Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google re-direct


  • This topic is locked This topic is locked
13 replies to this topic

#1 rexdc

rexdc

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 30 October 2012 - 09:41 PM

When using Google on either firefox or IE and do a search, I get some other site than the one I selected. From reading info on this forums I'm guessing that this is some sort of malware that I have unfortunately have gotten into my system. The computer is running vista 32-bit with a AMD 890 processor on a MX-80 MB and 8 gig memory. and I have download combofix but not ran it yet. Waiting for one of the pro's to confirm my next step.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:28 AM

Posted 31 October 2012 - 07:14 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 rexdc

rexdc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 31 October 2012 - 11:10 AM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/13/2012 9:13:31 AM
System Uptime: 10/29/2012 6:10:29 PM (40 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | 880GM-E43 (MS-7596)
Processor: AMD Phenom™ II X4 970 Processor | CPU1 | 3500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1350 GiB total, 473.244 GiB free.
D: is FIXED (NTFS) - 576 GiB total, 241.648 GiB free.
E: is FIXED (FAT32) - 47 GiB total, 39.877 GiB free.
F: is FIXED (FAT32) - 20 GiB total, 13.026 GiB free.
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
M: is FIXED (NTFS) - 466 GiB total, 444.182 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP302: 9/7/2012 2:02:50 PM - Scheduled Checkpoint
RP303: 9/11/2012 2:25:19 PM - Scheduled Checkpoint
RP304: 9/12/2012 11:03:39 PM - Removed Ask Toolbar.
RP305: 9/13/2012 8:49:34 AM - Windows Update
RP306: 9/16/2012 1:38:08 PM - Scheduled Checkpoint
RP307: 9/18/2012 10:29:34 AM - Scheduled Checkpoint
RP308: 9/19/2012 10:41:30 AM - Scheduled Checkpoint
RP309: 9/20/2012 11:25:12 AM - Scheduled Checkpoint
RP310: 9/21/2012 12:00:01 AM - Scheduled Checkpoint
RP311: 9/22/2012 11:22:22 AM - Scheduled Checkpoint
RP312: 9/23/2012 3:13:21 PM - Windows Update
RP313: 9/27/2012 10:52:38 AM - Scheduled Checkpoint
RP314: 9/28/2012 12:00:02 AM - Scheduled Checkpoint
RP315: 9/29/2012 12:00:01 AM - Scheduled Checkpoint
RP316: 9/30/2012 12:00:01 AM - Scheduled Checkpoint
RP317: 10/2/2012 10:05:58 AM - Scheduled Checkpoint
RP318: 10/3/2012 12:00:02 AM - Scheduled Checkpoint
RP319: 10/4/2012 12:00:03 AM - Scheduled Checkpoint
RP320: 10/5/2012 1:03:07 AM - Scheduled Checkpoint
RP321: 10/6/2012 12:00:01 AM - Scheduled Checkpoint
RP322: 10/6/2012 10:30:50 PM - Scheduled Checkpoint
RP323: 10/9/2012 11:48:50 PM - Scheduled Checkpoint
RP324: 10/10/2012 3:00:12 AM - Windows Update
RP325: 10/11/2012 12:00:01 AM - Scheduled Checkpoint
RP326: 10/12/2012 12:00:01 AM - Scheduled Checkpoint
RP327: 10/13/2012 12:00:01 AM - Scheduled Checkpoint
RP328: 10/14/2012 12:00:01 AM - Scheduled Checkpoint
RP329: 10/15/2012 12:00:01 AM - Scheduled Checkpoint
RP330: 10/16/2012 12:00:01 AM - Scheduled Checkpoint
RP331: 10/17/2012 12:00:03 AM - Scheduled Checkpoint
RP332: 10/18/2012 12:00:02 AM - Scheduled Checkpoint
RP333: 10/18/2012 11:57:52 PM - Scheduled Checkpoint
RP334: 10/20/2012 12:00:01 AM - Scheduled Checkpoint
RP335: 10/21/2012 12:08:36 AM - Scheduled Checkpoint
RP336: 10/22/2012 12:00:01 AM - Scheduled Checkpoint
RP337: 10/23/2012 12:21:32 AM - Scheduled Checkpoint
RP338: 10/26/2012 11:30:55 AM - Scheduled Checkpoint
RP339: 10/27/2012 12:41:51 PM - Scheduled Checkpoint
RP340: 10/28/2012 10:31:31 AM - Scheduled Checkpoint
RP341: 10/29/2012 7:26:28 PM - Scheduled Checkpoint
RP342: 10/31/2012 12:00:01 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Acrobat 6.0 Professional
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
AMD APP SDK Runtime
AMD Fuel
AMD System Monitor
Aspire 3.5
ATI Catalyst Install Manager
AVG 2012
AVS Audio Converter 7
AVS Audio Editor version 7.0
AVS Audio Recorder version 4.0
AVS Cover Editor 2.0.1.3
AVS Disc Creator 5
AVS Document Converter 2.1.2
AVS DVD Copy version 4.1.2
AVS Image Converter 2.1.2.169
AVS Media Player 4.1.8.93
AVS Photo Editor
AVS Registry Cleaner version 2.2
AVS Ringtone Maker version 1.6
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Converter 8
AVS Video Editor 6
AVS Video Recorder 2.4
AVS Video ReMaker 4.0.8.140
AVS4YOU Software Navigator 1.4
Brother P-touch Editor 5.0
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CanoScan Toolbox Ver4.5
Catalyst Control Center
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CncSimulator Pro
Color LaserJet 2600n
Complitly
ComStudy V1.50
ControlCenter
Core Temp 1.0 RC2
CyberView X - SF v1.18b
DiscAPI (Studio 10)
EncoreViewer2
F5U257 Belkin USB-to-Serial Adapter
Gimp 2.6.2 Debug
Google Earth
Google Update Helper
GPL Ghostscript
GSview 4.9
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP RecordNow
ImageMixer 3 SE Ver.6 Transfer Utility
ImageScanTool x86 1.023
Inkscape 0.48.2
InternetHelper1.5 Toolbar
Java Auto Updater
Java™ 7 Update 5
JavaFX 2.1.1
Mach3
Manual CanoScan LiDE 35
MediaFACE 4.01
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
Microsoft PhotoDraw 2000 V2
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyLabels
MyProfessional Business Cards 7.0
MySoftware Fonts
NoteWorthy Composer
NoteWorthy Player
NovaBench 3.0.4
NVIDIA 3D Vision Controller Driver 285.62
NVIDIA 3D Vision Driver 285.62
NVIDIA Control Panel 285.62
NVIDIA Graphics Driver 285.62
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Stereoscopic 3D Driver
Omron Health Management Software
Pinnacle Studio 12
Pinnacle Video Driver
PriceGong 2.1.0
QuickTime
RAPID (Studio 10)
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Scribus 1.4.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SmartSound Quicktracks Plugin
Sonic Foundry Sound Forge XP 4.5b
Stamps.com Internet Postage
Studio 10
SureThing CD Labeler - Stomper Edition 32 bit
System Requirements Lab
Topo USA 5.0
Topo USA 5.0 DVD Data
UC232A_Vista_32bit
Uninstall Film and Photo Scanner
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Vectric Shell Extensions 1.2
Winamp
Winamp Detector Plug-in
.
==== End Of File ===========================



Results of screen317's Security Check version 0.99.54
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
AVS Registry Cleaner version 2.2
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````




DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Rex at 10:51:23 on 2012-10-31
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.1484 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\zshp2600.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\zshp2600.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - <orphaned>
uURLSearchHooks: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - <orphaned>
uURLSearchHooks: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - <orphaned>
uURLSearchHooks: InternetHelper1.5 Toolbar: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - c:\program files\internethelper1.5\prxtbInte.dll
mURLSearchHooks: InternetHelper1.5 Toolbar: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - c:\program files\internethelper1.5\prxtbInte.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - c:\users\rex\appdata\roaming\complitly\Complitly.dll
BHO: PriceGongBHO Class: {1631550F-191D-4826-B069-D9439253D926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: InternetHelper1.5 Toolbar: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - c:\program files\internethelper1.5\prxtbInte.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.32\AVG Secure Search_toolbar.dll
BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: InternetHelper1.5 Toolbar: {1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} - c:\program files\internethelper1.5\prxtbInte.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.32\AVG Secure Search_toolbar.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: InternetHelper1.5 Toolbar: {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - c:\program files\internethelper1.5\prxtbInte.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Apps] rundll32.exe "c:\users\rex\appdata\local\ati\apps\uwcmpbqro.dll",vlc_entry__1_0_0eW
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [MediaFace Integration] c:\program files\fellowes\mediaface 4.0\SetHook.exe
mRun: [LaunchList] c:\program files\pinnacle\studio 10\LaunchList.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\\PSDrvCheck.exe
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.6\transfer utility\CameraMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mysoft~1.lnk - c:\program files\common files\mysoftware\NewsFlsh.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\micros~2\office\1033\phdintl.dll/phdContext.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://efc-midamerica.webex.com/client/T27LD/nbr/ieatgpc1.cab
TCP: Interfaces\{29E09292-717A-4166-9771-8B1D5A4FD2C8} : NameServer = 151.164.88.200,151.164.8.201
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rex\appdata\roaming\mozilla\firefox\profiles\yxa6lmga.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bf6f1c70d-0c55-4516-851a-60fff008a962%7D&mid=f9a52b89701947d18fc15dc0e3b06ffc-2d101298291b7c3365eb4c26b1798a88fb064411&ds=AVG&v=12.2.5.32&lang=en&pr=fr&d=2012-05-14%2017%3A23%3A40&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.2.6\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\rex\appdata\roaming\mozilla\firefox\profiles\yxa6lmga.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-10-02 13:52; {1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}; c:\users\rex\appdata\roaming\mozilla\firefox\profiles\yxa6lmga.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-30 27496]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-6-8 294400]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 193288]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-24 136176]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-10-15 381248]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-8-30 722528]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2012-1-13 37944]
R3 APL531;Film and Photo Scanner;c:\windows\system32\drivers\OVTX16.sys [2010-5-17 110080]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2012-1-13 35968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-17 250808]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-5-11 80824]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-24 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-11 115168]
S3 Ser2at;ATEN USB to Serial port driver;c:\windows\system32\drivers\ser2at.sys [2012-9-1 76288]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-5-11 181432]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-4-19 12984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2012-10-29 00:15:12 -------- d-----w- c:\programdata\Tarma Installer
2012-10-29 00:15:02 -------- d-----w- c:\programdata\blekko toolbars
2012-10-28 19:16:12 -------- d-----w- c:\users\rex\messiah
2012-10-19 01:48:44 -------- d-----w- c:\users\rex\appdata\roaming\DriverCure
2012-10-19 01:48:43 -------- d-----w- c:\users\rex\appdata\roaming\SpeedyPC Software
2012-10-19 01:48:29 -------- d-----w- c:\programdata\SpeedyPC Software
2012-10-19 01:48:29 -------- d-----w- c:\program files\SpeedyPC Software
2012-10-10 04:46:55 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 04:46:55 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 04:46:55 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 04:46:51 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 04:46:47 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 04:46:40 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 04:46:40 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-02 18:53:45 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-10-02 18:53:19 -------- d-----w- c:\program files\InternetHelper1.5
2012-10-02 18:53:10 -------- d-----w- c:\users\rex\appdata\local\CRE
.
==================== Find3M ====================
.
2012-10-10 03:52:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-10 03:52:29 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-30 19:53:59 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 10:51:56.26 ===============


Thank You Gringo!! Things ran as you suggested they would with no problem. One question, however, DeFogger is a tool used to disable the CD Emulation drivers. You state not the re-enable these drivers until otherwise instructed. Will there be instructions on the method to re-enable these driver at sometime?
REXDC

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:28 AM

Posted 31 October 2012 - 11:48 AM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 rexdc

rexdc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 31 October 2012 - 05:30 PM

# AdwCleaner v2.006 - Logfile created 10/31/2012 at 17:12:10
# Updated 30/10/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Rex - MEDION
# Boot Mode : Normal
# Running from : C:\Users\Rex\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
Deleted on reboot : C:\ProgramData\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\yxa6lmga.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\yxa6lmga.default\searchplugins\Conduit.xml
Folder Deleted : C:\Users\Rex\AppData\Roaming\Complitly
Folder Deleted : C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\yxa6lmga.default\CT3247201
Folder Deleted : C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\yxa6lmga.default\extensions\{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d}
Folder Deleted : C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\yxa6lmga.default\Smartbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InternetHelper1.5 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3106777
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3247201
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Deleted : HKLM\Software\InternetHelper1.5
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{295D1DB6-1445-40E8-967A-24D31A705E2A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{803CB2F4-2B9D-43C0-A762-80374139119D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper1.5 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{8a9386b4-e958-4c4c-adf4-8f26db3e4829}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\yxa6lmga.default\prefs.js

C:\Users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\yxa6lmga.default\user.js ... Deleted !

Deleted : user_pref("CT3247201.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3247201.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3247201.1000234.TWC_TMP_city", "OLATHE");
Deleted : user_pref("CT3247201.1000234.TWC_TMP_country", "US");
Deleted : user_pref("CT3247201.1000234.TWC_locId", "USCO0290");
Deleted : user_pref("CT3247201.1000234.TWC_location", "Olathe, CO");
Deleted : user_pref("CT3247201.1000234.TWC_region", "US");
Deleted : user_pref("CT3247201.1000234.TWC_temp_dis", "f");
Deleted : user_pref("CT3247201.1000234.TWC_wind_dis", "mph");
Deleted : user_pref("CT3247201.1000234.weatherData", "{\"icon\":\"32.png\",\"temperature\":\"68°F\",\"temperat[...]
Deleted : user_pref("CT3247201.CT3247201ads1", "%7B%22ads%22%3A%5B%7B%22aid%22%3A%2236732%22%2C%22title%22%3A%[...]
Deleted : user_pref("CT3247201.CT3247201current_term", "");
Deleted : user_pref("CT3247201.CT3247201sdate", "31");
Deleted : user_pref("CT3247201.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3247201.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3247201.FirstTime", "true");
Deleted : user_pref("CT3247201.FirstTimeFF3", "true");
Deleted : user_pref("CT3247201.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT324[...]
Deleted : user_pref("CT3247201.UserID", "UN74896098825831085");
Deleted : user_pref("CT3247201.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3247201.autoDisableScopes", -1);
Deleted : user_pref("CT3247201.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT3247201.defaultSearch", "true");
Deleted : user_pref("CT3247201.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax[...]
Deleted : user_pref("CT3247201.enableAlerts", "always");
Deleted : user_pref("CT3247201.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3247201.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3247201.fixPageNotFoundError", "true");
Deleted : user_pref("CT3247201.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3247201.fixUrls", true);
Deleted : user_pref("CT3247201.hxxp___pinterest_aot_im.isEnabled", "Y");
Deleted : user_pref("CT3247201.installId", "air167.exe");
Deleted : user_pref("CT3247201.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT3247201.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3247201.isNewTabEnabled", true);
Deleted : user_pref("CT3247201.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3247201.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3247201.keyword", true);
Deleted : user_pref("CT3247201.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT3247201.openThankYouPage", "false");
Deleted : user_pref("CT3247201.openUninstallPage", "true");
Deleted : user_pref("CT3247201.search.searchAppId", "10000002");
Deleted : user_pref("CT3247201.search.searchCount", "1");
Deleted : user_pref("CT3247201.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3247201.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3247201.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3247201.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3247201.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3247201.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3247201.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3247201.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3247201.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3247201.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1351468895211");
Deleted : user_pref("CT3247201.serviceLayer_services_appsMetadata_lastUpdate", "1351697290054");
Deleted : user_pref("CT3247201.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1350584589221");
Deleted : user_pref("CT3247201.serviceLayer_services_login_10.10.27.6_lastUpdate", "1351720352109");
Deleted : user_pref("CT3247201.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1350584589221");
Deleted : user_pref("CT3247201.serviceLayer_services_searchAPI_lastUpdate", "1351697290143");
Deleted : user_pref("CT3247201.serviceLayer_services_serviceMap_lastUpdate", "1351697289934");
Deleted : user_pref("CT3247201.serviceLayer_services_toolbarContextMenu_lastUpdate", "1350584589220");
Deleted : user_pref("CT3247201.serviceLayer_services_toolbarSettings_lastUpdate", "1351720352015");
Deleted : user_pref("CT3247201.serviceLayer_services_translation_lastUpdate", "1351697290389");
Deleted : user_pref("CT3247201.settingsINI", true);
Deleted : user_pref("CT3247201.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3247201.smartbar.CTID", "CT3247201");
Deleted : user_pref("CT3247201.smartbar.Uninstall", "0");
Deleted : user_pref("CT3247201.smartbar.homepage", true);
Deleted : user_pref("CT3247201.smartbar.toolbarName", "InternetHelper1.5 ");
Deleted : user_pref("CT3247201.startPage", "userChanged");
Deleted : user_pref("CT3247201.toolbarBornServerTime", "2-10-2012");
Deleted : user_pref("CT3247201.toolbarCurrentServerTime", "1-11-2012");
Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxps://isearch.avg.com/search?cid=%7Bf6f1c70d-0[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3247201");
Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.32");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "blekko");
Deleted : user_pref("browser.search.order.1", "blekko");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3247201&SearchSource=2&q=[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Rex\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.293] : homepage = "hxxp://blekkosearch.mystart.com/blekko_soc/?source=f06b8e24&toolbarid=blekkotb_sa5&u=3A567CE293FE1AC2E6230B508DCA852C&tbp=homepage&v=1_2",
Deleted [l.338] : urls_to_restore_on_startup = ["hxxp://blekkosearch.mystart.com/blekko_soc/?source=f06b8e24&toolbarid=blekkotb_sa5&u=3A567CE293FE1AC2E6230B508DCA852C&tbp=homepage&v=1_2", "hxxp://search.conduit.com/?ctid=CT3247201&SearchSource=48"]
Deleted [l.345] : homepage = "hxxp://blekkosearch.mystart.com/blekko_soc/?source=f06b8e24&toolbarid=blekkotb_sa5&u=3A567CE293FE1AC2E6230B508DCA852C&tbp=homepage&v=1_2",
Deleted [l.348] : urls_to_restore_on_startup = ["hxxp://blekkosearch.mystart.com/blekko_soc/?source=f06b8e24&toolbarid=blekkotb_sa5&u=3A567CE293FE1AC2E6230B508DCA852C&tbp=homepage&v=1_2"],

*************************

AdwCleaner[S1].txt - [356 octets] - [31/10/2012 17:05:13]
AdwCleaner[S2].txt - [356 octets] - [31/10/2012 17:08:28]
AdwCleaner[S3].txt - [18283 octets] - [31/10/2012 17:12:10]

########## EOF - C:\AdwCleaner[S3].txt - [18344 octets] ##########





RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Rex [Admin rights]
Mode : Remove -- Date : 10/31/2012 17:21:05

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Apps (rundll32.exe "C:\Users\Rex\AppData\Local\ATI\Apps\uwcmpbqro.dll",vlc_entry__1_0_0eW) -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{29E09292-717A-4166-9771-8B1D5A4FD2C8} : NameServer (151.164.88.200,151.164.8.201) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{29E09292-717A-4166-9771-8B1D5A4FD2C8} : NameServer (151.164.88.200,151.164.8.201) -> NOT REMOVED, USE DNSFIX
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Default\NTUSER.DAT
-> D:\Users\Rex\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31500541AS ATA Device +++++
--- User ---
[MBR] 274508d11cf128217cb2ae0eb85638d6
[BSP] 834a51feefb6ad2788c05868839f6019 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1382805 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 2831986395 | Size: 47991 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD6400AACS-00G8B0 ATA Device +++++
--- User ---
[MBR] c8a4b464828e3b9ded4dd95614403ee6
[BSP] e03b82e7cf383830a02337e3fe2e817a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 589997 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1208315904 | Size: 20479 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:28 AM

Posted 31 October 2012 - 05:45 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 rexdc

rexdc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 01 November 2012 - 12:43 AM

ComboFix 12-10-31.03 - Rex 11/01/2012 0:16.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.1907 [GMT -5:00]
Running from: c:\users\Rex\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\searchplugins\search.xml
C:\uninstall.exe
c:\windows\msvcr71.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))
.
.
2012-11-01 05:23 . 2012-11-01 05:23 -------- d-----w- c:\users\Rex\AppData\Local\temp
2012-10-28 19:16 . 2012-10-28 23:23 -------- d-----w- c:\users\Rex\messiah
2012-10-19 01:48 . 2012-10-19 01:48 -------- d-----w- c:\users\Rex\AppData\Roaming\DriverCure
2012-10-19 01:48 . 2012-10-19 01:48 -------- d-----w- c:\users\Rex\AppData\Roaming\SpeedyPC Software
2012-10-19 01:48 . 2012-10-19 01:55 -------- d-----w- c:\programdata\SpeedyPC Software
2012-10-19 01:48 . 2012-10-19 01:48 -------- d-----w- c:\program files\SpeedyPC Software
2012-10-10 04:46 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 04:46 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 04:46 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 04:46 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 04:46 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 04:46 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 04:46 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-02 18:53 . 2012-10-02 18:53 -------- d-----w- c:\users\Rex\AppData\Local\CRE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 03:52 . 2012-05-17 18:13 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 03:52 . 2012-01-15 21:52 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 19:53 . 2012-08-30 19:53 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-24 06:59 . 2012-09-23 20:14 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-23 20:14 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-23 20:14 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 20:14 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 20:14 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-23 20:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-27 16:48 . 2012-10-27 16:48 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-08 336384]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-28 10127976]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-01-13 282624]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"MediaFace Integration"="c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe" [2003-08-18 53248]
"LaunchList"="c:\program files\Pinnacle\Studio 10\LaunchList.exe" [2004-08-10 45056]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-02-07 296056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
ImageMixer 3 SE Camera Monitor Ver.6.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe [2012-1-23 537968]
MySoftware NewsFlash.lnk - c:\program files\Common Files\MySoftware\NewsFlsh.exe [2012-1-14 217088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 03:52]
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-24 23:00]
.
2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-24 23:00]
.
2012-10-30 c:\windows\Tasks\ReclaimerUpdateFiles_Rex.job
- c:\users\Rex\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-21 16:52]
.
2012-10-31 c:\windows\Tasks\ReclaimerUpdateXML_Rex.job
- c:\users\Rex\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-21 16:52]
.
2012-10-31 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Rex.job
- c:\users\Rex\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-21 16:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
TCP: Interfaces\{29E09292-717A-4166-9771-8B1D5A4FD2C8}: NameServer = 151.164.88.200,151.164.8.201
FF - ProfilePath - c:\users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\yxa6lmga.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - (no file)
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
WebBrowser-{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
HKLM-Run-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
AddRemove-Film and Photo Scanner - c:\windows\omniuns.exe USB\VID_05A9&PID_35E3 Film and Photo Scanner
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-01 00:23
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-11-01 00:24:51
ComboFix-quarantined-files.txt 2012-11-01 05:24
.
Pre-Run: 508,265,164,800 bytes free
Post-Run: 513,375,215,616 bytes free
.
- - End Of File - - 255C19D2D5885D5B9CD16762271B700E

Here is the log from combofix. The problem I was having is still there it seem. When I go to google to do a search, say it search for "whitepages" I get a completely different search engine listing things that were not part of the search critera

ComboFix 12-10-31.03 - Rex 11/01/2012 0:16.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.1907 [GMT -5:00]
Running from: c:\users\Rex\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\searchplugins\search.xml
C:\uninstall.exe
c:\windows\msvcr71.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))
.
.
2012-11-01 05:23 . 2012-11-01 05:23 -------- d-----w- c:\users\Rex\AppData\Local\temp
2012-10-28 19:16 . 2012-10-28 23:23 -------- d-----w- c:\users\Rex\messiah
2012-10-19 01:48 . 2012-10-19 01:48 -------- d-----w- c:\users\Rex\AppData\Roaming\DriverCure
2012-10-19 01:48 . 2012-10-19 01:48 -------- d-----w- c:\users\Rex\AppData\Roaming\SpeedyPC Software
2012-10-19 01:48 . 2012-10-19 01:55 -------- d-----w- c:\programdata\SpeedyPC Software
2012-10-19 01:48 . 2012-10-19 01:48 -------- d-----w- c:\program files\SpeedyPC Software
2012-10-10 04:46 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 04:46 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 04:46 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 04:46 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 04:46 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 04:46 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 04:46 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-02 18:53 . 2012-10-02 18:53 -------- d-----w- c:\users\Rex\AppData\Local\CRE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 03:52 . 2012-05-17 18:13 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 03:52 . 2012-01-15 21:52 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 19:53 . 2012-08-30 19:53 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-24 06:59 . 2012-09-23 20:14 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-23 20:14 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-23 20:14 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 20:14 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 20:14 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-23 20:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-27 16:48 . 2012-10-27 16:48 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-08 336384]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-28 10127976]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-01-13 282624]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"MediaFace Integration"="c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe" [2003-08-18 53248]
"LaunchList"="c:\program files\Pinnacle\Studio 10\LaunchList.exe" [2004-08-10 45056]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-02-07 296056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
ImageMixer 3 SE Camera Monitor Ver.6.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe [2012-1-23 537968]
MySoftware NewsFlash.lnk - c:\program files\Common Files\MySoftware\NewsFlsh.exe [2012-1-14 217088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 03:52]
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-24 23:00]
.
2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-24 23:00]
.
2012-10-30 c:\windows\Tasks\ReclaimerUpdateFiles_Rex.job
- c:\users\Rex\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-21 16:52]
.
2012-10-31 c:\windows\Tasks\ReclaimerUpdateXML_Rex.job
- c:\users\Rex\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-21 16:52]
.
2012-10-31 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Rex.job
- c:\users\Rex\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-21 16:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
TCP: Interfaces\{29E09292-717A-4166-9771-8B1D5A4FD2C8}: NameServer = 151.164.88.200,151.164.8.201
FF - ProfilePath - c:\users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\yxa6lmga.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - (no file)
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
WebBrowser-{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
HKLM-Run-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
AddRemove-Film and Photo Scanner - c:\windows\omniuns.exe USB\VID_05A9&PID_35E3 Film and Photo Scanner
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-01 00:23
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-11-01 00:24:51
ComboFix-quarantined-files.txt 2012-11-01 05:24
.
Pre-Run: 508,265,164,800 bytes free
Post-Run: 513,375,215,616 bytes free
.
- - End Of File - - 255C19D2D5885D5B9CD16762271B700E

Here is the log from combofix. The problem I was having is still there it seem. When I go to google to do a search, say it search for "whitepages" I get a completely different search engine listing things that were not part of the search critera

ComboFix 12-10-31.03 - Rex 11/01/2012 0:16.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.1907 [GMT -5:00]
Running from: c:\users\Rex\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\searchplugins\search.xml
C:\uninstall.exe
c:\windows\msvcr71.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))
.
.
2012-11-01 05:23 . 2012-11-01 05:23 -------- d-----w- c:\users\Rex\AppData\Local\temp
2012-10-28 19:16 . 2012-10-28 23:23 -------- d-----w- c:\users\Rex\messiah
2012-10-19 01:48 . 2012-10-19 01:48 -------- d-----w- c:\users\Rex\AppData\Roaming\DriverCure
2012-10-19 01:48 . 2012-10-19 01:48 -------- d-----w- c:\users\Rex\AppData\Roaming\SpeedyPC Software
2012-10-19 01:48 . 2012-10-19 01:55 -------- d-----w- c:\programdata\SpeedyPC Software
2012-10-19 01:48 . 2012-10-19 01:48 -------- d-----w- c:\program files\SpeedyPC Software
2012-10-10 04:46 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 04:46 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 04:46 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 04:46 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 04:46 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 04:46 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 04:46 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-02 18:53 . 2012-10-02 18:53 -------- d-----w- c:\users\Rex\AppData\Local\CRE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 03:52 . 2012-05-17 18:13 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-10 03:52 . 2012-01-15 21:52 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 19:53 . 2012-08-30 19:53 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-24 06:59 . 2012-09-23 20:14 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-23 20:14 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-23 20:14 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 20:14 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 20:14 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-23 20:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-27 16:48 . 2012-10-27 16:48 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-08 336384]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-06-28 10127976]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-01-13 282624]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"MediaFace Integration"="c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe" [2003-08-18 53248]
"LaunchList"="c:\program files\Pinnacle\Studio 10\LaunchList.exe" [2004-08-10 45056]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-02-07 296056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
ImageMixer 3 SE Camera Monitor Ver.6.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe [2012-1-23 537968]
MySoftware NewsFlash.lnk - c:\program files\Common Files\MySoftware\NewsFlsh.exe [2012-1-14 217088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 03:52]
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-24 23:00]
.
2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-24 23:00]
.
2012-10-30 c:\windows\Tasks\ReclaimerUpdateFiles_Rex.job
- c:\users\Rex\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-21 16:52]
.
2012-10-31 c:\windows\Tasks\ReclaimerUpdateXML_Rex.job
- c:\users\Rex\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-21 16:52]
.
2012-10-31 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Rex.job
- c:\users\Rex\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-21 16:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
TCP: Interfaces\{29E09292-717A-4166-9771-8B1D5A4FD2C8}: NameServer = 151.164.88.200,151.164.8.201
FF - ProfilePath - c:\users\Rex\AppData\Roaming\Mozilla\Firefox\Profiles\yxa6lmga.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - (no file)
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
WebBrowser-{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
HKLM-Run-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
AddRemove-Film and Photo Scanner - c:\windows\omniuns.exe USB\VID_05A9&PID_35E3 Film and Photo Scanner
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-01 00:23
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-11-01 00:24:51
ComboFix-quarantined-files.txt 2012-11-01 05:24
.
Pre-Run: 508,265,164,800 bytes free
Post-Run: 513,375,215,616 bytes free
.
- - End Of File - - 255C19D2D5885D5B9CD16762271B700E

Here is the log from combofix. The problem I was having is still there it seem. When I go to google to do a search, say it search for "whitepages" I get a completely different search engine listing things that were not part of the search critera

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:28 AM

Posted 01 November 2012 - 08:39 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 rexdc

rexdc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 01 November 2012 - 04:37 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-01 09:57:59
-----------------------------
09:57:59.886 OS Version: Windows 6.0.6002 Service Pack 2
09:57:59.886 Number of processors: 4 586 0x403
09:57:59.887 ComputerName: MEDION UserName: Rex
09:58:01.900 Initialize success
09:58:09.344 AVAST engine defs: 12110100
09:59:30.521 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:59:30.523 Disk 0 Vendor: ST31500541AS CC32 Size: 1430799MB BusType: 3
09:59:30.525 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2
09:59:30.526 Disk 1 Vendor: WDC_WD6400AACS-00G8B0 05.04C05 Size: 610480MB BusType: 3
09:59:30.540 Disk 0 MBR read successfully
09:59:30.542 Disk 0 MBR scan
09:59:30.568 Disk 0 Windows VISTA default MBR code
09:59:30.570 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1382805 MB offset 63
09:59:30.574 Disk 0 Partition - 00 0F Extended LBA 47991 MB offset 2831986395
09:59:30.594 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 47991 MB offset 2831986458
09:59:30.598 Disk 0 scanning sectors +2930272065
09:59:30.638 Disk 0 scanning C:\Windows\system32\drivers
09:59:46.832 Service scanning
09:59:58.925 Service MSICDSetup G:\CDriver.sys **LOCKED** 21
10:00:09.531 Modules scanning
10:00:13.538 Disk 0 trace - called modules:
10:00:13.572 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
10:00:13.576 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ae3800]
10:00:13.581 3 CLASSPNP.SYS[8b3a38b3] -> nt!IofCallDriver -> [0x85ae3368]
10:00:13.586 5 acpi.sys[82a0b6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84f6a5d8]
10:00:15.865 AVAST engine scan C:\Windows
10:00:26.150 AVAST engine scan C:\Windows\system32
10:04:08.553 AVAST engine scan C:\Windows\system32\drivers
10:04:29.228 AVAST engine scan C:\Users\Rex
10:04:34.653 File: C:\Users\Rex\AppData\Local\ATI\Apps\uwcmpbqro.dll **INFECTED** Win32:Tracur-JE [Trj]
11:07:50.243 AVAST engine scan C:\ProgramData
11:12:32.233 Scan finished successfully
13:12:00.889 Disk 0 MBR has been saved successfully to "C:\Users\Rex\transfer\MBR.dat"
13:12:00.892 The log file has been saved successfully to "C:\Users\Rex\transfer\aswMBR.txt"


I'm sorry but I could not find a way to copy the log from TDSSKILLER, It would pop up on the screen but it won't copy. I could try to get it with print screen if you like

#10 rexdc

rexdc
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 01 November 2012 - 05:33 PM

09:52:57.0186 5276 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
09:52:57.0693 5276 ============================================================
09:52:57.0693 5276 Current date / time: 2012/11/01 09:52:57.0693
09:52:57.0693 5276 SystemInfo:
09:52:57.0693 5276
09:52:57.0693 5276 OS Version: 6.0.6002 ServicePack: 2.0
09:52:57.0693 5276 Product type: Workstation
09:52:57.0693 5276 ComputerName: MEDION
09:52:57.0693 5276 UserName: Rex
09:52:57.0693 5276 Windows directory: C:\Windows
09:52:57.0693 5276 System windows directory: C:\Windows
09:52:57.0693 5276 Processor architecture: Intel x86
09:52:57.0693 5276 Number of processors: 4
09:52:57.0693 5276 Page size: 0x1000
09:52:57.0693 5276 Boot type: Normal boot
09:52:57.0693 5276 ============================================================
09:52:59.0227 5276 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:53:06.0093 5276 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:53:06.0121 5276 ============================================================
09:53:06.0121 5276 \Device\Harddisk0\DR0:
09:53:06.0133 5276 MBR partitions:
09:53:06.0133 5276 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA8CCAE9C
09:53:06.0165 5276 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0xA8CCAF1A, BlocksNum 0x5DBB827
09:53:06.0165 5276 \Device\Harddisk1\DR1:
09:53:06.0166 5276 MBR partitions:
09:53:06.0166 5276 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x48056800
09:53:06.0188 5276 \Device\Harddisk1\DR1\Partition2: MBR, Type 0xB, StartLBA 0x4805703F, BlocksNum 0x27FFE82
09:53:06.0188 5276 ============================================================
09:53:06.0279 5276 C: <-> \Device\Harddisk0\DR0\Partition1
09:53:06.0335 5276 D: <-> \Device\Harddisk1\DR1\Partition1
09:53:06.0335 5276 E: <-> \Device\Harddisk0\DR0\Partition2
09:53:06.0335 5276 F: <-> \Device\Harddisk1\DR1\Partition2
09:53:06.0335 5276 ============================================================
09:53:06.0336 5276 Initialize success
09:53:06.0336 5276 ============================================================
09:53:23.0211 4924 ============================================================
09:53:23.0211 4924 Scan started
09:53:23.0211 4924 Mode: Manual;
09:53:23.0211 4924 ============================================================
09:53:23.0684 4924 ================ Scan system memory ========================
09:53:23.0684 4924 System memory - ok
09:53:23.0684 4924 ================ Scan services =============================
09:53:24.0658 4924 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
09:53:24.0661 4924 ACPI - ok
09:53:24.0835 4924 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:53:24.0836 4924 AdobeARMservice - ok
09:53:24.0981 4924 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:53:25.0000 4924 AdobeFlashPlayerUpdateSvc - ok
09:53:25.0048 4924 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:53:25.0053 4924 adp94xx - ok
09:53:25.0067 4924 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:53:25.0070 4924 adpahci - ok
09:53:25.0085 4924 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
09:53:25.0087 4924 adpu160m - ok
09:53:25.0112 4924 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:53:25.0114 4924 adpu320 - ok
09:53:25.0166 4924 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:53:25.0167 4924 AeLookupSvc - ok
09:53:25.0193 4924 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
09:53:25.0195 4924 AFD - ok
09:53:25.0214 4924 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:53:25.0216 4924 agp440 - ok
09:53:25.0268 4924 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
09:53:25.0278 4924 aic78xx - ok
09:53:25.0284 4924 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
09:53:25.0285 4924 ALG - ok
09:53:25.0331 4924 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
09:53:25.0333 4924 aliide - ok
09:53:25.0533 4924 ALSysIO - ok
09:53:25.0606 4924 AMD FUEL Service - ok
09:53:25.0629 4924 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:53:25.0634 4924 amdagp - ok
09:53:25.0665 4924 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
09:53:25.0686 4924 amdide - ok
09:53:25.0713 4924 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys
09:53:25.0743 4924 amdiox86 - ok
09:53:25.0752 4924 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
09:53:25.0753 4924 AmdK7 - ok
09:53:25.0762 4924 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:53:25.0763 4924 AmdK8 - ok
09:53:25.0815 4924 [ CAB99E3AD8C02369BA32773E1813D5B3 ] APL531 C:\Windows\system32\Drivers\OVTX16.sys
09:53:25.0831 4924 APL531 - ok
09:53:25.0880 4924 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
09:53:25.0893 4924 Appinfo - ok
09:53:25.0930 4924 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
09:53:25.0932 4924 arc - ok
09:53:25.0954 4924 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:53:25.0959 4924 arcsas - ok
09:53:25.0995 4924 [ 875F9079CABEE679D34B49E466B61701 ] ASAPIW2K C:\Windows\system32\Drivers\ASAPIW2K.sys
09:53:25.0996 4924 ASAPIW2K - ok
09:53:26.0384 4924 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:53:26.0388 4924 aspnet_state - ok
09:53:26.0415 4924 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:53:26.0417 4924 AsyncMac - ok
09:53:26.0447 4924 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
09:53:26.0447 4924 atapi - ok
09:53:26.0476 4924 [ 4FFE74E33BD9170950116F0CA46EAC89 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
09:53:26.0477 4924 AtiPcie - ok
09:53:26.0520 4924 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:53:26.0523 4924 AudioEndpointBuilder - ok
09:53:26.0527 4924 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:53:26.0529 4924 Audiosrv - ok
09:53:26.0872 4924 [ BA60FD7A64B9759A14C0FBA4A9ED4C7B ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
09:53:26.0950 4924 AVGIDSAgent - ok
09:53:27.0011 4924 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
09:53:27.0013 4924 AVGIDSDriver - ok
09:53:27.0025 4924 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys
09:53:27.0026 4924 AVGIDSFilter - ok
09:53:27.0071 4924 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
09:53:27.0072 4924 AVGIDSHX - ok
09:53:27.0094 4924 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
09:53:27.0095 4924 AVGIDSShim - ok
09:53:27.0118 4924 [ DDA6A2A18841E4C9172BB85958B8D948 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
09:53:27.0120 4924 Avgldx86 - ok
09:53:27.0132 4924 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
09:53:27.0133 4924 Avgmfx86 - ok
09:53:27.0139 4924 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
09:53:27.0140 4924 Avgrkx86 - ok
09:53:27.0152 4924 [ 1263F2554ACE925C237A40B4C568D815 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
09:53:27.0155 4924 Avgtdix - ok
09:53:27.0214 4924 [ 6F76908F065C3C151C4BFCA7DFD86979 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
09:53:27.0221 4924 avgtp - ok
09:53:27.0308 4924 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
09:53:27.0309 4924 avgwd - ok
09:53:27.0407 4924 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
09:53:27.0416 4924 Beep - ok
09:53:27.0464 4924 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
09:53:27.0467 4924 BFE - ok
09:53:27.0516 4924 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
09:53:27.0532 4924 BITS - ok
09:53:27.0542 4924 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
09:53:27.0544 4924 blbdrive - ok
09:53:27.0582 4924 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:53:27.0584 4924 bowser - ok
09:53:27.0598 4924 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
09:53:27.0599 4924 BrFiltLo - ok
09:53:27.0605 4924 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
09:53:27.0606 4924 BrFiltUp - ok
09:53:27.0643 4924 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
09:53:27.0645 4924 Browser - ok
09:53:27.0670 4924 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
09:53:27.0671 4924 Brserid - ok
09:53:27.0693 4924 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
09:53:27.0694 4924 BrSerWdm - ok
09:53:27.0707 4924 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
09:53:27.0708 4924 BrUsbMdm - ok
09:53:27.0710 4924 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
09:53:27.0711 4924 BrUsbSer - ok
09:53:27.0722 4924 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:53:27.0724 4924 BTHMODEM - ok
09:53:27.0731 4924 catchme - ok
09:53:27.0737 4924 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:53:27.0739 4924 cdfs - ok
09:53:27.0777 4924 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:53:27.0779 4924 cdrom - ok
09:53:27.0822 4924 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
09:53:27.0824 4924 CertPropSvc - ok
09:53:27.0853 4924 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
09:53:27.0854 4924 circlass - ok
09:53:27.0891 4924 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
09:53:27.0894 4924 CLFS - ok
09:53:27.0913 4924 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:53:27.0915 4924 clr_optimization_v2.0.50727_32 - ok
09:53:27.0966 4924 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:53:27.0988 4924 clr_optimization_v4.0.30319_32 - ok
09:53:28.0010 4924 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:53:28.0011 4924 cmdide - ok
09:53:28.0035 4924 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
09:53:28.0036 4924 Compbatt - ok
09:53:28.0039 4924 COMSysApp - ok
09:53:28.0056 4924 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:53:28.0057 4924 crcdisk - ok
09:53:28.0066 4924 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
09:53:28.0067 4924 Crusoe - ok
09:53:28.0108 4924 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:53:28.0110 4924 CryptSvc - ok
09:53:28.0158 4924 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:53:28.0164 4924 DcomLaunch - ok
09:53:28.0210 4924 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:53:28.0221 4924 DfsC - ok
09:53:28.0304 4924 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
09:53:28.0361 4924 DFSR - ok
09:53:28.0429 4924 [ F9F31A9F2A8C0DD0CEB6E380BF0985D4 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
09:53:28.0450 4924 dg_ssudbus - ok
09:53:28.0478 4924 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
09:53:28.0480 4924 Dhcp - ok
09:53:28.0494 4924 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
09:53:28.0496 4924 disk - ok
09:53:28.0538 4924 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:53:28.0540 4924 Dnscache - ok
09:53:28.0573 4924 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:53:28.0575 4924 dot3svc - ok
09:53:28.0620 4924 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
09:53:28.0622 4924 DPS - ok
09:53:28.0667 4924 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:53:28.0675 4924 drmkaud - ok
09:53:28.0770 4924 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:53:28.0789 4924 DXGKrnl - ok
09:53:28.0834 4924 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
09:53:28.0846 4924 E1G60 - ok
09:53:28.0859 4924 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
09:53:28.0861 4924 EapHost - ok
09:53:28.0877 4924 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
09:53:28.0880 4924 Ecache - ok
09:53:28.0957 4924 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:53:28.0973 4924 ehRecvr - ok
09:53:28.0982 4924 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
09:53:28.0984 4924 ehSched - ok
09:53:28.0995 4924 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
09:53:28.0996 4924 ehstart - ok
09:53:29.0012 4924 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:53:29.0016 4924 elxstor - ok
09:53:29.0075 4924 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
09:53:29.0085 4924 EMDMgmt - ok
09:53:29.0095 4924 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:53:29.0096 4924 ErrDev - ok
09:53:29.0140 4924 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
09:53:29.0142 4924 EventSystem - ok
09:53:29.0176 4924 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
09:53:29.0178 4924 exfat - ok
09:53:29.0199 4924 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:53:29.0201 4924 fastfat - ok
09:53:29.0219 4924 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:53:29.0221 4924 fdc - ok
09:53:29.0236 4924 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
09:53:29.0238 4924 fdPHost - ok
09:53:29.0250 4924 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
09:53:29.0251 4924 FDResPub - ok
09:53:29.0258 4924 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:53:29.0260 4924 FileInfo - ok
09:53:29.0273 4924 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:53:29.0275 4924 Filetrace - ok
09:53:29.0291 4924 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:53:29.0293 4924 flpydisk - ok
09:53:29.0308 4924 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:53:29.0311 4924 FltMgr - ok
09:53:29.0424 4924 [ 452FEAAB2A8DBB42ED751754CB2594F5 ] FontCache C:\Windows\system32\FntCache.dll
09:53:29.0445 4924 FontCache - ok
09:53:29.0532 4924 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:53:29.0533 4924 FontCache3.0.0.0 - ok
09:53:29.0583 4924 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:53:29.0584 4924 Fs_Rec - ok
09:53:29.0599 4924 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:53:29.0600 4924 gagp30kx - ok
09:53:29.0613 4924 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
09:53:29.0619 4924 gpsvc - ok
09:53:29.0723 4924 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:53:29.0725 4924 gupdate - ok
09:53:29.0737 4924 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:53:29.0738 4924 gupdatem - ok
09:53:29.0762 4924 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:53:29.0765 4924 HdAudAddService - ok
09:53:29.0808 4924 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:53:29.0814 4924 HDAudBus - ok
09:53:29.0827 4924 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:53:29.0828 4924 HidBth - ok
09:53:29.0839 4924 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
09:53:29.0840 4924 HidIr - ok
09:53:29.0843 4924 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
09:53:29.0844 4924 hidserv - ok
09:53:29.0856 4924 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:53:29.0857 4924 HidUsb - ok
09:53:29.0900 4924 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:53:29.0902 4924 hkmsvc - ok
09:53:29.0910 4924 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
09:53:29.0911 4924 HpCISSs - ok
09:53:29.0950 4924 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:53:29.0962 4924 HTTP - ok
09:53:29.0978 4924 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
09:53:29.0979 4924 i2omp - ok
09:53:30.0000 4924 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:53:30.0002 4924 i8042prt - ok
09:53:30.0021 4924 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
09:53:30.0024 4924 iaStorV - ok
09:53:30.0075 4924 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:53:30.0077 4924 IDriverT - ok
09:53:30.0152 4924 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:53:30.0161 4924 idsvc - ok
09:53:30.0184 4924 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:53:30.0185 4924 iirsp - ok
09:53:30.0201 4924 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
09:53:30.0206 4924 IKEEXT - ok
09:53:30.0281 4924 [ 6BEA3C6C9B0DC7BB92A54154796895B7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:53:30.0330 4924 IntcAzAudAddService - ok
09:53:30.0344 4924 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
09:53:30.0346 4924 intelide - ok
09:53:30.0366 4924 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:53:30.0368 4924 intelppm - ok
09:53:30.0410 4924 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:53:30.0412 4924 IPBusEnum - ok
09:53:30.0422 4924 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:53:30.0424 4924 IpFilterDriver - ok
09:53:30.0465 4924 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:53:30.0467 4924 iphlpsvc - ok
09:53:30.0470 4924 IpInIp - ok
09:53:30.0482 4924 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
09:53:30.0484 4924 IPMIDRV - ok
09:53:30.0490 4924 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
09:53:30.0493 4924 IPNAT - ok
09:53:30.0502 4924 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:53:30.0503 4924 IRENUM - ok
09:53:30.0525 4924 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:53:30.0527 4924 isapnp - ok
09:53:30.0566 4924 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
09:53:30.0568 4924 iScsiPrt - ok
09:53:30.0579 4924 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
09:53:30.0580 4924 iteatapi - ok
09:53:30.0590 4924 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
09:53:30.0591 4924 iteraid - ok
09:53:30.0597 4924 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:53:30.0599 4924 kbdclass - ok
09:53:30.0603 4924 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:53:30.0604 4924 kbdhid - ok
09:53:30.0625 4924 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
09:53:30.0626 4924 KeyIso - ok
09:53:30.0692 4924 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:53:30.0697 4924 KSecDD - ok
09:53:30.0748 4924 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
09:53:30.0752 4924 KtmRm - ok
09:53:30.0772 4924 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
09:53:30.0775 4924 LanmanServer - ok
09:53:30.0826 4924 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:53:30.0829 4924 LanmanWorkstation - ok
09:53:30.0845 4924 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:53:30.0846 4924 lltdio - ok
09:53:30.0870 4924 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:53:30.0873 4924 lltdsvc - ok
09:53:30.0895 4924 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:53:30.0897 4924 lmhosts - ok
09:53:30.0905 4924 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:53:30.0907 4924 LSI_FC - ok
09:53:30.0917 4924 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:53:30.0918 4924 LSI_SAS - ok
09:53:30.0933 4924 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:53:30.0935 4924 LSI_SCSI - ok
09:53:30.0949 4924 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
09:53:30.0951 4924 luafv - ok
09:53:30.0977 4924 [ A3E700D78EEC390F1208098CDCA5C6B6 ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus.sys
09:53:30.0979 4924 MarvinBus - ok
09:53:30.0998 4924 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:53:31.0000 4924 Mcx2Svc - ok
09:53:31.0048 4924 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
09:53:31.0050 4924 MDM - ok
09:53:31.0072 4924 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
09:53:31.0074 4924 megasas - ok
09:53:31.0094 4924 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
09:53:31.0098 4924 MegaSR - ok
09:53:31.0113 4924 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
09:53:31.0115 4924 MMCSS - ok
09:53:31.0133 4924 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
09:53:31.0134 4924 Modem - ok
09:53:31.0148 4924 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:53:31.0149 4924 monitor - ok
09:53:31.0152 4924 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:53:31.0153 4924 mouclass - ok
09:53:31.0155 4924 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:53:31.0156 4924 mouhid - ok
09:53:31.0163 4924 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
09:53:31.0164 4924 MountMgr - ok
09:53:31.0218 4924 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:53:31.0571 4924 MozillaMaintenance - ok
09:53:31.0604 4924 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
09:53:31.0606 4924 mpio - ok
09:53:31.0621 4924 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:53:31.0623 4924 mpsdrv - ok
09:53:31.0685 4924 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
09:53:31.0689 4924 MpsSvc - ok
09:53:31.0731 4924 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
09:53:31.0732 4924 Mraid35x - ok
09:53:31.0768 4924 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:53:31.0770 4924 MRxDAV - ok
09:53:31.0792 4924 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:53:31.0794 4924 mrxsmb - ok
09:53:31.0822 4924 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:53:31.0825 4924 mrxsmb10 - ok
09:53:31.0838 4924 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:53:31.0841 4924 mrxsmb20 - ok
09:53:31.0857 4924 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
09:53:31.0859 4924 msahci - ok
09:53:31.0877 4924 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:53:31.0883 4924 msdsm - ok
09:53:31.0938 4924 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
09:53:31.0940 4924 MSDTC - ok
09:53:31.0976 4924 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:53:31.0978 4924 Msfs - ok
09:53:31.0980 4924 MSICDSetup - ok
09:53:31.0991 4924 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:53:31.0993 4924 msisadrv - ok
09:53:32.0018 4924 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:53:32.0021 4924 MSiSCSI - ok
09:53:32.0023 4924 msiserver - ok
09:53:32.0036 4924 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:53:32.0037 4924 MSKSSRV - ok
09:53:32.0045 4924 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:53:32.0046 4924 MSPCLOCK - ok
09:53:32.0055 4924 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:53:32.0056 4924 MSPQM - ok
09:53:32.0088 4924 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:53:32.0090 4924 MsRPC - ok
09:53:32.0096 4924 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:53:32.0097 4924 mssmbios - ok
09:53:32.0106 4924 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:53:32.0107 4924 MSTEE - ok
09:53:32.0123 4924 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
09:53:32.0124 4924 Mup - ok
09:53:32.0147 4924 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
09:53:32.0151 4924 napagent - ok
09:53:32.0188 4924 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:53:32.0190 4924 NativeWifiP - ok
09:53:32.0228 4924 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:53:32.0232 4924 NDIS - ok
09:53:32.0236 4924 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:53:32.0237 4924 NdisTapi - ok
09:53:32.0247 4924 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:53:32.0248 4924 Ndisuio - ok
09:53:32.0267 4924 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:53:32.0269 4924 NdisWan - ok
09:53:32.0283 4924 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:53:32.0284 4924 NDProxy - ok
09:53:32.0287 4924 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:53:32.0288 4924 NetBIOS - ok
09:53:32.0326 4924 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
09:53:32.0328 4924 netbt - ok
09:53:32.0332 4924 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
09:53:32.0333 4924 Netlogon - ok
09:53:32.0395 4924 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
09:53:32.0405 4924 Netman - ok
09:53:32.0445 4924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:53:32.0447 4924 NetMsmqActivator - ok
09:53:32.0450 4924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:53:32.0451 4924 NetPipeActivator - ok
09:53:32.0470 4924 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
09:53:32.0473 4924 netprofm - ok
09:53:32.0476 4924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:53:32.0477 4924 NetTcpActivator - ok
09:53:32.0479 4924 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:53:32.0480 4924 NetTcpPortSharing - ok
09:53:32.0500 4924 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:53:32.0501 4924 nfrd960 - ok
09:53:32.0518 4924 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:53:32.0521 4924 NlaSvc - ok
09:53:32.0535 4924 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:53:32.0537 4924 Npfs - ok
09:53:32.0540 4924 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
09:53:32.0542 4924 nsi - ok
09:53:32.0544 4924 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:53:32.0546 4924 nsiproxy - ok
09:53:32.0564 4924 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:53:32.0584 4924 Ntfs - ok
09:53:32.0596 4924 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
09:53:32.0598 4924 ntrigdigi - ok
09:53:32.0600 4924 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
09:53:32.0601 4924 Null - ok
09:53:32.0802 4924 [ 66B4BF606FCC7F0622D4A21BB1461089 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:53:32.0940 4924 nvlddmkm - ok
09:53:32.0964 4924 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:53:32.0966 4924 nvraid - ok
09:53:32.0984 4924 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:53:32.0986 4924 nvstor - ok
09:53:33.0036 4924 [ D122F7C5F79C68868F5DC28CEFEB2ECF ] nvsvc C:\Windows\system32\nvvsvc.exe
09:53:33.0043 4924 nvsvc - ok
09:53:33.0061 4924 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:53:33.0063 4924 nv_agp - ok
09:53:33.0066 4924 NwlnkFlt - ok
09:53:33.0069 4924 NwlnkFwd - ok
09:53:33.0088 4924 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:53:33.0089 4924 ohci1394 - ok
09:53:33.0121 4924 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:53:33.0123 4924 ose - ok
09:53:33.0148 4924 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
09:53:33.0156 4924 p2pimsvc - ok
09:53:33.0164 4924 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
09:53:33.0168 4924 p2psvc - ok
09:53:33.0224 4924 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:53:33.0226 4924 Parport - ok
09:53:33.0260 4924 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:53:33.0262 4924 partmgr - ok
09:53:33.0265 4924 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
09:53:33.0266 4924 Parvdm - ok
09:53:33.0306 4924 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
09:53:33.0308 4924 PcaSvc - ok
09:53:33.0347 4924 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
09:53:33.0349 4924 pci - ok
09:53:33.0394 4924 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
09:53:33.0395 4924 pciide - ok
09:53:33.0417 4924 [ 1BEBE7DE8508A02650CDCE45C664C2A2 ] PCLEPCI C:\Windows\system32\drivers\pclepci.sys
09:53:33.0419 4924 PCLEPCI - ok
09:53:33.0434 4924 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:53:33.0436 4924 pcmcia - ok
09:53:33.0470 4924 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:53:33.0479 4924 PEAUTH - ok
09:53:33.0518 4924 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
09:53:33.0549 4924 pla - ok
09:53:33.0589 4924 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:53:33.0592 4924 PlugPlay - ok
09:53:33.0601 4924 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
09:53:33.0606 4924 PNRPAutoReg - ok
09:53:33.0614 4924 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
09:53:33.0618 4924 PNRPsvc - ok
09:53:33.0630 4924 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:53:33.0634 4924 PolicyAgent - ok
09:53:33.0646 4924 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:53:33.0647 4924 PptpMiniport - ok
09:53:33.0661 4924 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:53:33.0663 4924 Processor - ok
09:53:33.0677 4924 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
09:53:33.0680 4924 ProfSvc - ok
09:53:33.0683 4924 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
09:53:33.0684 4924 ProtectedStorage - ok
09:53:33.0719 4924 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
09:53:33.0721 4924 PSched - ok
09:53:33.0747 4924 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:53:33.0767 4924 ql2300 - ok
09:53:33.0784 4924 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:53:33.0787 4924 ql40xx - ok
09:53:33.0833 4924 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
09:53:33.0836 4924 QWAVE - ok
09:53:33.0851 4924 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:53:33.0852 4924 QWAVEdrv - ok
09:53:33.0859 4924 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:53:33.0860 4924 RasAcd - ok
09:53:33.0875 4924 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
09:53:33.0878 4924 RasAuto - ok
09:53:33.0889 4924 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:53:33.0891 4924 Rasl2tp - ok
09:53:33.0902 4924 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
09:53:33.0906 4924 RasMan - ok
09:53:33.0940 4924 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:53:33.0941 4924 RasPppoe - ok
09:53:33.0978 4924 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:53:33.0982 4924 RasSstp - ok
09:53:34.0023 4924 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:53:34.0026 4924 rdbss - ok
09:53:34.0039 4924 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:53:34.0040 4924 RDPCDD - ok
09:53:34.0062 4924 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
09:53:34.0065 4924 rdpdr - ok
09:53:34.0068 4924 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:53:34.0069 4924 RDPENCDD - ok
09:53:34.0113 4924 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:53:34.0115 4924 RDPWD - ok
09:53:34.0135 4924 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:53:34.0137 4924 RemoteAccess - ok
09:53:34.0169 4924 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:53:34.0172 4924 RemoteRegistry - ok
09:53:34.0207 4924 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
09:53:34.0208 4924 RpcLocator - ok
09:53:34.0229 4924 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
09:53:34.0233 4924 RpcSs - ok
09:53:34.0239 4924 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:53:34.0241 4924 rspndr - ok
09:53:34.0281 4924 [ F9575B977A13965BBE0181A6604F4F04 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
09:53:34.0285 4924 RTL8169 - ok
09:53:34.0288 4924 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
09:53:34.0289 4924 SamSs - ok
09:53:34.0300 4924 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:53:34.0302 4924 sbp2port - ok
09:53:34.0316 4924 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:53:34.0319 4924 SCardSvr - ok
09:53:34.0355 4924 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
09:53:34.0362 4924 Schedule - ok
09:53:34.0372 4924 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:53:34.0373 4924 SCPolicySvc - ok
09:53:34.0429 4924 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:53:34.0432 4924 SDRSVC - ok
09:53:34.0438 4924 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:53:34.0440 4924 secdrv - ok
09:53:34.0453 4924 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
09:53:34.0455 4924 seclogon - ok
09:53:34.0469 4924 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
09:53:34.0471 4924 SENS - ok
09:53:34.0510 4924 [ 268DC6A0EA10A494B369E94525742589 ] Ser2at C:\Windows\system32\DRIVERS\ser2at.sys
09:53:34.0512 4924 Ser2at - ok
09:53:34.0524 4924 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:53:34.0525 4924 Serenum - ok
09:53:34.0542 4924 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:53:34.0544 4924 Serial - ok
09:53:34.0562 4924 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:53:34.0563 4924 sermouse - ok
09:53:34.0584 4924 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
09:53:34.0587 4924 SessionEnv - ok
09:53:34.0604 4924 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:53:34.0606 4924 sffdisk - ok
09:53:34.0622 4924 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:53:34.0624 4924 sffp_mmc - ok
09:53:34.0638 4924 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:53:34.0639 4924 sffp_sd - ok
09:53:34.0683 4924 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:53:34.0684 4924 sfloppy - ok
09:53:34.0739 4924 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:53:34.0743 4924 SharedAccess - ok
09:53:34.0802 4924 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:53:34.0806 4924 ShellHWDetection - ok
09:53:34.0820 4924 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:53:34.0822 4924 sisagp - ok
09:53:34.0834 4924 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
09:53:34.0836 4924 SiSRaid2 - ok
09:53:34.0850 4924 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:53:34.0852 4924 SiSRaid4 - ok
09:53:35.0217 4924 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
09:53:35.0233 4924 slsvc - ok
09:53:35.0281 4924 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
09:53:35.0283 4924 SLUINotify - ok
09:53:35.0323 4924 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:53:35.0330 4924 Smb - ok
09:53:35.0369 4924 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:53:35.0375 4924 SNMPTRAP - ok
09:53:35.0404 4924 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
09:53:35.0411 4924 spldr - ok
09:53:35.0443 4924 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
09:53:35.0445 4924 Spooler - ok
09:53:35.0537 4924 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:53:35.0546 4924 srv - ok
09:53:35.0566 4924 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:53:35.0569 4924 srv2 - ok
09:53:35.0611 4924 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:53:35.0613 4924 srvnet - ok
09:53:35.0627 4924 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:53:35.0631 4924 SSDPSRV - ok
09:53:35.0661 4924 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:53:35.0664 4924 SstpSvc - ok
09:53:35.0715 4924 [ 07318149E102FD9197AB444C27774372 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
09:53:35.0717 4924 ssudmdm - ok
09:53:35.0866 4924 [ 9E1222C417291BC836210743624A8E5E ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
09:53:35.0867 4924 Stereo Service - ok
09:53:35.0916 4924 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
09:53:35.0922 4924 stisvc - ok
09:53:35.0966 4924 [ A089FA4AF3D36AE69A349627A15BCA4C ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
09:53:35.0988 4924 SWDUMon - ok
09:53:36.0007 4924 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:53:36.0009 4924 swenum - ok
09:53:36.0085 4924 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
09:53:36.0096 4924 swprv - ok
09:53:36.0118 4924 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
09:53:36.0119 4924 Symc8xx - ok
09:53:36.0139 4924 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
09:53:36.0141 4924 Sym_hi - ok
09:53:36.0154 4924 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
09:53:36.0156 4924 Sym_u3 - ok
09:53:36.0216 4924 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
09:53:36.0225 4924 SysMain - ok
09:53:36.0250 4924 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:53:36.0252 4924 TabletInputService - ok
09:53:36.0277 4924 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:53:36.0280 4924 TapiSrv - ok
09:53:36.0300 4924 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
09:53:36.0303 4924 TBS - ok
09:53:36.0464 4924 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:53:36.0513 4924 Tcpip - ok
09:53:36.0524 4924 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
09:53:36.0529 4924 Tcpip6 - ok
09:53:36.0572 4924 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:53:36.0604 4924 tcpipreg - ok
09:53:36.0629 4924 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:53:36.0632 4924 TDPIPE - ok
09:53:36.0660 4924 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:53:36.0661 4924 TDTCP - ok
09:53:36.0675 4924 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:53:36.0677 4924 tdx - ok
09:53:36.0719 4924 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:53:36.0736 4924 TermDD - ok
09:53:36.0764 4924 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
09:53:36.0770 4924 TermService - ok
09:53:36.0785 4924 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
09:53:36.0788 4924 Themes - ok
09:53:36.0799 4924 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
09:53:36.0800 4924 THREADORDER - ok
09:53:36.0836 4924 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
09:53:36.0838 4924 TrkWks - ok
09:53:36.0919 4924 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:53:36.0919 4924 TrustedInstaller - ok
09:53:36.0960 4924 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:53:36.0999 4924 tssecsrv - ok
09:53:37.0019 4924 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
09:53:37.0021 4924 tunmp - ok
09:53:37.0072 4924 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:53:37.0089 4924 tunnel - ok
09:53:37.0112 4924 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:53:37.0114 4924 uagp35 - ok
09:53:37.0125 4924 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:53:37.0127 4924 udfs - ok
09:53:37.0140 4924 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:53:37.0142 4924 UI0Detect - ok
09:53:37.0153 4924 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:53:37.0155 4924 uliagpkx - ok
09:53:37.0173 4924 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
09:53:37.0175 4924 uliahci - ok
09:53:37.0189 4924 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
09:53:37.0192 4924 UlSata - ok
09:53:37.0210 4924 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
09:53:37.0213 4924 ulsata2 - ok
09:53:37.0219 4924 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:53:37.0221 4924 umbus - ok
09:53:37.0233 4924 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
09:53:37.0237 4924 upnphost - ok
09:53:37.0255 4924 [ 8BD3AE150D97BA4E633C6C5C51B41AE1 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
09:53:37.0257 4924 usbccgp - ok
09:53:37.0281 4924 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:53:37.0282 4924 usbcir - ok
09:53:37.0326 4924 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:53:37.0328 4924 usbehci - ok
09:53:37.0343 4924 [ 56E89C8E05A987A49FFA595428FB9767 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
09:53:37.0344 4924 usbfilter - ok
09:53:37.0367 4924 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:53:37.0370 4924 usbhub - ok
09:53:37.0373 4924 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:53:37.0374 4924 usbohci - ok
09:53:37.0412 4924 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:53:37.0413 4924 usbprint - ok
09:53:37.0455 4924 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:53:37.0456 4924 usbscan - ok
09:53:37.0471 4924 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:53:37.0473 4924 USBSTOR - ok
09:53:37.0488 4924 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:53:37.0490 4924 usbuhci - ok
09:53:37.0498 4924 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
09:53:37.0500 4924 UxSms - ok
09:53:37.0513 4924 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
09:53:37.0518 4924 vds - ok
09:53:37.0528 4924 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:53:37.0529 4924 vga - ok
09:53:37.0545 4924 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
09:53:37.0547 4924 VgaSave - ok
09:53:37.0558 4924 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:53:37.0560 4924 viaagp - ok
09:53:37.0569 4924 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
09:53:37.0570 4924 ViaC7 - ok
09:53:37.0585 4924 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
09:53:37.0586 4924 viaide - ok
09:53:37.0628 4924 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:53:37.0629 4924 volmgr - ok
09:53:37.0645 4924 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:53:37.0648 4924 volmgrx - ok
09:53:37.0756 4924 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:53:37.0817 4924 volsnap - ok
09:53:37.0827 4924 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:53:37.0830 4924 vsmraid - ok
09:53:37.0852 4924 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
09:53:37.0873 4924 VSS - ok
09:53:38.0053 4924 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
09:53:38.0056 4924 vToolbarUpdater12.2.6 - ok
09:53:38.0132 4924 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
09:53:38.0148 4924 W32Time - ok
09:53:38.0171 4924 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:53:38.0172 4924 WacomPen - ok
09:53:38.0183 4924 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
09:53:38.0184 4924 Wanarp - ok
09:53:38.0186 4924 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:53:38.0187 4924 Wanarpv6 - ok
09:53:38.0204 4924 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:53:38.0210 4924 wcncsvc - ok
09:53:38.0253 4924 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:53:38.0280 4924 WcsPlugInService - ok
09:53:38.0303 4924 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
09:53:38.0304 4924 Wd - ok
09:53:38.0318 4924 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:53:38.0323 4924 Wdf01000 - ok
09:53:38.0334 4924 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:53:38.0338 4924 WdiServiceHost - ok
09:53:38.0340 4924 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:53:38.0342 4924 WdiSystemHost - ok
09:53:38.0429 4924 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
09:53:38.0457 4924 WebClient - ok
09:53:38.0501 4924 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:53:38.0504 4924 Wecsvc - ok
09:53:38.0511 4924 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:53:38.0514 4924 wercplsupport - ok
09:53:38.0523 4924 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
09:53:38.0526 4924 WerSvc - ok
09:53:38.0601 4924 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:53:38.0604 4924 WinDefend - ok
09:53:38.0608 4924 WinHttpAutoProxySvc - ok
09:53:38.0800 4924 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:53:38.0803 4924 Winmgmt - ok
09:53:38.0853 4924 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
09:53:38.0874 4924 WinRM - ok
09:53:38.0967 4924 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:53:38.0999 4924 Wlansvc - ok
09:53:39.0004 4924 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
09:53:39.0005 4924 WmiAcpi - ok
09:53:39.0057 4924 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:53:39.0066 4924 wmiApSrv - ok
09:53:39.0098 4924 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:53:39.0107 4924 WMPNetworkSvc - ok
09:53:39.0136 4924 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:53:39.0139 4924 WPCSvc - ok
09:53:39.0177 4924 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:53:39.0184 4924 WPDBusEnum - ok
09:53:39.0201 4924 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
09:53:39.0215 4924 WpdUsb - ok
09:53:39.0334 4924 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:53:39.0357 4924 WPFFontCache_v0400 - ok
09:53:39.0369 4924 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:53:39.0371 4924 ws2ifsl - ok
09:53:39.0413 4924 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
09:53:39.0419 4924 wscsvc - ok
09:53:39.0422 4924 WSearch - ok
09:53:39.0556 4924 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:53:39.0586 4924 wuauserv - ok
09:53:39.0605 4924 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:53:39.0607 4924 WUDFRd - ok
09:53:39.0613 4924 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:53:39.0616 4924 wudfsvc - ok
09:53:39.0620 4924 ================ Scan global ===============================
09:53:39.0669 4924 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
09:53:39.0724 4924 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
09:53:39.0743 4924 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
09:53:39.0812 4924 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
09:53:39.0815 4924 [Global] - ok
09:53:39.0815 4924 ================ Scan MBR ==================================
09:53:39.0838 4924 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
09:53:40.0711 4924 \Device\Harddisk0\DR0 - ok
09:53:41.0301 4924 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
09:53:41.0490 4924 \Device\Harddisk1\DR1 - ok
09:53:41.0490 4924 ================ Scan VBR ==================================
09:53:41.0506 4924 [ 81F19065FECCA60B70AC0EFAB53FC453 ] \Device\Harddisk0\DR0\Partition1
09:53:41.0508 4924 \Device\Harddisk0\DR0\Partition1 - ok
09:53:41.0529 4924 [ 38887667576B86FD3ED1DF8AE8B38667 ] \Device\Harddisk0\DR0\Partition2
09:53:41.0530 4924 \Device\Harddisk0\DR0\Partition2 - ok
09:53:41.0532 4924 [ B0BCEF27A956D4AD9227A8DAFF580F4C ] \Device\Harddisk1\DR1\Partition1
09:53:41.0533 4924 \Device\Harddisk1\DR1\Partition1 - ok
09:53:41.0552 4924 [ E4B45CB320DA27B06231EEF59F4B6F2C ] \Device\Harddisk1\DR1\Partition2
09:53:41.0553 4924 \Device\Harddisk1\DR1\Partition2 - ok
09:53:41.0553 4924 ============================================================
09:53:41.0553 4924 Scan finished
09:53:41.0553 4924 ============================================================
09:53:41.0559 1976 Detected object count: 0
09:53:41.0559 1976 Actual detected object count: 0
09:53:48.0889 4976 ============================================================
09:53:48.0889 4976 Scan started
09:53:48.0889 4976 Mode: Manual;
09:53:48.0889 4976 ============================================================
09:53:49.0114 4976 ================ Scan system memory ========================
09:53:49.0114 4976 System memory - ok
09:53:49.0115 4976 ================ Scan services =============================
09:53:49.0250 4976 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
09:53:49.0252 4976 ACPI - ok
09:53:49.0367 4976 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:53:49.0367 4976 AdobeARMservice - ok
09:53:49.0465 4976 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:53:49.0467 4976 AdobeFlashPlayerUpdateSvc - ok
09:53:49.0508 4976 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:53:49.0510 4976 adp94xx - ok
09:53:49.0527 4976 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:53:49.0528 4976 adpahci - ok
09:53:49.0535 4976 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
09:53:49.0535 4976 adpu160m - ok
09:53:49.0552 4976 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:53:49.0553 4976 adpu320 - ok
09:53:49.0596 4976 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:53:49.0597 4976 AeLookupSvc - ok
09:53:49.0612 4976 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
09:53:49.0614 4976 AFD - ok
09:53:49.0624 4976 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:53:49.0624 4976 agp440 - ok
09:53:49.0678 4976 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
09:53:49.0679 4976 aic78xx - ok
09:53:49.0693 4976 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
09:53:49.0694 4976 ALG - ok
09:53:49.0741 4976 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
09:53:49.0741 4976 aliide - ok
09:53:49.0851 4976 ALSysIO - ok
09:53:49.0883 4976 AMD FUEL Service - ok
09:53:49.0906 4976 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:53:49.0907 4976 amdagp - ok
09:53:49.0932 4976 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
09:53:49.0932 4976 amdide - ok
09:53:49.0950 4976 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys
09:53:49.0950 4976 amdiox86 - ok
09:53:49.0968 4976 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
09:53:49.0969 4976 AmdK7 - ok
09:53:49.0978 4976 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:53:49.0979 4976 AmdK8 - ok
09:53:50.0001 4976 [ CAB99E3AD8C02369BA32773E1813D5B3 ] APL531 C:\Windows\system32\Drivers\OVTX16.sys
09:53:50.0002 4976 APL531 - ok
09:53:50.0015 4976 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
09:53:50.0015 4976 Appinfo - ok
09:53:50.0034 4976 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
09:53:50.0035 4976 arc - ok
09:53:50.0058 4976 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:53:50.0059 4976 arcsas - ok
09:53:50.0079 4976 [ 875F9079CABEE679D34B49E466B61701 ] ASAPIW2K C:\Windows\system32\Drivers\ASAPIW2K.sys
09:53:50.0079 4976 ASAPIW2K - ok
09:53:50.0203 4976 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:53:50.0204 4976 aspnet_state - ok
09:53:50.0215 4976 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:53:50.0215 4976 AsyncMac - ok
09:53:50.0231 4976 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
09:53:50.0231 4976 atapi - ok
09:53:50.0256 4976 [ 4FFE74E33BD9170950116F0CA46EAC89 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
09:53:50.0256 4976 AtiPcie - ok
09:53:50.0289 4976 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:53:50.0290 4976 AudioEndpointBuilder - ok
09:53:50.0294 4976 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:53:50.0296 4976 Audiosrv - ok
09:53:50.0447 4976 [ BA60FD7A64B9759A14C0FBA4A9ED4C7B ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
09:53:50.0470 4976 AVGIDSAgent - ok
09:53:50.0481 4976 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
09:53:50.0482 4976 AVGIDSDriver - ok
09:53:50.0489 4976 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys
09:53:50.0489 4976 AVGIDSFilter - ok
09:53:50.0512 4976 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
09:53:50.0513 4976 AVGIDSHX - ok
09:53:50.0542 4976 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
09:53:50.0542 4976 AVGIDSShim - ok
09:53:50.0551 4976 [ DDA6A2A18841E4C9172BB85958B8D948 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
09:53:50.0552 4976 Avgldx86 - ok
09:53:50.0565 4976 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
09:53:50.0566 4976 Avgmfx86 - ok
09:53:50.0572 4976 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
09:53:50.0572 4976 Avgrkx86 - ok
09:53:50.0585 4976 [ 1263F2554ACE925C237A40B4C568D815 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
09:53:50.0586 4976 Avgtdix - ok
09:53:50.0607 4976 [ 6F76908F065C3C151C4BFCA7DFD86979 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
09:53:50.0607 4976 avgtp - ok
09:53:50.0650 4976 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
09:53:50.0651 4976 avgwd - ok
09:53:50.0656 4976 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
09:53:50.0657 4976 Beep - ok
09:53:50.0703 4976 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
09:53:50.0705 4976 BFE - ok
09:53:50.0776 4976 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
09:53:50.0781 4976 BITS - ok
09:53:50.0792 4976 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
09:53:50.0793 4976 blbdrive - ok
09:53:50.0862 4976 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:53:50.0863 4976 bowser - ok
09:53:50.0878 4976 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
09:53:50.0878 4976 BrFiltLo - ok
09:53:50.0885 4976 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
09:53:50.0885 4976 BrFiltUp - ok
09:53:50.0924 4976 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
09:53:50.0924 4976 Browser - ok
09:53:50.0940 4976 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
09:53:50.0941 4976 Brserid - ok
09:53:50.0963 4976 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
09:53:50.0964 4976 BrSerWdm - ok
09:53:50.0977 4976 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
09:53:50.0977 4976 BrUsbMdm - ok
09:53:50.0980 4976 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
09:53:50.0981 4976 BrUsbSer - ok
09:53:50.0993 4976 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:53:50.0993 4976 BTHMODEM - ok
09:53:50.0996 4976 catchme - ok
09:53:51.0000 4976 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:53:51.0001 4976 cdfs - ok
09:53:51.0037 4976 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:53:51.0038 4976 cdrom - ok
09:53:51.0083 4976 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
09:53:51.0083 4976 CertPropSvc - ok
09:53:51.0103 4976 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
09:53:51.0103 4976 circlass - ok
09:53:51.0131 4976 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
09:53:51.0132 4976 CLFS - ok
09:53:51.0153 4976 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:53:51.0153 4976 clr_optimization_v2.0.50727_32 - ok
09:53:51.0195 4976 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:53:51.0196 4976 clr_optimization_v4.0.30319_32 - ok
09:53:51.0199 4976 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:53:51.0199 4976 cmdide - ok
09:53:51.0214 4976 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
09:53:51.0214 4976 Compbatt - ok
09:53:51.0217 4976 COMSysApp - ok
09:53:51.0234 4976 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:53:51.0235 4976 crcdisk - ok
09:53:51.0245 4976 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
09:53:51.0246 4976 Crusoe - ok
09:53:51.0287 4976 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:53:51.0288 4976 CryptSvc - ok
09:53:51.0336 4976 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:53:51.0340 4976 DcomLaunch - ok
09:53:51.0366 4976 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:53:51.0366 4976 DfsC - ok
09:53:51.0419 4976 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
09:53:51.0429 4976 DFSR - ok
09:53:51.0465 4976 [ F9F31A9F2A8C0DD0CEB6E380BF0985D4 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
09:53:51.0466 4976 dg_ssudbus - ok
09:53:51.0484 4976 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
09:53:51.0485 4976 Dhcp - ok
09:53:51.0489 4976 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
09:53:51.0489 4976 disk - ok
09:53:51.0534 4976 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:53:51.0534 4976 Dnscache - ok
09:53:51.0568 4976 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:53:51.0570 4976 dot3svc - ok
09:53:51.0616 4976 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
09:53:51.0617 4976 DPS - ok
09:53:51.0663 4976 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:53:51.0663 4976 drmkaud - ok
09:53:51.0714 4976 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:53:51.0717 4976 DXGKrnl - ok
09:53:51.0728 4976 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
09:53:51.0729 4976 E1G60 - ok
09:53:51.0743 4976 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
09:53:51.0744 4976 EapHost - ok
09:53:51.0751 4976 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
09:53:51.0752 4976 Ecache - ok
09:53:51.0803 4976 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:53:51.0804 4976 ehRecvr - ok
09:53:51.0815 4976 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
09:53:51.0816 4976 ehSched - ok
09:53:51.0828 4976 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
09:53:51.0828 4976 ehstart - ok
09:53:51.0845 4976 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:53:51.0846 4976 elxstor - ok
09:53:51.0868 4976 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
09:53:51.0870 4976 EMDMgmt - ok
09:53:51.0898 4976 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:53:51.0898 4976 ErrDev - ok
09:53:51.0964 4976 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
09:53:51.0966 4976 EventSystem - ok
09:53:51.0988 4976 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
09:53:51.0989 4976 exfat - ok
09:53:52.0032 4976 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:53:52.0033 4976 fastfat - ok
09:53:52.0042 4976 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:53:52.0043 4976 fdc - ok
09:53:52.0059 4976 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
09:53:52.0060 4976 fdPHost - ok
09:53:52.0073 4976 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
09:53:52.0073 4976 FDResPub - ok
09:53:52.0076 4976 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:53:52.0077 4976 FileInfo - ok
09:53:52.0086 4976 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:53:52.0086 4976 Filetrace - ok
09:53:52.0094 4976 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:53:52.0094 4976 flpydisk - ok
09:53:52.0141 4976 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:53:52.0142 4976 FltMgr - ok
09:53:52.0165 4976 [ 452FEAAB2A8DBB42ED751754CB2594F5 ] FontCache C:\Windows\system32\FntCache.dll
09:53:52.0169 4976 FontCache - ok
09:53:52.0223 4976 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:53:52.0223 4976 FontCache3.0.0.0 - ok
09:53:52.0273 4976 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:53:52.0274 4976 Fs_Rec - ok
09:53:52.0289 4976 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:53:52.0290 4976 gagp30kx - ok
09:53:52.0304 4976 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
09:53:52.0307 4976 gpsvc - ok
09:53:52.0383 4976 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:53:52.0384 4976 gupdate - ok
09:53:52.0387 4976 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:53:52.0388 4976 gupdatem - ok
09:53:52.0402 4976 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:53:52.0403 4976 HdAudAddService - ok
09:53:52.0447 4976 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:53:52.0450 4976 HDAudBus - ok
09:53:52.0457 4976 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:53:52.0457 4976 HidBth - ok
09:53:52.0469 4976 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
09:53:52.0469 4976 HidIr - ok
09:53:52.0472 4976 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
09:53:52.0473 4976 hidserv - ok
09:53:52.0486 4976 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:53:52.0486 4976 HidUsb - ok
09:53:52.0529 4976 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:53:52.0530 4976 hkmsvc - ok
09:53:52.0539 4976 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
09:53:52.0540 4976 HpCISSs - ok
09:53:52.0580 4976 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:53:52.0582 4976 HTTP - ok
09:53:52.0587 4976 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
09:53:52.0588 4976 i2omp - ok
09:53:52.0599 4976 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:53:52.0600 4976 i8042prt - ok
09:53:52.0620 4976 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
09:53:52.0622 4976 iaStorV - ok
09:53:52.0674 4976 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:53:52.0674 4976 IDriverT - ok
09:53:52.0711 4976 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:53:52.0715 4976 idsvc - ok
09:53:52.0742 4976 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:53:52.0743 4976 iirsp - ok
09:53:52.0759 4976 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
09:53:52.0762 4976 IKEEXT - ok
09:53:52.0839 4976 [ 6BEA3C6C9B0DC7BB92A54154796895B7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:53:52.0854 4976 IntcAzAudAddService - ok
09:53:52.0862 4976 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
09:53:52.0862 4976 intelide - ok
09:53:52.0874 4976 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:53:52.0874 4976 intelppm - ok
09:53:52.0918 4976 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:53:52.0919 4976 IPBusEnum - ok
09:53:52.0930 4976 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:53:52.0930 4976 IpFilterDriver - ok
09:53:52.0974 4976 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:53:52.0976 4976 iphlpsvc - ok
09:53:52.0979 4976 IpInIp - ok
09:53:52.0990 4976 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
09:53:52.0990 4976 IPMIDRV - ok
09:53:52.0998 4976 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
09:53:52.0998 4976 IPNAT - ok
09:53:53.0009 4976 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:53:53.0010 4976 IRENUM - ok
09:53:53.0033 4976 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:53:53.0033 4976 isapnp - ok
09:53:53.0063 4976 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
09:53:53.0065 4976 iScsiPrt - ok
09:53:53.0076 4976 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
09:53:53.0077 4976 iteatapi - ok
09:53:53.0087 4976 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
09:53:53.0088 4976 iteraid - ok
09:53:53.0095 4976 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:53:53.0095 4976 kbdclass - ok
09:53:53.0100 4976 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:53:53.0101 4976 kbdhid - ok
09:53:53.0122 4976 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
09:53:53.0123 4976 KeyIso - ok
09:53:53.0180 4976 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:53:53.0182 4976 KSecDD - ok
09:53:53.0225 4976 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
09:53:53.0227 4976 KtmRm - ok
09:53:53.0249 4976 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
09:53:53.0251 4976 LanmanServer - ok
09:53:53.0272 4976 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:53:53.0275 4976 LanmanWorkstation - ok
09:53:53.0281 4976 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:53:53.0282 4976 lltdio - ok
09:53:53.0316 4976 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:53:53.0318 4976 lltdsvc - ok
09:53:53.0342 4976 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:53:53.0343 4976 lmhosts - ok
09:53:53.0352 4976 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:53:53.0352 4976 LSI_FC - ok
09:53:53.0363 4976 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:53:53.0364 4976 LSI_SAS - ok
09:53:53.0380 4976 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:53:53.0380 4976 LSI_SCSI - ok
09:53:53.0396 4976 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
09:53:53.0397 4976 luafv - ok
09:53:53.0432 4976 [ A3E700D78EEC390F1208098CDCA5C6B6 ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus.sys
09:53:53.0433 4976 MarvinBus - ok
09:53:53.0465 4976 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:53:53.0466 4976 Mcx2Svc - ok
09:53:53.0505 4976 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
09:53:53.0507 4976 MDM - ok
09:53:53.0529 4976 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
09:53:53.0530 4976 megasas - ok
09:53:53.0550 4976 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
09:53:53.0552 4976 MegaSR - ok
09:53:53.0570 4976 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
09:53:53.0571 4976 MMCSS - ok
09:53:53.0589 4976 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
09:53:53.0590 4976 Modem - ok
09:53:53.0593 4976 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:53:53.0594 4976 monitor - ok
09:53:53.0596 4976 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:53:53.0597 4976 mouclass - ok
09:53:53.0600 4976 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:53:53.0600 4976 mouhid - ok
09:53:53.0619 4976 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
09:53:53.0620 4976 MountMgr - ok
09:53:53.0675 4976 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:53:53.0676 4976 MozillaMaintenance - ok
09:53:53.0705 4976 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
09:53:53.0706 4976 mpio - ok
09:53:53.0722 4976 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:53:53.0723 4976 mpsdrv - ok
09:53:53.0775 4976 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
09:53:53.0778 4976 MpsSvc - ok
09:53:53.0801 4976 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
09:53:53.0802 4976 Mraid35x - ok
09:53:53.0838 4976 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:53:53.0839 4976 MRxDAV - ok
09:53:53.0862 4976 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:53:53.0863 4976 mrxsmb - ok
09:53:53.0892 4976 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:53:53.0893 4976 mrxsmb10 - ok
09:53:53.0897 4976 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:53:53.0897 4976 mrxsmb20 - ok
09:53:53.0917 4976 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
09:53:53.0918 4976 msahci - ok
09:53:53.0937 4976 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:53:53.0938 4976 msdsm - ok
09:53:53.0967 4976 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
09:53:53.0969 4976 MSDTC - ok
09:53:53.0974 4976 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:53:53.0974 4976 Msfs - ok
09:53:53.0976 4976 MSICDSetup - ok
09:53:53.0979 4976 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:53:53.0980 4976 msisadrv - ok
09:53:54.0007 4976 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:53:54.0008 4976 MSiSCSI - ok
09:53:54.0011 4976 msiserver - ok
09:53:54.0025 4976 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:53:54.0026 4976 MSKSSRV - ok
09:53:54.0034 4976 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:53:54.0034 4976 MSPCLOCK - ok
09:53:54.0044 4976 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:53:54.0044 4976 MSPQM - ok
09:53:54.0077 4976 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:53:54.0078 4976 MsRPC - ok
09:53:54.0085 4976 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:53:54.0086 4976 mssmbios - ok
09:53:54.0095 4976 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:53:54.0095 4976 MSTEE - ok
09:53:54.0130 4976 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
09:53:54.0131 4976 Mup - ok
09:53:54.0146 4976 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
09:53:54.0149 4976 napagent - ok
09:53:54.0187 4976 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:53:54.0188 4976 NativeWifiP - ok
09:53:54.0210 4976 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:53:54.0212 4976 NDIS - ok
09:53:54.0216 4976 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:53:54.0216 4976 NdisTapi - ok
09:53:54.0236 4976 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:53:54.0236 4976 Ndisuio - ok
09:53:54.0256 4976 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:53:54.0256 4976 NdisWan - ok
09:53:54.0261 4976 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:53:54.0262 4976 NDProxy - ok
09:53:54.0265 4976 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:53:54.0265 4976 NetBIOS - ok
09:53:54.0274 4976 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
09:53:54.0275 4976 netbt - ok
09:53:54.0278 4976 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
09:53:54.0279 4976 Netlogon - ok
09:53:54.0322 4976 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
09:53:54.0325 4976 Netman - ok
09:53:54.0363 4976 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:53:54.0364 4976 NetMsmqActivator - ok
09:53:54.0366 4976 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:53:54.0367 4976 NetPipeActivator - ok
09:53:54.0387 4976 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
09:53:54.0389 4976 netprofm - ok
09:53:54.0392 4976 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:53:54.0393 4976 NetTcpActivator - ok
09:53:54.0395 4976 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:53:54.0396 4976 NetTcpPortSharing - ok
09:53:54.0408 4976 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:53:54.0408 4976 nfrd960 - ok
09:53:54.0425 4976 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:53:54.0427 4976 NlaSvc - ok
09:53:54.0433 4976 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:53:54.0433 4976 Npfs - ok
09:53:54.0446 4976 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
09:53:54.0448 4976 nsi - ok
09:53:54.0451 4976 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:53:54.0451 4976 nsiproxy - ok
09:53:54.0472 4976 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:53:54.0477 4976 Ntfs - ok
09:53:54.0494 4976 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
09:53:54.0494 4976 ntrigdigi - ok
09:53:54.0511 4976 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
09:53:54.0511 4976 Null - ok
09:53:54.0699 4976 [ 66B4BF606FCC7F0622D4A21BB1461089 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:53:54.0746 4976 nvlddmkm - ok
09:53:54.0759 4976 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:53:54.0760 4976 nvraid - ok
09:53:54.0780 4976 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:53:54.0780 4976 nvstor - ok
09:53:54.0832 4976 [ D122F7C5F79C68868F5DC28CEFEB2ECF ] nvsvc C:\Windows\system32\nvvsvc.exe
09:53:54.0838 4976 nvsvc - ok
09:53:54.0857 4976 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:53:54.0858 4976 nv_agp - ok
09:53:54.0861 4976 NwlnkFlt - ok
09:53:54.0863 4976 NwlnkFwd - ok
09:53:54.0883 4976 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:53:54.0884 4976 ohci1394 - ok
09:53:54.0907 4976 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:53:54.0907 4976 ose - ok
09:53:54.0934 4976 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
09:53:54.0938 4976 p2pimsvc - ok
09:53:54.0945 4976 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
09:53:54.0949 4976 p2psvc - ok
09:53:54.0989 4976 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:53:54.0990 4976 Parport - ok
09:53:55.0026 4976 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:53:55.0026 4976 partmgr - ok
09:53:55.0039 4976 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
09:53:55.0039 4976 Parvdm - ok
09:53:55.0071 4976 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
09:53:55.0072 4976 PcaSvc - ok
09:53:55.0091 4976 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
09:53:55.0092 4976 pci - ok
09:53:55.0118 4976 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
09:53:55.0119 4976 pciide - ok
09:53:55.0142 4976 [ 1BEBE7DE8508A02650CDCE45C664C2A2 ] PCLEPCI C:\Windows\system32\drivers\pclepci.sys
09:53:55.0142 4976 PCLEPCI - ok
09:53:55.0158 4976 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:53:55.0159 4976 pcmcia - ok
09:53:55.0185 4976 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:53:55.0189 4976 PEAUTH - ok
09:53:55.0222 4976 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
09:53:55.0230 4976 pla - ok
09:53:55.0242 4976 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:53:55.0244 4976 PlugPlay - ok
09:53:55.0253 4976 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
09:53:55.0257 4976 PNRPAutoReg - ok
09:53:55.0265 4976 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
09:53:55.0269 4976 PNRPsvc - ok
09:53:55.0283 4976 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:53:55.0285 4976 PolicyAgent - ok
09:53:55.0299 4976 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:53:55.0299 4976 PptpMiniport - ok
09:53:55.0304 4976 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:53:55.0305 4976 Processor - ok
09:53:55.0309 4976 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
09:53:55.0311 4976 ProfSvc - ok
09:53:55.0319 4976 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
09:53:55.0320 4976 ProtectedStorage - ok
09:53:55.0362 4976 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
09:53:55.0363 4976 PSched - ok
09:53:55.0390 4976 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:53:55.0395 4976 ql2300 - ok
09:53:55.0407 4976 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:53:55.0408 4976 ql40xx - ok
09:53:55.0455 4976 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
09:53:55.0458 4976 QWAVE - ok
09:53:55.0463 4976 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:53:55.0464 4976 QWAVEdrv - ok
09:53:55.0471 4976 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:53:55.0472 4976 RasAcd - ok
09:53:55.0477 4976 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
09:53:55.0479 4976 RasAuto - ok
09:53:55.0482 4976 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:53:55.0483 4976 Rasl2tp - ok
09:53:55.0495 4976 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
09:53:55.0497 4976 RasMan - ok
09:53:55.0532 4976 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:53:55.0533 4976 RasPppoe - ok
09:53:55.0539 4976 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:53:55.0540 4976 RasSstp - ok
09:53:55.0544 4976 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:53:55.0546 4976 rdbss - ok
09:53:55.0560 4976 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:53:55.0560 4976 RDPCDD - ok
09:53:55.0583 4976 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
09:53:55.0585 4976 rdpdr - ok
09:53:55.0588 4976 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:53:55.0588 4976 RDPENCDD - ok
09:53:55.0634 4976 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:53:55.0635 4976 RDPWD - ok
09:53:55.0639 4976 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:53:55.0640 4976 RemoteAccess - ok
09:53:55.0690 4976 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:53:55.0692 4976 RemoteRegistry - ok
09:53:55.0695 4976 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
09:53:55.0696 4976 RpcLocator - ok
09:53:55.0740 4976 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
09:53:55.0744 4976 RpcSs - ok
09:53:55.0771 4976 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:53:55.0771 4976 rspndr - ok
09:53:55.0802 4976 [ F9575B977A13965BBE0181A6604F4F04 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
09:53:55.0804 4976 RTL8169 - ok
09:53:55.0807 4976 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
09:53:55.0808 4976 SamSs - ok
09:53:55.0821 4976 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:53:55.0821 4976 sbp2port - ok
09:53:55.0837 4976 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:53:55.0839 4976 SCardSvr - ok
09:53:55.0876 4976 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
09:53:55.0880 4976 Schedule - ok
09:53:55.0893 4976 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:53:55.0894 4976 SCPolicySvc - ok
09:53:55.0930 4976 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:53:55.0932 4976 SDRSVC - ok
09:53:55.0939 4976 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:53:55.0939 4976 secdrv - ok
09:53:55.0944 4976 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
09:53:55.0945 4976 seclogon - ok
09:53:55.0959 4976 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
09:53:55.0961 4976 SENS - ok
09:53:56.0010 4976 [ 268DC6A0EA10A494B369E94525742589 ] Ser2at C:\Windows\system32\DRIVERS\ser2at.sys
09:53:56.0011 4976 Ser2at - ok
09:53:56.0014 4976 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:53:56.0014 4976 Serenum - ok
09:53:56.0017 4976 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:53:56.0018 4976 Serial - ok
09:53:56.0062 4976 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:53:56.0063 4976 sermouse - ok
09:53:56.0074 4976 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
09:53:56.0076 4976 SessionEnv - ok
09:53:56.0084 4976 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:53:56.0085 4976 sffdisk - ok
09:53:56.0092 4976 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:53:56.0092 4976 sffp_mmc - ok
09:53:56.0098 4976 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:53:56.0098 4976 sffp_sd - ok
09:53:56.0143 4976 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:53:56.0143 4976 sfloppy - ok
09:53:56.0189 4976 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:53:56.0191 4976 SharedAccess - ok
09:53:56.0231 4976 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:53:56.0234 4976 ShellHWDetection - ok
09:53:56.0250 4976 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:53:56.0250 4976 sisagp - ok
09:53:56.0264 4976 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
09:53:56.0264 4976 SiSRaid2 - ok
09:53:56.0279 4976 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:53:56.0280 4976 SiSRaid4 - ok
09:53:56.0368 4976 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
09:53:56.0384 4976 slsvc - ok
09:53:56.0426 4976 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
09:53:56.0427 4976 SLUINotify - ok
09:53:56.0468 4976 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:53:56.0469 4976 Smb - ok
09:53:56.0514 4976 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:53:56.0516 4976 SNMPTRAP - ok
09:53:56.0529 4976 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
09:53:56.0529 4976 spldr - ok
09:53:56.0568 4976 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
09:53:56.0570 4976 Spooler - ok
09:53:56.0612 4976 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:53:56.0614 4976 srv - ok
09:53:56.0630 4976 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:53:56.0631 4976 srv2 - ok
09:53:56.0675 4976 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:53:56.0675 4976 srvnet - ok
09:53:56.0711 4976 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:53:56.0713 4976 SSDPSRV - ok
09:53:56.0724 4976 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:53:56.0726 4976 SstpSvc - ok
09:53:56.0768 4976 [ 07318149E102FD9197AB444C27774372 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
09:53:56.0769 4976 ssudmdm - ok
09:53:56.0807 4976 [ 9E1222C417291BC836210743624A8E5E ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
09:53:56.0809 4976 Stereo Service - ok
09:53:56.0858 4976 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
09:53:56.0861 4976 stisvc - ok
09:53:56.0908 4976 [ A089FA4AF3D36AE69A349627A15BCA4C ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
09:53:56.0908 4976 SWDUMon - ok
09:53:56.0918 4976 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:53:56.0919 4976 swenum - ok
09:53:56.0945 4976 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
09:53:56.0948 4976 swprv - ok
09:53:56.0978 4976 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
09:53:56.0978 4976 Symc8xx - ok
09:53:56.0999 4976 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
09:53:57.0000 4976 Sym_hi - ok
09:53:57.0034 4976 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
09:53:57.0035 4976 Sym_u3 - ok
09:53:57.0055 4976 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
09:53:57.0059 4976 SysMain - ok
09:53:57.0069 4976 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:53:57.0071 4976 TabletInputService - ok
09:53:57.0116 4976 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:53:57.0119 4976 TapiSrv - ok
09:53:57.0140 4976 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
09:53:57.0142 4976 TBS - ok
09:53:57.0200 4976 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:53:57.0204 4976 Tcpip - ok
09:53:57.0215 4976 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
09:53:57.0219 4976 Tcpip6 - ok
09:53:57.0259 4976 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:53:57.0260 4976 tcpipreg - ok
09:53:57.0275 4976 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:53:57.0276 4976 TDPIPE - ok
09:53:57.0286 4976 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:53:57.0286 4976 TDTCP - ok
09:53:57.0331 4976 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:53:57.0332 4976 tdx - ok
09:53:57.0365 4976 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:53:57.0366 4976 TermDD - ok
09:53:57.0380 4976 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
09:53:57.0383 4976 TermService - ok
09:53:57.0388 4976 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
09:53:57.0391 4976 Themes - ok
09:53:57.0404 4976 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
09:53:57.0406 4976 THREADORDER - ok
09:53:57.0411 4976 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
09:53:57.0413 4976 TrkWks - ok
09:53:57.0462 4976 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:53:57.0462 4976 TrustedInstaller - ok
09:53:57.0474 4976 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:53:57.0474 4976 tssecsrv - ok
09:53:57.0533 4976 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
09:53:57.0534 4976 tunmp - ok
09:53:57.0586 4976 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:53:57.0586 4976 tunnel - ok
09:53:57.0596 4976 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:53:57.0596 4976 uagp35 - ok
09:53:57.0608 4976 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:53:57.0610 4976 udfs - ok
09:53:57.0623 4976 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:53:57.0625 4976 UI0Detect - ok
09:53:57.0667 4976 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:53:57.0668 4976 uliagpkx - ok
09:53:57.0687 4976 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
09:53:57.0688 4976 uliahci - ok
09:53:57.0704 4976 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
09:53:57.0704 4976 UlSata - ok
09:53:57.0725 4976 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
09:53:57.0725 4976 ulsata2 - ok
09:53:57.0733 4976 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:53:57.0734 4976 umbus - ok
09:53:57.0747 4976 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
09:53:57.0749 4976 upnphost - ok
09:53:57.0769 4976 [ 8BD3AE150D97BA4E633C6C5C51B41AE1 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
09:53:57.0770 4976 usbccgp - ok
09:53:57.0785 4976 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:53:57.0785 4976 usbcir - ok
09:53:57.0820 4976 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:53:57.0820 4976 usbehci - ok
09:53:57.0836 4976 [ 56E89C8E05A987A49FFA595428FB9767 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
09:53:57.0837 4976 usbfilter - ok
09:53:57.0851 4976 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:53:57.0852 4976 usbhub - ok
09:53:57.0855 4976 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:53:57.0856 4976 usbohci - ok
09:53:57.0895 4976 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:53:57.0896 4976 usbprint - ok
09:53:57.0918 4976 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:53:57.0919 4976 usbscan - ok
09:53:57.0945 4976 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:53:57.0946 4976 USBSTOR - ok
09:53:57.0962 4976 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:53:57.0962 4976 usbuhci - ok
09:53:57.0982 4976 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
09:53:57.0984 4976 UxSms - ok
09:53:58.0016 4976 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
09:53:58.0020 4976 vds - ok
09:53:58.0032 4976 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:53:58.0033 4976 vga - ok
09:53:58.0049 4976 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
09:53:58.0050 4976 VgaSave - ok
09:53:58.0062 4976 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:53:58.0063 4976 viaagp - ok
09:53:58.0073 4976 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
09:53:58.0073 4976 ViaC7 - ok
09:53:58.0079 4976 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
09:53:58.0079 4976 viaide - ok
09:53:58.0091 4976 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:53:58.0091 4976 volmgr - ok
09:53:58.0110 4976 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:53:58.0112 4976 volmgrx - ok
09:53:58.0148 4976 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:53:58.0149 4976 volsnap - ok
09:53:58.0158 4976 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:53:58.0159 4976 vsmraid - ok
09:53:58.0183 4976 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
09:53:58.0189 4976 VSS - ok
09:53:58.0272 4976 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
09:53:58.0275 4976 vToolbarUpdater12.2.6 - ok
09:53:58.0287 4976 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
09:53:58.0290 4976 W32Time - ok
09:53:58.0298 4976 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:53:58.0299 4976 WacomPen - ok
09:53:58.0310 4976 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
09:53:58.0311 4976 Wanarp - ok
09:53:58.0313 4976 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:53:58.0314 4976 Wanarpv6 - ok
09:53:58.0332 4976 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:53:58.0335 4976 wcncsvc - ok
09:53:58.0380 4976 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:53:58.0382 4976 WcsPlugInService - ok
09:53:58.0400 4976 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
09:53:58.0400 4976 Wd - ok
09:53:58.0426 4976 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:53:58.0428 4976 Wdf01000 - ok
09:53:58.0441 4976 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:53:58.0443 4976 WdiServiceHost - ok
09:53:58.0446 4976 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:53:58.0448 4976 WdiSystemHost - ok
09:53:58.0455 4976 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
09:53:58.0457 4976 WebClient - ok
09:53:58.0497 4976 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:53:58.0499 4976 Wecsvc - ok
09:53:58.0507 4976 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:53:58.0509 4976 wercplsupport - ok
09:53:58.0518 4976 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
09:53:58.0520 4976 WerSvc - ok
09:53:58.0596 4976 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:53:58.0598 4976 WinDefend - ok
09:53:58.0602 4976 WinHttpAutoProxySvc - ok
09:53:58.0688 4976 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:53:58.0690 4976 Winmgmt - ok
09:53:58.0747 4976 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
09:53:58.0754 4976 WinRM - ok
09:53:58.0800 4976 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:53:58.0804 4976 Wlansvc - ok
09:53:58.0817 4976 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
09:53:58.0817 4976 WmiAcpi - ok
09:53:58.0858 4976 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:53:58.0859 4976 wmiApSrv - ok
09:53:58.0891 4976 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:53:58.0895 4976 WMPNetworkSvc - ok
09:53:58.0913 4976 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:53:58.0915 4976 WPCSvc - ok
09:53:58.0948 4976 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:53:58.0950 4976 WPDBusEnum - ok
09:53:58.0962 4976 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
09:53:58.0963 4976 WpdUsb - ok
09:53:59.0044 4976 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:53:59.0048 4976 WPFFontCache_v0400 - ok
09:53:59.0060 4976 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:53:59.0060 4976 ws2ifsl - ok
09:53:59.0104 4976 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
09:53:59.0106 4976 wscsvc - ok
09:53:59.0108 4976 WSearch - ok
09:53:59.0185 4976 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:53:59.0195 4976 wuauserv - ok
09:53:59.0204 4976 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:53:59.0205 4976 WUDFRd - ok
09:53:59.0212 4976 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:53:59.0214 4976 wudfsvc - ok
09:53:59.0218 4976 ================ Scan global ===============================
09:53:59.0289 4976 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
09:53:59.0323 4976 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
09:53:59.0330 4976 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
09:53:59.0355 4976 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
09:53:59.0357 4976 [Global] - ok
09:53:59.0357 4976 ================ Scan MBR ==================================
09:53:59.0386 4976 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
09:53:59.0637 4976 \Device\Harddisk0\DR0 - ok
09:54:00.0211 4976 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
09:54:00.0408 4976 \Device\Harddisk1\DR1 - ok
09:54:00.0408 4976 ================ Scan VBR ==================================
09:54:00.0409 4976 [ 81F19065FECCA60B70AC0EFAB53FC453 ] \Device\Harddisk0\DR0\Partition1
09:54:00.0411 4976 \Device\Harddisk0\DR0\Partition1 - ok
09:54:00.0436 4976 [ 38887667576B86FD3ED1DF8AE8B38667 ] \Device\Harddisk0\DR0\Partition2
09:54:00.0437 4976 \Device\Harddisk0\DR0\Partition2 - ok
09:54:00.0439 4976 [ B0BCEF27A956D4AD9227A8DAFF580F4C ] \Device\Harddisk1\DR1\Partition1
09:54:00.0440 4976 \Device\Harddisk1\DR1\Partition1 - ok
09:54:00.0462 4976 [ E4B45CB320DA27B06231EEF59F4B6F2C ] \Device\Harddisk1\DR1\Partition2
09:54:00.0462 4976 \Device\Harddisk1\DR1\Partition2 - ok
09:54:00.0463 4976 ============================================================
09:54:00.0463 4976 Scan finished
09:54:00.0463 4976 ============================================================
09:54:00.0467 3376 Detected object count: 0
09:54:00.0467 3376 Actual detected object count: 0
09:56:10.0984 2768 Deinitialize success

I found the log file after extacting my head from the dark carven, so here it is!!!

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:28 AM

Posted 01 November 2012 - 08:53 PM

Greetings rexdc

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Rex\AppData\Roaming\DriverCure
c:\users\Rex\AppData\Roaming\SpeedyPC Software
c:\programdata\SpeedyPC Software
c:\program files\SpeedyPC Software
c:\program files\Freecorder

File::
C:\Users\Rex\AppData\Local\ATI\Apps\uwcmpbqro.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:28 AM

Posted 04 November 2012 - 06:08 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:28 AM

Posted 08 November 2012 - 12:20 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:28 AM

Posted 11 November 2012 - 07:20 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users