Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with tdss & google keeps redirecting


  • This topic is locked This topic is locked
9 replies to this topic

#1 Josh Kittrell

Josh Kittrell

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 11 April 2012 - 09:06 PM

I have been having issues with the bsod while using the internet. I have tried using avg, mbam, and sas with no good results. So far I have uninstalled mbam and used a cleaning program. I am not getting the bsod while using the internet anymore but I am still getting redirection on google. I want to have a good antivirus program as how obviously the three I stated above do not work. I have followed the prep guide and I will do my best to provide the info you guys need to help me. Here is a link to my original thread where I was directed to use the prep guide and post in here. http://www.bleepingcomputer.com/forums/topic449752.html/page__gopid__2661865#entry2661865. Thanks in advance.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Administrator at 20:13:18 on 2012-04-11
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2911.1707 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Lightspeed Systems\User Agent\UAService.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kitts\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.howardtechnology.com
uDefault_Page_URL = hxxp://www.howardtechnology.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_Plugin.exe -update plugin
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Conime] %windir%\system32\conime.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRunOnce: [AvgRemover] c:\users\kitts\downloads\avg_remover_stf_x86_2012_1796.exe /run_number=2 /avgdir="c:\program files\avg\avg2012\" /avgdatadir="c:\programdata\avg2012\"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B4988A11-9CE1-46E6-BC34-CFD1B01C3D39} : DhcpNameServer = 10.203.108.20 10.203.102.20
TCP: Interfaces\{C7BB9AB8-08BC-4740-AD3D-153942DDD4BA} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C7BB9AB8-08BC-4740-AD3D-153942DDD4BA}\05354402D202055726C69636 : DhcpNameServer = 10.203.108.20 10.203.1.20
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\9q97rw2q.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRLPrint.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672]
R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2011-5-26 826896]
R2 UAService;User Agent Service;c:\program files\lightspeed systems\user agent\UAService.exe [2010-3-3 382328]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-8-3 9344]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-6-6 62464]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-6 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2011-6-6 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-27 1343400]
.
=============== Created Last 30 ================
.
2012-04-06 22:11:19 -------- d-----w- c:\users\administrator\appdata\roaming\SUPERAntiSpyware.com
2012-04-06 22:10:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-06 22:10:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-03 23:39:01 -------- d--h--w- C:\$AVG
2012-03-26 19:58:38 -------- d-----w- c:\program files\The KMPlayer
.
==================== Find3M ====================
.
.
============= FINISH: 20:14:37.69 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:37 PM

Posted 11 April 2012 - 09:24 PM

Hello Josh Kittrell,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


I want to have a good antivirus program as how obviously the three I stated above do not work.

No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. Just because one anti-virus detected threats that another missed, does not mean its more effective. The security community is in a constant state of change as new infections appear and it takes time for them to be reported, samples collected, analyzed, and tested by anti-vendors. Security vendors use different scanning engines and different detection methods such as heuristic analysis or behavioral analysis which can account for discrepancies in scanning outcomes. Depending on how often the anti-virus database is updated can also account for differences in threat detections.

Further, each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense, safe computing and safe surfing habits provides the most complete protection.

SuperASW finds 200 more

The detections most likely included a lot of tracking cookies which are not a threat.

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Josh Kittrell

Josh Kittrell
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 11 April 2012 - 11:04 PM

I don't think the combofix ran correctly as there was no text file afterwards. Here is the tdss text

21:41:37.0890 4380 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
21:41:39.0892 4380 ============================================================
21:41:39.0893 4380 Current date / time: 2012/04/11 21:41:39.0892
21:41:39.0893 4380 SystemInfo:
21:41:39.0893 4380
21:41:39.0893 4380 OS Version: 6.1.7601 ServicePack: 1.0
21:41:39.0893 4380 Product type: Workstation
21:41:39.0893 4380 ComputerName: KITTRELL
21:41:39.0893 4380 UserName: Administrator
21:41:39.0893 4380 Windows directory: C:\Windows
21:41:39.0893 4380 System windows directory: C:\Windows
21:41:39.0893 4380 Processor architecture: Intel x86
21:41:39.0893 4380 Number of processors: 2
21:41:39.0893 4380 Page size: 0x1000
21:41:39.0893 4380 Boot type: Normal boot
21:41:39.0893 4380 ============================================================
21:41:41.0008 4380 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:41:41.0010 4380 \Device\Harddisk0\DR0:
21:41:41.0010 4380 MBR used
21:41:41.0010 4380 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:41:41.0010 4380 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
21:41:41.0035 4380 Initialize success
21:41:41.0035 4380 ============================================================
21:41:44.0385 3312 ============================================================
21:41:44.0385 3312 Scan started
21:41:44.0385 3312 Mode: Manual;
21:41:44.0385 3312 ============================================================
21:41:47.0385 3312 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:41:47.0387 3312 !SASCORE - ok
21:41:47.0654 3312 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:41:47.0656 3312 1394ohci - ok
21:41:47.0882 3312 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:41:47.0884 3312 ACPI - ok
21:41:48.0101 3312 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:41:48.0102 3312 AcpiPmi - ok
21:41:48.0356 3312 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:41:48.0357 3312 AdobeARMservice - ok
21:41:48.0788 3312 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
21:41:48.0797 3312 adp94xx - ok
21:41:48.0990 3312 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
21:41:48.0995 3312 adpahci - ok
21:41:49.0102 3312 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
21:41:49.0105 3312 adpu320 - ok
21:41:49.0220 3312 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:41:49.0221 3312 AeLookupSvc - ok
21:41:49.0424 3312 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:41:49.0428 3312 AFD - ok
21:41:49.0572 3312 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:41:49.0574 3312 agp440 - ok
21:41:49.0679 3312 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
21:41:49.0681 3312 aic78xx - ok
21:41:49.0748 3312 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:41:49.0749 3312 ALG - ok
21:41:49.0828 3312 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:41:49.0829 3312 aliide - ok
21:41:49.0873 3312 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:41:49.0874 3312 amdagp - ok
21:41:50.0006 3312 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:41:50.0008 3312 amdide - ok
21:41:50.0118 3312 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
21:41:50.0120 3312 AmdK8 - ok
21:41:50.0142 3312 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
21:41:50.0144 3312 AmdPPM - ok
21:41:50.0255 3312 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:41:50.0258 3312 amdsata - ok
21:41:50.0712 3312 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
21:41:50.0716 3312 amdsbs - ok
21:41:50.0750 3312 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:41:50.0751 3312 amdxata - ok
21:41:50.0825 3312 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:41:50.0826 3312 AppID - ok
21:41:50.0886 3312 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:41:50.0887 3312 AppIDSvc - ok
21:41:50.0930 3312 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:41:50.0931 3312 Appinfo - ok
21:41:51.0007 3312 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
21:41:51.0011 3312 AppMgmt - ok
21:41:51.0135 3312 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
21:41:51.0137 3312 arc - ok
21:41:51.0161 3312 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
21:41:51.0164 3312 arcsas - ok
21:41:51.0374 3312 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:41:51.0376 3312 aspnet_state - ok
21:41:51.0465 3312 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:41:51.0465 3312 AsyncMac - ok
21:41:51.0492 3312 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:41:51.0492 3312 atapi - ok
21:41:51.0658 3312 athr (614a60aee03a6151fdcbac295854a9cb) C:\Windows\system32\DRIVERS\athr.sys
21:41:51.0665 3312 athr - ok
21:41:51.0743 3312 Ati External Event Utility (86fb6b8ddbcb6e025ce8a90f77af1ff1) C:\Windows\system32\Ati2evxx.exe
21:41:51.0777 3312 Ati External Event Utility - ok
21:41:52.0083 3312 atikmdag (a23efb72057fed7128eb558866055fdf) C:\Windows\system32\DRIVERS\atikmdag.sys
21:41:52.0174 3312 atikmdag - ok
21:41:52.0240 3312 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:41:52.0261 3312 AudioEndpointBuilder - ok
21:41:52.0284 3312 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:41:52.0286 3312 Audiosrv - ok
21:41:52.0760 3312 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
21:41:52.0864 3312 AVGIDSAgent - ok
21:41:52.0975 3312 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
21:41:52.0976 3312 AVGIDSDriver - ok
21:41:53.0027 3312 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
21:41:53.0028 3312 AVGIDSEH - ok
21:41:53.0097 3312 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
21:41:53.0098 3312 AVGIDSFilter - ok
21:41:53.0275 3312 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
21:41:53.0276 3312 AVGIDSShim - ok
21:41:53.0657 3312 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
21:41:53.0658 3312 Avgldx86 - ok
21:41:53.0741 3312 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
21:41:53.0742 3312 Avgmfx86 - ok
21:41:53.0891 3312 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
21:41:53.0891 3312 Avgrkx86 - ok
21:41:54.0008 3312 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
21:41:54.0010 3312 Avgtdix - ok
21:41:54.0103 3312 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
21:41:54.0107 3312 avgwd - ok
21:41:54.0171 3312 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:41:54.0173 3312 AxInstSV - ok
21:41:54.0292 3312 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
21:41:54.0305 3312 b06bdrv - ok
21:41:54.0410 3312 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:41:54.0414 3312 b57nd60x - ok
21:41:54.0550 3312 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:41:54.0553 3312 BDESVC - ok
21:41:54.0672 3312 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:41:54.0672 3312 Beep - ok
21:41:54.0769 3312 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:41:54.0793 3312 BFE - ok
21:41:54.0884 3312 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
21:41:54.0907 3312 BITS - ok
21:41:55.0288 3312 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:41:55.0288 3312 blbdrive - ok
21:41:55.0473 3312 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:41:55.0473 3312 bowser - ok
21:41:55.0566 3312 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
21:41:55.0567 3312 BrFiltLo - ok
21:41:55.0605 3312 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
21:41:55.0622 3312 BrFiltUp - ok
21:41:55.0697 3312 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:41:55.0699 3312 Browser - ok
21:41:55.0770 3312 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:41:55.0774 3312 Brserid - ok
21:41:55.0947 3312 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:41:55.0949 3312 BrSerWdm - ok
21:41:56.0094 3312 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:41:56.0095 3312 BrUsbMdm - ok
21:41:56.0183 3312 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:41:56.0184 3312 BrUsbSer - ok
21:41:56.0272 3312 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
21:41:56.0275 3312 BTHMODEM - ok
21:41:56.0344 3312 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:41:56.0345 3312 bthserv - ok
21:41:56.0503 3312 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:41:56.0529 3312 cdfs - ok
21:41:56.0612 3312 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
21:41:56.0613 3312 cdrom - ok
21:41:56.0712 3312 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:41:56.0713 3312 CertPropSvc - ok
21:41:56.0884 3312 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
21:41:56.0886 3312 circlass - ok
21:41:56.0957 3312 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:41:56.0959 3312 CLFS - ok
21:41:57.0131 3312 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:41:57.0133 3312 clr_optimization_v2.0.50727_32 - ok
21:41:57.0240 3312 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:41:57.0242 3312 clr_optimization_v4.0.30319_32 - ok
21:41:57.0323 3312 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:41:57.0324 3312 CmBatt - ok
21:41:57.0373 3312 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:41:57.0375 3312 cmdide - ok
21:41:57.0451 3312 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
21:41:57.0455 3312 CNG - ok
21:41:57.0535 3312 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:41:57.0536 3312 Compbatt - ok
21:41:57.0624 3312 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:41:57.0625 3312 CompositeBus - ok
21:41:57.0736 3312 COMSysApp - ok
21:41:58.0001 3312 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
21:41:58.0003 3312 crcdisk - ok
21:41:58.0059 3312 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
21:41:58.0062 3312 CryptSvc - ok
21:41:58.0147 3312 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
21:41:58.0149 3312 CSC - ok
21:41:58.0244 3312 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
21:41:58.0262 3312 CscService - ok
21:41:58.0334 3312 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:41:58.0341 3312 DcomLaunch - ok
21:41:58.0366 3312 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:41:58.0370 3312 defragsvc - ok
21:41:58.0548 3312 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:41:58.0548 3312 DfsC - ok
21:41:59.0047 3312 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:41:59.0095 3312 Dhcp - ok
21:41:59.0443 3312 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:41:59.0444 3312 discache - ok
21:41:59.0637 3312 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
21:41:59.0638 3312 Disk - ok
21:41:59.0837 3312 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
21:41:59.0841 3312 dmvsc - ok
21:41:59.0945 3312 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:41:59.0948 3312 Dnscache - ok
21:42:00.0037 3312 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:42:00.0042 3312 dot3svc - ok
21:42:00.0089 3312 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:42:00.0092 3312 DPS - ok
21:42:00.0184 3312 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:42:00.0185 3312 drmkaud - ok
21:42:00.0551 3312 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:42:00.0558 3312 DXGKrnl - ok
21:42:00.0707 3312 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:42:00.0709 3312 EapHost - ok
21:42:00.0929 3312 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
21:42:01.0004 3312 ebdrv - ok
21:42:01.0186 3312 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
21:42:01.0189 3312 EFS - ok
21:42:01.0347 3312 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
21:42:01.0370 3312 ehRecvr - ok
21:42:01.0387 3312 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:42:01.0389 3312 ehSched - ok
21:42:01.0496 3312 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
21:42:01.0518 3312 elxstor - ok
21:42:01.0629 3312 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:42:01.0630 3312 ErrDev - ok
21:42:01.0815 3312 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:42:01.0822 3312 EventSystem - ok
21:42:01.0976 3312 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:42:01.0979 3312 exfat - ok
21:42:02.0090 3312 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:42:02.0093 3312 fastfat - ok
21:42:02.0198 3312 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:42:02.0218 3312 Fax - ok
21:42:02.0347 3312 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
21:42:02.0348 3312 fdc - ok
21:42:02.0384 3312 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:42:02.0385 3312 fdPHost - ok
21:42:02.0421 3312 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:42:02.0422 3312 FDResPub - ok
21:42:02.0555 3312 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:42:02.0556 3312 FileInfo - ok
21:42:02.0656 3312 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:42:02.0657 3312 Filetrace - ok
21:42:02.0761 3312 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
21:42:02.0762 3312 flpydisk - ok
21:42:02.0878 3312 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:42:02.0880 3312 FltMgr - ok
21:42:02.0960 3312 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
21:42:02.0983 3312 FontCache - ok
21:42:03.0080 3312 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:42:03.0081 3312 FontCache3.0.0.0 - ok
21:42:03.0249 3312 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:42:03.0250 3312 FsDepends - ok
21:42:03.0360 3312 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:42:03.0360 3312 Fs_Rec - ok
21:42:03.0540 3312 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:42:03.0542 3312 fvevol - ok
21:42:03.0717 3312 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
21:42:03.0719 3312 gagp30kx - ok
21:42:03.0797 3312 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:42:03.0820 3312 gpsvc - ok
21:42:03.0872 3312 gupdate - ok
21:42:04.0317 3312 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:42:04.0319 3312 hcw85cir - ok
21:42:04.0628 3312 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:42:04.0630 3312 HdAudAddService - ok
21:42:04.0686 3312 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:42:04.0687 3312 HDAudBus - ok
21:42:04.0749 3312 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
21:42:04.0750 3312 HidBatt - ok
21:42:04.0840 3312 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
21:42:04.0842 3312 HidBth - ok
21:42:04.0892 3312 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
21:42:04.0912 3312 HidIr - ok
21:42:05.0149 3312 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
21:42:05.0163 3312 hidserv - ok
21:42:05.0249 3312 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
21:42:05.0250 3312 HidUsb - ok
21:42:05.0305 3312 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:42:05.0307 3312 hkmsvc - ok
21:42:05.0363 3312 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:42:05.0367 3312 HomeGroupListener - ok
21:42:05.0417 3312 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:42:05.0421 3312 HomeGroupProvider - ok
21:42:05.0495 3312 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:42:05.0497 3312 HpSAMD - ok
21:42:05.0560 3312 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:42:05.0564 3312 HTTP - ok
21:42:05.0626 3312 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:42:05.0626 3312 hwpolicy - ok
21:42:05.0763 3312 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
21:42:05.0764 3312 i8042prt - ok
21:42:05.0882 3312 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:42:05.0887 3312 iaStorV - ok
21:42:06.0054 3312 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:42:06.0088 3312 idsvc - ok
21:42:06.0383 3312 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:42:06.0414 3312 igfx - ok
21:42:06.0668 3312 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
21:42:06.0669 3312 iirsp - ok
21:42:06.0716 3312 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:42:06.0750 3312 IKEEXT - ok
21:42:06.0846 3312 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:42:06.0848 3312 intelide - ok
21:42:06.0874 3312 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:42:06.0875 3312 intelppm - ok
21:42:07.0017 3312 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:42:07.0019 3312 IPBusEnum - ok
21:42:07.0112 3312 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:42:07.0113 3312 IpFilterDriver - ok
21:42:07.0194 3312 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:42:07.0196 3312 IPMIDRV - ok
21:42:07.0237 3312 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:42:07.0239 3312 IPNAT - ok
21:42:07.0360 3312 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:42:07.0361 3312 IRENUM - ok
21:42:07.0416 3312 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:42:07.0418 3312 isapnp - ok
21:42:07.0483 3312 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:42:07.0490 3312 iScsiPrt - ok
21:42:07.0632 3312 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:42:07.0632 3312 kbdclass - ok
21:42:07.0733 3312 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
21:42:07.0735 3312 kbdhid - ok
21:42:07.0776 3312 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
21:42:07.0777 3312 KeyIso - ok
21:42:07.0880 3312 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
21:42:07.0891 3312 Kodak AiO Network Discovery Service - ok
21:42:07.0985 3312 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
21:42:07.0986 3312 KSecDD - ok
21:42:08.0141 3312 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
21:42:08.0142 3312 KSecPkg - ok
21:42:08.0216 3312 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:42:08.0222 3312 KtmRm - ok
21:42:08.0344 3312 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
21:42:08.0348 3312 LanmanServer - ok
21:42:08.0435 3312 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:42:08.0439 3312 LanmanWorkstation - ok
21:42:08.0565 3312 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:42:08.0566 3312 lltdio - ok
21:42:08.0627 3312 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:42:08.0631 3312 lltdsvc - ok
21:42:08.0752 3312 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:42:08.0754 3312 lmhosts - ok
21:42:08.0852 3312 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
21:42:08.0855 3312 LSI_FC - ok
21:42:09.0392 3312 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
21:42:09.0414 3312 LSI_SAS - ok
21:42:09.0652 3312 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
21:42:09.0654 3312 LSI_SAS2 - ok
21:42:09.0861 3312 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
21:42:09.0863 3312 LSI_SCSI - ok
21:42:09.0917 3312 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:42:09.0917 3312 luafv - ok
21:42:10.0066 3312 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
21:42:10.0069 3312 Mcx2Svc - ok
21:42:10.0181 3312 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
21:42:10.0187 3312 MDM - ok
21:42:10.0302 3312 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
21:42:10.0304 3312 megasas - ok
21:42:10.0400 3312 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
21:42:10.0404 3312 MegaSR - ok
21:42:10.0531 3312 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:42:10.0533 3312 Microsoft Office Groove Audit Service - ok
21:42:10.0979 3312 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:42:11.0003 3312 MMCSS - ok
21:42:11.0112 3312 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:42:11.0114 3312 Modem - ok
21:42:11.0231 3312 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:42:11.0232 3312 monitor - ok
21:42:11.0322 3312 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:42:11.0322 3312 mouclass - ok
21:42:11.0434 3312 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:42:11.0435 3312 mouhid - ok
21:42:11.0547 3312 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:42:11.0548 3312 mountmgr - ok
21:42:11.0637 3312 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:42:11.0639 3312 mpio - ok
21:42:11.0730 3312 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:42:11.0731 3312 mpsdrv - ok
21:42:11.0758 3312 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:42:11.0760 3312 MRxDAV - ok
21:42:11.0868 3312 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:42:11.0870 3312 mrxsmb - ok
21:42:11.0928 3312 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:42:11.0930 3312 mrxsmb10 - ok
21:42:12.0114 3312 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:42:12.0115 3312 mrxsmb20 - ok
21:42:12.0320 3312 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:42:12.0321 3312 msahci - ok
21:42:12.0515 3312 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:42:12.0537 3312 msdsm - ok
21:42:12.0948 3312 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:42:12.0951 3312 MSDTC - ok
21:42:13.0094 3312 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:42:13.0095 3312 Msfs - ok
21:42:13.0229 3312 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:42:13.0230 3312 mshidkmdf - ok
21:42:13.0271 3312 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:42:13.0272 3312 msisadrv - ok
21:42:13.0325 3312 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:42:13.0329 3312 MSiSCSI - ok
21:42:13.0408 3312 msiserver - ok
21:42:13.0565 3312 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:42:13.0566 3312 MSKSSRV - ok
21:42:13.0710 3312 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:42:13.0711 3312 MSPCLOCK - ok
21:42:13.0766 3312 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:42:13.0791 3312 MSPQM - ok
21:42:13.0890 3312 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:42:13.0892 3312 MsRPC - ok
21:42:13.0987 3312 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
21:42:13.0988 3312 mssmbios - ok
21:42:14.0056 3312 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:42:14.0057 3312 MSTEE - ok
21:42:14.0156 3312 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
21:42:14.0158 3312 MTConfig - ok
21:42:14.0224 3312 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:42:14.0225 3312 Mup - ok
21:42:14.0591 3312 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:42:14.0597 3312 napagent - ok
21:42:14.0707 3312 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:42:14.0708 3312 NativeWifiP - ok
21:42:14.0930 3312 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:42:14.0934 3312 NDIS - ok
21:42:15.0021 3312 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:42:15.0023 3312 NdisCap - ok
21:42:15.0063 3312 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:42:15.0064 3312 NdisTapi - ok
21:42:15.0129 3312 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:42:15.0130 3312 Ndisuio - ok
21:42:15.0232 3312 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:42:15.0233 3312 NdisWan - ok
21:42:15.0339 3312 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:42:15.0340 3312 NDProxy - ok
21:42:15.0357 3312 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:42:15.0358 3312 NetBIOS - ok
21:42:15.0514 3312 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:42:15.0516 3312 NetBT - ok
21:42:15.0566 3312 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
21:42:15.0568 3312 Netlogon - ok
21:42:15.0626 3312 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:42:15.0632 3312 Netman - ok
21:42:15.0709 3312 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:42:15.0712 3312 NetMsmqActivator - ok
21:42:15.0720 3312 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:42:15.0721 3312 NetPipeActivator - ok
21:42:15.0800 3312 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:42:15.0807 3312 netprofm - ok
21:42:15.0898 3312 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:42:15.0899 3312 NetTcpActivator - ok
21:42:15.0905 3312 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:42:15.0908 3312 NetTcpPortSharing - ok
21:42:16.0007 3312 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
21:42:16.0009 3312 nfrd960 - ok
21:42:16.0159 3312 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:42:16.0164 3312 NlaSvc - ok
21:42:16.0262 3312 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:42:16.0263 3312 Npfs - ok
21:42:16.0309 3312 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:42:16.0312 3312 nsi - ok
21:42:16.0397 3312 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:42:16.0398 3312 nsiproxy - ok
21:42:16.0787 3312 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:42:16.0796 3312 Ntfs - ok
21:42:16.0881 3312 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:42:16.0881 3312 Null - ok
21:42:16.0916 3312 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:42:16.0919 3312 nvraid - ok
21:42:16.0986 3312 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:42:16.0989 3312 nvstor - ok
21:42:17.0026 3312 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:42:17.0029 3312 nv_agp - ok
21:42:17.0097 3312 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:42:17.0119 3312 odserv - ok
21:42:17.0307 3312 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:42:17.0309 3312 ohci1394 - ok
21:42:17.0453 3312 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:42:17.0457 3312 ose - ok
21:42:17.0539 3312 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:42:17.0544 3312 p2pimsvc - ok
21:42:17.0584 3312 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:42:17.0591 3312 p2psvc - ok
21:42:17.0697 3312 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
21:42:17.0699 3312 Parport - ok
21:42:17.0793 3312 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
21:42:17.0794 3312 partmgr - ok
21:42:17.0885 3312 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
21:42:17.0886 3312 Parvdm - ok
21:42:17.0931 3312 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:42:17.0935 3312 PcaSvc - ok
21:42:18.0143 3312 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:42:18.0145 3312 pci - ok
21:42:18.0209 3312 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:42:18.0210 3312 pciide - ok
21:42:18.0560 3312 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
21:42:18.0566 3312 pcmcia - ok
21:42:18.0738 3312 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:42:18.0739 3312 pcw - ok
21:42:18.0933 3312 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:42:18.0937 3312 PEAUTH - ok
21:42:18.0991 3312 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
21:42:19.0013 3312 PeerDistSvc - ok
21:42:19.0114 3312 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:42:19.0159 3312 pla - ok
21:42:19.0204 3312 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:42:19.0211 3312 PlugPlay - ok
21:42:19.0288 3312 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:42:19.0290 3312 PNRPAutoReg - ok
21:42:19.0339 3312 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:42:19.0342 3312 PNRPsvc - ok
21:42:19.0765 3312 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:42:19.0770 3312 PolicyAgent - ok
21:42:19.0927 3312 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:42:19.0931 3312 Power - ok
21:42:20.0004 3312 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:42:20.0005 3312 PptpMiniport - ok
21:42:20.0083 3312 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
21:42:20.0084 3312 Processor - ok
21:42:20.0146 3312 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
21:42:20.0150 3312 ProfSvc - ok
21:42:20.0189 3312 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
21:42:20.0190 3312 ProtectedStorage - ok
21:42:20.0329 3312 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:42:20.0330 3312 Psched - ok
21:42:20.0862 3312 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
21:42:20.0895 3312 ql2300 - ok
21:42:21.0066 3312 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
21:42:21.0069 3312 ql40xx - ok
21:42:21.0374 3312 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:42:21.0379 3312 QWAVE - ok
21:42:21.0558 3312 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:42:21.0560 3312 QWAVEdrv - ok
21:42:21.0643 3312 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:42:21.0645 3312 RasAcd - ok
21:42:21.0822 3312 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:42:21.0822 3312 RasAgileVpn - ok
21:42:21.0926 3312 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:42:21.0955 3312 RasAuto - ok
21:42:22.0104 3312 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:42:22.0105 3312 Rasl2tp - ok
21:42:22.0265 3312 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:42:22.0285 3312 RasMan - ok
21:42:22.0814 3312 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:42:22.0815 3312 RasPppoe - ok
21:42:23.0001 3312 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:42:23.0002 3312 RasSstp - ok
21:42:23.0259 3312 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:42:23.0261 3312 rdbss - ok
21:42:23.0678 3312 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:42:23.0679 3312 rdpbus - ok
21:42:23.0924 3312 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:42:23.0924 3312 RDPCDD - ok
21:42:24.0110 3312 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
21:42:24.0113 3312 RDPDR - ok
21:42:24.0309 3312 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:42:24.0310 3312 RDPENCDD - ok
21:42:24.0474 3312 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:42:24.0474 3312 RDPREFMP - ok
21:42:24.0649 3312 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
21:42:24.0653 3312 RDPWD - ok
21:42:25.0123 3312 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:42:25.0126 3312 rdyboost - ok
21:42:25.0214 3312 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:42:25.0217 3312 RemoteAccess - ok
21:42:25.0256 3312 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:42:25.0259 3312 RemoteRegistry - ok
21:42:25.0301 3312 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:42:25.0304 3312 RpcEptMapper - ok
21:42:25.0346 3312 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:42:25.0348 3312 RpcLocator - ok
21:42:25.0415 3312 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:42:25.0419 3312 RpcSs - ok
21:42:25.0487 3312 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:42:25.0488 3312 rspndr - ok
21:42:25.0556 3312 RTL8023xp (4e20765744bfbc16f6d6e5bd5598786b) C:\Windows\system32\DRIVERS\Rtnicxp.sys
21:42:25.0558 3312 RTL8023xp - ok
21:42:25.0619 3312 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
21:42:25.0621 3312 s3cap - ok
21:42:25.0723 3312 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
21:42:25.0724 3312 SamSs - ok
21:42:25.0781 3312 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:42:25.0782 3312 SASDIFSV - ok
21:42:25.0792 3312 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:42:25.0792 3312 SASKUTIL - ok
21:42:25.0893 3312 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:42:25.0895 3312 sbp2port - ok
21:42:25.0943 3312 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:42:25.0947 3312 SCardSvr - ok
21:42:26.0025 3312 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:42:26.0027 3312 scfilter - ok
21:42:26.0082 3312 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:42:26.0116 3312 Schedule - ok
21:42:26.0193 3312 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:42:26.0194 3312 SCPolicySvc - ok
21:42:26.0361 3312 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\DRIVERS\sdbus.sys
21:42:26.0362 3312 sdbus - ok
21:42:26.0421 3312 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:42:26.0425 3312 SDRSVC - ok
21:42:26.0512 3312 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:42:26.0512 3312 secdrv - ok
21:42:26.0564 3312 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:42:26.0566 3312 seclogon - ok
21:42:26.0599 3312 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
21:42:26.0601 3312 SENS - ok
21:42:26.0643 3312 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:42:26.0645 3312 SensrSvc - ok
21:42:26.0712 3312 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
21:42:26.0713 3312 Serenum - ok
21:42:26.0873 3312 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
21:42:26.0875 3312 Serial - ok
21:42:26.0947 3312 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
21:42:26.0949 3312 sermouse - ok
21:42:27.0074 3312 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:42:27.0078 3312 SessionEnv - ok
21:42:27.0234 3312 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
21:42:27.0235 3312 SFEP - ok
21:42:27.0329 3312 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:42:27.0330 3312 sffdisk - ok
21:42:27.0344 3312 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:42:27.0345 3312 sffp_mmc - ok
21:42:27.0359 3312 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:42:27.0362 3312 sffp_sd - ok
21:42:27.0462 3312 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
21:42:27.0464 3312 sfloppy - ok
21:42:27.0919 3312 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:42:27.0925 3312 SharedAccess - ok
21:42:28.0127 3312 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:42:28.0205 3312 ShellHWDetection - ok
21:42:28.0842 3312 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:42:28.0844 3312 sisagp - ok
21:42:29.0031 3312 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
21:42:29.0049 3312 SiSRaid2 - ok
21:42:29.0082 3312 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
21:42:29.0085 3312 SiSRaid4 - ok
21:42:29.0170 3312 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:42:29.0172 3312 Smb - ok
21:42:29.0237 3312 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:42:29.0239 3312 SNMPTRAP - ok
21:42:29.0431 3312 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:42:29.0432 3312 spldr - ok
21:42:29.0647 3312 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:42:29.0653 3312 Spooler - ok
21:42:29.0757 3312 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:42:29.0833 3312 sppsvc - ok
21:42:29.0928 3312 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:42:29.0931 3312 sppuinotify - ok
21:42:30.0218 3312 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:42:30.0220 3312 srv - ok
21:42:30.0433 3312 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:42:30.0436 3312 srv2 - ok
21:42:30.0533 3312 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:42:30.0534 3312 srvnet - ok
21:42:30.0609 3312 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:42:30.0614 3312 SSDPSRV - ok
21:42:30.0649 3312 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:42:30.0653 3312 SstpSvc - ok
21:42:30.0777 3312 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
21:42:30.0800 3312 stexstor - ok
21:42:30.0865 3312 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:42:30.0888 3312 StiSvc - ok
21:42:31.0437 3312 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
21:42:31.0438 3312 storflt - ok
21:42:31.0589 3312 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
21:42:31.0592 3312 StorSvc - ok
21:42:31.0655 3312 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
21:42:31.0657 3312 storvsc - ok
21:42:31.0714 3312 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
21:42:31.0715 3312 swenum - ok
21:42:31.0770 3312 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:42:31.0777 3312 swprv - ok
21:42:31.0874 3312 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
21:42:31.0909 3312 SysMain - ok
21:42:32.0005 3312 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
21:42:32.0009 3312 TabletInputService - ok
21:42:32.0040 3312 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
21:42:32.0046 3312 TapiSrv - ok
21:42:32.0221 3312 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:42:32.0223 3312 TBS - ok
21:42:32.0860 3312 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
21:42:32.0868 3312 Tcpip - ok
21:42:33.0003 3312 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
21:42:33.0011 3312 TCPIP6 - ok
21:42:33.0113 3312 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:42:33.0114 3312 tcpipreg - ok
21:42:33.0141 3312 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:42:33.0142 3312 TDPIPE - ok
21:42:33.0225 3312 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
21:42:33.0227 3312 TDTCP - ok
21:42:33.0290 3312 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:42:33.0291 3312 tdx - ok
21:42:33.0342 3312 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
21:42:33.0343 3312 TermDD - ok
21:42:33.0421 3312 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
21:42:33.0435 3312 TermService - ok
21:42:33.0518 3312 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:42:33.0521 3312 Themes - ok
21:42:33.0560 3312 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:42:33.0562 3312 THREADORDER - ok
21:42:33.0627 3312 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:42:33.0630 3312 TrkWks - ok
21:42:33.0671 3312 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
21:42:33.0674 3312 TrustedInstaller - ok
21:42:33.0979 3312 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:42:33.0981 3312 tssecsrv - ok
21:42:34.0101 3312 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:42:34.0103 3312 TsUsbFlt - ok
21:42:34.0168 3312 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
21:42:34.0171 3312 TsUsbGD - ok
21:42:34.0273 3312 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:42:34.0274 3312 tunnel - ok
21:42:34.0369 3312 tvnserver (0461faebb17a4a92effa2eb67bc52261) C:\Program Files\TightVNC\tvnserver.exe
21:42:34.0391 3312 tvnserver - ok
21:42:34.0580 3312 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
21:42:34.0582 3312 uagp35 - ok
21:42:34.0659 3312 UAService (7e97f05e1f5c023b835e4a0eec1d8806) C:\Program Files\Lightspeed Systems\User Agent\UAService.exe
21:42:34.0665 3312 UAService - ok
21:42:35.0346 3312 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:42:35.0353 3312 udfs - ok
21:42:35.0499 3312 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:42:35.0523 3312 UI0Detect - ok
21:42:35.0625 3312 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:42:35.0627 3312 uliagpkx - ok
21:42:35.0737 3312 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
21:42:35.0738 3312 umbus - ok
21:42:35.0844 3312 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
21:42:35.0845 3312 UmPass - ok
21:42:36.0051 3312 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
21:42:36.0055 3312 UmRdpService - ok
21:42:36.0230 3312 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:42:36.0235 3312 upnphost - ok
21:42:36.0708 3312 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:42:36.0709 3312 usbccgp - ok
21:42:36.0836 3312 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:42:36.0838 3312 usbcir - ok
21:42:36.0987 3312 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:42:36.0988 3312 usbehci - ok
21:42:37.0026 3312 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:42:37.0028 3312 usbhub - ok
21:42:37.0112 3312 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:42:37.0114 3312 usbohci - ok
21:42:37.0147 3312 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:42:37.0149 3312 usbprint - ok
21:42:37.0261 3312 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:42:37.0262 3312 usbscan - ok
21:42:37.0450 3312 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:42:37.0453 3312 USBSTOR - ok
21:42:37.0489 3312 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:42:37.0490 3312 usbuhci - ok
21:42:37.0665 3312 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
21:42:37.0667 3312 usbvideo - ok
21:42:37.0824 3312 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:42:37.0827 3312 UxSms - ok
21:42:37.0880 3312 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
21:42:37.0882 3312 VaultSvc - ok
21:42:37.0954 3312 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:42:37.0955 3312 vdrvroot - ok
21:42:38.0107 3312 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
21:42:38.0139 3312 vds - ok
21:42:38.0388 3312 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:42:38.0389 3312 vga - ok
21:42:38.0479 3312 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:42:38.0481 3312 VgaSave - ok
21:42:38.0568 3312 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:42:38.0571 3312 vhdmp - ok
21:42:38.0723 3312 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:42:38.0725 3312 viaagp - ok
21:42:38.0813 3312 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
21:42:38.0815 3312 ViaC7 - ok
21:42:38.0828 3312 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:42:38.0829 3312 viaide - ok
21:42:39.0143 3312 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
21:42:39.0183 3312 vmbus - ok
21:42:39.0682 3312 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
21:42:39.0683 3312 VMBusHID - ok
21:42:39.0794 3312 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:42:39.0795 3312 volmgr - ok
21:42:39.0835 3312 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:42:39.0837 3312 volmgrx - ok
21:42:39.0942 3312 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:42:39.0944 3312 volsnap - ok
21:42:39.0992 3312 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
21:42:39.0995 3312 vsmraid - ok
21:42:40.0246 3312 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
21:42:40.0275 3312 VSS - ok
21:42:40.0796 3312 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
21:42:40.0797 3312 vwifibus - ok
21:42:40.0864 3312 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:42:40.0865 3312 vwififlt - ok
21:42:40.0912 3312 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:42:40.0918 3312 W32Time - ok
21:42:41.0022 3312 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
21:42:41.0024 3312 WacomPen - ok
21:42:41.0084 3312 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:42:41.0085 3312 WANARP - ok
21:42:41.0089 3312 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:42:41.0090 3312 Wanarpv6 - ok
21:42:41.0180 3312 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
21:42:41.0230 3312 WatAdminSvc - ok
21:42:41.0359 3312 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
21:42:41.0417 3312 wbengine - ok
21:42:41.0495 3312 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:42:41.0500 3312 WbioSrvc - ok
21:42:41.0530 3312 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
21:42:41.0536 3312 wcncsvc - ok
21:42:41.0613 3312 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:42:41.0615 3312 WcsPlugInService - ok
21:42:41.0678 3312 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
21:42:41.0679 3312 Wd - ok
21:42:41.0774 3312 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:42:41.0777 3312 Wdf01000 - ok
21:42:41.0848 3312 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:42:41.0852 3312 WdiServiceHost - ok
21:42:41.0860 3312 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:42:41.0863 3312 WdiSystemHost - ok
21:42:41.0919 3312 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
21:42:41.0926 3312 WebClient - ok
21:42:42.0048 3312 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:42:42.0080 3312 Wecsvc - ok
21:42:42.0208 3312 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:42:42.0213 3312 wercplsupport - ok
21:42:42.0264 3312 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:42:42.0269 3312 WerSvc - ok
21:42:42.0394 3312 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:42:42.0395 3312 WfpLwf - ok
21:42:42.0487 3312 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:42:42.0489 3312 WIMMount - ok
21:42:42.0505 3312 WinHttpAutoProxySvc - ok
21:42:42.0595 3312 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:42:42.0598 3312 Winmgmt - ok
21:42:42.0970 3312 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
21:42:43.0036 3312 WinRM - ok
21:42:43.0157 3312 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
21:42:43.0159 3312 WinUsb - ok
21:42:43.0256 3312 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:42:43.0287 3312 Wlansvc - ok
21:42:43.0401 3312 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:42:43.0403 3312 WmiAcpi - ok
21:42:43.0579 3312 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:42:43.0581 3312 wmiApSrv - ok
21:42:43.0676 3312 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:42:43.0710 3312 WMPNetworkSvc - ok
21:42:43.0794 3312 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:42:43.0797 3312 WPCSvc - ok
21:42:43.0833 3312 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
21:42:43.0837 3312 WPDBusEnum - ok
21:42:43.0935 3312 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:42:43.0937 3312 ws2ifsl - ok
21:42:43.0976 3312 WSearch - ok
21:42:44.0069 3312 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
21:42:44.0125 3312 wuauserv - ok
21:42:44.0316 3312 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:42:44.0317 3312 WudfPf - ok
21:42:44.0428 3312 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:42:44.0432 3312 WUDFRd - ok
21:42:44.0528 3312 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
21:42:44.0532 3312 wudfsvc - ok
21:42:45.0228 3312 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:42:45.0255 3312 WwanSvc - ok
21:42:45.0809 3312 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
21:42:45.0811 3312 yukonw7 - ok
21:42:45.0861 3312 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
21:42:45.0884 3312 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
21:42:45.0884 3312 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
21:42:45.0918 3312 Boot (0x1200) (0ad0d66fbe40c4a76babf7be4594d4df) \Device\Harddisk0\DR0\Partition0
21:42:45.0919 3312 \Device\Harddisk0\DR0\Partition0 - ok
21:42:45.0929 3312 Boot (0x1200) (4891c6f9d467f55c660962cd8adeb4e5) \Device\Harddisk0\DR0\Partition1
21:42:45.0930 3312 \Device\Harddisk0\DR0\Partition1 - ok
21:42:45.0931 3312 ============================================================
21:42:45.0931 3312 Scan finished
21:42:45.0931 3312 ============================================================
21:42:45.0944 3004 Detected object count: 1
21:42:45.0944 3004 Actual detected object count: 1
21:43:00.0379 3004 \Device\Harddisk0\DR0\# - copied to quarantine
21:43:00.0380 3004 \Device\Harddisk0\DR0 - copied to quarantine
21:43:00.0446 3004 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
21:43:00.0458 3004 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
21:43:00.0463 3004 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
21:43:00.0467 3004 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
21:43:00.0473 3004 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
21:43:00.0494 3004 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
21:43:00.0502 3004 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
21:43:00.0504 3004 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
21:43:00.0505 3004 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
21:43:00.0507 3004 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
21:43:00.0510 3004 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
21:43:00.0513 3004 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
21:43:00.0735 3004 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
21:43:00.0736 3004 \Device\Harddisk0\DR0 - ok
21:43:00.0742 3004 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
21:43:03.0619 3448 Deinitialize success

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:37 PM

Posted 12 April 2012 - 12:14 PM

Hello,


Please run Combofix again in Safemode with Networking.


Now reboot into Safe Mode with Networking.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option with networking support.
Please see here for additional details.

Please post the Combofix log along with how your machine is running?

Edited by fireman4it, 12 April 2012 - 12:14 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Josh Kittrell

Josh Kittrell
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 16 April 2012 - 07:02 PM

sorry it took me so long to get back guys. Here is the combofix log. Machine ran great for a day or 2 but its back to the way it was before other than the crashing part.

ComboFix 12-04-11.03 - Administrator 04/16/2012 18:28:11.2.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2911.2154 [GMT -5:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\program files\LP\6E29\1AB0.tmp
c:\program files\LP\6E29\37E2.tmp
c:\program files\LP\6E29\3F72.tmp
c:\program files\LP\6E29\4FC6.tmp
c:\program files\LP\6E29\65BF.tmp
c:\program files\LP\6E29\7B47.tmp
c:\program files\LP\6E29\82F5.tmp
c:\program files\LP\6E29\BF5B.tmp
c:\program files\LP\6E29\CC34.tmp
c:\program files\LP\6E29\FE1C.tmp
c:\program files\LP\6E29\FFFA.tmp
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Administrator\uidsave.dat
c:\windows\system32\config\systemprofile\uidsave.dat
c:\windows\system32\config\systemprofile\winlogon.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-16 23:29 . 2012-04-16 23:29 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-04-16 23:29 . 2012-04-16 23:29 -------- d-----w- c:\users\Kitts\AppData\Local\temp
2012-04-16 23:29 . 2012-04-16 23:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-07 23:49 . 2012-04-07 23:49 -------- d-----w- c:\users\Kitts\AppData\Roaming\SUPERAntiSpyware.com
2012-04-06 22:11 . 2012-04-06 22:11 -------- d-----w- c:\users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
2012-04-06 22:10 . 2012-04-06 22:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-06 22:10 . 2012-04-06 22:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-03 23:39 . 2012-04-03 23:39 -------- d-----w- C:\$AVG
2012-03-26 19:58 . 2012-04-03 23:03 -------- d-----w- c:\program files\The KMPlayer
2012-03-20 03:47 . 2012-03-20 03:47 -------- d--h--w- c:\users\Kitts\Photobleepet
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 10:25 . 2012-02-22 10:25 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 10:25 . 2012-02-22 10:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-01-31 09:46 . 2012-01-31 09:46 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-02-08 20:13 . 2012-02-12 17:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2011-05-26 826896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2012-02-14 5104992]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
R2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [2011-05-26 826896]
R2 UAService;User Agent Service;c:\program files\Lightspeed Systems\User Agent\UAService.exe [2010-03-03 382328]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-27 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidsehx.sys [2011-12-23 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-02-22 299472]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.howardtechnology.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\9q97rw2q.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-Conime - c:\windows\system32\conime.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,ce,
07,9e,ba,ec,07,b0,9b,bd,17,84,69,fc,d9
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2e,94,
6d,f6,62,4d,08,a2,f4,4c,fc,15,7f,e2,64
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,d9,
c4,76,f6,34,06,a9,79,db,65,c9,82,c9,b3
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,05,45,
35,c5,09,0a,03,bd,ae,88,e9,6f,69,03,8b
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,81,14,
e0,69,9e,41,0b,aa,36,d1,a9,21,91,14,19
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c1,fb,
a2,56,90,bf,54,a9,e0,47,e0,c1,4d,f4,15
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:98,b2,43,b7,66,bb,cc,01
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,62,92,25,3a,91,d7,4c,a7,db,76,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,62,92,25,3a,91,d7,4c,a7,db,76,\
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-1364108965-844649715-180060823-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-16 18:31:11
ComboFix-quarantined-files.txt 2012-04-16 23:31
.
Pre-Run: 289,113,456,640 bytes free
Post-Run: 290,637,750,272 bytes free
.
- - End Of File - - A31A1B42C166A6AD4768D4EDFF10639D

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:37 PM

Posted 16 April 2012 - 07:15 PM

Hello,

So your machine is redirecting again?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Josh Kittrell

Josh Kittrell
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:37 PM

Posted 16 April 2012 - 08:21 PM

Yes, it never stopped redirecting, but it was running smoother and loaded a lot faster.

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:37 PM

Posted 17 April 2012 - 04:24 PM

Hello,


Is it redirecting in all Browsers? In Internet Explorer? In Firefox? In Google Chrome?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:37 PM

Posted 20 April 2012 - 11:51 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:37 PM

Posted 22 April 2012 - 08:31 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users