 2968 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:40:26.0373 2968 Fax - ok
16:40:26.0389 2968 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:40:26.0389 2968 fdc - ok
16:40:26.0436 2968 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:40:26.0436 2968 fdPHost - ok
16:40:26.0451 2968 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:40:26.0451 2968 FDResPub - ok
16:40:26.0467 2968 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:40:26.0467 2968 FileInfo - ok
16:40:26.0482 2968 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:40:26.0498 2968 Filetrace - ok
16:40:26.0514 2968 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:40:26.0514 2968 flpydisk - ok
16:40:26.0545 2968 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:40:26.0545 2968 FltMgr - ok
16:40:26.0607 2968 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:40:26.0623 2968 FontCache - ok
16:40:26.0685 2968 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:40:26.0685 2968 FontCache3.0.0.0 - ok
16:40:26.0701 2968 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:40:26.0701 2968 FsDepends - ok
16:40:26.0732 2968 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:40:26.0732 2968 Fs_Rec - ok
16:40:26.0763 2968 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:40:26.0779 2968 fvevol - ok
16:40:26.0794 2968 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:40:26.0794 2968 gagp30kx - ok
16:40:26.0857 2968 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:40:26.0857 2968 GEARAspiWDM - ok
16:40:26.0904 2968 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:40:26.0919 2968 gpsvc - ok
16:40:26.0935 2968 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:40:26.0935 2968 hcw85cir - ok
16:40:26.0997 2968 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:40:27.0013 2968 HdAudAddService - ok
16:40:27.0060 2968 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:40:27.0060 2968 HDAudBus - ok
16:40:27.0075 2968 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:40:27.0091 2968 HidBatt - ok
16:40:27.0106 2968 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:40:27.0106 2968 HidBth - ok
16:40:27.0122 2968 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:40:27.0122 2968 HidIr - ok
16:40:27.0153 2968 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:40:27.0153 2968 hidserv - ok
16:40:27.0184 2968 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:40:27.0184 2968 HidUsb - ok
16:40:27.0216 2968 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:40:27.0216 2968 hkmsvc - ok
16:40:27.0247 2968 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:40:27.0247 2968 HomeGroupListener - ok
16:40:27.0294 2968 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:40:27.0294 2968 HomeGroupProvider - ok
16:40:27.0403 2968 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
16:40:27.0403 2968 HP Support Assistant Service - ok
16:40:27.0465 2968 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
16:40:27.0481 2968 HPClientSvc - ok
16:40:27.0528 2968 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
16:40:27.0528 2968 HPDrvMntSvc.exe - ok
16:40:27.0715 2968 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
16:40:27.0730 2968 hpqwmiex - ok
16:40:27.0824 2968 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:40:27.0824 2968 HpSAMD - ok
16:40:27.0902 2968 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:40:27.0918 2968 HTTP - ok
16:40:27.0933 2968 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:40:27.0933 2968 hwpolicy - ok
16:40:27.0980 2968 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:40:27.0980 2968 i8042prt - ok
16:40:28.0027 2968 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:40:28.0042 2968 iaStorV - ok
16:40:28.0105 2968 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:40:28.0120 2968 idsvc - ok
16:40:28.0152 2968 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:40:28.0152 2968 iirsp - ok
16:40:28.0198 2968 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:40:28.0214 2968 IKEEXT - ok
16:40:28.0308 2968 IntcAzAudAddService (cb5fd9b681ad43b560490b5283ddc1c1) C:\Windows\system32\drivers\RTKVHD64.sys
16:40:28.0339 2968 IntcAzAudAddService - ok
16:40:28.0401 2968 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:40:28.0417 2968 intelide - ok
16:40:28.0432 2968 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:40:28.0448 2968 intelppm - ok
16:40:28.0495 2968 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:40:28.0495 2968 IPBusEnum - ok
16:40:28.0526 2968 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:40:28.0542 2968 IpFilterDriver - ok
16:40:28.0620 2968 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:40:28.0635 2968 iphlpsvc - ok
16:40:28.0666 2968 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:40:28.0666 2968 IPMIDRV - ok
16:40:28.0713 2968 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:40:28.0729 2968 IPNAT - ok
16:40:28.0807 2968 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
16:40:28.0822 2968 iPod Service - ok
16:40:28.0838 2968 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:40:28.0838 2968 IRENUM - ok
16:40:28.0869 2968 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:40:28.0869 2968 isapnp - ok
16:40:28.0885 2968 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:40:28.0900 2968 iScsiPrt - ok
16:40:28.0900 2968 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:40:28.0916 2968 kbdclass - ok
16:40:28.0947 2968 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:40:28.0947 2968 kbdhid - ok
16:40:28.0963 2968 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:40:28.0978 2968 KeyIso - ok
16:40:28.0978 2968 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:40:28.0994 2968 KSecDD - ok
16:40:28.0994 2968 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:40:29.0010 2968 KSecPkg - ok
16:40:29.0010 2968 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:40:29.0025 2968 ksthunk - ok
16:40:29.0072 2968 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:40:29.0072 2968 KtmRm - ok
16:40:29.0134 2968 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:40:29.0150 2968 LanmanServer - ok
16:40:29.0181 2968 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:40:29.0197 2968 LanmanWorkstation - ok
16:40:29.0400 2968 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
16:40:29.0415 2968 Lavasoft Ad-Aware Service - ok
16:40:29.0509 2968 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
16:40:29.0509 2968 Lbd - ok
16:40:29.0587 2968 LightScribeService (b1e1c8bb1392537e4d415fcdcb93b1d3) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
16:40:29.0587 2968 LightScribeService - ok
16:40:29.0649 2968 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:40:29.0649 2968 lltdio - ok
16:40:29.0758 2968 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:40:29.0758 2968 lltdsvc - ok
16:40:29.0790 2968 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:40:29.0790 2968 lmhosts - ok
16:40:29.0836 2968 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:40:29.0836 2968 LSI_FC - ok
16:40:29.0852 2968 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:40:29.0868 2968 LSI_SAS - ok
16:40:29.0883 2968 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:40:29.0883 2968 LSI_SAS2 - ok
16:40:29.0899 2968 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:40:29.0914 2968 LSI_SCSI - ok
16:40:29.0930 2968 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:40:29.0930 2968 luafv - ok
16:40:29.0961 2968 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:40:29.0961 2968 Mcx2Svc - ok
16:40:29.0992 2968 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:40:29.0992 2968 megasas - ok
16:40:30.0008 2968 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:40:30.0008 2968 MegaSR - ok
16:40:30.0102 2968 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:40:30.0102 2968 Microsoft Office Groove Audit Service - ok
16:40:30.0148 2968 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:40:30.0148 2968 MMCSS - ok
16:40:30.0164 2968 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:40:30.0164 2968 Modem - ok
16:40:30.0195 2968 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:40:30.0195 2968 monitor - ok
16:40:30.0242 2968 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:40:30.0242 2968 mouclass - ok
16:40:30.0304 2968 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:40:30.0304 2968 mouhid - ok
16:40:30.0336 2968 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:40:30.0336 2968 mountmgr - ok
16:40:30.0367 2968 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:40:30.0367 2968 mpio - ok
16:40:30.0398 2968 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:40:30.0398 2968 mpsdrv - ok
16:40:30.0476 2968 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:40:30.0492 2968 MpsSvc - ok
16:40:30.0523 2968 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:40:30.0523 2968 MRxDAV - ok
16:40:30.0538 2968 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:40:30.0554 2968 mrxsmb - ok
16:40:30.0585 2968 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:40:30.0585 2968 mrxsmb10 - ok
16:40:30.0601 2968 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:40:30.0616 2968 mrxsmb20 - ok
16:40:30.0648 2968 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:40:30.0648 2968 msahci - ok
16:40:30.0679 2968 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:40:30.0679 2968 msdsm - ok
16:40:30.0710 2968 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:40:30.0710 2968 MSDTC - ok
16:40:30.0757 2968 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:40:30.0757 2968 Msfs - ok
16:40:30.0772 2968 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:40:30.0772 2968 mshidkmdf - ok
16:40:30.0819 2968 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:40:30.0819 2968 msisadrv - ok
16:40:30.0866 2968 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:40:30.0866 2968 MSiSCSI - ok
16:40:30.0882 2968 msiserver - ok
16:40:30.0944 2968 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:40:30.0944 2968 MSKSSRV - ok
16:40:30.0975 2968 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:40:30.0975 2968 MSPCLOCK - ok
16:40:31.0131 2968 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:40:31.0147 2968 MSPQM - ok
16:40:31.0194 2968 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:40:31.0209 2968 MsRPC - ok
16:40:31.0240 2968 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:40:31.0240 2968 mssmbios - ok
16:40:31.0256 2968 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:40:31.0256 2968 MSTEE - ok
16:40:31.0272 2968 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:40:31.0272 2968 MTConfig - ok
16:40:31.0318 2968 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:40:31.0318 2968 Mup - ok
16:40:31.0350 2968 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:40:31.0365 2968 napagent - ok
16:40:31.0412 2968 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:40:31.0428 2968 NativeWifiP - ok
16:40:31.0490 2968 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:40:31.0506 2968 NDIS - ok
16:40:31.0552 2968 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:40:31.0568 2968 NdisCap - ok
16:40:31.0599 2968 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:40:31.0599 2968 NdisTapi - ok
16:40:31.0662 2968 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:40:31.0662 2968 Ndisuio - ok
16:40:31.0693 2968 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:40:31.0693 2968 NdisWan - ok
16:40:31.0740 2968 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:40:31.0740 2968 NDProxy - ok
16:40:31.0818 2968 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
16:40:31.0818 2968 Net Driver HPZ12 - ok
16:40:31.0833 2968 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:40:31.0849 2968 NetBIOS - ok
16:40:31.0896 2968 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:40:31.0911 2968 NetBT - ok
16:40:31.0927 2968 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:40:31.0927 2968 Netlogon - ok
16:40:31.0989 2968 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:40:32.0005 2968 Netman - ok
16:40:32.0130 2968 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:40:32.0130 2968 NetMsmqActivator - ok
16:40:32.0161 2968 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:40:32.0161 2968 NetPipeActivator - ok
16:40:32.0192 2968 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:40:32.0192 2968 netprofm - ok
16:40:32.0270 2968 netr28x (1982b291df9833fb3adc397ebd310a18) C:\Windows\system32\DRIVERS\netr28x.sys
16:40:32.0286 2968 netr28x - ok
16:40:32.0286 2968 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:40:32.0301 2968 NetTcpActivator - ok
16:40:32.0301 2968 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:40:32.0301 2968 NetTcpPortSharing - ok
16:40:32.0348 2968 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:40:32.0348 2968 nfrd960 - ok
16:40:32.0473 2968 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:40:32.0473 2968 NlaSvc - ok
16:40:32.0504 2968 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:40:32.0504 2968 Npfs - ok
16:40:32.0520 2968 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:40:32.0520 2968 nsi - ok
16:40:32.0535 2968 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:40:32.0535 2968 nsiproxy - ok
16:40:32.0598 2968 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:40:32.0629 2968 Ntfs - ok
16:40:32.0644 2968 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:40:32.0660 2968 Null - ok
16:40:32.0707 2968 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:40:32.0707 2968 nvraid - ok
16:40:32.0769 2968 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:40:32.0769 2968 nvstor - ok
16:40:32.0816 2968 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:40:32.0816 2968 nv_agp - ok
16:40:32.0878 2968 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:40:32.0894 2968 odserv - ok
16:40:32.0925 2968 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:40:32.0925 2968 ohci1394 - ok
16:40:32.0988 2968 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:40:32.0988 2968 ose - ok
16:40:33.0019 2968 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:40:33.0034 2968 p2pimsvc - ok
16:40:33.0050 2968 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:40:33.0066 2968 p2psvc - ok
16:40:33.0112 2968 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:40:33.0112 2968 Parport - ok
16:40:33.0144 2968 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:40:33.0144 2968 partmgr - ok
16:40:33.0159 2968 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:40:33.0175 2968 PcaSvc - ok
16:40:33.0206 2968 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:40:33.0206 2968 pci - ok
16:40:33.0253 2968 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:40:33.0268 2968 pciide - ok
16:40:33.0284 2968 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:40:33.0284 2968 pcmcia - ok
16:40:33.0300 2968 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:40:33.0300 2968 pcw - ok
16:40:33.0346 2968 PdiService (0a098df98ec8facaa30bd7db4c7aea06) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
16:40:33.0346 2968 PdiService - ok
16:40:33.0378 2968 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:40:33.0393 2968 PEAUTH - ok
16:40:33.0440 2968 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:40:33.0440 2968 PerfHost - ok

 

[adam34997]

16:40:33.0518 2968 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:40:33.0549 2968 pla - ok
16:40:33.0612 2968 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:40:33.0627 2968 PlugPlay - ok
16:40:33.0658 2968 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
16:40:33.0658 2968 Pml Driver HPZ12 - ok
16:40:33.0674 2968 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:40:33.0674 2968 PNRPAutoReg - ok
16:40:33.0705 2968 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:40:33.0705 2968 PNRPsvc - ok
16:40:33.0721 2968 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:40:33.0721 2968 PolicyAgent - ok
16:40:33.0752 2968 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:40:33.0752 2968 Power - ok
16:40:33.0830 2968 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:40:33.0830 2968 PptpMiniport - ok
16:40:33.0861 2968 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:40:33.0877 2968 Processor - ok
16:40:33.0892 2968 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:40:33.0908 2968 ProfSvc - ok
16:40:33.0924 2968 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:40:33.0924 2968 ProtectedStorage - ok
16:40:33.0970 2968 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:40:33.0970 2968 Psched - ok
16:40:34.0126 2968 QBCFMonitorService (91195091f449699b176fe1305dad40da) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
16:40:34.0126 2968 QBCFMonitorService - ok
16:40:34.0204 2968 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
16:40:34.0204 2968 QBFCService - ok
16:40:34.0282 2968 QBVSS (0c7b65c8743442a37152fcfac5f7d16a) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
16:40:34.0298 2968 QBVSS - ok
16:40:34.0392 2968 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:40:34.0423 2968 ql2300 - ok
16:40:34.0438 2968 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:40:34.0438 2968 ql40xx - ok
16:40:34.0470 2968 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:40:34.0470 2968 QWAVE - ok
16:40:34.0485 2968 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:40:34.0485 2968 QWAVEdrv - ok
16:40:34.0501 2968 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:40:34.0501 2968 RasAcd - ok
16:40:34.0563 2968 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:40:34.0563 2968 RasAgileVpn - ok
16:40:34.0594 2968 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:40:34.0594 2968 RasAuto - ok
16:40:34.0641 2968 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:40:34.0641 2968 Rasl2tp - ok
16:40:34.0688 2968 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:40:34.0704 2968 RasMan - ok
16:40:34.0719 2968 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:40:34.0719 2968 RasPppoe - ok
16:40:34.0750 2968 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:40:34.0766 2968 RasSstp - ok
16:40:34.0797 2968 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:40:34.0797 2968 rdbss - ok
16:40:34.0828 2968 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:40:34.0828 2968 rdpbus - ok
16:40:34.0844 2968 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:40:34.0844 2968 RDPCDD - ok
16:40:34.0906 2968 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:40:34.0906 2968 RDPENCDD - ok
16:40:34.0922 2968 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:40:34.0922 2968 RDPREFMP - ok
16:40:34.0953 2968 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:40:34.0953 2968 RDPWD - ok
16:40:34.0984 2968 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:40:35.0000 2968 rdyboost - ok
16:40:35.0062 2968 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:40:35.0062 2968 RemoteAccess - ok
16:40:35.0094 2968 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:40:35.0094 2968 RemoteRegistry - ok
16:40:35.0125 2968 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:40:35.0125 2968 RpcEptMapper - ok
16:40:35.0156 2968 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:40:35.0156 2968 RpcLocator - ok
16:40:35.0187 2968 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
16:40:35.0187 2968 RpcSs - ok
16:40:35.0203 2968 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:40:35.0203 2968 rspndr - ok
16:40:35.0265 2968 RTL8167 (fcaf9c2c9eadf8f397c3350760ef500f) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:40:35.0265 2968 RTL8167 - ok
16:40:35.0296 2968 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:40:35.0312 2968 SamSs - ok
16:40:35.0343 2968 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:40:35.0343 2968 sbp2port - ok
16:40:35.0468 2968 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
16:40:35.0484 2968 SBSDWSCService - ok
16:40:35.0515 2968 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:40:35.0530 2968 SCardSvr - ok
16:40:35.0562 2968 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:40:35.0562 2968 scfilter - ok
16:40:35.0608 2968 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:40:35.0608 2968 Schedule - ok
16:40:35.0640 2968 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:40:35.0640 2968 SCPolicySvc - ok
16:40:35.0686 2968 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:40:35.0686 2968 SDRSVC - ok
16:40:35.0749 2968 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:40:35.0749 2968 secdrv - ok
16:40:35.0796 2968 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:40:35.0796 2968 seclogon - ok
16:40:35.0827 2968 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:40:35.0827 2968 SENS - ok
16:40:35.0858 2968 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:40:35.0858 2968 SensrSvc - ok
16:40:35.0905 2968 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:40:35.0905 2968 Serenum - ok
16:40:35.0920 2968 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:40:35.0936 2968 Serial - ok
16:40:35.0967 2968 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:40:35.0967 2968 sermouse - ok
16:40:36.0030 2968 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:40:36.0030 2968 SessionEnv - ok
16:40:36.0061 2968 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:40:36.0061 2968 sffdisk - ok
16:40:36.0076 2968 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:40:36.0076 2968 sffp_mmc - ok
16:40:36.0092 2968 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:40:36.0092 2968 sffp_sd - ok
16:40:36.0139 2968 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:40:36.0139 2968 sfloppy - ok
16:40:36.0201 2968 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:40:36.0217 2968 SharedAccess - ok
16:40:36.0264 2968 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:40:36.0264 2968 ShellHWDetection - ok
16:40:36.0310 2968 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:40:36.0310 2968 SiSRaid2 - ok
16:40:36.0326 2968 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:40:36.0326 2968 SiSRaid4 - ok
16:40:36.0357 2968 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:40:36.0357 2968 Smb - ok
16:40:36.0420 2968 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:40:36.0420 2968 SNMPTRAP - ok
16:40:36.0451 2968 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:40:36.0451 2968 spldr - ok
16:40:36.0498 2968 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:40:36.0498 2968 Spooler - ok
16:40:36.0654 2968 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:40:36.0669 2968 sppsvc - ok
16:40:36.0700 2968 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:40:36.0700 2968 sppuinotify - ok
16:40:36.0747 2968 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:40:36.0747 2968 srv - ok
16:40:36.0825 2968 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:40:36.0825 2968 srv2 - ok
16:40:36.0841 2968 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:40:36.0856 2968 srvnet - ok
16:40:36.0888 2968 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:40:36.0903 2968 SSDPSRV - ok
16:40:36.0919 2968 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:40:36.0919 2968 SstpSvc - ok
16:40:36.0934 2968 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:40:36.0950 2968 stexstor - ok
16:40:36.0997 2968 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
16:40:36.0997 2968 StillCam - ok
16:40:37.0090 2968 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:40:37.0106 2968 stisvc - ok
16:40:37.0137 2968 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:40:37.0137 2968 swenum - ok
16:40:37.0246 2968 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:40:37.0262 2968 swprv - ok
16:40:37.0324 2968 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:40:37.0340 2968 SysMain - ok
16:40:37.0371 2968 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:40:37.0371 2968 TabletInputService - ok
16:40:37.0402 2968 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:40:37.0418 2968 TapiSrv - ok
16:40:37.0434 2968 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:40:37.0434 2968 TBS - ok
16:40:37.0824 2968 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:40:37.0855 2968 Tcpip - ok
16:40:37.0870 2968 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:40:37.0886 2968 TCPIP6 - ok
16:40:37.0964 2968 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:40:37.0980 2968 tcpipreg - ok
16:40:38.0026 2968 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:40:38.0026 2968 TDPIPE - ok
16:40:38.0073 2968 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:40:38.0073 2968 TDTCP - ok
16:40:38.0089 2968 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:40:38.0104 2968 tdx - ok
16:40:38.0136 2968 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:40:38.0136 2968 TermDD - ok
16:40:38.0167 2968 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:40:38.0198 2968 TermService - ok
16:40:38.0229 2968 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:40:38.0229 2968 Themes - ok
16:40:38.0260 2968 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:40:38.0260 2968 THREADORDER - ok
16:40:38.0276 2968 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:40:38.0276 2968 TrkWks - ok
16:40:38.0338 2968 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:40:38.0338 2968 TrustedInstaller - ok
16:40:38.0401 2968 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:40:38.0401 2968 tssecsrv - ok
16:40:38.0463 2968 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:40:38.0463 2968 TsUsbFlt - ok
16:40:38.0541 2968 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:40:38.0541 2968 tunnel - ok
16:40:38.0557 2968 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:40:38.0572 2968 uagp35 - ok
16:40:38.0619 2968 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:40:38.0619 2968 udfs - ok
16:40:38.0650 2968 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:40:38.0650 2968 UI0Detect - ok
16:40:38.0713 2968 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:40:38.0713 2968 uliagpkx - ok
16:40:38.0775 2968 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:40:38.0775 2968 umbus - ok
16:40:38.0791 2968 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:40:38.0806 2968 UmPass - ok
16:40:38.0822 2968 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:40:38.0838 2968 upnphost - ok
16:40:38.0869 2968 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:40:38.0869 2968 USBAAPL64 - ok
16:40:38.0900 2968 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:40:38.0900 2968 usbccgp - ok
16:40:38.0947 2968 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:40:38.0962 2968 usbcir - ok
16:40:38.0978 2968 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:40:38.0978 2968 usbehci - ok
16:40:39.0009 2968 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
16:40:39.0009 2968 usbfilter - ok
16:40:39.0056 2968 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:40:39.0072 2968 usbhub - ok
16:40:39.0087 2968 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:40:39.0087 2968 usbohci - ok
16:40:39.0134 2968 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:40:39.0134 2968 usbprint - ok
16:40:39.0150 2968 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:40:39.0165 2968 usbscan - ok
16:40:39.0196 2968 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:40:39.0196 2968 USBSTOR - ok
16:40:39.0212 2968 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:40:39.0212 2968 usbuhci - ok
16:40:39.0274 2968 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:40:39.0290 2968 usbvideo - ok
16:40:39.0306 2968 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:40:39.0321 2968 UxSms - ok
16:40:39.0352 2968 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:40:39.0352 2968 VaultSvc - ok
16:40:39.0368 2968 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:40:39.0368 2968 vdrvroot - ok
16:40:39.0430 2968 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:40:39.0446 2968 vds - ok
16:40:39.0477 2968 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:40:39.0477 2968 vga - ok
16:40:39.0493 2968 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:40:39.0493 2968 VgaSave - ok
16:40:39.0508 2968 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:40:39.0508 2968 vhdmp - ok
16:40:39.0540 2968 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:40:39.0540 2968 viaide - ok
16:40:39.0571 2968 VMnetAdapter - ok
16:40:39.0602 2968 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:40:39.0602 2968 volmgr - ok
16:40:39.0649 2968 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:40:39.0664 2968 volmgrx - ok
16:40:39.0711 2968 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:40:39.0711 2968 volsnap - ok
16:40:39.0774 2968 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:40:39.0774 2968 vsmraid - ok
16:40:39.0836 2968 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:40:39.0883 2968 VSS - ok
16:40:39.0898 2968 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:40:39.0914 2968 vwifibus - ok
16:40:39.0945 2968 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:40:39.0961 2968 vwififlt - ok
16:40:40.0023 2968 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:40:40.0039 2968 W32Time - ok
16:40:40.0070 2968 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:40:40.0070 2968 WacomPen - ok
16:40:40.0086 2968 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:40:40.0101 2968 WANARP - ok
16:40:40.0101 2968 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:40:40.0101 2968 Wanarpv6 - ok
16:40:40.0195 2968 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:40:40.0242 2968 WatAdminSvc - ok
16:40:40.0304 2968 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:40:40.0351 2968 wbengine - ok
16:40:40.0366 2968 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:40:40.0366 2968 WbioSrvc - ok
16:40:40.0413 2968 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:40:40.0413 2968 wcncsvc - ok
16:40:40.0429 2968 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:40:40.0429 2968 WcsPlugInService - ok
16:40:40.0444 2968 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:40:40.0444 2968 Wd - ok
16:40:40.0476 2968 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:40:40.0476 2968 Wdf01000 - ok
16:40:40.0491 2968 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:40:40.0491 2968 WdiServiceHost - ok
16:40:40.0507 2968 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:40:40.0507 2968 WdiSystemHost - ok
16:40:40.0538 2968 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:40:40.0554 2968 WebClient - ok
16:40:40.0569 2968 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:40:40.0569 2968 Wecsvc - ok
16:40:40.0585 2968 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:40:40.0585 2968 wercplsupport - ok
16:40:40.0632 2968 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:40:40.0632 2968 WerSvc - ok
16:40:40.0663 2968 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:40:40.0678 2968 WfpLwf - ok
16:40:40.0678 2968 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:40:40.0678 2968 WIMMount - ok
16:40:40.0741 2968 WinDefend - ok
16:40:40.0772 2968 WinHttpAutoProxySvc - ok
16:40:40.0819 2968 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:40:40.0819 2968 Winmgmt - ok
16:40:40.0912 2968 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:40:40.0959 2968 WinRM - ok
16:40:41.0022 2968 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:40:41.0037 2968 Wlansvc - ok
16:40:41.0209 2968 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:40:41.0240 2968 wlidsvc - ok
16:40:41.0365 2968 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:40:41.0365 2968 WmiAcpi - ok
16:40:41.0427 2968 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:40:41.0427 2968 wmiApSrv - ok
16:40:41.0474 2968 WMPNetworkSvc - ok
16:40:41.0521 2968 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:40:41.0521 2968 WPCSvc - ok
16:40:41.0568 2968 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:40:41.0568 2968 WPDBusEnum - ok
16:40:41.0583 2968 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:40:41.0599 2968 ws2ifsl - ok
16:40:41.0646 2968 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:40:41.0661 2968 wscsvc - ok
16:40:41.0724 2968 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
16:40:41.0724 2968 WSDPrintDevice - ok
16:40:41.0739 2968 WSearch - ok
16:40:41.0973 2968 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:40:42.0020 2968 wuauserv - ok
16:40:42.0067 2968 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:40:42.0067 2968 WudfPf - ok
16:40:42.0082 2968 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:40:42.0082 2968 WUDFRd - ok
16:40:42.0114 2968 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:40:42.0129 2968 wudfsvc - ok
16:40:42.0160 2968 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:40:42.0176 2968 WwanSvc - ok
16:40:42.0207 2968 MBR (0x1B8) (af00fc1920e1cf861b39b90a4375edf3) \Device\Harddisk0\DR0
16:40:42.0285 2968 \Device\Harddisk0\DR0 - ok
16:40:42.0285 2968 Boot (0x1200) (8b05c54413af6f186dc25575d2c8cbfe) \Device\Harddisk0\DR0\Partition0
16:40:42.0285 2968 \Device\Harddisk0\DR0\Partition0 - ok
16:40:42.0301 2968 Boot (0x1200) (1a3b96d9cb41e651a1749ac924a68720) \Device\Harddisk0\DR0\Partition1
16:40:42.0348 2968 \Device\Harddisk0\DR0\Partition1 - ok
16:40:42.0379 2968 Boot (0x1200) (4afc0feaaa98f6cbf82a99d22a405f0b) \Device\Harddisk0\DR0\Partition2
16:40:42.0426 2968 \Device\Harddisk0\DR0\Partition2 - ok
16:40:42.0426 2968 ============================================================
16:40:42.0426 2968 Scan finished
16:40:42.0426 2968 ============================================================
16:40:42.0441 2296 Detected object count: 0
16:40:42.0441 2296 Actual detected object count: 0

 

[Broni]

How is redirection now?

Post new Combofix log.

 

[adam34997]

ComboFix 12-04-04.02 - Adam 04/08/2012 16:51:54.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2591 [GMT -4:00]
Running from: c:\users\Adam\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 20:56 . 2012-04-08 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 16:23 . 2012-04-06 16:23 -------- d-----w- C:\_OTL
2012-04-06 15:54 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B64A7FD8-3BF1-4F79-88D8-5B1C320094B0}\mpengine.dll
2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\users\Adam\AppData\Roaming\Malwarebytes
2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\programdata\Malwarebytes
2012-04-02 02:10 . 2012-04-02 18:09 -------- d-----w- c:\program files (x86)\ESET
2012-04-02 00:49 . 2012-04-02 18:17 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-02 00:39 . 2012-04-08 20:31 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-14 18:54 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 18:54 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 18:54 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 17:29 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 17:29 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 17:29 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 14:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 14:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 14:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 14:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 14:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 14:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 14:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 13:18 . 2011-03-04 17:59 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-20 15:00 . 2011-05-17 14:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-30 03:36 . 2012-01-30 03:36 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-01-30 03:36 . 2012-01-30 03:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-30 03:36 . 2012-01-30 03:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-30 03:36 . 2012-01-30 03:36 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-01-30 03:36 . 2012-01-30 03:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-01-30 03:36 . 2012-01-30 03:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-01-30 03:36 . 2012-01-30 03:36 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-01-30 03:36 . 2012-01-30 03:36 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-01-30 03:36 . 2012-01-30 03:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-01-30 03:36 . 2012-01-30 03:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-01-30 03:36 . 2012-01-30 03:36 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-01-30 03:36 . 2012-01-30 03:36 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-01-30 03:36 . 2012-01-30 03:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-01-30 03:36 . 2012-01-30 03:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-01-30 03:36 . 2012-01-30 03:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-01-30 03:36 . 2012-01-30 03:36 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-01-30 03:36 . 2012-01-30 03:36 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-01-30 03:36 . 2012-01-30 03:36 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-30 03:36 . 2012-01-30 03:36 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-01-30 03:36 . 2012-01-30 03:36 222208 ----a-w- c:\windows\system32\msls31.dll
2012-01-30 03:36 . 2012-01-30 03:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-01-30 03:36 . 2012-01-30 03:36 12288 ----a-w- c:\windows\system32\mshta.exe
2012-01-30 03:36 . 2012-01-30 03:36 114176 ----a-w- c:\windows\system32\admparse.dll
2012-01-30 03:36 . 2012-01-30 03:36 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-30 03:36 . 2012-01-30 03:36 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-01-30 03:36 . 2012-01-30 03:36 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-01-30 03:36 . 2012-01-30 03:36 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-01-30 03:36 . 2012-01-30 03:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-01-30 03:36 . 2012-01-30 03:36 448512 ----a-w- c:\windows\system32\html.iec
2012-01-30 03:36 . 2012-01-30 03:36 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-01-30 03:36 . 2012-01-30 03:36 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-01-30 03:36 . 2012-01-30 03:36 160256 ----a-w- c:\windows\system32\wextract.exe
2012-01-30 03:36 . 2012-01-30 03:36 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-01-30 03:36 . 2012-01-30 03:36 111616 ----a-w- c:\windows\system32\iesysprep.dll
2010-10-25 22:48 . 2011-05-02 16:57 8297472 ----a-w- c:\program files (x86)\AcroPro.msi
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-05_18.31.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-08 14:39 . 2012-04-08 15:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040820120409\index.dat
+ 2012-04-06 15:10 . 2012-04-06 15:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040620120407\index.dat
+ 2012-04-06 02:12 . 2012-04-06 02:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040520120406\index.dat
+ 2012-03-31 23:23 . 2012-04-08 20:26 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-03-31 23:23 . 2012-04-04 23:52 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-03-04 20:06 . 2012-04-08 20:44 56698 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-08 20:44 43944 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-04 19:09 . 2012-04-08 20:44 22676 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-649968626-1217438032-2407564498-1000_UserData.bin
+ 2011-07-09 18:45 . 2012-04-08 18:38 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-07-09 18:45 . 2012-04-05 17:43 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-02-26 08:13 . 2012-04-05 18:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-26 08:13 . 2012-04-08 19:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-06 17:21 . 2012-04-08 19:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-26 08:13 . 2012-04-05 18:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-05 18:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-08 19:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-12 14:01 . 2012-04-05 19:06 4808 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-03-12 14:01 . 2012-04-05 17:14 4808 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-03-11 23:31 . 2012-04-05 18:32 1874 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
- 2011-03-11 23:31 . 2012-04-05 14:00 1874 c:\windows\system32\wdi\{b171ab1c-60e9-4301-a338-beab1c70b3e9}.bin
+ 2009-07-13 23:31 . 2009-07-14 01:39 6656 c:\windows\system32\nim32.dll
- 2012-04-05 18:30 . 2012-04-05 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-08 20:57 . 2012-04-08 20:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-08 20:57 . 2012-04-08 20:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-05 18:30 . 2012-04-05 18:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-17 03:08 . 2012-04-08 20:56 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-04-17 03:08 . 2012-04-05 18:27 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-04-08 20:56 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-04 23:46 . 2012-04-07 23:12 325682 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-04-05 13:40 663184 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 13:39 663184 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-06 13:39 122052 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-05 13:40 122052 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:38 . 2012-04-08 22:59 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:38 . 2012-04-05 22:09 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:12 . 2012-04-05 18:10 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-04-08 19:27 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-04-08 20:57 403468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-05 18:30 403468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-04-08 20:56 2490368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-05 18:27 2490368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-04 19:06 . 2012-04-04 16:12 5735840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-04 19:06 . 2012-04-08 04:20 5735840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-07 18:24 . 2012-04-08 20:57 3354252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-649968626-1217438032-2407564498-1000-12288.dat
- 2011-03-07 18:24 . 2012-04-05 18:30 3354252 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-649968626-1217438032-2407564498-1000-12288.dat
+ 2012-03-31 23:36 . 2012-04-08 20:33 7853880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-04-08 20:56 10436608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-05 18:27 10436608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Adam\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-12-01 121456]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-11-21 1248256]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-10-13 17152]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-30 c:\windows\Tasks\HPCeeScheduleForADAM-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-04-08 c:\windows\Tasks\HPCeeScheduleForAdam.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"combofix"="c:\combofix\CF1685.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
JRAID
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\9yl6vuns.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: general.useragent.extra.brc -
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-78413125.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\03\0c\13-5u"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
.
**************************************************************************
.
Completion time: 2012-04-08 17:03:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-08 21:03
ComboFix2.txt 2012-04-08 19:33
ComboFix3.txt 2012-04-08 19:18
ComboFix4.txt 2012-04-08 17:59
ComboFix5.txt 2012-04-08 20:51
.
Pre-Run: 379,001,122,816 bytes free
Post-Run: 378,522,308,608 bytes free
.
- - End Of File - - F3CCB926D6189E8218536E2AA16584D9

 

[Broni]

Still redirecting?

 

[adam34997]

Still redirecting.

Again it seems to run great, then I have to eventually reboot where it fails to boot so I am forced to restore it to a previous period which probably still has the virus.

Will reformatting the HD get rid of it?

 

[Broni]

so I am forced to restore it

You can't make some steps without telling me.
I've been trying to figure out what's going on and you're using system restore without telling me.
That's a horrible time wasting.
Did you just use system restore again?

 

[adam34997]

I thought I mentioned this issue in post #34 where i wrote

"As it did last time we ran this, everything seems to run very smooth with no redirect. Its after I restart it again the problems come back. For some reason, it seems to have trouble loading windows on an restart so it goes through its startup repair tool then it starts fine but the problem is back."

Again - after I run comboxfix, it restarts automatically okay. But after I try to restart it again, windows fails to boot and start up repair tool forces me into a restore.

 

[Broni]

There is a difference between startup repair and system restore.
Which one you used? System restore?

 

[adam34997]

I selected the startup repair too which failed to boot windows. This prompted a box to come up giving me a choice to restore or repair. I tried to select repair but got the message "repair is already running" - which is a result of the failed repair.

I manually rebooted the computer several times to try and get it to boot windows with me clicking "restore" which was my only option.

I did not pick a restore date however, it seemed to choose that automatically.