Stubborn Trojan horse Generic25.BXXH

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages
1
2
3
→

You cannot start a new topic
This topic is locked

Stubborn Trojan horse Generic25.BXXH

#1 yaddayadda93

Member

Group: Members
Posts: 20
Joined: 15-November 11

Posted 18 November 2011 - 03:32 PM

I posted my issues in the wrong place and was asked to post in this forum. Rather than rehash everything, here the link to the original post:

http://www.bleepingcomputer.com/forums/topic428314.html/page_pid_2478331#entry2478331

Pasting content from the other topic. ~ OB

Working for three days on a friend's computer, and I still can't get rid of one last bug.

System
Dell Studio XPS 8000
Intel Core i7 2.8GHz
8 GB RAM
Windows 7 Ultimate 64-bit

Problem
He brought the computer to me for two main problems:
1) Random music and ads would play in the background when he would go to certain web sites, especially You Tube. I believe he was using IE6 at the time.
2) Browsers would redirect to alternate sites when he entered search terms in Google.
**) I've also noticed that the computer makes a funny electronic "sighing" noise as the OS shuts down and a funny voooom-pop noise when the OS loads (after the Windows four-note chime and toward the end of the boot cycle). I'm not familiar with Windows 7 enough to know if that's normal, but I suspect its not.

Background
When he brought it to me, he did not have a current anti-virus program on the machine (his Norton subscription had expired). He also spends a lot of time on Eurpean/German web sites.

So far, I've:
* Uninstalled Internet Explorer, Firefox and Chrome using CCleaner.
* Reinstalled Chrome and changed settings to reject third-party cookies.
* Cleaned up a lot of other problems with CCleaner, including a ton of tracking cookies, orphaned dll files, etc.
* Installed a number of anti-virus programs. Yes, I know you're not supposed to run more than one at a time, but the bugs in question were not all being caught by a single program. Once the computer is clean, I will uninstall all but Microsoft Security Essentials, which has kept my own computer clean for more than a year.
* Turned System Restore off based on advice from Google search results. This makes me REALLY nervous and I'd like to turn it back on ASAP.

Results from various scans:
* Microsoft Security Essentials: no problems.
* MalwareBytes: no problems.
* Online scan from eset.com: No problems.
* TrendMicro House Call: no problems.
* SpyBot S&D: no problems.
* AdAware: no problems.
* AVG System TuneUp: no problems.
* AVG: I consistently get two errors: 1) A green checkmark (indicating that AVG has fixed the problem) in front of a file listed as "C:\Windows\explorer.exe (3236)" with a file type of "Trojan horse Generic25.BXXH" and 2) a red X (indicating that AVG has not fixed the problem) in front of a file listed as "C:\Windows\explorer.exe (3236):\memory_00d30000", with a file type of "Trojan Horse Generic25.BXXH". AVG offers a "Clean selected file" button (or something like that), but nothing happens when you click on that button. I get the same results when I run the scan in Safe Mode, too.
** NOTE: In the AVG scan results, the numbers inside the parentheses (3236) and the numbers after the word "memory" (00d30000) change with every new scan.

Where I am today:
1) I think I've killed the redirect bug, but only because I haven't tested it that much and because I've not reinstalled Internet Explorer yet. The few searches I've done at google.com while using Chrome have all been fine.
2) The strange "vooooom-pop" sound on start-up and "sighing" sound on shut down do not happen when I start in Safe Mode, but they do happen on regular start up.
3) The random music and ads are no longer playing through the speakers, but I suspect that's only because I'm not using Internet Explorer. I strongly suspect the strange start-up and shut-down sounds are related to the music and the Trojan Horse Generic25.BXXH, and I suspect that if I were to install and use IE, it would start all over again.
4) The nit-picker in me wants that "Trojan horse Generic25.BXXH" to go away and ALL scans to come back clean.

Soooooo ......

Any thoughts on how to kill that bug?

Thanks in advance.

Mark

End of added content. ~ OB

Here is the DDS .txt info:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Run by Abraham at 13:08:54 on 2011-11-18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8183.5972 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Artisan 710(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFSA.EXE /FU "C:\Windows\TEMP\E_SFB4C.tmp" /EF "HKCU"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Abraham\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.2 24.116.39.12 24.116.2.50 24.116.2.34
TCP: Interfaces\{2D084D01-FB7A-4B23-862C-72A8A289BAFB} : DhcpNameServer = 10.0.0.2 24.116.39.12 24.116.2.50 24.116.2.34
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/11/10 17:53:43];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-11-10 146928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-10 92160]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-10-24 2398512]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-4 366152]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-16 1153368]
R2 sprtlisten;SupportSoft Listener Service;C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe [2011-2-14 1242440]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-11-15 17152]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-13 136176]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-6-10 166384]
S2 SessionLauncher;SessionLauncher;C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-11-21 25832]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-13 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;\??\C:\Windows\system32\Drivers\OA002Afx.sys --> C:\Windows\system32\Drivers\OA002Afx.sys [?]
S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA002Ufd.sys --> C:\Windows\system32\DRIVERS\OA002Ufd.sys [?]
S3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\system32\DRIVERS\OA002Vid.sys --> C:\Windows\system32\DRIVERS\OA002Vid.sys [?]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-10 1124848]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-6-10 309744]
.
=============== Created Last 30 ================
.
2011-11-18 16:09:31 -------- d-----w- C:\Program Files (x86)\Runtime Software
2011-11-18 16:01:20 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C4909E5F-6501-4B64-81F4-90DDA2C81BCF}\offreg.dll
2011-11-17 18:51:56 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2011-11-17 17:53:43 -------- d-----w- C:\Program Files (x86)\ESET
2011-11-17 16:12:11 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C4909E5F-6501-4B64-81F4-90DDA2C81BCF}\mpengine.dll
2011-11-16 22:11:10 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-16 22:11:10 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-16 21:36:38 -------- d-----w- C:\Users\Abraham\AppData\Roaming\AVG
2011-11-16 21:32:42 -------- d--h--w- C:\$AVG
2011-11-16 21:07:47 -------- d-----w- C:\Program Files\CCleaner
2011-11-15 22:53:58 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-11-15 21:37:10 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-11-15 21:34:45 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-11-15 21:34:36 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-11-15 20:40:59 -------- d-----w- C:\Users\Abraham\AppData\Roaming\AVG2012
2011-11-15 20:40:48 -------- d--h--w- C:\ProgramData\Common Files
2011-11-15 20:40:35 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-11-15 20:39:28 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-11-15 20:39:28 -------- d-----w- C:\ProgramData\AVG2012
2011-11-15 20:38:20 -------- d-----w- C:\Program Files (x86)\AVG
2011-11-15 20:35:35 -------- d-----w- C:\ProgramData\MFAData
2011-11-15 19:12:13 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-11-15 17:53:40 -------- d-----w- C:\Windows\System32\SPReview
2011-11-06 00:00:00 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-04 18:26:31 -------- d-----w- C:\Windows\System32\EventProviders
2011-11-04 18:25:59 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-11-04 18:25:59 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-11-04 18:14:20 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B4682D6-38DB-45F6-95BA-92A92265DA84}\gapaengine.dll
2011-11-04 18:13:47 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-04 17:34:22 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-04 17:28:20 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-11-04 17:27:41 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-11-04 17:27:04 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-11-04 17:16:31 -------- d--h--w- C:\Users\Abraham\AppData\Roaming\Malwarebytes
2011-11-04 17:16:16 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-04 17:16:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-10-27 02:35:43 439607 ---ha-w- C:\Users\Abraham\AppData\Roaming\mdbu.bin
2011-10-07 13:23:46 283728 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-13 13:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys
2011-08-27 05:40:28 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
.
============= FINISH: 13:16:51.39 ===============

Attached File(s)

Attach.txt (22.47K)
Number of downloads: 3

This post has been edited by Orange Blossom: 18 November 2011 - 05:31 PM

#2 Elise

Bleepin' Blonde

Group: Malware Study Hall Admin
Posts: 39,026
Joined: 05-October 07
Gender:Female
Location:Romania

Posted 23 November 2011 - 01:54 PM

Hello ,
And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
A detailed description of your problems
A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton

Follow BleepingComputer on: Facebook | Twitter | Google+

#3 yaddayadda93

Member

Group: Members
Posts: 20
Joined: 15-November 11

Posted 30 November 2011 - 05:43 PM

So the machine got used over the long holiday weekend. I got it back today, ran all of the scans again with the same results. I am also posting updated DDS.txt results and Attach.txt results because it got used and some results may be different.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Run by Abraham at 15:18:53 on 2011-11-30
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8183.5151 [GMT -7:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Abraham\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Abraham\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Abraham\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Abraham\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Abraham\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Artisan 710(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFSA.EXE /FU "C:\Windows\TEMP\E_SFB4C.tmp" /EF "HKCU"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "C:\Users\Abraham\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.2 24.116.39.12 24.116.2.50 24.116.2.34
TCP: Interfaces\{2D084D01-FB7A-4B23-862C-72A8A289BAFB} : DhcpNameServer = 10.0.0.2 24.116.39.12 24.116.2.50 24.116.2.34
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/11/10 17:53:43];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-11-10 146928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-10 92160]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-10-24 2398512]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-4 366152]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-16 1153368]
R2 sprtlisten;SupportSoft Listener Service;C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe [2011-2-14 1242440]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-11-15 17152]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-13 136176]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-6-10 166384]
S2 SessionLauncher;SessionLauncher;C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-11-21 25832]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-2-13 136176]
S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;\??\C:\Windows\system32\Drivers\OA002Afx.sys --> C:\Windows\system32\Drivers\OA002Afx.sys [?]
S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA002Ufd.sys --> C:\Windows\system32\DRIVERS\OA002Ufd.sys [?]
S3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\system32\DRIVERS\OA002Vid.sys --> C:\Windows\system32\DRIVERS\OA002Vid.sys [?]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-10 1124848]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-6-10 309744]
.
=============== Created Last 30 ================
.
2011-11-30 21:16:04 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C95455AF-C71A-49AE-B772-4EB9C6131DD2}\offreg.dll
2011-11-30 21:16:01 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C95455AF-C71A-49AE-B772-4EB9C6131DD2}\mpengine.dll
2011-11-18 16:09:31 -------- d-----w- C:\Program Files (x86)\Runtime Software
2011-11-17 18:51:56 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2011-11-17 17:53:43 -------- d-----w- C:\Program Files (x86)\ESET
2011-11-16 22:11:10 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-16 22:11:10 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-16 21:36:38 -------- d-----w- C:\Users\Abraham\AppData\Roaming\AVG
2011-11-16 21:32:42 -------- d--h--w- C:\$AVG
2011-11-16 21:07:47 -------- d-----w- C:\Program Files\CCleaner
2011-11-15 22:53:58 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-11-15 21:37:10 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-11-15 21:34:45 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-11-15 21:34:36 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-11-15 20:40:59 -------- d-----w- C:\Users\Abraham\AppData\Roaming\AVG2012
2011-11-15 20:40:48 -------- d--h--w- C:\ProgramData\Common Files
2011-11-15 20:40:35 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-11-15 20:39:28 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-11-15 20:39:28 -------- d-----w- C:\ProgramData\AVG2012
2011-11-15 20:38:20 -------- d-----w- C:\Program Files (x86)\AVG
2011-11-15 20:35:35 -------- d-----w- C:\ProgramData\MFAData
2011-11-15 19:12:13 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-11-15 17:53:40 -------- d-----w- C:\Windows\System32\SPReview
2011-11-06 00:00:00 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-04 18:26:31 -------- d-----w- C:\Windows\System32\EventProviders
2011-11-04 18:25:59 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-11-04 18:25:59 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-11-04 18:14:20 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2B4682D6-38DB-45F6-95BA-92A92265DA84}\gapaengine.dll
2011-11-04 18:13:47 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-04 17:34:22 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-04 17:28:20 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-11-04 17:27:41 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-11-04 17:27:04 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-11-04 17:16:31 -------- d--h--w- C:\Users\Abraham\AppData\Roaming\Malwarebytes
2011-11-04 17:16:16 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-04 17:16:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-10-27 02:35:43 439607 ---ha-w- C:\Users\Abraham\AppData\Roaming\mdbu.bin
2011-10-07 13:23:46 283728 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-13 13:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-09-06 03:07:02 3134976 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 15:26:08.85 ===============

Attached File(s)

Attach.txt (7.65K)
Number of downloads: 2

#4 Elise

Bleepin' Blonde

Group: Malware Study Hall Admin
Posts: 39,026
Joined: 05-October 07
Gender:Female
Location:Romania

Posted 01 December 2011 - 03:05 AM

Hello again,

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove two of the following installed AV's, keep only one: Adaware, AVG or MS Security Essentials.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton

Follow BleepingComputer on: Facebook | Twitter | Google+

#5 yaddayadda93

Member

Group: Members
Posts: 20
Joined: 15-November 11

Posted 01 December 2011 - 11:54 AM

BTW: When the friend took the computer home over the holiday weekend to use it, he said the browser redirect issue (using Chrome) reappeared although I thought I had gotten rid of that issue.

I used CCleaner to remove AdAware, MalwareBytes, SpyBot S&D, Microsoft Security Essentials and any residuals of TrendMicro House Call and eset.com's online scanner. I've left only AVG, which is the only program that was picking up the infection.

I ran the TDDS Rootkit Removing Tool, which came up empty. Below is the text of the .txt file:

09:45:54.0678 3716 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
09:45:55.0474 3716 ============================================================
09:45:55.0474 3716 Current date / time: 2011/12/01 09:45:55.0474
09:45:55.0474 3716 SystemInfo:
09:45:55.0474 3716
09:45:55.0474 3716 OS Version: 6.1.7600 ServicePack: 0.0
09:45:55.0474 3716 Product type: Workstation
09:45:55.0474 3716 ComputerName: ABRAHAM-PC
09:45:55.0474 3716 UserName: Abraham
09:45:55.0474 3716 Windows directory: C:\Windows
09:45:55.0474 3716 System windows directory: C:\Windows
09:45:55.0474 3716 Running under WOW64
09:45:55.0474 3716 Processor architecture: Intel x64
09:45:55.0474 3716 Number of processors: 8
09:45:55.0474 3716 Page size: 0x1000
09:45:55.0474 3716 Boot type: Normal boot
09:45:55.0474 3716 ============================================================
09:45:56.0426 3716 Initialize success
09:46:12.0213 3844 ============================================================
09:46:12.0213 3844 Scan started
09:46:12.0213 3844 Mode: Manual;
09:46:12.0213 3844 ============================================================
09:46:12.0837 3844 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
09:46:12.0852 3844 1394ohci - ok
09:46:12.0868 3844 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
09:46:12.0868 3844 ACPI - ok
09:46:12.0884 3844 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
09:46:12.0899 3844 AcpiPmi - ok
09:46:12.0915 3844 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:46:12.0915 3844 adp94xx - ok
09:46:12.0930 3844 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:46:12.0930 3844 adpahci - ok
09:46:12.0946 3844 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:46:12.0946 3844 adpu320 - ok
09:46:13.0008 3844 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
09:46:13.0008 3844 AFD - ok
09:46:13.0024 3844 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
09:46:13.0024 3844 agp440 - ok
09:46:13.0040 3844 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
09:46:13.0040 3844 aliide - ok
09:46:13.0055 3844 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
09:46:13.0055 3844 amdide - ok
09:46:13.0071 3844 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:46:13.0071 3844 AmdK8 - ok
09:46:13.0086 3844 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:46:13.0086 3844 AmdPPM - ok
09:46:13.0133 3844 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
09:46:13.0133 3844 amdsata - ok
09:46:13.0149 3844 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:46:13.0149 3844 amdsbs - ok
09:46:13.0196 3844 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
09:46:13.0196 3844 amdxata - ok
09:46:13.0211 3844 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
09:46:13.0211 3844 AppID - ok
09:46:13.0242 3844 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:46:13.0242 3844 arc - ok
09:46:13.0258 3844 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:46:13.0258 3844 arcsas - ok
09:46:13.0289 3844 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:46:13.0289 3844 AsyncMac - ok
09:46:13.0305 3844 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
09:46:13.0305 3844 atapi - ok
09:46:13.0352 3844 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
09:46:13.0352 3844 Avgfwfd - ok
09:46:13.0383 3844 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
09:46:13.0383 3844 AVGIDSDriver - ok
09:46:13.0414 3844 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
09:46:13.0414 3844 AVGIDSEH - ok
09:46:13.0445 3844 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
09:46:13.0445 3844 AVGIDSFilter - ok
09:46:13.0445 3844 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
09:46:13.0461 3844 Avgldx64 - ok
09:46:13.0476 3844 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
09:46:13.0476 3844 Avgmfx64 - ok
09:46:13.0508 3844 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
09:46:13.0508 3844 Avgrkx64 - ok
09:46:13.0554 3844 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
09:46:13.0554 3844 Avgtdia - ok
09:46:13.0570 3844 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:46:13.0570 3844 b06bdrv - ok
09:46:13.0601 3844 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:46:13.0601 3844 b57nd60a - ok
09:46:13.0632 3844 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
09:46:13.0632 3844 BCM42RLY - ok
09:46:13.0710 3844 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
09:46:13.0710 3844 BCM43XX - ok
09:46:13.0726 3844 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:46:13.0726 3844 Beep - ok
09:46:13.0773 3844 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:46:13.0773 3844 blbdrive - ok
09:46:13.0804 3844 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
09:46:13.0804 3844 bowser - ok
09:46:13.0820 3844 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:46:13.0820 3844 BrFiltLo - ok
09:46:13.0851 3844 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:46:13.0851 3844 BrFiltUp - ok
09:46:13.0866 3844 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:46:13.0866 3844 Brserid - ok
09:46:13.0882 3844 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:46:13.0882 3844 BrSerWdm - ok
09:46:13.0898 3844 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:46:13.0898 3844 BrUsbMdm - ok
09:46:13.0913 3844 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:46:13.0913 3844 BrUsbSer - ok
09:46:13.0913 3844 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:46:13.0913 3844 BTHMODEM - ok
09:46:13.0929 3844 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:46:13.0944 3844 cdfs - ok
09:46:13.0976 3844 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
09:46:13.0976 3844 cdrom - ok
09:46:13.0991 3844 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:46:13.0991 3844 circlass - ok
09:46:14.0022 3844 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:46:14.0022 3844 CLFS - ok
09:46:14.0069 3844 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:46:14.0069 3844 CmBatt - ok
09:46:14.0085 3844 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
09:46:14.0085 3844 cmdide - ok
09:46:14.0100 3844 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
09:46:14.0100 3844 CNG - ok
09:46:14.0116 3844 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:46:14.0116 3844 Compbatt - ok
09:46:14.0147 3844 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:46:14.0147 3844 CompositeBus - ok
09:46:14.0225 3844 cpuz132 - ok
09:46:14.0256 3844 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:46:14.0256 3844 crcdisk - ok
09:46:14.0288 3844 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
09:46:14.0303 3844 CSC - ok
09:46:14.0350 3844 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
09:46:14.0350 3844 DfsC - ok
09:46:14.0350 3844 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:46:14.0350 3844 discache - ok
09:46:14.0412 3844 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:46:14.0412 3844 Disk - ok
09:46:14.0444 3844 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:46:14.0444 3844 drmkaud - ok
09:46:14.0475 3844 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
09:46:14.0490 3844 DXGKrnl - ok
09:46:14.0537 3844 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:46:14.0553 3844 ebdrv - ok
09:46:14.0584 3844 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:46:14.0584 3844 elxstor - ok
09:46:14.0600 3844 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
09:46:14.0600 3844 ErrDev - ok
09:46:14.0631 3844 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:46:14.0631 3844 exfat - ok
09:46:14.0646 3844 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:46:14.0662 3844 fastfat - ok
09:46:14.0678 3844 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:46:14.0678 3844 fdc - ok
09:46:14.0693 3844 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:46:14.0693 3844 FileInfo - ok
09:46:14.0709 3844 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:46:14.0709 3844 Filetrace - ok
09:46:14.0724 3844 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:46:14.0724 3844 flpydisk - ok
09:46:14.0740 3844 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
09:46:14.0740 3844 FltMgr - ok
09:46:14.0756 3844 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:46:14.0771 3844 FsDepends - ok
09:46:14.0787 3844 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
09:46:14.0787 3844 Fs_Rec - ok
09:46:14.0818 3844 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:46:14.0818 3844 fvevol - ok
09:46:14.0849 3844 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:46:14.0849 3844 gagp30kx - ok
09:46:14.0880 3844 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:46:14.0896 3844 hcw85cir - ok
09:46:14.0912 3844 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:46:14.0912 3844 HDAudBus - ok
09:46:14.0943 3844 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:46:14.0943 3844 HidBatt - ok
09:46:14.0943 3844 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:46:14.0943 3844 HidBth - ok
09:46:14.0958 3844 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:46:14.0958 3844 HidIr - ok
09:46:15.0005 3844 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
09:46:15.0021 3844 HidUsb - ok
09:46:15.0036 3844 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
09:46:15.0036 3844 HpSAMD - ok
09:46:15.0068 3844 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
09:46:15.0068 3844 HTTP - ok
09:46:15.0083 3844 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
09:46:15.0083 3844 hwpolicy - ok
09:46:15.0114 3844 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
09:46:15.0114 3844 i8042prt - ok
09:46:15.0146 3844 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
09:46:15.0146 3844 iaStor - ok
09:46:15.0192 3844 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
09:46:15.0192 3844 iaStorV - ok
09:46:15.0208 3844 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:46:15.0208 3844 iirsp - ok
09:46:15.0270 3844 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
09:46:15.0286 3844 IntcAzAudAddService - ok
09:46:15.0302 3844 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
09:46:15.0302 3844 intelide - ok
09:46:15.0317 3844 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:46:15.0317 3844 intelppm - ok
09:46:15.0333 3844 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:46:15.0333 3844 IpFilterDriver - ok
09:46:15.0348 3844 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:46:15.0348 3844 IPMIDRV - ok
09:46:15.0364 3844 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:46:15.0364 3844 IPNAT - ok
09:46:15.0380 3844 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:46:15.0380 3844 IRENUM - ok
09:46:15.0411 3844 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
09:46:15.0411 3844 isapnp - ok
09:46:15.0442 3844 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
09:46:15.0442 3844 iScsiPrt - ok
09:46:15.0458 3844 k57nd60a (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys
09:46:15.0473 3844 k57nd60a - ok
09:46:15.0504 3844 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
09:46:15.0504 3844 kbdclass - ok
09:46:15.0520 3844 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
09:46:15.0520 3844 kbdhid - ok
09:46:15.0536 3844 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
09:46:15.0536 3844 KSecDD - ok
09:46:15.0567 3844 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
09:46:15.0567 3844 KSecPkg - ok
09:46:15.0582 3844 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:46:15.0582 3844 ksthunk - ok
09:46:15.0614 3844 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:46:15.0614 3844 lltdio - ok
09:46:15.0645 3844 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:46:15.0645 3844 LSI_FC - ok
09:46:15.0660 3844 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:46:15.0660 3844 LSI_SAS - ok
09:46:15.0676 3844 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:46:15.0676 3844 LSI_SAS2 - ok
09:46:15.0692 3844 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:46:15.0692 3844 LSI_SCSI - ok
09:46:15.0707 3844 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:46:15.0707 3844 luafv - ok
09:46:15.0770 3844 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
09:46:15.0770 3844 MBAMProtector - ok
09:46:15.0785 3844 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:46:15.0785 3844 megasas - ok
09:46:15.0801 3844 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:46:15.0801 3844 MegaSR - ok
09:46:15.0816 3844 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:46:15.0816 3844 Modem - ok
09:46:15.0863 3844 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:46:15.0863 3844 monitor - ok
09:46:15.0894 3844 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:46:15.0894 3844 mouclass - ok
09:46:15.0926 3844 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:46:15.0926 3844 mouhid - ok
09:46:15.0941 3844 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
09:46:15.0941 3844 mountmgr - ok
09:46:15.0941 3844 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
09:46:15.0941 3844 mpio - ok
09:46:15.0957 3844 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:46:15.0957 3844 mpsdrv - ok
09:46:15.0988 3844 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
09:46:15.0988 3844 MRxDAV - ok
09:46:16.0019 3844 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:46:16.0019 3844 mrxsmb - ok
09:46:16.0050 3844 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:46:16.0050 3844 mrxsmb10 - ok
09:46:16.0066 3844 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:46:16.0082 3844 mrxsmb20 - ok
09:46:16.0097 3844 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
09:46:16.0097 3844 msahci - ok
09:46:16.0097 3844 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
09:46:16.0097 3844 msdsm - ok
09:46:16.0113 3844 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:46:16.0113 3844 Msfs - ok
09:46:16.0128 3844 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:46:16.0128 3844 mshidkmdf - ok
09:46:16.0144 3844 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
09:46:16.0144 3844 msisadrv - ok
09:46:16.0175 3844 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:46:16.0175 3844 MSKSSRV - ok
09:46:16.0206 3844 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:46:16.0206 3844 MSPCLOCK - ok
09:46:16.0222 3844 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:46:16.0222 3844 MSPQM - ok
09:46:16.0238 3844 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
09:46:16.0253 3844 MsRPC - ok
09:46:16.0253 3844 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
09:46:16.0253 3844 mssmbios - ok
09:46:16.0269 3844 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:46:16.0284 3844 MSTEE - ok
09:46:16.0284 3844 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:46:16.0284 3844 MTConfig - ok
09:46:16.0316 3844 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:46:16.0316 3844 Mup - ok
09:46:16.0362 3844 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:46:16.0362 3844 NativeWifiP - ok
09:46:16.0409 3844 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
09:46:16.0409 3844 NDIS - ok
09:46:16.0440 3844 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:46:16.0440 3844 NdisCap - ok
09:46:16.0456 3844 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:46:16.0456 3844 NdisTapi - ok
09:46:16.0487 3844 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
09:46:16.0487 3844 Ndisuio - ok
09:46:16.0503 3844 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:46:16.0503 3844 NdisWan - ok
09:46:16.0518 3844 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
09:46:16.0518 3844 NDProxy - ok
09:46:16.0518 3844 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:46:16.0534 3844 NetBIOS - ok
09:46:16.0550 3844 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
09:46:16.0550 3844 NetBT - ok
09:46:16.0565 3844 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:46:16.0565 3844 nfrd960 - ok
09:46:16.0596 3844 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:46:16.0596 3844 Npfs - ok
09:46:16.0628 3844 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:46:16.0628 3844 nsiproxy - ok
09:46:16.0690 3844 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
09:46:16.0706 3844 Ntfs - ok
09:46:16.0721 3844 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:46:16.0721 3844 Null - ok
09:46:16.0924 3844 nvlddmkm (51bd7ef17f0b525994ad5b3748c8288b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:46:16.0971 3844 nvlddmkm - ok
09:46:17.0018 3844 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
09:46:17.0018 3844 nvraid - ok
09:46:17.0049 3844 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
09:46:17.0049 3844 nvstor - ok
09:46:17.0064 3844 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
09:46:17.0064 3844 nv_agp - ok
09:46:17.0096 3844 OA002Afx (226d2c0e1aa9040646d6b158fd344046) C:\Windows\system32\Drivers\OA002Afx.sys
09:46:17.0096 3844 OA002Afx - ok
09:46:17.0127 3844 OA002Ufd (706f5504af9f28c8641dab5eddfde03b) C:\Windows\system32\DRIVERS\OA002Ufd.sys
09:46:17.0142 3844 OA002Ufd - ok
09:46:17.0158 3844 OA002Vid (2ce066adca145892715f1df163d879da) C:\Windows\system32\DRIVERS\OA002Vid.sys
09:46:17.0158 3844 OA002Vid - ok
09:46:17.0174 3844 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
09:46:17.0174 3844 ohci1394 - ok
09:46:17.0189 3844 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:46:17.0189 3844 Parport - ok
09:46:17.0205 3844 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
09:46:17.0205 3844 partmgr - ok
09:46:17.0252 3844 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
09:46:17.0252 3844 pci - ok
09:46:17.0267 3844 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
09:46:17.0267 3844 pciide - ok
09:46:17.0283 3844 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:46:17.0283 3844 pcmcia - ok
09:46:17.0298 3844 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:46:17.0298 3844 pcw - ok
09:46:17.0314 3844 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:46:17.0330 3844 PEAUTH - ok
09:46:17.0361 3844 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
09:46:17.0361 3844 PptpMiniport - ok
09:46:17.0392 3844 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:46:17.0392 3844 Processor - ok
09:46:17.0423 3844 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
09:46:17.0423 3844 Psched - ok
09:46:17.0454 3844 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
09:46:17.0454 3844 PxHlpa64 - ok
09:46:17.0486 3844 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:46:17.0501 3844 ql2300 - ok
09:46:17.0517 3844 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:46:17.0517 3844 ql40xx - ok
09:46:17.0532 3844 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:46:17.0532 3844 QWAVEdrv - ok
09:46:17.0548 3844 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:46:17.0548 3844 RasAcd - ok
09:46:17.0564 3844 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:46:17.0564 3844 RasAgileVpn - ok
09:46:17.0579 3844 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:46:17.0579 3844 Rasl2tp - ok
09:46:17.0595 3844 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:46:17.0595 3844 RasPppoe - ok
09:46:17.0610 3844 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:46:17.0610 3844 RasSstp - ok
09:46:17.0626 3844 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
09:46:17.0626 3844 rdbss - ok
09:46:17.0642 3844 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:46:17.0642 3844 rdpbus - ok
09:46:17.0657 3844 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:46:17.0657 3844 RDPCDD - ok
09:46:17.0688 3844 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
09:46:17.0688 3844 RDPDR - ok
09:46:17.0720 3844 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:46:17.0720 3844 RDPENCDD - ok
09:46:17.0735 3844 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:46:17.0735 3844 RDPREFMP - ok
09:46:17.0751 3844 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
09:46:17.0751 3844 RDPWD - ok
09:46:17.0766 3844 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
09:46:17.0766 3844 rdyboost - ok
09:46:17.0798 3844 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:46:17.0798 3844 rspndr - ok
09:46:17.0829 3844 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
09:46:17.0829 3844 s3cap - ok
09:46:17.0860 3844 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
09:46:17.0860 3844 sbp2port - ok
09:46:17.0876 3844 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
09:46:17.0876 3844 scfilter - ok
09:46:17.0891 3844 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:46:17.0891 3844 secdrv - ok
09:46:17.0907 3844 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:46:17.0907 3844 Serenum - ok
09:46:17.0922 3844 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:46:17.0922 3844 Serial - ok
09:46:17.0954 3844 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:46:17.0954 3844 sermouse - ok
09:46:18.0000 3844 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
09:46:18.0000 3844 sffdisk - ok
09:46:18.0032 3844 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
09:46:18.0032 3844 sffp_mmc - ok
09:46:18.0047 3844 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:46:18.0047 3844 sffp_sd - ok
09:46:18.0063 3844 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:46:18.0063 3844 sfloppy - ok
09:46:18.0078 3844 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:46:18.0078 3844 SiSRaid2 - ok
09:46:18.0110 3844 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:46:18.0110 3844 SiSRaid4 - ok
09:46:18.0110 3844 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:46:18.0125 3844 Smb - ok
09:46:18.0141 3844 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:46:18.0141 3844 spldr - ok
09:46:18.0203 3844 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
09:46:18.0203 3844 srv - ok
09:46:18.0219 3844 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
09:46:18.0234 3844 srv2 - ok
09:46:18.0250 3844 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
09:46:18.0250 3844 srvnet - ok
09:46:18.0266 3844 StarOpen - ok
09:46:18.0281 3844 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:46:18.0281 3844 stexstor - ok
09:46:18.0344 3844 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
09:46:18.0344 3844 storflt - ok
09:46:18.0359 3844 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
09:46:18.0359 3844 storvsc - ok
09:46:18.0375 3844 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
09:46:18.0375 3844 swenum - ok
09:46:18.0437 3844 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
09:46:18.0437 3844 Tcpip - ok
09:46:18.0468 3844 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
09:46:18.0484 3844 TCPIP6 - ok
09:46:18.0500 3844 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
09:46:18.0500 3844 tcpipreg - ok
09:46:18.0515 3844 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:46:18.0515 3844 TDPIPE - ok
09:46:18.0531 3844 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
09:46:18.0531 3844 TDTCP - ok
09:46:18.0562 3844 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
09:46:18.0562 3844 tdx - ok
09:46:18.0578 3844 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
09:46:18.0578 3844 TermDD - ok
09:46:18.0609 3844 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:46:18.0609 3844 tssecsrv - ok
09:46:18.0624 3844 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
09:46:18.0624 3844 tunnel - ok
09:46:18.0640 3844 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:46:18.0640 3844 uagp35 - ok
09:46:18.0671 3844 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
09:46:18.0671 3844 udfs - ok
09:46:18.0702 3844 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
09:46:18.0702 3844 uliagpkx - ok
09:46:18.0702 3844 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
09:46:18.0702 3844 umbus - ok
09:46:18.0718 3844 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:46:18.0718 3844 UmPass - ok
09:46:18.0765 3844 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
09:46:18.0765 3844 usbaudio - ok
09:46:18.0812 3844 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
09:46:18.0812 3844 usbccgp - ok
09:46:18.0843 3844 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
09:46:18.0843 3844 usbcir - ok
09:46:18.0890 3844 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
09:46:18.0890 3844 usbehci - ok
09:46:18.0921 3844 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
09:46:18.0921 3844 usbhub - ok
09:46:18.0936 3844 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
09:46:18.0936 3844 usbohci - ok
09:46:18.0968 3844 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:46:18.0968 3844 usbprint - ok
09:46:18.0983 3844 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:46:18.0983 3844 USBSTOR - ok
09:46:18.0999 3844 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
09:46:18.0999 3844 usbuhci - ok
09:46:19.0046 3844 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
09:46:19.0046 3844 usbvideo - ok
09:46:19.0061 3844 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
09:46:19.0061 3844 vdrvroot - ok
09:46:19.0077 3844 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:46:19.0077 3844 vga - ok
09:46:19.0092 3844 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:46:19.0092 3844 VgaSave - ok
09:46:19.0108 3844 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
09:46:19.0108 3844 vhdmp - ok
09:46:19.0124 3844 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
09:46:19.0124 3844 viaide - ok
09:46:19.0155 3844 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
09:46:19.0155 3844 vmbus - ok
09:46:19.0170 3844 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
09:46:19.0170 3844 VMBusHID - ok
09:46:19.0186 3844 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
09:46:19.0186 3844 volmgr - ok
09:46:19.0217 3844 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
09:46:19.0217 3844 volmgrx - ok
09:46:19.0233 3844 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
09:46:19.0233 3844 volsnap - ok
09:46:19.0248 3844 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:46:19.0248 3844 vsmraid - ok
09:46:19.0264 3844 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:46:19.0264 3844 vwifibus - ok
09:46:19.0295 3844 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:46:19.0295 3844 vwififlt - ok
09:46:19.0311 3844 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
09:46:19.0311 3844 vwifimp - ok
09:46:19.0342 3844 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:46:19.0342 3844 WacomPen - ok
09:46:19.0358 3844 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
09:46:19.0358 3844 WANARP - ok
09:46:19.0358 3844 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
09:46:19.0358 3844 Wanarpv6 - ok
09:46:19.0404 3844 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:46:19.0404 3844 Wd - ok
09:46:19.0420 3844 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:46:19.0436 3844 Wdf01000 - ok
09:46:19.0451 3844 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:46:19.0451 3844 WfpLwf - ok
09:46:19.0467 3844 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:46:19.0483 3844 WIMMount - ok
09:46:19.0514 3844 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:46:19.0514 3844 WmiAcpi - ok
09:46:19.0545 3844 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:46:19.0545 3844 ws2ifsl - ok
09:46:19.0561 3844 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
09:46:19.0561 3844 WudfPf - ok
09:46:19.0576 3844 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:46:19.0576 3844 WUDFRd - ok
09:46:19.0685 3844 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
09:46:19.0685 3844 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
09:46:19.0701 3844 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
09:46:19.0717 3844 \Device\Harddisk0\DR0 - ok
09:46:19.0717 3844 Boot (0x1200) (a5c682221bb3be9ca89446427c662f59) \Device\Harddisk0\DR0\Partition0
09:46:19.0717 3844 \Device\Harddisk0\DR0\Partition0 - ok
09:46:19.0732 3844 Boot (0x1200) (78d9b7da3fb3aea9283e388faf2c2666) \Device\Harddisk0\DR0\Partition1
09:46:19.0732 3844 \Device\Harddisk0\DR0\Partition1 - ok
09:46:19.0732 3844 ============================================================
09:46:19.0732 3844 Scan finished
09:46:19.0732 3844 ============================================================
09:46:19.0732 5940 Detected object count: 0
09:46:19.0732 5940 Actual detected object count: 0
09:46:36.0627 1908 Deinitialize success

#6 Elise

Bleepin' Blonde

Group: Malware Study Hall Admin
Posts: 39,026
Joined: 05-October 07
Gender:Female
Location:Romania

Posted 01 December 2011 - 11:56 AM

Hi, redirects can be caused by a variety of malware. Is only Chrome redirecting?

COMBOFIX
---------------
Please download ComboFix from one of these locations:

Bleepingcomputer

ForoSpyware

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Combofix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton

Follow BleepingComputer on: Facebook | Twitter | Google+

#7 yaddayadda93

Member

Group: Members
Posts: 20
Joined: 15-November 11

Posted 01 December 2011 - 12:52 PM

He experienced the browser redirect primarily in IE (don't know what version) because that's what he used most often, but I also experienced it in Chrome once I got my hands on the machine. Over the weekend, he experienced it in Chrome because that's the only browser left on his machine.

I've posted the ComboFix log below. I tried to disable AVG while it was doing its thing, but AVG only allows me to suspend it for 15 minutes at a time. Halfway through ComboFix's run, AVG kicked in again, and it kicked in again when ComboFix restarted the machine.

ComboFix 11-11-22.01 - Abraham 12/01/2011 10:20:09.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8183.6556 [GMT -7:00]
Running from: c:\users\Abraham\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Abraham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\windows\SysWow64\msnphoto.scr
.
.
((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
.
.
2011-12-01 16:51 . 2011-10-18 08:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD663817-E7ED-4E2D-82F3-1632E8864035}\mpengine.dll
2011-11-18 16:09 . 2011-11-18 16:09 -------- d-----w- c:\program files (x86)\Runtime Software
2011-11-17 18:51 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2011-11-16 22:11 . 2011-12-01 16:37 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-11-16 22:11 . 2011-12-01 16:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-16 21:36 . 2011-11-16 21:36 -------- d-----w- c:\users\Abraham\AppData\Roaming\AVG
2011-11-16 21:32 . 2011-11-16 21:32 -------- d-----w- C:\$AVG
2011-11-16 21:07 . 2011-11-16 21:54 -------- d-----w- c:\program files\CCleaner
2011-11-15 21:37 . 2011-11-15 21:37 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-15 21:34 . 2011-12-01 16:35 -------- dc----w- c:\windows\system32\DRVSTORE
2011-11-15 21:34 . 2011-12-01 16:35 -------- d-----w- c:\programdata\Lavasoft
2011-11-15 20:40 . 2011-11-15 20:40 -------- d--h--w- c:\programdata\Common Files
2011-11-15 20:40 . 2011-11-15 20:40 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-11-15 20:39 . 2011-12-01 16:37 -------- d-----w- c:\windows\system32\drivers\AVG
2011-11-15 20:39 . 2011-11-16 21:23 -------- d-----w- c:\programdata\AVG2012
2011-11-15 20:38 . 2011-11-16 21:35 -------- d-----w- c:\program files (x86)\AVG
2011-11-15 20:35 . 2011-12-01 16:37 -------- d-----w- c:\programdata\MFAData
2011-11-15 19:12 . 2011-11-15 19:12 -------- d-----w- c:\program files (x86)\Trend Micro
2011-11-15 17:53 . 2011-11-15 17:53 -------- d-----w- c:\windows\system32\SPReview
2011-11-14 21:22 . 2011-11-14 21:22 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-11-04 18:26 . 2011-11-04 18:26 -------- d-----w- c:\windows\system32\EventProviders
2011-11-04 18:25 . 2011-08-15 05:08 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-11-04 18:25 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-11-04 18:13 . 2011-05-25 01:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-04 17:34 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-04 17:27 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-11-04 17:16 . 2011-11-04 17:16 -------- d--h--w- c:\users\Abraham\AppData\Roaming\Malwarebytes
2011-11-04 17:16 . 2011-11-04 17:16 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-27 02:35 . 2010-04-23 23:49 439607 ---ha-w- c:\users\Abraham\AppData\Roaming\mdbu.bin
2011-10-07 13:23 . 2011-10-07 13:23 283728 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2011-10-01 03:21 . 2011-10-13 22:29 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:59 . 2011-10-13 22:29 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-13 13:30 . 2011-09-13 13:30 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2011-09-06 03:07 . 2011-10-13 22:29 3134976 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Artisan 710(Network)"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIFSA.EXE" [2009-02-23 223232]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-06-10 244208]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-14 136176]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-06-10 166384]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-14 136176]
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [x]
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [x]
R3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-10 1124848]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-06-10 309744]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/11/10 17:53];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-05-11 21:59 146928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-10-25 2398512]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 sprtlisten;SupportSoft Listener Service;c:\program files (x86)\Common Files\supportsoft\bin\sprtlisten.exe [2011-02-14 1242440]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-14 00:43]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-14 00:43]
.
2011-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4272832829-3882091054-1186062486-1000Core.job
- c:\users\Abraham\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-16 21:59]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4272832829-3882091054-1186062486-1000UA.job
- c:\users\Abraham\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-16 21:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 10.0.0.2 24.116.39.12 24.116.2.50 24.116.2.34
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
.
**************************************************************************
.
Completion time: 2011-12-01 10:46:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-01 17:46
.
Pre-Run: 849,304,166,400 bytes free
Post-Run: 849,257,496,576 bytes free
.
- - End Of File - - D6CEEF5CBCE16C34CB50065B2D2D6B65

#8 Elise

Bleepin' Blonde

Group: Malware Study Hall Admin
Posts: 39,026
Joined: 05-October 07
Gender:Female
Location:Romania

Posted 01 December 2011 - 01:01 PM

I see no obvious cause for the redirects, so I'd like to have a look at the MBR of the drive. In order to get a trustworthy dump, this needs to be done outside Windows.

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer

Run GETxPUD.exe
A new folder will appear on the desktop.
Open the GETxPUD folder and click on the get&burn.bat
The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
Click on Start and follow the prompts to burn the image to a CD.
Remove the USB & CD and insert it in the sick computer
Boot the Sick computer with the CD you just burned
The computer must be set to boot from the CD
Gently tap F12 and choose to boot from the CD
Follow the prompts
A Welcome to xPUD screen will appear
Press File
Expand mnt
sda1,2...usually corresponds to your HDD
sdb1 is likely your USB
Click on the folder that represents your USB drive (sdb1 ?)
Press Tool at the top
Choose Open Terminal
Type the following and press enter:

dd if=/dev/sda of=mbr.bin bs=512 count=1
Press Enter
After it has finished a file will be located on your USB drive named mbr.bin
Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton

Follow BleepingComputer on: Facebook | Twitter | Google+

#9 yaddayadda93

Member

Group: Members
Posts: 20
Joined: 15-November 11

Posted 01 December 2011 - 02:01 PM

Everything seemed to go well in creating the CD, but I can't get either computer to boot from the CD. On the sick computer, I can use F12 to get to the boot menu, but when I scroll down to the appropriate drive and press Enter, the computer still boots to Windows like normal (although sometimes it says "Invalid system disc"). This happens in both of the optical drives. On the healthy computer, I can't even get to the boot menu. I press F12 for all I'm worth and it still boots to Windows like normal. I've attached a PDF of what the boot disc looks like in Windows Explorer.

BTW: Based on your statement that you couldn't see anything obviously wrong, I ran a quick scan with AVG to see if the problem had gone away. The scan still shows the original two files.

Also: That was my last blank CD. Is there a way to do this using a USB drive?

Attached File(s)

Boot disc.pdf (76.6K)
Number of downloads: 1

#10 Elise

Bleepin' Blonde

Group: Malware Study Hall Admin
Posts: 39,026
Joined: 05-October 07
Gender:Female
Location:Romania

Posted 01 December 2011 - 02:28 PM

You can try it from the USB drive as follows.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer

Insert your USB drive
Press Start > My Computer > right click your USB drive > choose Format > Quick format
Double click the unetbootin-xpud-windows-387.exe that you just downloaded
Press Run then OK
Select the DiskImage option then click the browse button located on the right side of the textbox field.
Browse to and select the xpud-0.9.2.iso file you downloaded
Verify the correct drive letter is selected for your USB device then click OK
It will install a little bootable OS on your USB device
Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
After it has completed do not choose to reboot the clean computer simply close the installer

regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton

Follow BleepingComputer on: Facebook | Twitter | Google+

#11 yaddayadda93

Member

Group: Members
Posts: 20
Joined: 15-November 11

Posted 01 December 2011 - 03:37 PM

Here goes nothing ...

Attached File(s)

mbr.zip (619bytes)
Number of downloads: 9

#12 Elise

Bleepin' Blonde

Group: Malware Study Hall Admin
Posts: 39,026
Joined: 05-October 07
Gender:Female
Location:Romania

Posted 01 December 2011 - 04:33 PM

That looks indeed like a rootkit infection.

We need to adjust the partition table so it will point to the right (non-infected) partition. Please download the attached file and unzip it to your flashdrive (make sure you delete the old mbr.bin file first!). You should see the mbr.bin file on your flashdrive (in the root, not in a dedicated folder).

If you have any problem doing the steps, or if you are not sure about something, please post back here first and do not continue.

Note: this file as well as the steps below are written for this user only, copying these steps for another computer may cause extensive damage!!

Now, boot using xPUD, navigate to your USB drive and make sure you see mbr.bin

Click Tool > Open Terminal and enter the following command

dd if=mbr.bin of=/dev/sda bs=512 count=1

Press enter.

When done, restart your computer without the USB drive plugged in and verify if the redirects are gone.

Attached File(s)

mbr.zip (573bytes)
Number of downloads: 4

regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton

Follow BleepingComputer on: Facebook | Twitter | Google+

#13 yaddayadda93

Member

Group: Members
Posts: 20
Joined: 15-November 11

Posted 01 December 2011 - 05:24 PM

I think we might be good. An AVG scan comes up clean and I can't recreate the redirect. I will have my friend come in tomorrow and show me how he uses his computer to see if he can recreate the redirect. He was seeing far more redirects than I was, so maybe there's something about the way he uses the machine or maybe specific sites that are worse than the ones I'm using. I report back once he test drives for a while. Thanks for your help today.

#14 Elise

Bleepin' Blonde

Group: Malware Study Hall Admin
Posts: 39,026
Joined: 05-October 07
Gender:Female
Location:Romania

Posted 02 December 2011 - 02:16 AM

You can be pretty sure it is gone, however there is some cleanup to do. Please rerun TDSSkiller and click the Options button. Make sure that Check for TDLFS File System is checked. If it is detected, opt to remove it.

Post me the resulting log.

regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton

Follow BleepingComputer on: Facebook | Twitter | Google+

#15 yaddayadda93

Member

Group: Members
Posts: 20
Joined: 15-November 11

Posted 02 December 2011 - 12:19 PM

TDSSKiller scan came up clean. Here is the resulting scan:

10:16:12.0131 5448 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
10:16:12.0568 5448 ============================================================
10:16:12.0568 5448 Current date / time: 2011/12/02 10:16:12.0568
10:16:12.0568 5448 SystemInfo:
10:16:12.0568 5448
10:16:12.0568 5448 OS Version: 6.1.7600 ServicePack: 0.0
10:16:12.0568 5448 Product type: Workstation
10:16:12.0568 5448 ComputerName: ABRAHAM-PC
10:16:12.0568 5448 UserName: Abraham
10:16:12.0568 5448 Windows directory: C:\Windows
10:16:12.0568 5448 System windows directory: C:\Windows
10:16:12.0568 5448 Running under WOW64
10:16:12.0568 5448 Processor architecture: Intel x64
10:16:12.0568 5448 Number of processors: 8
10:16:12.0568 5448 Page size: 0x1000
10:16:12.0568 5448 Boot type: Normal boot
10:16:12.0568 5448 ============================================================
10:16:14.0393 5448 Initialize success
10:16:37.0481 4988 ============================================================
10:16:37.0481 4988 Scan started
10:16:37.0481 4988 Mode: Manual;
10:16:37.0481 4988 ============================================================
10:16:38.0588 4988 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
10:16:38.0588 4988 1394ohci - ok
10:16:38.0620 4988 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
10:16:38.0620 4988 ACPI - ok
10:16:38.0635 4988 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
10:16:38.0635 4988 AcpiPmi - ok
10:16:38.0666 4988 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:16:38.0666 4988 adp94xx - ok
10:16:38.0682 4988 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:16:38.0682 4988 adpahci - ok
10:16:38.0698 4988 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:16:38.0698 4988 adpu320 - ok
10:16:38.0744 4988 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
10:16:38.0760 4988 AFD - ok
10:16:38.0776 4988 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
10:16:38.0776 4988 agp440 - ok
10:16:38.0791 4988 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
10:16:38.0791 4988 aliide - ok
10:16:38.0822 4988 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
10:16:38.0822 4988 amdide - ok
10:16:38.0869 4988 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:16:38.0869 4988 AmdK8 - ok
10:16:38.0885 4988 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:16:38.0885 4988 AmdPPM - ok
10:16:38.0932 4988 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
10:16:38.0932 4988 amdsata - ok
10:16:38.0947 4988 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:16:38.0947 4988 amdsbs - ok
10:16:38.0994 4988 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
10:16:38.0994 4988 amdxata - ok
10:16:39.0010 4988 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
10:16:39.0010 4988 AppID - ok
10:16:39.0041 4988 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:16:39.0041 4988 arc - ok
10:16:39.0056 4988 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:16:39.0056 4988 arcsas - ok
10:16:39.0088 4988 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:16:39.0088 4988 AsyncMac - ok
10:16:39.0103 4988 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
10:16:39.0103 4988 atapi - ok
10:16:39.0150 4988 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
10:16:39.0150 4988 Avgfwfd - ok
10:16:39.0166 4988 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
10:16:39.0181 4988 AVGIDSDriver - ok
10:16:39.0228 4988 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
10:16:39.0228 4988 AVGIDSEH - ok
10:16:39.0290 4988 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
10:16:39.0290 4988 AVGIDSFilter - ok
10:16:39.0337 4988 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
10:16:39.0337 4988 Avgldx64 - ok
10:16:39.0353 4988 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
10:16:39.0353 4988 Avgmfx64 - ok
10:16:39.0384 4988 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
10:16:39.0384 4988 Avgrkx64 - ok
10:16:39.0415 4988 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
10:16:39.0415 4988 Avgtdia - ok
10:16:39.0446 4988 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:16:39.0446 4988 b06bdrv - ok
10:16:39.0618 4988 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:16:39.0634 4988 b57nd60a - ok
10:16:39.0680 4988 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
10:16:39.0680 4988 BCM42RLY - ok
10:16:39.0743 4988 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:16:39.0758 4988 BCM43XX - ok
10:16:39.0774 4988 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:16:39.0774 4988 Beep - ok
10:16:39.0805 4988 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:16:39.0805 4988 blbdrive - ok
10:16:39.0836 4988 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
10:16:39.0836 4988 bowser - ok
10:16:39.0852 4988 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:16:39.0852 4988 BrFiltLo - ok
10:16:39.0868 4988 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:16:39.0868 4988 BrFiltUp - ok
10:16:39.0899 4988 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:16:39.0899 4988 Brserid - ok
10:16:39.0914 4988 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:16:39.0914 4988 BrSerWdm - ok
10:16:39.0914 4988 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:16:39.0914 4988 BrUsbMdm - ok
10:16:39.0930 4988 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:16:39.0930 4988 BrUsbSer - ok
10:16:39.0930 4988 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:16:39.0930 4988 BTHMODEM - ok
10:16:39.0992 4988 catchme - ok
10:16:40.0024 4988 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:16:40.0024 4988 cdfs - ok
10:16:40.0055 4988 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
10:16:40.0055 4988 cdrom - ok
10:16:40.0070 4988 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:16:40.0070 4988 circlass - ok
10:16:40.0102 4988 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:16:40.0102 4988 CLFS - ok
10:16:40.0133 4988 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:16:40.0133 4988 CmBatt - ok
10:16:40.0148 4988 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
10:16:40.0148 4988 cmdide - ok
10:16:40.0195 4988 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
10:16:40.0211 4988 CNG - ok
10:16:40.0226 4988 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:16:40.0226 4988 Compbatt - ok
10:16:40.0242 4988 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:16:40.0242 4988 CompositeBus - ok
10:16:40.0336 4988 cpuz132 - ok
10:16:40.0351 4988 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:16:40.0351 4988 crcdisk - ok
10:16:40.0445 4988 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
10:16:40.0538 4988 CSC - ok
10:16:40.0632 4988 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
10:16:40.0632 4988 DfsC - ok
10:16:40.0663 4988 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:16:40.0679 4988 discache - ok
10:16:40.0757 4988 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:16:40.0757 4988 Disk - ok
10:16:40.0835 4988 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:16:40.0850 4988 drmkaud - ok
10:16:40.0897 4988 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
10:16:40.0897 4988 DXGKrnl - ok
10:16:40.0991 4988 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:16:40.0991 4988 ebdrv - ok
10:16:41.0084 4988 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:16:41.0084 4988 elxstor - ok
10:16:41.0100 4988 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
10:16:41.0100 4988 ErrDev - ok
10:16:41.0147 4988 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:16:41.0147 4988 exfat - ok
10:16:41.0194 4988 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:16:41.0194 4988 fastfat - ok
10:16:41.0209 4988 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:16:41.0209 4988 fdc - ok
10:16:41.0256 4988 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:16:41.0256 4988 FileInfo - ok
10:16:41.0272 4988 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:16:41.0272 4988 Filetrace - ok
10:16:41.0287 4988 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:16:41.0287 4988 flpydisk - ok
10:16:41.0318 4988 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
10:16:41.0318 4988 FltMgr - ok
10:16:41.0334 4988 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:16:41.0334 4988 FsDepends - ok
10:16:41.0350 4988 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:16:41.0350 4988 Fs_Rec - ok
10:16:41.0396 4988 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:16:41.0396 4988 fvevol - ok
10:16:41.0412 4988 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:16:41.0412 4988 gagp30kx - ok
10:16:41.0474 4988 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:16:41.0474 4988 hcw85cir - ok
10:16:41.0537 4988 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:16:41.0537 4988 HDAudBus - ok
10:16:41.0552 4988 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:16:41.0552 4988 HidBatt - ok
10:16:41.0552 4988 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:16:41.0552 4988 HidBth - ok
10:16:41.0584 4988 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:16:41.0584 4988 HidIr - ok
10:16:41.0646 4988 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
10:16:41.0646 4988 HidUsb - ok
10:16:41.0677 4988 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
10:16:41.0677 4988 HpSAMD - ok
10:16:41.0708 4988 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
10:16:41.0724 4988 HTTP - ok
10:16:41.0740 4988 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
10:16:41.0740 4988 hwpolicy - ok
10:16:41.0755 4988 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:16:41.0755 4988 i8042prt - ok
10:16:41.0786 4988 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
10:16:41.0802 4988 iaStor - ok
10:16:41.0833 4988 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
10:16:41.0833 4988 iaStorV - ok
10:16:41.0849 4988 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:16:41.0864 4988 iirsp - ok
10:16:41.0942 4988 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
10:16:41.0942 4988 IntcAzAudAddService - ok
10:16:41.0989 4988 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
10:16:41.0989 4988 intelide - ok
10:16:42.0020 4988 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:16:42.0036 4988 intelppm - ok
10:16:42.0067 4988 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:16:42.0067 4988 IpFilterDriver - ok
10:16:42.0083 4988 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:16:42.0083 4988 IPMIDRV - ok
10:16:42.0098 4988 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:16:42.0098 4988 IPNAT - ok
10:16:42.0130 4988 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:16:42.0130 4988 IRENUM - ok
10:16:42.0145 4988 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
10:16:42.0145 4988 isapnp - ok
10:16:42.0176 4988 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
10:16:42.0176 4988 iScsiPrt - ok
10:16:42.0208 4988 k57nd60a (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys
10:16:42.0208 4988 k57nd60a - ok
10:16:42.0254 4988 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:16:42.0254 4988 kbdclass - ok
10:16:42.0270 4988 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
10:16:42.0270 4988 kbdhid - ok
10:16:42.0286 4988 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
10:16:42.0286 4988 KSecDD - ok
10:16:42.0317 4988 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
10:16:42.0317 4988 KSecPkg - ok
10:16:42.0348 4988 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:16:42.0348 4988 ksthunk - ok
10:16:42.0379 4988 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:16:42.0379 4988 lltdio - ok
10:16:42.0410 4988 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:16:42.0410 4988 LSI_FC - ok
10:16:42.0410 4988 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:16:42.0410 4988 LSI_SAS - ok
10:16:42.0426 4988 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:16:42.0426 4988 LSI_SAS2 - ok
10:16:42.0442 4988 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:16:42.0442 4988 LSI_SCSI - ok
10:16:42.0457 4988 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:16:42.0457 4988 luafv - ok
10:16:42.0504 4988 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:16:42.0504 4988 megasas - ok
10:16:42.0520 4988 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:16:42.0520 4988 MegaSR - ok
10:16:42.0535 4988 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:16:42.0551 4988 Modem - ok
10:16:42.0598 4988 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:16:42.0598 4988 monitor - ok
10:16:42.0629 4988 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:16:42.0629 4988 mouclass - ok
10:16:42.0660 4988 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:16:42.0660 4988 mouhid - ok
10:16:42.0660 4988 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
10:16:42.0660 4988 mountmgr - ok
10:16:42.0676 4988 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
10:16:42.0676 4988 mpio - ok
10:16:42.0691 4988 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:16:42.0691 4988 mpsdrv - ok
10:16:42.0707 4988 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
10:16:42.0722 4988 MRxDAV - ok
10:16:42.0769 4988 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:16:42.0769 4988 mrxsmb - ok
10:16:42.0800 4988 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:16:42.0800 4988 mrxsmb10 - ok
10:16:42.0832 4988 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:16:42.0832 4988 mrxsmb20 - ok
10:16:42.0847 4988 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
10:16:42.0847 4988 msahci - ok
10:16:42.0863 4988 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
10:16:42.0863 4988 msdsm - ok
10:16:42.0863 4988 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:16:42.0863 4988 Msfs - ok
10:16:42.0894 4988 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:16:42.0894 4988 mshidkmdf - ok
10:16:42.0910 4988 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
10:16:42.0910 4988 msisadrv - ok
10:16:42.0941 4988 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:16:42.0941 4988 MSKSSRV - ok
10:16:42.0972 4988 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:16:42.0972 4988 MSPCLOCK - ok
10:16:42.0988 4988 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:16:42.0988 4988 MSPQM - ok
10:16:43.0003 4988 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
10:16:43.0003 4988 MsRPC - ok
10:16:43.0019 4988 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
10:16:43.0019 4988 mssmbios - ok
10:16:43.0034 4988 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:16:43.0034 4988 MSTEE - ok
10:16:43.0050 4988 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:16:43.0050 4988 MTConfig - ok
10:16:43.0066 4988 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:16:43.0066 4988 Mup - ok
10:16:43.0097 4988 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:16:43.0097 4988 NativeWifiP - ok
10:16:43.0128 4988 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
10:16:43.0128 4988 NDIS - ok
10:16:43.0144 4988 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:16:43.0144 4988 NdisCap - ok
10:16:43.0175 4988 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:16:43.0175 4988 NdisTapi - ok
10:16:43.0190 4988 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
10:16:43.0190 4988 Ndisuio - ok
10:16:43.0206 4988 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:16:43.0206 4988 NdisWan - ok
10:16:43.0222 4988 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
10:16:43.0222 4988 NDProxy - ok
10:16:43.0237 4988 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:16:43.0237 4988 NetBIOS - ok
10:16:43.0253 4988 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
10:16:43.0253 4988 NetBT - ok
10:16:43.0268 4988 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:16:43.0268 4988 nfrd960 - ok
10:16:43.0284 4988 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:16:43.0284 4988 Npfs - ok
10:16:43.0300 4988 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:16:43.0300 4988 nsiproxy - ok
10:16:43.0440 4988 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
10:16:43.0487 4988 Ntfs - ok
10:16:43.0502 4988 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:16:43.0502 4988 Null - ok
10:16:43.0924 4988 nvlddmkm (51bd7ef17f0b525994ad5b3748c8288b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:16:43.0970 4988 nvlddmkm - ok
10:16:44.0033 4988 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
10:16:44.0033 4988 nvraid - ok
10:16:44.0080 4988 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
10:16:44.0080 4988 nvstor - ok
10:16:44.0158 4988 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
10:16:44.0158 4988 nv_agp - ok
10:16:44.0267 4988 OA002Afx (226d2c0e1aa9040646d6b158fd344046) C:\Windows\system32\Drivers\OA002Afx.sys
10:16:44.0282 4988 OA002Afx - ok
10:16:44.0360 4988 OA002Ufd (706f5504af9f28c8641dab5eddfde03b) C:\Windows\system32\DRIVERS\OA002Ufd.sys
10:16:44.0360 4988 OA002Ufd - ok
10:16:44.0392 4988 OA002Vid (2ce066adca145892715f1df163d879da) C:\Windows\system32\DRIVERS\OA002Vid.sys
10:16:44.0392 4988 OA002Vid - ok
10:16:44.0407 4988 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
10:16:44.0407 4988 ohci1394 - ok
10:16:44.0423 4988 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:16:44.0423 4988 Parport - ok
10:16:44.0438 4988 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
10:16:44.0438 4988 partmgr - ok
10:16:44.0516 4988 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
10:16:44.0516 4988 pci - ok
10:16:44.0516 4988 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
10:16:44.0516 4988 pciide - ok
10:16:44.0548 4988 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:16:44.0548 4988 pcmcia - ok
10:16:44.0610 4988 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:16:44.0610 4988 pcw - ok
10:16:44.0657 4988 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:16:44.0672 4988 PEAUTH - ok
10:16:44.0719 4988 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
10:16:44.0719 4988 PptpMiniport - ok
10:16:44.0735 4988 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:16:44.0735 4988 Processor - ok
10:16:44.0766 4988 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
10:16:44.0766 4988 Psched - ok
10:16:44.0813 4988 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:16:44.0813 4988 PxHlpa64 - ok
10:16:44.0922 4988 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:16:44.0922 4988 ql2300 - ok
10:16:44.0938 4988 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:16:44.0938 4988 ql40xx - ok
10:16:44.0969 4988 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:16:44.0969 4988 QWAVEdrv - ok
10:16:45.0016 4988 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:16:45.0016 4988 RasAcd - ok
10:16:45.0031 4988 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:16:45.0031 4988 RasAgileVpn - ok
10:16:45.0047 4988 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:16:45.0047 4988 Rasl2tp - ok
10:16:45.0078 4988 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:16:45.0078 4988 RasPppoe - ok
10:16:45.0078 4988 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:16:45.0078 4988 RasSstp - ok
10:16:45.0109 4988 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
10:16:45.0109 4988 rdbss - ok
10:16:45.0109 4988 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:16:45.0109 4988 rdpbus - ok
10:16:45.0125 4988 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:16:45.0125 4988 RDPCDD - ok
10:16:45.0156 4988 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
10:16:45.0172 4988 RDPDR - ok
10:16:45.0187 4988 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:16:45.0187 4988 RDPENCDD - ok
10:16:45.0203 4988 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:16:45.0203 4988 RDPREFMP - ok
10:16:45.0218 4988 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
10:16:45.0218 4988 RDPWD - ok
10:16:45.0250 4988 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
10:16:45.0250 4988 rdyboost - ok
10:16:45.0265 4988 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:16:45.0265 4988 rspndr - ok
10:16:45.0312 4988 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
10:16:45.0312 4988 s3cap - ok
10:16:45.0328 4988 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
10:16:45.0328 4988 sbp2port - ok
10:16:45.0359 4988 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
10:16:45.0359 4988 scfilter - ok
10:16:45.0374 4988 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:16:45.0374 4988 secdrv - ok
10:16:45.0390 4988 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:16:45.0390 4988 Serenum - ok
10:16:45.0406 4988 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:16:45.0406 4988 Serial - ok
10:16:45.0421 4988 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:16:45.0437 4988 sermouse - ok
10:16:45.0484 4988 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
10:16:45.0484 4988 sffdisk - ok
10:16:45.0515 4988 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:16:45.0515 4988 sffp_mmc - ok
10:16:45.0608 4988 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:16:45.0608 4988 sffp_sd - ok
10:16:45.0624 4988 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:16:45.0624 4988 sfloppy - ok
10:16:45.0655 4988 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:16:45.0655 4988 SiSRaid2 - ok
10:16:45.0671 4988 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:16:45.0671 4988 SiSRaid4 - ok
10:16:45.0702 4988 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:16:45.0702 4988 Smb - ok
10:16:45.0733 4988 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:16:45.0733 4988 spldr - ok
10:16:45.0796 4988 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
10:16:45.0811 4988 srv - ok
10:16:45.0827 4988 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
10:16:45.0842 4988 srv2 - ok
10:16:45.0858 4988 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
10:16:45.0858 4988 srvnet - ok
10:16:45.0874 4988 StarOpen - ok
10:16:45.0874 4988 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:16:45.0889 4988 stexstor - ok
10:16:45.0967 4988 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
10:16:45.0967 4988 storflt - ok
10:16:46.0123 4988 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
10:16:46.0123 4988 storvsc - ok
10:16:46.0154 4988 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
10:16:46.0154 4988 swenum - ok
10:16:46.0217 4988 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
10:16:46.0232 4988 Tcpip - ok
10:16:46.0279 4988 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
10:16:46.0295 4988 TCPIP6 - ok
10:16:46.0451 4988 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
10:16:46.0451 4988 tcpipreg - ok
10:16:46.0466 4988 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:16:46.0466 4988 TDPIPE - ok
10:16:46.0498 4988 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:16:46.0498 4988 TDTCP - ok
10:16:46.0513 4988 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
10:16:46.0513 4988 tdx - ok
10:16:46.0529 4988 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
10:16:46.0529 4988 TermDD - ok
10:16:46.0544 4988 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:16:46.0544 4988 tssecsrv - ok
10:16:46.0576 4988 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
10:16:46.0576 4988 tunnel - ok
10:16:46.0591 4988 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:16:46.0591 4988 uagp35 - ok
10:16:46.0638 4988 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
10:16:46.0638 4988 udfs - ok
10:16:46.0669 4988 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
10:16:46.0669 4988 uliagpkx - ok
10:16:46.0700 4988 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
10:16:46.0700 4988 umbus - ok
10:16:46.0716 4988 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:16:46.0716 4988 UmPass - ok
10:16:46.0747 4988 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
10:16:46.0763 4988 usbaudio - ok
10:16:46.0810 4988 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
10:16:46.0810 4988 usbccgp - ok
10:16:46.0856 4988 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
10:16:46.0856 4988 usbcir - ok
10:16:46.0888 4988 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
10:16:46.0888 4988 usbehci - ok
10:16:46.0919 4988 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
10:16:46.0919 4988 usbhub - ok
10:16:46.0950 4988 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
10:16:46.0950 4988 usbohci - ok
10:16:46.0966 4988 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:16:46.0966 4988 usbprint - ok
10:16:46.0981 4988 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:16:46.0997 4988 USBSTOR - ok
10:16:47.0012 4988 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
10:16:47.0012 4988 usbuhci - ok
10:16:47.0044 4988 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
10:16:47.0059 4988 usbvideo - ok
10:16:47.0090 4988 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
10:16:47.0090 4988 vdrvroot - ok
10:16:47.0122 4988 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:16:47.0122 4988 vga - ok
10:16:47.0137 4988 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:16:47.0137 4988 VgaSave - ok
10:16:47.0153 4988 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
10:16:47.0153 4988 vhdmp - ok
10:16:47.0184 4988 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
10:16:47.0184 4988 viaide - ok
10:16:47.0215 4988 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
10:16:47.0215 4988 vmbus - ok
10:16:47.0262 4988 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
10:16:47.0262 4988 VMBusHID - ok
10:16:47.0278 4988 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
10:16:47.0278 4988 volmgr - ok
10:16:47.0293 4988 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
10:16:47.0293 4988 volmgrx - ok
10:16:47.0371 4988 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
10:16:47.0371 4988 volsnap - ok
10:16:47.0418 4988 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:16:47.0434 4988 vsmraid - ok
10:16:47.0480 4988 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:16:47.0480 4988 vwifibus - ok
10:16:47.0543 4988 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:16:47.0543 4988 vwififlt - ok
10:16:47.0574 4988 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:16:47.0574 4988 vwifimp - ok
10:16:47.0605 4988 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:16:47.0605 4988 WacomPen - ok
10:16:47.0621 4988 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:16:47.0621 4988 WANARP - ok
10:16:47.0636 4988 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:16:47.0636 4988 Wanarpv6 - ok
10:16:47.0668 4988 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:16:47.0668 4988 Wd - ok
10:16:47.0808 4988 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:16:47.0808 4988 Wdf01000 - ok
10:16:47.0886 4988 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:16:47.0886 4988 WfpLwf - ok
10:16:47.0902 4988 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:16:47.0902 4988 WIMMount - ok
10:16:47.0948 4988 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:16:47.0948 4988 WmiAcpi - ok
10:16:47.0964 4988 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:16:47.0964 4988 ws2ifsl - ok
10:16:47.0980 4988 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
10:16:47.0980 4988 WudfPf - ok
10:16:47.0995 4988 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:16:47.0995 4988 WUDFRd - ok
10:16:48.0136 4988 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
10:16:48.0136 4988 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
10:16:48.0182 4988 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
10:16:48.0182 4988 \Device\Harddisk0\DR0 - ok
10:16:48.0198 4988 Boot (0x1200) (a5c682221bb3be9ca89446427c662f59) \Device\Harddisk0\DR0\Partition0
10:16:48.0198 4988 \Device\Harddisk0\DR0\Partition0 - ok
10:16:48.0214 4988 Boot (0x1200) (78d9b7da3fb3aea9283e388faf2c2666) \Device\Harddisk0\DR0\Partition1
10:16:48.0214 4988 \Device\Harddisk0\DR0\Partition1 - ok
10:16:48.0214 4988 ============================================================
10:16:48.0214 4988 Scan finished
10:16:48.0214 4988 ============================================================
10:16:48.0214 3688 Detected object count: 0
10:16:48.0214 3688 Actual detected object count: 0
10:17:16.0481 5848 ============================================================
10:17:16.0481 5848 Scan started
10:17:16.0481 5848 Mode: Manual; TDLFS;
10:17:16.0481 5848 ============================================================
10:17:17.0214 5848 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
10:17:17.0214 5848 1394ohci - ok
10:17:17.0230 5848 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
10:17:17.0230 5848 ACPI - ok
10:17:17.0245 5848 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
10:17:17.0245 5848 AcpiPmi - ok
10:17:17.0261 5848 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:17:17.0261 5848 adp94xx - ok
10:17:17.0276 5848 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:17:17.0276 5848 adpahci - ok
10:17:17.0292 5848 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:17:17.0292 5848 adpu320 - ok
10:17:17.0339 5848 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
10:17:17.0339 5848 AFD - ok
10:17:17.0354 5848 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
10:17:17.0354 5848 agp440 - ok
10:17:17.0370 5848 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
10:17:17.0370 5848 aliide - ok
10:17:17.0370 5848 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
10:17:17.0370 5848 amdide - ok
10:17:17.0386 5848 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:17:17.0386 5848 AmdK8 - ok
10:17:17.0401 5848 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:17:17.0401 5848 AmdPPM - ok
10:17:17.0448 5848 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
10:17:17.0448 5848 amdsata - ok
10:17:17.0464 5848 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:17:17.0464 5848 amdsbs - ok
10:17:17.0510 5848 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
10:17:17.0510 5848 amdxata - ok
10:17:17.0526 5848 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
10:17:17.0526 5848 AppID - ok
10:17:17.0542 5848 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:17:17.0542 5848 arc - ok
10:17:17.0557 5848 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:17:17.0557 5848 arcsas - ok
10:17:17.0573 5848 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:17:17.0573 5848 AsyncMac - ok
10:17:17.0588 5848 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
10:17:17.0588 5848 atapi - ok
10:17:17.0635 5848 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
10:17:17.0635 5848 Avgfwfd - ok
10:17:17.0651 5848 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
10:17:17.0651 5848 AVGIDSDriver - ok
10:17:17.0682 5848 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
10:17:17.0682 5848 AVGIDSEH - ok
10:17:17.0698 5848 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
10:17:17.0698 5848 AVGIDSFilter - ok
10:17:17.0713 5848 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
10:17:17.0713 5848 Avgldx64 - ok
10:17:17.0729 5848 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
10:17:17.0729 5848 Avgmfx64 - ok
10:17:17.0760 5848 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
10:17:17.0760 5848 Avgrkx64 - ok
10:17:17.0776 5848 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
10:17:17.0776 5848 Avgtdia - ok
10:17:17.0807 5848 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:17:17.0807 5848 b06bdrv - ok
10:17:17.0838 5848 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:17:17.0838 5848 b57nd60a - ok
10:17:17.0854 5848 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
10:17:17.0854 5848 BCM42RLY - ok
10:17:17.0916 5848 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:17:17.0916 5848 BCM43XX - ok
10:17:17.0932 5848 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:17:17.0932 5848 Beep - ok
10:17:17.0947 5848 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:17:17.0947 5848 blbdrive - ok
10:17:17.0994 5848 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
10:17:17.0994 5848 bowser - ok
10:17:18.0010 5848 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:17:18.0010 5848 BrFiltLo - ok
10:17:18.0025 5848 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:17:18.0025 5848 BrFiltUp - ok
10:17:18.0041 5848 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:17:18.0041 5848 Brserid - ok
10:17:18.0056 5848 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:17:18.0056 5848 BrSerWdm - ok
10:17:18.0072 5848 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:17:18.0072 5848 BrUsbMdm - ok
10:17:18.0072 5848 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:17:18.0088 5848 BrUsbSer - ok
10:17:18.0088 5848 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:17:18.0088 5848 BTHMODEM - ok
10:17:18.0119 5848 catchme - ok
10:17:18.0150 5848 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:17:18.0150 5848 cdfs - ok
10:17:18.0166 5848 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
10:17:18.0166 5848 cdrom - ok
10:17:18.0181 5848 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:17:18.0181 5848 circlass - ok
10:17:18.0212 5848 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:17:18.0212 5848 CLFS - ok
10:17:18.0244 5848 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:17:18.0244 5848 CmBatt - ok
10:17:18.0259 5848 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
10:17:18.0259 5848 cmdide - ok
10:17:18.0275 5848 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
10:17:18.0275 5848 CNG - ok
10:17:18.0290 5848 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:17:18.0290 5848 Compbatt - ok
10:17:18.0322 5848 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:17:18.0322 5848 CompositeBus - ok
10:17:18.0400 5848 cpuz132 - ok
10:17:18.0431 5848 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:17:18.0431 5848 crcdisk - ok
10:17:18.0462 5848 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
10:17:18.0462 5848 CSC - ok
10:17:18.0509 5848 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
10:17:18.0509 5848 DfsC - ok
10:17:18.0509 5848 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:17:18.0509 5848 discache - ok
10:17:18.0571 5848 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:17:18.0571 5848 Disk - ok
10:17:18.0587 5848 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:17:18.0587 5848 drmkaud - ok
10:17:18.0634 5848 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
10:17:18.0634 5848 DXGKrnl - ok
10:17:18.0696 5848 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:17:18.0712 5848 ebdrv - ok
10:17:18.0743 5848 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:17:18.0743 5848 elxstor - ok
10:17:18.0758 5848 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
10:17:18.0758 5848 ErrDev - ok
10:17:18.0790 5848 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:17:18.0790 5848 exfat - ok
10:17:18.0805 5848 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:17:18.0805 5848 fastfat - ok
10:17:18.0836 5848 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:17:18.0836 5848 fdc - ok
10:17:18.0852 5848 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:17:18.0852 5848 FileInfo - ok
10:17:18.0868 5848 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:17:18.0868 5848 Filetrace - ok
10:17:18.0899 5848 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:17:18.0899 5848 flpydisk - ok
10:17:18.0914 5848 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
10:17:18.0914 5848 FltMgr - ok
10:17:18.0930 5848 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:17:18.0930 5848 FsDepends - ok
10:17:18.0946 5848 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:17:18.0946 5848 Fs_Rec - ok
10:17:18.0992 5848 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:17:18.0992 5848 fvevol - ok
10:17:19.0008 5848 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:17:19.0008 5848 gagp30kx - ok
10:17:19.0024 5848 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:17:19.0024 5848 hcw85cir - ok
10:17:19.0055 5848 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:17:19.0055 5848 HDAudBus - ok
10:17:19.0070 5848 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:17:19.0070 5848 HidBatt - ok
10:17:19.0070 5848 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:17:19.0086 5848 HidBth - ok
10:17:19.0102 5848 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:17:19.0102 5848 HidIr - ok
10:17:19.0148 5848 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
10:17:19.0148 5848 HidUsb - ok
10:17:19.0164 5848 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
10:17:19.0180 5848 HpSAMD - ok
10:17:19.0195 5848 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
10:17:19.0195 5848 HTTP - ok
10:17:19.0211 5848 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
10:17:19.0211 5848 hwpolicy - ok
10:17:19.0242 5848 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:17:19.0242 5848 i8042prt - ok
10:17:19.0273 5848 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
10:17:19.0273 5848 iaStor - ok
10:17:19.0320 5848 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
10:17:19.0320 5848 iaStorV - ok
10:17:19.0336 5848 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:17:19.0336 5848 iirsp - ok
10:17:19.0398 5848 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
10:17:19.0414 5848 IntcAzAudAddService - ok
10:17:19.0429 5848 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
10:17:19.0429 5848 intelide - ok
10:17:19.0445 5848 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:17:19.0445 5848 intelppm - ok
10:17:19.0445 5848 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:17:19.0445 5848 IpFilterDriver - ok
10:17:19.0476 5848 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:17:19.0476 5848 IPMIDRV - ok
10:17:19.0492 5848 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:17:19.0492 5848 IPNAT - ok
10:17:19.0507 5848 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:17:19.0507 5848 IRENUM - ok
10:17:19.0523 5848 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
10:17:19.0523 5848 isapnp - ok
10:17:19.0538 5848 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
10:17:19.0538 5848 iScsiPrt - ok
10:17:19.0585 5848 k57nd60a (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys
10:17:19.0585 5848 k57nd60a - ok
10:17:19.0616 5848 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:17:19.0632 5848 kbdclass - ok
10:17:19.0632 5848 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
10:17:19.0632 5848 kbdhid - ok
10:17:19.0648 5848 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
10:17:19.0648 5848 KSecDD - ok
10:17:19.0679 5848 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
10:17:19.0679 5848 KSecPkg - ok
10:17:19.0694 5848 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:17:19.0694 5848 ksthunk - ok
10:17:19.0710 5848 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:17:19.0710 5848 lltdio - ok
10:17:19.0741 5848 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:17:19.0741 5848 LSI_FC - ok
10:17:19.0741 5848 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:17:19.0741 5848 LSI_SAS - ok
10:17:19.0757 5848 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:17:19.0757 5848 LSI_SAS2 - ok
10:17:19.0772 5848 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:17:19.0772 5848 LSI_SCSI - ok
10:17:19.0804 5848 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:17:19.0804 5848 luafv - ok
10:17:19.0819 5848 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:17:19.0819 5848 megasas - ok
10:17:19.0835 5848 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:17:19.0835 5848 MegaSR - ok
10:17:19.0850 5848 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:17:19.0850 5848 Modem - ok
10:17:19.0897 5848 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:17:19.0897 5848 monitor - ok
10:17:19.0913 5848 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:17:19.0913 5848 mouclass - ok
10:17:19.0928 5848 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:17:19.0928 5848 mouhid - ok
10:17:19.0928 5848 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
10:17:19.0928 5848 mountmgr - ok
10:17:19.0944 5848 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
10:17:19.0944 5848 mpio - ok
10:17:19.0944 5848 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:17:19.0944 5848 mpsdrv - ok
10:17:19.0975 5848 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
10:17:19.0975 5848 MRxDAV - ok
10:17:20.0006 5848 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:17:20.0006 5848 mrxsmb - ok
10:17:20.0038 5848 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:17:20.0038 5848 mrxsmb10 - ok
10:17:20.0069 5848 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:17:20.0069 5848 mrxsmb20 - ok
10:17:20.0084 5848 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
10:17:20.0084 5848 msahci - ok
10:17:20.0084 5848 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
10:17:20.0084 5848 msdsm - ok
10:17:20.0100 5848 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:17:20.0100 5848 Msfs - ok
10:17:20.0116 5848 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:17:20.0116 5848 mshidkmdf - ok
10:17:20.0131 5848 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
10:17:20.0131 5848 msisadrv - ok
10:17:20.0147 5848 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:17:20.0147 5848 MSKSSRV - ok
10:17:20.0162 5848 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:17:20.0162 5848 MSPCLOCK - ok
10:17:20.0162 5848 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:17:20.0162 5848 MSPQM - ok
10:17:20.0178 5848 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
10:17:20.0178 5848 MsRPC - ok
10:17:20.0194 5848 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
10:17:20.0194 5848 mssmbios - ok
10:17:20.0209 5848 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:17:20.0225 5848 MSTEE - ok
10:17:20.0225 5848 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:17:20.0225 5848 MTConfig - ok
10:17:20.0240 5848 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:17:20.0240 5848 Mup - ok
10:17:20.0272 5848 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:17:20.0272 5848 NativeWifiP - ok
10:17:20.0287 5848 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
10:17:20.0303 5848 NDIS - ok
10:17:20.0303 5848 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:17:20.0318 5848 NdisCap - ok
10:17:20.0318 5848 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:17:20.0318 5848 NdisTapi - ok
10:17:20.0334 5848 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
10:17:20.0334 5848 Ndisuio - ok
10:17:20.0350 5848 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:17:20.0350 5848 NdisWan - ok
10:17:20.0365 5848 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
10:17:20.0365 5848 NDProxy - ok
10:17:20.0381 5848 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:17:20.0381 5848 NetBIOS - ok
10:17:20.0396 5848 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
10:17:20.0396 5848 NetBT - ok
10:17:20.0412 5848 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:17:20.0412 5848 nfrd960 - ok
10:17:20.0428 5848 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:17:20.0428 5848 Npfs - ok
10:17:20.0443 5848 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:17:20.0443 5848 nsiproxy - ok
10:17:20.0506 5848 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
10:17:20.0506 5848 Ntfs - ok
10:17:20.0521 5848 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:17:20.0521 5848 Null - ok
10:17:20.0693 5848 nvlddmkm (51bd7ef17f0b525994ad5b3748c8288b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:17:20.0740 5848 nvlddmkm - ok
10:17:20.0771 5848 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
10:17:20.0771 5848 nvraid - ok
10:17:20.0786 5848 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
10:17:20.0786 5848 nvstor - ok
10:17:20.0802 5848 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
10:17:20.0802 5848 nv_agp - ok
10:17:20.0849 5848 OA002Afx (226d2c0e1aa9040646d6b158fd344046) C:\Windows\system32\Drivers\OA002Afx.sys
10:17:20.0849 5848 OA002Afx - ok
10:17:20.0864 5848 OA002Ufd (706f5504af9f28c8641dab5eddfde03b) C:\Windows\system32\DRIVERS\OA002Ufd.sys
10:17:20.0864 5848 OA002Ufd - ok
10:17:20.0880 5848 OA002Vid (2ce066adca145892715f1df163d879da) C:\Windows\system32\DRIVERS\OA002Vid.sys
10:17:20.0880 5848 OA002Vid - ok
10:17:20.0896 5848 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
10:17:20.0896 5848 ohci1394 - ok
10:17:20.0911 5848 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:17:20.0911 5848 Parport - ok
10:17:20.0927 5848 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
10:17:20.0927 5848 partmgr - ok
10:17:20.0942 5848 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
10:17:20.0942 5848 pci - ok
10:17:20.0958 5848 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
10:17:20.0958 5848 pciide - ok
10:17:20.0974 5848 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:17:20.0974 5848 pcmcia - ok
10:17:20.0989 5848 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:17:20.0989 5848 pcw - ok
10:17:21.0005 5848 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:17:21.0020 5848 PEAUTH - ok
10:17:21.0052 5848 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
10:17:21.0052 5848 PptpMiniport - ok
10:17:21.0083 5848 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:17:21.0083 5848 Processor - ok
10:17:21.0098 5848 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
10:17:21.0098 5848 Psched - ok
10:17:21.0130 5848 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:17:21.0130 5848 PxHlpa64 - ok
10:17:21.0161 5848 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:17:21.0176 5848 ql2300 - ok
10:17:21.0192 5848 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:17:21.0192 5848 ql40xx - ok
10:17:21.0208 5848 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:17:21.0208 5848 QWAVEdrv - ok
10:17:21.0223 5848 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:17:21.0223 5848 RasAcd - ok
10:17:21.0239 5848 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:17:21.0239 5848 RasAgileVpn - ok
10:17:21.0239 5848 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:17:21.0254 5848 Rasl2tp - ok
10:17:21.0270 5848 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:17:21.0270 5848 RasPppoe - ok
10:17:21.0286 5848 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:17:21.0286 5848 RasSstp - ok
10:17:21.0301 5848 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
10:17:21.0301 5848 rdbss - ok
10:17:21.0301 5848 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:17:21.0301 5848 rdpbus - ok
10:17:21.0317 5848 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:17:21.0317 5848 RDPCDD - ok
10:17:21.0364 5848 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
10:17:21.0364 5848 RDPDR - ok
10:17:21.0379 5848 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:17:21.0379 5848 RDPENCDD - ok
10:17:21.0379 5848 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:17:21.0379 5848 RDPREFMP - ok
10:17:21.0410 5848 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
10:17:21.0410 5848 RDPWD - ok
10:17:21.0426 5848 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
10:17:21.0426 5848 rdyboost - ok
10:17:21.0457 5848 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:17:21.0457 5848 rspndr - ok
10:17:21.0488 5848 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
10:17:21.0488 5848 s3cap - ok
10:17:21.0504 5848 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
10:17:21.0504 5848 sbp2port - ok
10:17:21.0520 5848 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
10:17:21.0520 5848 scfilter - ok
10:17:21.0535 5848 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:17:21.0535 5848 secdrv - ok
10:17:21.0566 5848 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:17:21.0566 5848 Serenum - ok
10:17:21.0582 5848 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:17:21.0582 5848 Serial - ok
10:17:21.0598 5848 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:17:21.0598 5848 sermouse - ok
10:17:21.0629 5848 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
10:17:21.0629 5848 sffdisk - ok
10:17:21.0676 5848 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:17:21.0676 5848 sffp_mmc - ok
10:17:21.0707 5848 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:17:21.0707 5848 sffp_sd - ok
10:17:21.0722 5848 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:17:21.0722 5848 sfloppy - ok
10:17:21.0754 5848 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:17:21.0754 5848 SiSRaid2 - ok
10:17:21.0769 5848 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:17:21.0769 5848 SiSRaid4 - ok
10:17:21.0785 5848 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:17:21.0785 5848 Smb - ok
10:17:21.0800 5848 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:17:21.0800 5848 spldr - ok
10:17:21.0863 5848 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
10:17:21.0863 5848 srv - ok
10:17:21.0878 5848 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
10:17:21.0878 5848 srv2 - ok
10:17:21.0910 5848 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
10:17:21.0910 5848 srvnet - ok
10:17:21.0910 5848 StarOpen - ok
10:17:21.0925 5848 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:17:21.0925 5848 stexstor - ok
10:17:21.0972 5848 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
10:17:21.0972 5848 storflt - ok
10:17:21.0988 5848 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
10:17:21.0988 5848 storvsc - ok
10:17:22.0019 5848 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
10:17:22.0019 5848 swenum - ok
10:17:22.0081 5848 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
10:17:22.0097 5848 Tcpip - ok
10:17:22.0128 5848 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
10:17:22.0128 5848 TCPIP6 - ok
10:17:22.0144 5848 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
10:17:22.0144 5848 tcpipreg - ok
10:17:22.0175 5848 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:17:22.0175 5848 TDPIPE - ok
10:17:22.0175 5848 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:17:22.0175 5848 TDTCP - ok
10:17:22.0190 5848 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
10:17:22.0190 5848 tdx - ok
10:17:22.0206 5848 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
10:17:22.0206 5848 TermDD - ok
10:17:22.0237 5848 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:17:22.0237 5848 tssecsrv - ok
10:17:22.0253 5848 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
10:17:22.0253 5848 tunnel - ok
10:17:22.0268 5848 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:17:22.0268 5848 uagp35 - ok
10:17:22.0300 5848 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
10:17:22.0300 5848 udfs - ok
10:17:22.0315 5848 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
10:17:22.0315 5848 uliagpkx - ok
10:17:22.0315 5848 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
10:17:22.0315 5848 umbus - ok
10:17:22.0331 5848 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:17:22.0331 5848 UmPass - ok
10:17:22.0362 5848 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
10:17:22.0362 5848 usbaudio - ok
10:17:22.0409 5848 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
10:17:22.0409 5848 usbccgp - ok
10:17:22.0456 5848 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
10:17:22.0456 5848 usbcir - ok
10:17:22.0487 5848 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
10:17:22.0487 5848 usbehci - ok
10:17:22.0518 5848 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
10:17:22.0518 5848 usbhub - ok
10:17:22.0534 5848 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
10:17:22.0534 5848 usbohci - ok
10:17:22.0549 5848 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:17:22.0549 5848 usbprint - ok
10:17:22.0565 5848 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:17:22.0565 5848 USBSTOR - ok
10:17:22.0580 5848 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
10:17:22.0580 5848 usbuhci - ok
10:17:22.0627 5848 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
10:17:22.0627 5848 usbvideo - ok
10:17:22.0643 5848 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
10:17:22.0643 5848 vdrvroot - ok
10:17:22.0658 5848 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:17:22.0658 5848 vga - ok
10:17:22.0674 5848 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:17:22.0674 5848 VgaSave - ok
10:17:22.0690 5848 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
10:17:22.0690 5848 vhdmp - ok
10:17:22.0705 5848 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
10:17:22.0705 5848 viaide - ok
10:17:22.0736 5848 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
10:17:22.0736 5848 vmbus - ok
10:17:22.0768 5848 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
10:17:22.0768 5848 VMBusHID - ok
10:17:22.0799 5848 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
10:17:22.0799 5848 volmgr - ok
10:17:22.0814 5848 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
10:17:22.0814 5848 volmgrx - ok
10:17:22.0846 5848 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
10:17:22.0846 5848 volsnap - ok
10:17:22.0861 5848 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:17:22.0861 5848 vsmraid - ok
10:17:22.0877 5848 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:17:22.0877 5848 vwifibus - ok
10:17:22.0892 5848 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:17:22.0892 5848 vwififlt - ok
10:17:22.0892 5848 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:17:22.0908 5848 vwifimp - ok
10:17:22.0924 5848 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:17:22.0924 5848 WacomPen - ok
10:17:22.0939 5848 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:17:22.0939 5848 WANARP - ok
10:17:22.0939 5848 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:17:22.0939 5848 Wanarpv6 - ok
10:17:22.0970 5848 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:17:22.0970 5848 Wd - ok
10:17:22.0986 5848 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:17:23.0002 5848 Wdf01000 - ok
10:17:23.0017 5848 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:17:23.0017 5848 WfpLwf - ok
10:17:23.0033 5848 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:17:23.0033 5848 WIMMount - ok
10:17:23.0080 5848 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:17:23.0080 5848 WmiAcpi - ok
10:17:23.0111 5848 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:17:23.0111 5848 ws2ifsl - ok
10:17:23.0126 5848 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
10:17:23.0126 5848 WudfPf - ok
10:17:23.0142 5848 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:17:23.0142 5848 WUDFRd - ok
10:17:23.0251 5848 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
10:17:23.0251 5848 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
10:17:23.0267 5848 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
10:17:23.0345 5848 \Device\Harddisk0\DR0 - ok
10:17:23.0345 5848 Boot (0x1200) (a5c682221bb3be9ca89446427c662f59) \Device\Harddisk0\DR0\Partition0
10:17:23.0345 5848 \Device\Harddisk0\DR0\Partition0 - ok
10:17:23.0376 5848 Boot (0x1200) (78d9b7da3fb3aea9283e388faf2c2666) \Device\Harddisk0\DR0\Partition1
10:17:23.0376 5848 \Device\Harddisk0\DR0\Partition1 - ok
10:17:23.0376 5848 ============================================================
10:17:23.0376 5848 Scan finished
10:17:23.0376 5848 ============================================================
10:17:23.0376 5860 Detected object count: 0
10:17:23.0376 5860 Actual detected object count: 0