Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google redirect problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google redirect problem

Unread postby jbitz » April 2nd, 2012, 9:56 am

My browsers IE and Firefox randomly get redirected to sites like scour.com, gimmieanswers.com, and Happili.com when using Google search engine. I have not noticed any problems with other search engines. I tried running combofix as suggested by someone else, but the problem still persists. Malwarebytes, Spybot, and AVG all come up negative on my scans for infection.

Thanks in advance for your help.

Here are my DDS logs attached below:



DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Jbitz at 9:28:06 on 2012-04-02
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16382.13734 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
E:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Windows\system32\taskeng.exe
E:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Windows\DAODx.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
E:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
E:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
E:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Users\Jbitz\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\ProgramData\Everstrike\US4Service.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
e:\Program Files (x86)\Mozilla Firefox\firefox.exe
e:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
E:\PROGRA~2\AVG\AVG10\avgrsa.exe
E:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\WUDFHost.exe
E:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
e:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - E:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [US4Service] C:\ProgramData\Everstrike\US4Service.exe
mRun: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [KeePass 2 PreLoad] "e:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Jbitz\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jbitz\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Jbitz\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-explorer: TaskbarNoNotification = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0FCA6E5B-5754-4411-B60F-E252A12EE303} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files (x86)\AVG\AVG10\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun-x64: [US4Service] C:\ProgramData\Everstrike\US4Service.exe
mRun-x64: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun-x64: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun-x64: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe"
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [KeePass 2 PreLoad] "e:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "E:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jbitz\AppData\Roaming\Mozilla\Firefox\Profiles\zgj3icx9.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?hl=en&tab=ww
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Jbitz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: E:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-8 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-10-8 96896]
R2 AVGIDSAgent;AVGIDSAgent;E:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;E:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 SBSDWSCService;SBSD Security Center Service;E:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-29 1153368]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-12-1 185640]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 PowerAlert Agent;PowerAlert Agent;C:\Program Files (x86)\TrippLite\PowerAlert\engine\pal.exe [2010-5-14 1644368]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-12-1 206120]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-29 22:26:46 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-29 21:51:28 98816 ----a-w- C:\Windows\sed.exe
2012-03-29 21:51:28 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-29 21:51:28 256000 ----a-w- C:\Windows\PEV.exe
2012-03-29 21:51:28 208896 ----a-w- C:\Windows\MBR.exe
2012-03-25 15:20:09 -------- d-----w- C:\Users\Jbitz\AppData\Local\{054D42F5-1253-4EB4-9711-2F5E1571A663}
2012-03-25 15:19:59 -------- d-----w- C:\Users\Jbitz\AppData\Local\{EE0574A6-6821-4D6F-A444-964F8D04AFC4}
2012-03-25 14:26:05 -------- d-----w- C:\Users\Jbitz\AppData\Local\{0C7E9C7D-1520-4C2B-8225-363149CDC77E}
2012-03-25 14:25:56 -------- d-----w- C:\Users\Jbitz\AppData\Local\{E2DDAF1F-5D8E-4C48-9788-C12957849009}
2012-03-25 01:45:49 -------- d-----w- C:\Users\Jbitz\AppData\Local\{228C892A-7DB8-4C9F-AD0F-1343B576154E}
2012-03-25 01:43:38 -------- d-----w- C:\Users\Jbitz\AppData\Local\{55ADA4BF-6A38-4DD7-ABF3-957A1E2E8451}
2012-03-25 01:43:29 -------- d-----w- C:\Users\Jbitz\AppData\Local\{B7240DFF-867D-4789-94C7-A67ABCBE2E3F}
2012-03-21 03:42:41 -------- d-----w- C:\Users\Jbitz\AppData\Local\{9B483293-3C51-410E-A730-C4D201A267FA}
2012-03-21 03:42:19 -------- d-----w- C:\Users\Jbitz\AppData\Local\{FCC5B605-9434-4BE4-858E-9FBF72A786E6}
2012-03-21 03:41:57 -------- d-----w- C:\Users\Jbitz\AppData\Local\{3A7B5410-1733-4C66-A0FF-BF090C2A4330}
2012-03-21 03:40:06 -------- d-----w- C:\Users\Jbitz\AppData\Local\{EFABE24E-41E5-48D1-A4A2-BFBF038B830D}
2012-03-21 03:39:57 -------- d-----w- C:\Users\Jbitz\AppData\Local\{E89BEAAF-398D-4707-92C5-B8919E72951E}
2012-03-21 03:38:51 -------- d-----w- C:\Users\Jbitz\AppData\Local\{F5787C43-B0F7-4C2E-8361-BC951E084EDF}
2012-03-21 03:38:42 -------- d-----w- C:\Users\Jbitz\AppData\Local\{77896F9F-03F6-4A21-B8CC-6BE454562752}
2012-03-16 19:16:46 -------- d-----w- C:\Users\Jbitz\AppData\Local\SupportSoft
2012-03-16 18:52:21 -------- d-----w- C:\Program Files\Verizon
2012-03-16 18:51:59 260 ----a-w- C:\Windows\SysWow64\cmdVBS.vbs
2012-03-16 18:51:59 256 ----a-w- C:\Windows\SysWow64\MSIevent.bat
2012-03-16 18:51:49 23896576 ----a-w- C:\Windows\VzInHomeAgentInstaller.msi
2012-03-16 18:49:56 -------- d-----w- C:\Program Files (x86)\Verizon
2012-03-14 06:45:13 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 06:45:13 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 06:45:12 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 04:57:17 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 04:57:17 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 04:57:17 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 04:56:12 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 04:56:12 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 04:56:12 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 04:56:12 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 04:56:12 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 04:56:12 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 04:56:12 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
2012-03-14 04:56:12 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
.
==================== Find3M ====================
.
2012-03-03 00:09:16 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-19 19:55:20 9796096 ----a-w- C:\Windows\VerizonDM.msi
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
.
============= FINISH: 9:28:26.73 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/7/2010 11:39:26 AM
System Uptime: 4/2/2012 7:30:55 AM (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A89GTD-PRO/USB3
Processor: AMD Phenom(tm) II X4 B55 Processor | AM3 | 3200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 56 GiB total, 8.968 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 186 GiB total, 69.297 GiB free.
F: is FIXED (NTFS) - 1863 GiB total, 1142.464 GiB free.
G: is CDROM ()
H: is FIXED (NTFS) - 1677 GiB total, 279.867 GiB free.
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP55: 3/16/2012 3:18:24 PM - Removed Vz In Home Agent.
RP56: 3/24/2012 12:09:40 AM - Scheduled Checkpoint
RP57: 3/29/2012 5:51:29 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 Plugin
Adobe Premiere Pro CS5.5
Adobe Reader X (10.1.0)
Adobe Story
AI Suite
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
Avidemux 2.5
Battlefield: Bad Company™ 2
BeerSmith 2
Browser Configuration Utility
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
CSOL
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dragon Age II
Dragon Age Origins
Dropbox
DVD Shrink 3.2
DVDFab 8.1.1.2 (08/08/2011) Qt
EPSON Scan
EPU
Google Chrome
Google SketchUp 8
GPU Boost Driver
HandBrake 0.9.5
Java Auto Updater
Java(TM) 6 Update 29
KeePass Password Safe 2.16
Malwarebytes Anti-Malware version 1.60.1.1000
Mass Effect 2
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 11.0 (x86 en-US)
Mozilla Thunderbird 11.0.1 (x86 en-US)
MSVCRT
NEC Electronics USB 3.0 Host Controller Driver
nLite 1.4.9.1
NVIDIA PhysX
PC Probe II
PowerAlert Local Software
PxMergeModule
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Samsung_MonSetup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Spybot - Search & Destroy
TurboV EVO
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Verizon Download Manager
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.5
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPatrol
.
==== Event Viewer Messages From Past Week ========
.
4/2/2012 7:31:57 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The system cannot find the file specified.
4/2/2012 7:31:25 AM, Error: Service Control Manager [7034] - The PowerAlert Agent service terminated unexpectedly. It has done this 1 time(s).
3/29/2012 5:56:42 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
3/29/2012 5:54:29 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/29/2012 5:54:12 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
3/26/2012 6:53:25 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
.
==== End Of File ===========================
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm
Advertisement
Register to Remove

Re: Google redirect problem

Unread postby pgmigg » April 2nd, 2012, 5:33 pm

Hello jbitz,

Welcome to the forum! :)

My name is pgmigg and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect problem

Unread postby pgmigg » April 3rd, 2012, 4:36 pm

Hello jbitz,

Thank you for your patience... :)

Step 1.
TDSSKiller - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Right-click and select "Run As Administrator" TDSSKiller.exe to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
    1. If the scan completes with nothing found please
      • Click Report at the right upper corner to open it now.
      • Copy and paste the contents of that report in your next reply and click Close to exit.
    2. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
      • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
      • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
      • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
      • Copy and paste the contents of that file in your next reply.

Step 2.
Please download aswMBR and save it to your Desktop.
  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.

Step 3.
I tried running combofix as suggested by someone else, but the problem still persists.
Please include the contents of C:\ComboFix.txt in your reply too - I would like to see that report.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of TDSSKiller report file.
  3. Contents of scan results from aswMBR.txt file.
  4. Contents of C:\ComboFix.txt report file.

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect problem

Unread postby jbitz » April 3rd, 2012, 7:02 pm

Here are the 3 reports you requested.


18:42:40.0083 2032 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
18:42:40.0317 2032 ============================================================
18:42:40.0317 2032 Current date / time: 2012/04/03 18:42:40.0317
18:42:40.0317 2032 SystemInfo:
18:42:40.0317 2032
18:42:40.0317 2032 OS Version: 6.1.7601 ServicePack: 1.0
18:42:40.0317 2032 Product type: Workstation
18:42:40.0317 2032 ComputerName: JBITZ-PC
18:42:40.0317 2032 UserName: Jbitz
18:42:40.0317 2032 Windows directory: C:\Windows
18:42:40.0317 2032 System windows directory: C:\Windows
18:42:40.0317 2032 Running under WOW64
18:42:40.0317 2032 Processor architecture: Intel x64
18:42:40.0317 2032 Number of processors: 3
18:42:40.0317 2032 Page size: 0x1000
18:42:40.0317 2032 Boot type: Normal boot
18:42:40.0317 2032 ============================================================
18:42:40.0489 2032 Drive \Device\Harddisk1\DR1 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:42:40.0504 2032 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:42:40.0520 2032 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:42:40.0520 2032 \Device\Harddisk1\DR1:
18:42:40.0520 2032 MBR used
18:42:40.0520 2032 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:42:40.0520 2032 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F99800
18:42:40.0520 2032 \Device\Harddisk2\DR2:
18:42:40.0520 2032 MBR used
18:42:40.0520 2032 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
18:42:40.0520 2032 \Device\Harddisk0\DR0:
18:42:40.0520 2032 GPT used
18:42:40.0520 2032 \Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {6483CBF6-24D8-49EB-8827-BD8D83EDBF95}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
18:42:40.0520 2032 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {8C40B852-B9B0-47C3-9C2C-8EFF85D98D42}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x17318000
18:42:40.0520 2032 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {77050DA0-7C65-4619-A43D-ABCD5B06C187}, Name: Basic data partition, StartLBA 0x17358800, BlocksNum 0xD1AAF800
18:42:40.0629 2032 Initialize success
18:42:40.0629 2032 ============================================================
18:42:55.0028 3524 ============================================================
18:42:55.0028 3524 Scan started
18:42:55.0028 3524 Mode: Manual;
18:42:55.0028 3524 ============================================================
18:42:55.0106 3524 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:42:55.0121 3524 1394ohci - ok
18:42:55.0121 3524 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
18:42:55.0121 3524 61883 - ok
18:42:55.0153 3524 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:42:55.0153 3524 ACPI - ok
18:42:55.0168 3524 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:42:55.0168 3524 AcpiPmi - ok
18:42:55.0168 3524 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:42:55.0168 3524 AdobeARMservice - ok
18:42:55.0184 3524 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:42:55.0199 3524 adp94xx - ok
18:42:55.0215 3524 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:42:55.0215 3524 adpahci - ok
18:42:55.0231 3524 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:42:55.0231 3524 adpu320 - ok
18:42:55.0246 3524 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:42:55.0246 3524 AeLookupSvc - ok
18:42:55.0262 3524 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:42:55.0262 3524 AFD - ok
18:42:55.0277 3524 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:42:55.0277 3524 agp440 - ok
18:42:55.0293 3524 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:42:55.0293 3524 ALG - ok
18:42:55.0309 3524 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:42:55.0309 3524 aliide - ok
18:42:55.0324 3524 AMD External Events Utility (87e226c0e11182943d28e8bec61618cd) C:\Windows\system32\atiesrxx.exe
18:42:55.0324 3524 AMD External Events Utility - ok
18:42:55.0324 3524 AMD FUEL Service - ok
18:42:55.0340 3524 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:42:55.0340 3524 amdide - ok
18:42:55.0355 3524 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
18:42:55.0355 3524 amdiox64 - ok
18:42:55.0355 3524 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:42:55.0355 3524 AmdK8 - ok
18:42:55.0496 3524 amdkmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
18:42:55.0605 3524 amdkmdag - ok
18:42:55.0636 3524 amdkmdap (f8f8a908fdb005a65ddf7238c814eea5) C:\Windows\system32\DRIVERS\atikmpag.sys
18:42:55.0636 3524 amdkmdap - ok
18:42:55.0652 3524 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:42:55.0652 3524 AmdPPM - ok
18:42:55.0652 3524 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
18:42:55.0667 3524 amdsata - ok
18:42:55.0683 3524 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:42:55.0683 3524 amdsbs - ok
18:42:55.0699 3524 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
18:42:55.0699 3524 amdxata - ok
18:42:55.0699 3524 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:42:55.0699 3524 AODDriver4.01 - ok
18:42:55.0714 3524 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:42:55.0714 3524 AppID - ok
18:42:55.0730 3524 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:42:55.0730 3524 AppIDSvc - ok
18:42:55.0745 3524 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:42:55.0745 3524 Appinfo - ok
18:42:55.0745 3524 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
18:42:55.0761 3524 AppMgmt - ok
18:42:55.0761 3524 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:42:55.0777 3524 arc - ok
18:42:55.0777 3524 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:42:55.0792 3524 arcsas - ok
18:42:55.0792 3524 AsIO (f6bda026e4157dc4e321ca391e9d9bc6) C:\Windows\syswow64\drivers\AsIO.sys
18:42:55.0792 3524 AsIO - ok
18:42:55.0808 3524 AsSysCtrlService (954ffbff05b0b60eb63b52af561436c4) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
18:42:55.0808 3524 AsSysCtrlService - ok
18:42:55.0808 3524 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:42:55.0823 3524 AsyncMac - ok
18:42:55.0823 3524 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:42:55.0823 3524 atapi - ok
18:42:55.0839 3524 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
18:42:55.0839 3524 AtiHDAudioService - ok
18:42:55.0855 3524 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:42:55.0855 3524 AtiPcie - ok
18:42:55.0870 3524 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:42:55.0886 3524 AudioEndpointBuilder - ok
18:42:55.0886 3524 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:42:55.0901 3524 AudioSrv - ok
18:42:55.0901 3524 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
18:42:55.0901 3524 Avc - ok
18:42:56.0104 3524 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) E:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
18:42:56.0167 3524 AVGIDSAgent - ok
18:42:56.0182 3524 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
18:42:56.0182 3524 AVGIDSDriver - ok
18:42:56.0198 3524 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
18:42:56.0198 3524 AVGIDSEH - ok
18:42:56.0198 3524 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
18:42:56.0198 3524 AVGIDSFilter - ok
18:42:56.0213 3524 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
18:42:56.0229 3524 Avgldx64 - ok
18:42:56.0229 3524 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
18:42:56.0229 3524 Avgmfx64 - ok
18:42:56.0245 3524 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
18:42:56.0245 3524 Avgrkx64 - ok
18:42:56.0260 3524 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
18:42:56.0260 3524 Avgtdia - ok
18:42:56.0291 3524 avgwd (fc2bc51120a945f7c70376495e4e7737) E:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
18:42:56.0291 3524 avgwd - ok
18:42:56.0291 3524 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:42:56.0307 3524 AxInstSV - ok
18:42:56.0323 3524 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:42:56.0323 3524 b06bdrv - ok
18:42:56.0338 3524 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:42:56.0338 3524 b57nd60a - ok
18:42:56.0354 3524 BCUService (7ed4e1d2e124ad4e6a287cf49dbc9bba) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
18:42:56.0354 3524 BCUService - ok
18:42:56.0354 3524 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:42:56.0369 3524 BDESVC - ok
18:42:56.0369 3524 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:42:56.0369 3524 Beep - ok
18:42:56.0401 3524 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:42:56.0401 3524 BFE - ok
18:42:56.0416 3524 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:42:56.0432 3524 BITS - ok
18:42:56.0447 3524 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:42:56.0447 3524 blbdrive - ok
18:42:56.0463 3524 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:42:56.0463 3524 bowser - ok
18:42:56.0479 3524 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:42:56.0479 3524 BrFiltLo - ok
18:42:56.0479 3524 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:42:56.0494 3524 BrFiltUp - ok
18:42:56.0494 3524 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:42:56.0494 3524 BridgeMP - ok
18:42:56.0510 3524 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:42:56.0510 3524 Browser - ok
18:42:56.0525 3524 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:42:56.0525 3524 Brserid - ok
18:42:56.0541 3524 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:42:56.0541 3524 BrSerWdm - ok
18:42:56.0557 3524 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:42:56.0557 3524 BrUsbMdm - ok
18:42:56.0572 3524 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:42:56.0572 3524 BrUsbSer - ok
18:42:56.0588 3524 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:42:56.0588 3524 BTHMODEM - ok
18:42:56.0603 3524 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:42:56.0603 3524 bthserv - ok
18:42:56.0603 3524 catchme - ok
18:42:56.0619 3524 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:42:56.0619 3524 cdfs - ok
18:42:56.0635 3524 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:42:56.0635 3524 cdrom - ok
18:42:56.0650 3524 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:42:56.0650 3524 CertPropSvc - ok
18:42:56.0650 3524 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:42:56.0666 3524 circlass - ok
18:42:56.0666 3524 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:42:56.0681 3524 CLFS - ok
18:42:56.0681 3524 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:42:56.0681 3524 clr_optimization_v2.0.50727_32 - ok
18:42:56.0697 3524 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:42:56.0697 3524 clr_optimization_v2.0.50727_64 - ok
18:42:56.0697 3524 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:42:56.0713 3524 clr_optimization_v4.0.30319_32 - ok
18:42:56.0713 3524 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:42:56.0713 3524 clr_optimization_v4.0.30319_64 - ok
18:42:56.0728 3524 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:42:56.0728 3524 CmBatt - ok
18:42:56.0744 3524 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:42:56.0744 3524 cmdide - ok
18:42:56.0759 3524 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:42:56.0759 3524 CNG - ok
18:42:56.0775 3524 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:42:56.0775 3524 Compbatt - ok
18:42:56.0791 3524 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:42:56.0791 3524 CompositeBus - ok
18:42:56.0806 3524 COMSysApp - ok
18:42:56.0806 3524 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:42:56.0822 3524 crcdisk - ok
18:42:56.0822 3524 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:42:56.0837 3524 CryptSvc - ok
18:42:56.0853 3524 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:42:56.0853 3524 CSC - ok
18:42:56.0869 3524 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
18:42:56.0884 3524 CscService - ok
18:42:56.0900 3524 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:42:56.0915 3524 DcomLaunch - ok
18:42:56.0915 3524 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:42:56.0931 3524 defragsvc - ok
18:42:56.0931 3524 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:42:56.0947 3524 DfsC - ok
18:42:56.0947 3524 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:42:56.0962 3524 Dhcp - ok
18:42:56.0978 3524 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:42:56.0978 3524 discache - ok
18:42:56.0978 3524 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:42:56.0993 3524 Disk - ok
18:42:56.0993 3524 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:42:57.0009 3524 Dnscache - ok
18:42:57.0009 3524 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:42:57.0025 3524 dot3svc - ok
18:42:57.0025 3524 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:42:57.0040 3524 DPS - ok
18:42:57.0040 3524 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:42:57.0040 3524 drmkaud - ok
18:42:57.0071 3524 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:42:57.0071 3524 DXGKrnl - ok
18:42:57.0087 3524 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:42:57.0087 3524 EapHost - ok
18:42:57.0134 3524 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:42:57.0165 3524 ebdrv - ok
18:42:57.0181 3524 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:42:57.0181 3524 EFS - ok
18:42:57.0196 3524 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:42:57.0196 3524 ehRecvr - ok
18:42:57.0212 3524 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:42:57.0212 3524 ehSched - ok
18:42:57.0227 3524 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:42:57.0227 3524 elxstor - ok
18:42:57.0243 3524 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:42:57.0243 3524 ErrDev - ok
18:42:57.0259 3524 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:42:57.0274 3524 EventSystem - ok
18:42:57.0290 3524 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:42:57.0290 3524 exfat - ok
18:42:57.0305 3524 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:42:57.0305 3524 fastfat - ok
18:42:57.0321 3524 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:42:57.0321 3524 Fax - ok
18:42:57.0337 3524 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:42:57.0337 3524 fdc - ok
18:42:57.0352 3524 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:42:57.0352 3524 fdPHost - ok
18:42:57.0368 3524 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:42:57.0368 3524 FDResPub - ok
18:42:57.0383 3524 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:42:57.0383 3524 FileInfo - ok
18:42:57.0399 3524 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:42:57.0399 3524 Filetrace - ok
18:42:57.0399 3524 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:42:57.0399 3524 flpydisk - ok
18:42:57.0415 3524 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:42:57.0430 3524 FltMgr - ok
18:42:57.0446 3524 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:42:57.0461 3524 FontCache - ok
18:42:57.0461 3524 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:42:57.0461 3524 FontCache3.0.0.0 - ok
18:42:57.0477 3524 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:42:57.0477 3524 FsDepends - ok
18:42:57.0493 3524 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:42:57.0493 3524 Fs_Rec - ok
18:42:57.0508 3524 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:42:57.0508 3524 fvevol - ok
18:42:57.0524 3524 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:42:57.0524 3524 gagp30kx - ok
18:42:57.0539 3524 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:42:57.0555 3524 gpsvc - ok
18:42:57.0555 3524 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:42:57.0555 3524 hcw85cir - ok
18:42:57.0571 3524 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:42:57.0586 3524 HdAudAddService - ok
18:42:57.0586 3524 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:42:57.0602 3524 HDAudBus - ok
18:42:57.0602 3524 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:42:57.0602 3524 HidBatt - ok
18:42:57.0617 3524 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:42:57.0617 3524 HidBth - ok
18:42:57.0633 3524 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:42:57.0633 3524 HidIr - ok
18:42:57.0649 3524 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:42:57.0649 3524 hidserv - ok
18:42:57.0664 3524 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:42:57.0664 3524 HidUsb - ok
18:42:57.0680 3524 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:42:57.0680 3524 hkmsvc - ok
18:42:57.0695 3524 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:42:57.0695 3524 HomeGroupListener - ok
18:42:57.0711 3524 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:42:57.0711 3524 HomeGroupProvider - ok
18:42:57.0727 3524 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:42:57.0727 3524 HpSAMD - ok
18:42:57.0742 3524 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:42:57.0758 3524 HTTP - ok
18:42:57.0773 3524 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:42:57.0773 3524 hwpolicy - ok
18:42:57.0789 3524 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:42:57.0789 3524 i8042prt - ok
18:42:57.0805 3524 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:42:57.0805 3524 iaStorV - ok
18:42:57.0820 3524 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:42:57.0836 3524 idsvc - ok
18:42:57.0836 3524 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:42:57.0851 3524 iirsp - ok
18:42:57.0867 3524 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:42:57.0867 3524 IKEEXT - ok
18:42:57.0914 3524 IntcAzAudAddService (a3bcbd0f710580a07d1b929d787d36ce) C:\Windows\system32\drivers\RTKVHD64.sys
18:42:57.0929 3524 IntcAzAudAddService - ok
18:42:57.0929 3524 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:42:57.0929 3524 intelide - ok
18:42:57.0961 3524 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:42:57.0961 3524 intelppm - ok
18:42:57.0976 3524 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:42:57.0976 3524 IPBusEnum - ok
18:42:57.0992 3524 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:42:57.0992 3524 IpFilterDriver - ok
18:42:58.0007 3524 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:42:58.0007 3524 iphlpsvc - ok
18:42:58.0023 3524 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:42:58.0023 3524 IPMIDRV - ok
18:42:58.0039 3524 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:42:58.0039 3524 IPNAT - ok
18:42:58.0054 3524 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:42:58.0054 3524 IRENUM - ok
18:42:58.0070 3524 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:42:58.0070 3524 isapnp - ok
18:42:58.0085 3524 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:42:58.0085 3524 iScsiPrt - ok
18:42:58.0101 3524 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:42:58.0101 3524 kbdclass - ok
18:42:58.0117 3524 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:42:58.0117 3524 kbdhid - ok
18:42:58.0117 3524 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:42:58.0132 3524 KeyIso - ok
18:42:58.0132 3524 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:42:58.0148 3524 KSecDD - ok
18:42:58.0148 3524 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:42:58.0148 3524 KSecPkg - ok
18:42:58.0163 3524 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:42:58.0163 3524 ksthunk - ok
18:42:58.0179 3524 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:42:58.0195 3524 KtmRm - ok
18:42:58.0195 3524 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:42:58.0210 3524 LanmanServer - ok
18:42:58.0226 3524 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:42:58.0226 3524 LanmanWorkstation - ok
18:42:58.0241 3524 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:42:58.0241 3524 lltdio - ok
18:42:58.0257 3524 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:42:58.0273 3524 lltdsvc - ok
18:42:58.0273 3524 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:42:58.0288 3524 lmhosts - ok
18:42:58.0288 3524 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:42:58.0304 3524 LSI_FC - ok
18:42:58.0304 3524 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:42:58.0319 3524 LSI_SAS - ok
18:42:58.0319 3524 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:42:58.0319 3524 LSI_SAS2 - ok
18:42:58.0335 3524 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:42:58.0335 3524 LSI_SCSI - ok
18:42:58.0351 3524 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:42:58.0351 3524 luafv - ok
18:42:58.0366 3524 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:42:58.0366 3524 Mcx2Svc - ok
18:42:58.0382 3524 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:42:58.0382 3524 megasas - ok
18:42:58.0397 3524 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:42:58.0397 3524 MegaSR - ok
18:42:58.0413 3524 Microsoft SharePoint Workspace Audit Service - ok
18:42:58.0413 3524 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:42:58.0429 3524 MMCSS - ok
18:42:58.0429 3524 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:42:58.0444 3524 Modem - ok
18:42:58.0444 3524 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:42:58.0444 3524 monitor - ok
18:42:58.0460 3524 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:42:58.0460 3524 mouclass - ok
18:42:58.0475 3524 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:42:58.0475 3524 mouhid - ok
18:42:58.0491 3524 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:42:58.0491 3524 mountmgr - ok
18:42:58.0507 3524 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:42:58.0507 3524 mpio - ok
18:42:58.0522 3524 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:42:58.0522 3524 mpsdrv - ok
18:42:58.0538 3524 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:42:58.0553 3524 MpsSvc - ok
18:42:58.0569 3524 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:42:58.0569 3524 MRxDAV - ok
18:42:58.0585 3524 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:42:58.0585 3524 mrxsmb - ok
18:42:58.0600 3524 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:42:58.0600 3524 mrxsmb10 - ok
18:42:58.0616 3524 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:42:58.0616 3524 mrxsmb20 - ok
18:42:58.0631 3524 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:42:58.0631 3524 msahci - ok
18:42:58.0631 3524 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:42:58.0647 3524 msdsm - ok
18:42:58.0647 3524 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:42:58.0663 3524 MSDTC - ok
18:42:58.0678 3524 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
18:42:58.0678 3524 MSDV - ok
18:42:58.0694 3524 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:42:58.0694 3524 Msfs - ok
18:42:58.0694 3524 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:42:58.0694 3524 mshidkmdf - ok
18:42:58.0709 3524 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:42:58.0709 3524 msisadrv - ok
18:42:58.0725 3524 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:42:58.0725 3524 MSiSCSI - ok
18:42:58.0741 3524 msiserver - ok
18:42:58.0756 3524 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:42:58.0756 3524 MSKSSRV - ok
18:42:58.0756 3524 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:42:58.0772 3524 MSPCLOCK - ok
18:42:58.0772 3524 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:42:58.0772 3524 MSPQM - ok
18:42:58.0787 3524 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:42:58.0803 3524 MsRPC - ok
18:42:58.0803 3524 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:42:58.0803 3524 mssmbios - ok
18:42:58.0819 3524 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:42:58.0819 3524 MSTEE - ok
18:42:58.0834 3524 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:42:58.0834 3524 MTConfig - ok
18:42:58.0850 3524 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
18:42:58.0850 3524 MTsensor - ok
18:42:58.0865 3524 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:42:58.0865 3524 Mup - ok
18:42:58.0881 3524 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:42:58.0881 3524 napagent - ok
18:42:58.0897 3524 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:42:58.0912 3524 NativeWifiP - ok
18:42:58.0928 3524 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:42:58.0943 3524 NDIS - ok
18:42:58.0959 3524 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:42:58.0959 3524 NdisCap - ok
18:42:58.0959 3524 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:42:58.0975 3524 NdisTapi - ok
18:42:58.0975 3524 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:42:58.0975 3524 Ndisuio - ok
18:42:58.0990 3524 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:42:58.0990 3524 NdisWan - ok
18:42:59.0006 3524 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:42:59.0006 3524 NDProxy - ok
18:42:59.0021 3524 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:42:59.0021 3524 NetBIOS - ok
18:42:59.0037 3524 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:42:59.0037 3524 NetBT - ok
18:42:59.0053 3524 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:42:59.0053 3524 Netlogon - ok
18:42:59.0068 3524 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:42:59.0084 3524 Netman - ok
18:42:59.0099 3524 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:42:59.0099 3524 netprofm - ok
18:42:59.0115 3524 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:42:59.0115 3524 NetTcpPortSharing - ok
18:42:59.0131 3524 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:42:59.0131 3524 nfrd960 - ok
18:42:59.0146 3524 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:42:59.0146 3524 NlaSvc - ok
18:42:59.0162 3524 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:42:59.0162 3524 Npfs - ok
18:42:59.0177 3524 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:42:59.0177 3524 nsi - ok
18:42:59.0193 3524 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:42:59.0193 3524 nsiproxy - ok
18:42:59.0224 3524 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:42:59.0240 3524 Ntfs - ok
18:42:59.0255 3524 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:42:59.0255 3524 Null - ok
18:42:59.0271 3524 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
18:42:59.0271 3524 nusb3hub - ok
18:42:59.0287 3524 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:42:59.0287 3524 nusb3xhc - ok
18:42:59.0302 3524 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:42:59.0302 3524 nvraid - ok
18:42:59.0318 3524 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:42:59.0318 3524 nvstor - ok
18:42:59.0333 3524 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:42:59.0333 3524 nv_agp - ok
18:42:59.0349 3524 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:42:59.0349 3524 ohci1394 - ok
18:42:59.0349 3524 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:42:59.0349 3524 ose - ok
18:42:59.0411 3524 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:42:59.0474 3524 osppsvc - ok
18:42:59.0489 3524 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:42:59.0505 3524 p2pimsvc - ok
18:42:59.0521 3524 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:42:59.0521 3524 p2psvc - ok
18:42:59.0536 3524 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:42:59.0536 3524 Parport - ok
18:42:59.0552 3524 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:42:59.0552 3524 partmgr - ok
18:42:59.0567 3524 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:42:59.0567 3524 PcaSvc - ok
18:42:59.0583 3524 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:42:59.0583 3524 pci - ok
18:42:59.0599 3524 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:42:59.0599 3524 pciide - ok
18:42:59.0614 3524 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:42:59.0614 3524 pcmcia - ok
18:42:59.0630 3524 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:42:59.0630 3524 pcw - ok
18:42:59.0645 3524 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:42:59.0661 3524 PEAUTH - ok
18:42:59.0692 3524 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
18:42:59.0708 3524 PeerDistSvc - ok
18:42:59.0723 3524 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:42:59.0723 3524 PerfHost - ok
18:42:59.0755 3524 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:42:59.0770 3524 pla - ok
18:42:59.0786 3524 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:42:59.0801 3524 PlugPlay - ok
18:42:59.0801 3524 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:42:59.0817 3524 PNRPAutoReg - ok
18:42:59.0817 3524 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:42:59.0833 3524 PNRPsvc - ok
18:42:59.0848 3524 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:42:59.0848 3524 PolicyAgent - ok
18:42:59.0864 3524 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:42:59.0879 3524 Power - ok
18:42:59.0895 3524 PowerAlert Agent (95c335f234c3ffe883cf9fd1094b6cd6) C:\Program Files (x86)\TrippLite\PowerAlert\engine\pal.exe
18:42:59.0911 3524 PowerAlert Agent - ok
18:42:59.0926 3524 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:42:59.0926 3524 PptpMiniport - ok
18:42:59.0942 3524 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:42:59.0942 3524 Processor - ok
18:42:59.0957 3524 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:42:59.0957 3524 ProfSvc - ok
18:42:59.0973 3524 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:42:59.0973 3524 ProtectedStorage - ok
18:42:59.0989 3524 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:42:59.0989 3524 Psched - ok
18:43:00.0004 3524 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:43:00.0004 3524 PxHlpa64 - ok
18:43:00.0035 3524 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:43:00.0051 3524 ql2300 - ok
18:43:00.0067 3524 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:43:00.0067 3524 ql40xx - ok
18:43:00.0082 3524 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:43:00.0098 3524 QWAVE - ok
18:43:00.0098 3524 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:43:00.0113 3524 QWAVEdrv - ok
18:43:00.0113 3524 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:43:00.0113 3524 RasAcd - ok
18:43:00.0129 3524 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:43:00.0129 3524 RasAgileVpn - ok
18:43:00.0145 3524 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:43:00.0160 3524 RasAuto - ok
18:43:00.0160 3524 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:43:00.0176 3524 Rasl2tp - ok
18:43:00.0176 3524 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:43:00.0191 3524 RasMan - ok
18:43:00.0207 3524 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:43:00.0223 3524 RasPppoe - ok
18:43:00.0223 3524 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:43:00.0223 3524 RasSstp - ok
18:43:00.0238 3524 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:43:00.0254 3524 rdbss - ok
18:43:00.0254 3524 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:43:00.0269 3524 rdpbus - ok
18:43:00.0269 3524 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:43:00.0269 3524 RDPCDD - ok
18:43:00.0285 3524 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:43:00.0301 3524 RDPDR - ok
18:43:00.0301 3524 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:43:00.0301 3524 RDPENCDD - ok
18:43:00.0316 3524 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:43:00.0316 3524 RDPREFMP - ok
18:43:00.0332 3524 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
18:43:00.0332 3524 RdpVideoMiniport - ok
18:43:00.0347 3524 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:43:00.0347 3524 RDPWD - ok
18:43:00.0363 3524 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:43:00.0363 3524 rdyboost - ok
18:43:00.0379 3524 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:43:00.0379 3524 RemoteAccess - ok
18:43:00.0394 3524 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:43:00.0410 3524 RemoteRegistry - ok
18:43:00.0410 3524 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:43:00.0425 3524 RpcEptMapper - ok
18:43:00.0425 3524 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:43:00.0441 3524 RpcLocator - ok
18:43:00.0457 3524 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
18:43:00.0457 3524 RpcSs - ok
18:43:00.0472 3524 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:43:00.0472 3524 rspndr - ok
18:43:00.0488 3524 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:43:00.0488 3524 RTL8167 - ok
18:43:00.0503 3524 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:43:00.0503 3524 s3cap - ok
18:43:00.0519 3524 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:43:00.0519 3524 SamSs - ok
18:43:00.0535 3524 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:43:00.0535 3524 sbp2port - ok
18:43:00.0566 3524 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) E:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
18:43:00.0581 3524 SBSDWSCService - ok
18:43:00.0597 3524 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:43:00.0597 3524 SCardSvr - ok
18:43:00.0613 3524 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:43:00.0613 3524 scfilter - ok
18:43:00.0644 3524 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:43:00.0659 3524 Schedule - ok
18:43:00.0675 3524 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:43:00.0675 3524 SCPolicySvc - ok
18:43:00.0675 3524 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:43:00.0691 3524 SDRSVC - ok
18:43:00.0706 3524 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:43:00.0706 3524 secdrv - ok
18:43:00.0706 3524 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:43:00.0722 3524 seclogon - ok
18:43:00.0737 3524 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:43:00.0737 3524 SENS - ok
18:43:00.0753 3524 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:43:00.0753 3524 SensrSvc - ok
18:43:00.0769 3524 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:43:00.0769 3524 Serenum - ok
18:43:00.0784 3524 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:43:00.0784 3524 Serial - ok
18:43:00.0800 3524 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:43:00.0800 3524 sermouse - ok
18:43:00.0815 3524 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:43:00.0815 3524 SessionEnv - ok
18:43:00.0831 3524 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:43:00.0831 3524 sffdisk - ok
18:43:00.0847 3524 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:43:00.0847 3524 sffp_mmc - ok
18:43:00.0862 3524 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:43:00.0862 3524 sffp_sd - ok
18:43:00.0878 3524 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:43:00.0878 3524 sfloppy - ok
18:43:00.0893 3524 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:43:00.0893 3524 SharedAccess - ok
18:43:00.0909 3524 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:43:00.0925 3524 ShellHWDetection - ok
18:43:00.0925 3524 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:43:00.0940 3524 SiSRaid2 - ok
18:43:00.0940 3524 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:43:00.0940 3524 SiSRaid4 - ok
18:43:00.0956 3524 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:43:00.0956 3524 Smb - ok
18:43:00.0971 3524 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:43:00.0987 3524 SNMPTRAP - ok
18:43:00.0987 3524 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:43:00.0987 3524 spldr - ok
18:43:01.0003 3524 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:43:01.0018 3524 Spooler - ok
18:43:01.0081 3524 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:43:01.0127 3524 sppsvc - ok
18:43:01.0127 3524 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:43:01.0143 3524 sppuinotify - ok
18:43:01.0143 3524 sprtsvc_verizondm - ok
18:43:01.0159 3524 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
18:43:01.0174 3524 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
18:43:01.0174 3524 sptd ( LockedFile.Multi.Generic ) - warning
18:43:01.0174 3524 sptd - detected LockedFile.Multi.Generic (1)
18:43:01.0190 3524 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:43:01.0190 3524 srv - ok
18:43:01.0205 3524 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:43:01.0221 3524 srv2 - ok
18:43:01.0237 3524 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:43:01.0237 3524 srvnet - ok
18:43:01.0252 3524 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:43:01.0252 3524 SSDPSRV - ok
18:43:01.0268 3524 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:43:01.0268 3524 SstpSvc - ok
18:43:01.0283 3524 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:43:01.0283 3524 stexstor - ok
18:43:01.0299 3524 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:43:01.0315 3524 stisvc - ok
18:43:01.0330 3524 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:43:01.0330 3524 storflt - ok
18:43:01.0346 3524 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:43:01.0346 3524 storvsc - ok
18:43:01.0361 3524 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:43:01.0361 3524 swenum - ok
18:43:01.0361 3524 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:43:01.0377 3524 SwitchBoard - ok
18:43:01.0393 3524 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:43:01.0393 3524 swprv - ok
18:43:01.0408 3524 Synth3dVsc - ok
18:43:01.0439 3524 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:43:01.0471 3524 SysMain - ok
18:43:01.0471 3524 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:43:01.0486 3524 TabletInputService - ok
18:43:01.0502 3524 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:43:01.0517 3524 TapiSrv - ok
18:43:01.0517 3524 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:43:01.0533 3524 TBS - ok
18:43:01.0564 3524 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:43:01.0580 3524 Tcpip - ok
18:43:01.0611 3524 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:43:01.0611 3524 TCPIP6 - ok
18:43:01.0627 3524 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:43:01.0627 3524 tcpipreg - ok
18:43:01.0642 3524 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:43:01.0642 3524 TDPIPE - ok
18:43:01.0658 3524 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:43:01.0658 3524 TDTCP - ok
18:43:01.0673 3524 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:43:01.0673 3524 tdx - ok
18:43:01.0689 3524 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:43:01.0689 3524 TermDD - ok
18:43:01.0705 3524 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:43:01.0720 3524 TermService - ok
18:43:01.0720 3524 tgsrvc_verizondm - ok
18:43:01.0736 3524 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:43:01.0736 3524 Themes - ok
18:43:01.0751 3524 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:43:01.0751 3524 THREADORDER - ok
18:43:01.0767 3524 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:43:01.0783 3524 TrkWks - ok
18:43:01.0783 3524 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:43:01.0783 3524 TrustedInstaller - ok
18:43:01.0798 3524 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:43:01.0798 3524 tssecsrv - ok
18:43:01.0814 3524 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:43:01.0814 3524 TsUsbFlt - ok
18:43:01.0829 3524 tsusbhub - ok
18:43:01.0829 3524 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:43:01.0845 3524 tunnel - ok
18:43:01.0845 3524 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:43:01.0861 3524 uagp35 - ok
18:43:01.0876 3524 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:43:01.0876 3524 udfs - ok
18:43:01.0892 3524 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:43:01.0892 3524 UI0Detect - ok
18:43:01.0907 3524 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:43:01.0907 3524 uliagpkx - ok
18:43:01.0923 3524 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:43:01.0923 3524 umbus - ok
18:43:01.0939 3524 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:43:01.0939 3524 UmPass - ok
18:43:01.0954 3524 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
18:43:01.0954 3524 UmRdpService - ok
18:43:01.0970 3524 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:43:01.0985 3524 upnphost - ok
18:43:02.0001 3524 US30Sys (5d9432fce8528d33bcb8d140175e9150) C:\Windows\syswow64\drivers\US40fs64.sys
18:43:02.0001 3524 US30Sys - ok
18:43:02.0017 3524 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:43:02.0017 3524 usbccgp - ok
18:43:02.0032 3524 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:43:02.0032 3524 usbcir - ok
18:43:02.0048 3524 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:43:02.0048 3524 usbehci - ok
18:43:02.0063 3524 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:43:02.0063 3524 usbhub - ok
18:43:02.0079 3524 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:43:02.0079 3524 usbohci - ok
18:43:02.0095 3524 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:43:02.0095 3524 usbprint - ok
18:43:02.0110 3524 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:43:02.0110 3524 usbscan - ok
18:43:02.0110 3524 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:43:02.0126 3524 USBSTOR - ok
18:43:02.0126 3524 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:43:02.0126 3524 usbuhci - ok
18:43:02.0141 3524 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:43:02.0157 3524 UxSms - ok
18:43:02.0157 3524 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:43:02.0173 3524 VaultSvc - ok
18:43:02.0173 3524 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:43:02.0173 3524 vdrvroot - ok
18:43:02.0188 3524 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:43:02.0204 3524 vds - ok
18:43:02.0219 3524 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:43:02.0219 3524 vga - ok
18:43:02.0235 3524 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:43:02.0235 3524 VgaSave - ok
18:43:02.0251 3524 VGPU - ok
18:43:02.0266 3524 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:43:02.0266 3524 vhdmp - ok
18:43:02.0282 3524 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:43:02.0282 3524 viaide - ok
18:43:02.0297 3524 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:43:02.0297 3524 vmbus - ok
18:43:02.0313 3524 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:43:02.0313 3524 VMBusHID - ok
18:43:02.0313 3524 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:43:02.0329 3524 volmgr - ok
18:43:02.0344 3524 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:43:02.0344 3524 volmgrx - ok
18:43:02.0360 3524 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:43:02.0360 3524 volsnap - ok
18:43:02.0375 3524 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:43:02.0375 3524 vsmraid - ok
18:43:02.0407 3524 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:43:02.0438 3524 VSS - ok
18:43:02.0438 3524 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:43:02.0438 3524 vwifibus - ok
18:43:02.0453 3524 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:43:02.0469 3524 W32Time - ok
18:43:02.0485 3524 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:43:02.0485 3524 WacomPen - ok
18:43:02.0500 3524 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:43:02.0500 3524 WANARP - ok
18:43:02.0500 3524 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:43:02.0500 3524 Wanarpv6 - ok
18:43:02.0531 3524 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:43:02.0547 3524 WatAdminSvc - ok
18:43:02.0578 3524 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:43:02.0609 3524 wbengine - ok
18:43:02.0625 3524 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:43:02.0625 3524 WbioSrvc - ok
18:43:02.0641 3524 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:43:02.0656 3524 wcncsvc - ok
18:43:02.0672 3524 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:43:02.0672 3524 WcsPlugInService - ok
18:43:02.0687 3524 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:43:02.0687 3524 Wd - ok
18:43:02.0703 3524 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:43:02.0719 3524 Wdf01000 - ok
18:43:02.0734 3524 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:43:02.0734 3524 WdiServiceHost - ok
18:43:02.0734 3524 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:43:02.0750 3524 WdiSystemHost - ok
18:43:02.0765 3524 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:43:02.0765 3524 WebClient - ok
18:43:02.0781 3524 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:43:02.0797 3524 Wecsvc - ok
18:43:02.0812 3524 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:43:02.0812 3524 wercplsupport - ok
18:43:02.0828 3524 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:43:02.0828 3524 WerSvc - ok
18:43:02.0843 3524 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:43:02.0843 3524 WfpLwf - ok
18:43:02.0859 3524 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:43:02.0859 3524 WIMMount - ok
18:43:02.0859 3524 WinDefend - ok
18:43:02.0875 3524 WinHttpAutoProxySvc - ok
18:43:02.0890 3524 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:43:02.0890 3524 Winmgmt - ok
18:43:02.0921 3524 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:43:02.0953 3524 WinRM - ok
18:43:02.0968 3524 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:43:02.0999 3524 Wlansvc - ok
18:43:03.0015 3524 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:43:03.0046 3524 wlidsvc - ok
18:43:03.0062 3524 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:43:03.0062 3524 WmiAcpi - ok
18:43:03.0077 3524 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:43:03.0077 3524 wmiApSrv - ok
18:43:03.0077 3524 WMPNetworkSvc - ok
18:43:03.0093 3524 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:43:03.0093 3524 WPCSvc - ok
18:43:03.0109 3524 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:43:03.0124 3524 WPDBusEnum - ok
18:43:03.0124 3524 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:43:03.0124 3524 ws2ifsl - ok
18:43:03.0140 3524 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:43:03.0155 3524 wscsvc - ok
18:43:03.0155 3524 WSearch - ok
18:43:03.0202 3524 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:43:03.0233 3524 wuauserv - ok
18:43:03.0249 3524 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:43:03.0249 3524 WudfPf - ok
18:43:03.0265 3524 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:43:03.0265 3524 WUDFRd - ok
18:43:03.0280 3524 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:43:03.0280 3524 wudfsvc - ok
18:43:03.0296 3524 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:43:03.0311 3524 WwanSvc - ok
18:43:03.0311 3524 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
18:43:03.0311 3524 \Device\Harddisk1\DR1 - ok
18:43:03.0311 3524 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
18:43:03.0343 3524 \Device\Harddisk2\DR2 - ok
18:43:03.0343 3524 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:43:03.0358 3524 \Device\Harddisk0\DR0 - ok
18:43:03.0358 3524 Boot (0x1200) (eafb5537a7f9f17fba8b134f442047ac) \Device\Harddisk1\DR1\Partition0
18:43:03.0358 3524 \Device\Harddisk1\DR1\Partition0 - ok
18:43:03.0358 3524 Boot (0x1200) (3f8ccb797c4a8b2598a741cca45e3c97) \Device\Harddisk1\DR1\Partition1
18:43:03.0358 3524 \Device\Harddisk1\DR1\Partition1 - ok
18:43:03.0358 3524 Boot (0x1200) (c9bd97385bb2dadf99887d4463610585) \Device\Harddisk2\DR2\Partition0
18:43:03.0358 3524 \Device\Harddisk2\DR2\Partition0 - ok
18:43:03.0358 3524 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk0\DR0\Partition0
18:43:03.0358 3524 \Device\Harddisk0\DR0\Partition0 - ok
18:43:03.0358 3524 Boot (0x1200) (3700ec990749b8ab462b96ab27d9b744) \Device\Harddisk0\DR0\Partition1
18:43:03.0358 3524 \Device\Harddisk0\DR0\Partition1 - ok
18:43:03.0358 3524 Boot (0x1200) (56fb5684077f2e95727690d7445a7eff) \Device\Harddisk0\DR0\Partition2
18:43:03.0358 3524 \Device\Harddisk0\DR0\Partition2 - ok
18:43:03.0374 3524 ============================================================
18:43:03.0374 3524 Scan finished
18:43:03.0374 3524 ============================================================
18:43:03.0374 4964 Detected object count: 1
18:43:03.0374 4964 Actual detected object count: 1
18:43:15.0542 4964 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:43:15.0542 4964 sptd ( LockedFile.Multi.Generic ) - User select action: Skip




aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-03 18:49:18
-----------------------------
18:49:18.800 OS Version: Windows x64 6.1.7601 Service Pack 1
18:49:18.800 Number of processors: 3 586 0x403
18:49:18.800 ComputerName: JBITZ-PC UserName: Jbitz
18:49:18.941 Initialize success
18:50:16.694 AVAST engine defs: 12040302
18:52:37.562 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-3
18:52:37.562 Disk 0 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 3
18:52:37.562 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
18:52:37.562 Disk 1 Vendor: OCZ-AGILITY2 1.11 Size: 57241MB BusType: 3
18:52:37.562 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T1L0-5
18:52:37.562 Disk 2 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 3
18:52:37.562 Disk 1 MBR read successfully
18:52:37.562 Disk 1 MBR scan
18:52:37.562 Disk 1 Windows 7 default MBR code
18:52:37.578 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:52:37.578 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 57139 MB offset 206848
18:52:37.578 Disk 1 scanning C:\Windows\system32\drivers
18:52:39.902 Service scanning
18:52:47.172 Modules scanning
18:52:47.172 Disk 1 trace - called modules:
18:52:47.172 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800cb322c0]<<spdk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:52:47.172 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800da2b580]
18:52:47.172 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa800da01e40]
18:52:47.187 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800da00060]
18:52:47.187 \Driver\atapi[0xfffffa800cb6c6d0] -> IRP_MJ_CREATE -> 0xfffffa800cb322c0
18:52:47.328 AVAST engine scan C:\Windows
18:52:48.638 AVAST engine scan C:\Windows\system32
18:54:12.987 AVAST engine scan C:\Windows\system32\drivers
18:54:15.764 AVAST engine scan C:\Users\Jbitz
18:54:26.996 File: C:\Users\Jbitz\AppData\Roaming\avidemux\avidemux\mijimxh.dll **INFECTED** Win32:Rootkit-gen [Rtk]
18:54:43.875 AVAST engine scan C:\ProgramData
18:54:58.851 Scan finished successfully
18:55:37.930 Disk 1 MBR has been saved successfully to "C:\Users\Jbitz\Desktop\MBR.dat"
18:55:37.930 The log file has been saved successfully to "C:\Users\Jbitz\Desktop\aswMBR.txt"

ComboFix 12-03-29.02 - Jbitz 03/29/2012 17:52:01.1.3 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16382.9603 [GMT -4:00]
Running from: c:\users\Jbitz\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jbitz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{79EAA0AC-3F51-4486-A5F9-639038E7C3EB}.xps
c:\users\Jbitz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{80446A0C-3316-41AE-880E-DB6C3219D781}.xps
c:\users\Jbitz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9A24BF28-E4B7-40A1-BAF0-CD3D243FDD67}.xps
c:\users\Jbitz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B16460B2-0F9E-41AF-983A-27598028EF20}.xps
c:\users\Jbitz\AppData\Roaming\Adobe\plugs
c:\users\Jbitz\AppData\Roaming\Adobe\shed
c:\users\Jbitz\Taskmgr.exe
c:\windows\SysWow64\REN9781.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-29 21:54 . 2012-03-29 21:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-16 19:16 . 2012-03-16 19:16 -------- d-----w- c:\users\Jbitz\AppData\Local\SupportSoft
2012-03-16 19:16 . 2012-03-16 19:16 -------- d-----w- c:\programdata\SupportSoft
2012-03-16 18:52 . 2012-03-16 18:52 -------- d-----w- c:\program files\Verizon
2012-03-16 18:51 . 2012-03-16 19:16 260 ----a-w- c:\windows\SysWow64\cmdVBS.vbs
2012-03-16 18:51 . 2012-03-16 19:16 256 ----a-w- c:\windows\SysWow64\MSIevent.bat
2012-03-16 18:51 . 2011-05-26 19:00 23896576 ----a-w- c:\windows\VzInHomeAgentInstaller.msi
2012-03-16 18:49 . 2012-03-16 18:51 -------- d-----w- c:\program files (x86)\Verizon
2012-03-14 06:45 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 06:45 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 06:45 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 04:57 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 04:57 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 04:57 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 04:56 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 04:56 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 04:56 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 04:56 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 04:56 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 04:56 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 04:56 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 04:56 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-03 00:09 . 2012-02-27 00:32 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-19 19:55 . 2011-04-15 01:04 9796096 ----a-w- c:\windows\VerizonDM.msi
2012-01-04 10:44 . 2012-02-15 06:35 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 06:35 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jbitz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jbitz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jbitz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2010-10-01 329096]
"US4Service"="c:\programdata\Everstrike\US4Service.exe" [2010-03-24 39552]
"TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-04-22 9919104]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe" [2010-03-25 888960]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"KeePass 2 PreLoad"="e:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-07-12 1764352]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="e:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Jbitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jbitz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0\0e:\progra~2\AVG\AVG10\avgchsva.exe /sync\0e:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 PowerAlert Agent;PowerAlert Agent;c:\program files (x86)\TrippLite\PowerAlert\engine\pal.exe [2010-05-14 1644368]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-12-01 206120]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
S2 AVGIDSAgent;AVGIDSAgent;e:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
S2 avgwd;AVG WatchDog;e:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 SBSDWSCService;SBSD Security Center Service;e:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-12-01 185640]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2428319956-2832503307-2180716793-1000Core.job
- c:\users\Jbitz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 01:27]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2428319956-2832503307-2180716793-1000UA.job
- c:\users\Jbitz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 01:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jbitz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jbitz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jbitz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jbitz\AppData\Roaming\Mozilla\Firefox\Profiles\zgj3icx9.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-nLite_is1 - h:\program files (x86)\nLite\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\DAODx.exe
c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
c:\program files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
.
**************************************************************************
.
Completion time: 2012-03-29 17:58:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-29 21:58
.
Pre-Run: 10,132,684,800 bytes free
Post-Run: 9,512,538,112 bytes free
.
- - End Of File - - 627739A42C67AED6F0925F5CD0120F07
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Google redirect problem

Unread postby jbitz » April 3rd, 2012, 7:03 pm

Here are the 3 reports you requested.


18:42:40.0083 2032 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
18:42:40.0317 2032 ============================================================
18:42:40.0317 2032 Current date / time: 2012/04/03 18:42:40.0317
18:42:40.0317 2032 SystemInfo:
18:42:40.0317 2032
18:42:40.0317 2032 OS Version: 6.1.7601 ServicePack: 1.0
18:42:40.0317 2032 Product type: Workstation
18:42:40.0317 2032 ComputerName: JBITZ-PC
18:42:40.0317 2032 UserName: Jbitz
18:42:40.0317 2032 Windows directory: C:\Windows
18:42:40.0317 2032 System windows directory: C:\Windows
18:42:40.0317 2032 Running under WOW64
18:42:40.0317 2032 Processor architecture: Intel x64
18:42:40.0317 2032 Number of processors: 3
18:42:40.0317 2032 Page size: 0x1000
18:42:40.0317 2032 Boot type: Normal boot
18:42:40.0317 2032 ============================================================
18:42:40.0489 2032 Drive \Device\Harddisk1\DR1 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:42:40.0504 2032 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:42:40.0520 2032 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:42:40.0520 2032 \Device\Harddisk1\DR1:
18:42:40.0520 2032 MBR used
18:42:40.0520 2032 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:42:40.0520 2032 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F99800
18:42:40.0520 2032 \Device\Harddisk2\DR2:
18:42:40.0520 2032 MBR used
18:42:40.0520 2032 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
18:42:40.0520 2032 \Device\Harddisk0\DR0:
18:42:40.0520 2032 GPT used
18:42:40.0520 2032 \Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {6483CBF6-24D8-49EB-8827-BD8D83EDBF95}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
18:42:40.0520 2032 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {8C40B852-B9B0-47C3-9C2C-8EFF85D98D42}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x17318000
18:42:40.0520 2032 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {77050DA0-7C65-4619-A43D-ABCD5B06C187}, Name: Basic data partition, StartLBA 0x17358800, BlocksNum 0xD1AAF800
18:42:40.0629 2032 Initialize success
18:42:40.0629 2032 ============================================================
18:42:55.0028 3524 ============================================================
18:42:55.0028 3524 Scan started
18:42:55.0028 3524 Mode: Manual;
18:42:55.0028 3524 ============================================================
18:42:55.0106 3524 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:42:55.0121 3524 1394ohci - ok
18:42:55.0121 3524 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
18:42:55.0121 3524 61883 - ok
18:42:55.0153 3524 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:42:55.0153 3524 ACPI - ok
18:42:55.0168 3524 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:42:55.0168 3524 AcpiPmi - ok
18:42:55.0168 3524 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:42:55.0168 3524 AdobeARMservice - ok
18:42:55.0184 3524 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:42:55.0199 3524 adp94xx - ok
18:42:55.0215 3524 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:42:55.0215 3524 adpahci - ok
18:42:55.0231 3524 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:42:55.0231 3524 adpu320 - ok
18:42:55.0246 3524 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:42:55.0246 3524 AeLookupSvc - ok
18:42:55.0262 3524 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:42:55.0262 3524 AFD - ok
18:42:55.0277 3524 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:42:55.0277 3524 agp440 - ok
18:42:55.0293 3524 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:42:55.0293 3524 ALG - ok
18:42:55.0309 3524 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:42:55.0309 3524 aliide - ok
18:42:55.0324 3524 AMD External Events Utility (87e226c0e11182943d28e8bec61618cd) C:\Windows\system32\atiesrxx.exe
18:42:55.0324 3524 AMD External Events Utility - ok
18:42:55.0324 3524 AMD FUEL Service - ok
18:42:55.0340 3524 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:42:55.0340 3524 amdide - ok
18:42:55.0355 3524 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
18:42:55.0355 3524 amdiox64 - ok
18:42:55.0355 3524 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:42:55.0355 3524 AmdK8 - ok
18:42:55.0496 3524 amdkmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
18:42:55.0605 3524 amdkmdag - ok
18:42:55.0636 3524 amdkmdap (f8f8a908fdb005a65ddf7238c814eea5) C:\Windows\system32\DRIVERS\atikmpag.sys
18:42:55.0636 3524 amdkmdap - ok
18:42:55.0652 3524 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:42:55.0652 3524 AmdPPM - ok
18:42:55.0652 3524 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
18:42:55.0667 3524 amdsata - ok
18:42:55.0683 3524 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:42:55.0683 3524 amdsbs - ok
18:42:55.0699 3524 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
18:42:55.0699 3524 amdxata - ok
18:42:55.0699 3524 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:42:55.0699 3524 AODDriver4.01 - ok
18:42:55.0714 3524 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:42:55.0714 3524 AppID - ok
18:42:55.0730 3524 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:42:55.0730 3524 AppIDSvc - ok
18:42:55.0745 3524 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:42:55.0745 3524 Appinfo - ok
18:42:55.0745 3524 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
18:42:55.0761 3524 AppMgmt - ok
18:42:55.0761 3524 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:42:55.0777 3524 arc - ok
18:42:55.0777 3524 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:42:55.0792 3524 arcsas - ok
18:42:55.0792 3524 AsIO (f6bda026e4157dc4e321ca391e9d9bc6) C:\Windows\syswow64\drivers\AsIO.sys
18:42:55.0792 3524 AsIO - ok
18:42:55.0808 3524 AsSysCtrlService (954ffbff05b0b60eb63b52af561436c4) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
18:42:55.0808 3524 AsSysCtrlService - ok
18:42:55.0808 3524 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:42:55.0823 3524 AsyncMac - ok
18:42:55.0823 3524 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:42:55.0823 3524 atapi - ok
18:42:55.0839 3524 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
18:42:55.0839 3524 AtiHDAudioService - ok
18:42:55.0855 3524 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:42:55.0855 3524 AtiPcie - ok
18:42:55.0870 3524 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:42:55.0886 3524 AudioEndpointBuilder - ok
18:42:55.0886 3524 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:42:55.0901 3524 AudioSrv - ok
18:42:55.0901 3524 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
18:42:55.0901 3524 Avc - ok
18:42:56.0104 3524 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) E:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
18:42:56.0167 3524 AVGIDSAgent - ok
18:42:56.0182 3524 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
18:42:56.0182 3524 AVGIDSDriver - ok
18:42:56.0198 3524 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
18:42:56.0198 3524 AVGIDSEH - ok
18:42:56.0198 3524 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
18:42:56.0198 3524 AVGIDSFilter - ok
18:42:56.0213 3524 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
18:42:56.0229 3524 Avgldx64 - ok
18:42:56.0229 3524 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
18:42:56.0229 3524 Avgmfx64 - ok
18:42:56.0245 3524 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
18:42:56.0245 3524 Avgrkx64 - ok
18:42:56.0260 3524 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
18:42:56.0260 3524 Avgtdia - ok
18:42:56.0291 3524 avgwd (fc2bc51120a945f7c70376495e4e7737) E:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
18:42:56.0291 3524 avgwd - ok
18:42:56.0291 3524 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:42:56.0307 3524 AxInstSV - ok
18:42:56.0323 3524 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:42:56.0323 3524 b06bdrv - ok
18:42:56.0338 3524 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:42:56.0338 3524 b57nd60a - ok
18:42:56.0354 3524 BCUService (7ed4e1d2e124ad4e6a287cf49dbc9bba) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
18:42:56.0354 3524 BCUService - ok
18:42:56.0354 3524 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:42:56.0369 3524 BDESVC - ok
18:42:56.0369 3524 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:42:56.0369 3524 Beep - ok
18:42:56.0401 3524 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:42:56.0401 3524 BFE - ok
18:42:56.0416 3524 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:42:56.0432 3524 BITS - ok
18:42:56.0447 3524 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:42:56.0447 3524 blbdrive - ok
18:42:56.0463 3524 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:42:56.0463 3524 bowser - ok
18:42:56.0479 3524 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:42:56.0479 3524 BrFiltLo - ok
18:42:56.0479 3524 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:42:56.0494 3524 BrFiltUp - ok
18:42:56.0494 3524 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:42:56.0494 3524 BridgeMP - ok
18:42:56.0510 3524 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:42:56.0510 3524 Browser - ok
18:42:56.0525 3524 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:42:56.0525 3524 Brserid - ok
18:42:56.0541 3524 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:42:56.0541 3524 BrSerWdm - ok
18:42:56.0557 3524 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:42:56.0557 3524 BrUsbMdm - ok
18:42:56.0572 3524 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:42:56.0572 3524 BrUsbSer - ok
18:42:56.0588 3524 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:42:56.0588 3524 BTHMODEM - ok
18:42:56.0603 3524 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:42:56.0603 3524 bthserv - ok
18:42:56.0603 3524 catchme - ok
18:42:56.0619 3524 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:42:56.0619 3524 cdfs - ok
18:42:56.0635 3524 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:42:56.0635 3524 cdrom - ok
18:42:56.0650 3524 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:42:56.0650 3524 CertPropSvc - ok
18:42:56.0650 3524 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:42:56.0666 3524 circlass - ok
18:42:56.0666 3524 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:42:56.0681 3524 CLFS - ok
18:42:56.0681 3524 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:42:56.0681 3524 clr_optimization_v2.0.50727_32 - ok
18:42:56.0697 3524 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:42:56.0697 3524 clr_optimization_v2.0.50727_64 - ok
18:42:56.0697 3524 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:42:56.0713 3524 clr_optimization_v4.0.30319_32 - ok
18:42:56.0713 3524 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:42:56.0713 3524 clr_optimization_v4.0.30319_64 - ok
18:42:56.0728 3524 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:42:56.0728 3524 CmBatt - ok
18:42:56.0744 3524 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:42:56.0744 3524 cmdide - ok
18:42:56.0759 3524 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:42:56.0759 3524 CNG - ok
18:42:56.0775 3524 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:42:56.0775 3524 Compbatt - ok
18:42:56.0791 3524 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:42:56.0791 3524 CompositeBus - ok
18:42:56.0806 3524 COMSysApp - ok
18:42:56.0806 3524 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:42:56.0822 3524 crcdisk - ok
18:42:56.0822 3524 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:42:56.0837 3524 CryptSvc - ok
18:42:56.0853 3524 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:42:56.0853 3524 CSC - ok
18:42:56.0869 3524 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
18:42:56.0884 3524 CscService - ok
18:42:56.0900 3524 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:42:56.0915 3524 DcomLaunch - ok
18:42:56.0915 3524 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:42:56.0931 3524 defragsvc - ok
18:42:56.0931 3524 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:42:56.0947 3524 DfsC - ok
18:42:56.0947 3524 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:42:56.0962 3524 Dhcp - ok
18:42:56.0978 3524 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:42:56.0978 3524 discache - ok
18:42:56.0978 3524 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:42:56.0993 3524 Disk - ok
18:42:56.0993 3524 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:42:57.0009 3524 Dnscache - ok
18:42:57.0009 3524 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:42:57.0025 3524 dot3svc - ok
18:42:57.0025 3524 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:42:57.0040 3524 DPS - ok
18:42:57.0040 3524 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:42:57.0040 3524 drmkaud - ok
18:42:57.0071 3524 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:42:57.0071 3524 DXGKrnl - ok
18:42:57.0087 3524 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:42:57.0087 3524 EapHost - ok
18:42:57.0134 3524 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:42:57.0165 3524 ebdrv - ok
18:42:57.0181 3524 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:42:57.0181 3524 EFS - ok
18:42:57.0196 3524 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:42:57.0196 3524 ehRecvr - ok
18:42:57.0212 3524 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:42:57.0212 3524 ehSched - ok
18:42:57.0227 3524 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:42:57.0227 3524 elxstor - ok
18:42:57.0243 3524 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:42:57.0243 3524 ErrDev - ok
18:42:57.0259 3524 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:42:57.0274 3524 EventSystem - ok
18:42:57.0290 3524 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:42:57.0290 3524 exfat - ok
18:42:57.0305 3524 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:42:57.0305 3524 fastfat - ok
18:42:57.0321 3524 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:42:57.0321 3524 Fax - ok
18:42:57.0337 3524 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:42:57.0337 3524 fdc - ok
18:42:57.0352 3524 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:42:57.0352 3524 fdPHost - ok
18:42:57.0368 3524 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:42:57.0368 3524 FDResPub - ok
18:42:57.0383 3524 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:42:57.0383 3524 FileInfo - ok
18:42:57.0399 3524 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:42:57.0399 3524 Filetrace - ok
18:42:57.0399 3524 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:42:57.0399 3524 flpydisk - ok
18:42:57.0415 3524 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:42:57.0430 3524 FltMgr - ok
18:42:57.0446 3524 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:42:57.0461 3524 FontCache - ok
18:42:57.0461 3524 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:42:57.0461 3524 FontCache3.0.0.0 - ok
18:42:57.0477 3524 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:42:57.0477 3524 FsDepends - ok
18:42:57.0493 3524 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:42:57.0493 3524 Fs_Rec - ok
18:42:57.0508 3524 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:42:57.0508 3524 fvevol - ok
18:42:57.0524 3524 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:42:57.0524 3524 gagp30kx - ok
18:42:57.0539 3524 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:42:57.0555 3524 gpsvc - ok
18:42:57.0555 3524 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:42:57.0555 3524 hcw85cir - ok
18:42:57.0571 3524 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:42:57.0586 3524 HdAudAddService - ok
18:42:57.0586 3524 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:42:57.0602 3524 HDAudBus - ok
18:42:57.0602 3524 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:42:57.0602 3524 HidBatt - ok
18:42:57.0617 3524 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:42:57.0617 3524 HidBth - ok
18:42:57.0633 3524 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:42:57.0633 3524 HidIr - ok
18:42:57.0649 3524 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:42:57.0649 3524 hidserv - ok
18:42:57.0664 3524 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:42:57.0664 3524 HidUsb - ok
18:42:57.0680 3524 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:42:57.0680 3524 hkmsvc - ok
18:42:57.0695 3524 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:42:57.0695 3524 HomeGroupListener - ok
18:42:57.0711 3524 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:42:57.0711 3524 HomeGroupProvider - ok
18:42:57.0727 3524 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:42:57.0727 3524 HpSAMD - ok
18:42:57.0742 3524 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:42:57.0758 3524 HTTP - ok
18:42:57.0773 3524 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:42:57.0773 3524 hwpolicy - ok
18:42:57.0789 3524 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:42:57.0789 3524 i8042prt - ok
18:42:57.0805 3524 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:42:57.0805 3524 iaStorV - ok
18:42:57.0820 3524 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:42:57.0836 3524 idsvc - ok
18:42:57.0836 3524 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:42:57.0851 3524 iirsp - ok
18:42:57.0867 3524 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:42:57.0867 3524 IKEEXT - ok
18:42:57.0914 3524 IntcAzAudAddService (a3bcbd0f710580a07d1b929d787d36ce) C:\Windows\system32\drivers\RTKVHD64.sys
18:42:57.0929 3524 IntcAzAudAddService - ok
18:42:57.0929 3524 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:42:57.0929 3524 intelide - ok
18:42:57.0961 3524 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:42:57.0961 3524 intelppm - ok
18:42:57.0976 3524 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:42:57.0976 3524 IPBusEnum - ok
18:42:57.0992 3524 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:42:57.0992 3524 IpFilterDriver - ok
18:42:58.0007 3524 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:42:58.0007 3524 iphlpsvc - ok
18:42:58.0023 3524 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:42:58.0023 3524 IPMIDRV - ok
18:42:58.0039 3524 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:42:58.0039 3524 IPNAT - ok
18:42:58.0054 3524 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:42:58.0054 3524 IRENUM - ok
18:42:58.0070 3524 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:42:58.0070 3524 isapnp - ok
18:42:58.0085 3524 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:42:58.0085 3524 iScsiPrt - ok
18:42:58.0101 3524 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:42:58.0101 3524 kbdclass - ok
18:42:58.0117 3524 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:42:58.0117 3524 kbdhid - ok
18:42:58.0117 3524 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:42:58.0132 3524 KeyIso - ok
18:42:58.0132 3524 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:42:58.0148 3524 KSecDD - ok
18:42:58.0148 3524 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:42:58.0148 3524 KSecPkg - ok
18:42:58.0163 3524 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:42:58.0163 3524 ksthunk - ok
18:42:58.0179 3524 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:42:58.0195 3524 KtmRm - ok
18:42:58.0195 3524 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:42:58.0210 3524 LanmanServer - ok
18:42:58.0226 3524 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:42:58.0226 3524 LanmanWorkstation - ok
18:42:58.0241 3524 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:42:58.0241 3524 lltdio - ok
18:42:58.0257 3524 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:42:58.0273 3524 lltdsvc - ok
18:42:58.0273 3524 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:42:58.0288 3524 lmhosts - ok
18:42:58.0288 3524 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:42:58.0304 3524 LSI_FC - ok
18:42:58.0304 3524 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:42:58.0319 3524 LSI_SAS - ok
18:42:58.0319 3524 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:42:58.0319 3524 LSI_SAS2 - ok
18:42:58.0335 3524 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:42:58.0335 3524 LSI_SCSI - ok
18:42:58.0351 3524 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:42:58.0351 3524 luafv - ok
18:42:58.0366 3524 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:42:58.0366 3524 Mcx2Svc - ok
18:42:58.0382 3524 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:42:58.0382 3524 megasas - ok
18:42:58.0397 3524 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:42:58.0397 3524 MegaSR - ok
18:42:58.0413 3524 Microsoft SharePoint Workspace Audit Service - ok
18:42:58.0413 3524 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:42:58.0429 3524 MMCSS - ok
18:42:58.0429 3524 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:42:58.0444 3524 Modem - ok
18:42:58.0444 3524 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:42:58.0444 3524 monitor - ok
18:42:58.0460 3524 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:42:58.0460 3524 mouclass - ok
18:42:58.0475 3524 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:42:58.0475 3524 mouhid - ok
18:42:58.0491 3524 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:42:58.0491 3524 mountmgr - ok
18:42:58.0507 3524 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:42:58.0507 3524 mpio - ok
18:42:58.0522 3524 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:42:58.0522 3524 mpsdrv - ok
18:42:58.0538 3524 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:42:58.0553 3524 MpsSvc - ok
18:42:58.0569 3524 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:42:58.0569 3524 MRxDAV - ok
18:42:58.0585 3524 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:42:58.0585 3524 mrxsmb - ok
18:42:58.0600 3524 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:42:58.0600 3524 mrxsmb10 - ok
18:42:58.0616 3524 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:42:58.0616 3524 mrxsmb20 - ok
18:42:58.0631 3524 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:42:58.0631 3524 msahci - ok
18:42:58.0631 3524 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:42:58.0647 3524 msdsm - ok
18:42:58.0647 3524 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:42:58.0663 3524 MSDTC - ok
18:42:58.0678 3524 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
18:42:58.0678 3524 MSDV - ok
18:42:58.0694 3524 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:42:58.0694 3524 Msfs - ok
18:42:58.0694 3524 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:42:58.0694 3524 mshidkmdf - ok
18:42:58.0709 3524 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:42:58.0709 3524 msisadrv - ok
18:42:58.0725 3524 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:42:58.0725 3524 MSiSCSI - ok
18:42:58.0741 3524 msiserver - ok
18:42:58.0756 3524 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:42:58.0756 3524 MSKSSRV - ok
18:42:58.0756 3524 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:42:58.0772 3524 MSPCLOCK - ok
18:42:58.0772 3524 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:42:58.0772 3524 MSPQM - ok
18:42:58.0787 3524 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:42:58.0803 3524 MsRPC - ok
18:42:58.0803 3524 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:42:58.0803 3524 mssmbios - ok
18:42:58.0819 3524 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:42:58.0819 3524 MSTEE - ok
18:42:58.0834 3524 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:42:58.0834 3524 MTConfig - ok
18:42:58.0850 3524 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
18:42:58.0850 3524 MTsensor - ok
18:42:58.0865 3524 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:42:58.0865 3524 Mup - ok
18:42:58.0881 3524 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:42:58.0881 3524 napagent - ok
18:42:58.0897 3524 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:42:58.0912 3524 NativeWifiP - ok
18:42:58.0928 3524 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:42:58.0943 3524 NDIS - ok
18:42:58.0959 3524 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:42:58.0959 3524 NdisCap - ok
18:42:58.0959 3524 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:42:58.0975 3524 NdisTapi - ok
18:42:58.0975 3524 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:42:58.0975 3524 Ndisuio - ok
18:42:58.0990 3524 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:42:58.0990 3524 NdisWan - ok
18:42:59.0006 3524 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:42:59.0006 3524 NDProxy - ok
18:42:59.0021 3524 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:42:59.0021 3524 NetBIOS - ok
18:42:59.0037 3524 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:42:59.0037 3524 NetBT - ok
18:42:59.0053 3524 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:42:59.0053 3524 Netlogon - ok
18:42:59.0068 3524 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:42:59.0084 3524 Netman - ok
18:42:59.0099 3524 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:42:59.0099 3524 netprofm - ok
18:42:59.0115 3524 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:42:59.0115 3524 NetTcpPortSharing - ok
18:42:59.0131 3524 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:42:59.0131 3524 nfrd960 - ok
18:42:59.0146 3524 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:42:59.0146 3524 NlaSvc - ok
18:42:59.0162 3524 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:42:59.0162 3524 Npfs - ok
18:42:59.0177 3524 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:42:59.0177 3524 nsi - ok
18:42:59.0193 3524 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:42:59.0193 3524 nsiproxy - ok
18:42:59.0224 3524 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:42:59.0240 3524 Ntfs - ok
18:42:59.0255 3524 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:42:59.0255 3524 Null - ok
18:42:59.0271 3524 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
18:42:59.0271 3524 nusb3hub - ok
18:42:59.0287 3524 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:42:59.0287 3524 nusb3xhc - ok
18:42:59.0302 3524 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:42:59.0302 3524 nvraid - ok
18:42:59.0318 3524 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:42:59.0318 3524 nvstor - ok
18:42:59.0333 3524 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:42:59.0333 3524 nv_agp - ok
18:42:59.0349 3524 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:42:59.0349 3524 ohci1394 - ok
18:42:59.0349 3524 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:42:59.0349 3524 ose - ok
18:42:59.0411 3524 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:42:59.0474 3524 osppsvc - ok
18:42:59.0489 3524 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:42:59.0505 3524 p2pimsvc - ok
18:42:59.0521 3524 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:42:59.0521 3524 p2psvc - ok
18:42:59.0536 3524 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:42:59.0536 3524 Parport - ok
18:42:59.0552 3524 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:42:59.0552 3524 partmgr - ok
18:42:59.0567 3524 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:42:59.0567 3524 PcaSvc - ok
18:42:59.0583 3524 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:42:59.0583 3524 pci - ok
18:42:59.0599 3524 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:42:59.0599 3524 pciide - ok
18:42:59.0614 3524 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:42:59.0614 3524 pcmcia - ok
18:42:59.0630 3524 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:42:59.0630 3524 pcw - ok
18:42:59.0645 3524 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:42:59.0661 3524 PEAUTH - ok
18:42:59.0692 3524 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
18:42:59.0708 3524 PeerDistSvc - ok
18:42:59.0723 3524 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:42:59.0723 3524 PerfHost - ok
18:42:59.0755 3524 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:42:59.0770 3524 pla - ok
18:42:59.0786 3524 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:42:59.0801 3524 PlugPlay - ok
18:42:59.0801 3524 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:42:59.0817 3524 PNRPAutoReg - ok
18:42:59.0817 3524 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:42:59.0833 3524 PNRPsvc - ok
18:42:59.0848 3524 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:42:59.0848 3524 PolicyAgent - ok
18:42:59.0864 3524 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:42:59.0879 3524 Power - ok
18:42:59.0895 3524 PowerAlert Agent (95c335f234c3ffe883cf9fd1094b6cd6) C:\Program Files (x86)\TrippLite\PowerAlert\engine\pal.exe
18:42:59.0911 3524 PowerAlert Agent - ok
18:42:59.0926 3524 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:42:59.0926 3524 PptpMiniport - ok
18:42:59.0942 3524 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:42:59.0942 3524 Processor - ok
18:42:59.0957 3524 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:42:59.0957 3524 ProfSvc - ok
18:42:59.0973 3524 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:42:59.0973 3524 ProtectedStorage - ok
18:42:59.0989 3524 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:42:59.0989 3524 Psched - ok
18:43:00.0004 3524 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:43:00.0004 3524 PxHlpa64 - ok
18:43:00.0035 3524 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:43:00.0051 3524 ql2300 - ok
18:43:00.0067 3524 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:43:00.0067 3524 ql40xx - ok
18:43:00.0082 3524 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:43:00.0098 3524 QWAVE - ok
18:43:00.0098 3524 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:43:00.0113 3524 QWAVEdrv - ok
18:43:00.0113 3524 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:43:00.0113 3524 RasAcd - ok
18:43:00.0129 3524 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:43:00.0129 3524 RasAgileVpn - ok
18:43:00.0145 3524 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:43:00.0160 3524 RasAuto - ok
18:43:00.0160 3524 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:43:00.0176 3524 Rasl2tp - ok
18:43:00.0176 3524 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:43:00.0191 3524 RasMan - ok
18:43:00.0207 3524 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:43:00.0223 3524 RasPppoe - ok
18:43:00.0223 3524 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:43:00.0223 3524 RasSstp - ok
18:43:00.0238 3524 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:43:00.0254 3524 rdbss - ok
18:43:00.0254 3524 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:43:00.0269 3524 rdpbus - ok
18:43:00.0269 3524 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:43:00.0269 3524 RDPCDD - ok
18:43:00.0285 3524 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:43:00.0301 3524 RDPDR - ok
18:43:00.0301 3524 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:43:00.0301 3524 RDPENCDD - ok
18:43:00.0316 3524 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:43:00.0316 3524 RDPREFMP - ok
18:43:00.0332 3524 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
18:43:00.0332 3524 RdpVideoMiniport - ok
18:43:00.0347 3524 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:43:00.0347 3524 RDPWD - ok
18:43:00.0363 3524 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:43:00.0363 3524 rdyboost - ok
18:43:00.0379 3524 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:43:00.0379 3524 RemoteAccess - ok
18:43:00.0394 3524 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:43:00.0410 3524 RemoteRegistry - ok
18:43:00.0410 3524 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:43:00.0425 3524 RpcEptMapper - ok
18:43:00.0425 3524 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:43:00.0441 3524 RpcLocator - ok
18:43:00.0457 3524 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
18:43:00.0457 3524 RpcSs - ok
18:43:00.0472 3524 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:43:00.0472 3524 rspndr - ok
18:43:00.0488 3524 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:43:00.0488 3524 RTL8167 - ok
18:43:00.0503 3524 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:43:00.0503 3524 s3cap - ok
18:43:00.0519 3524 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:43:00.0519 3524 SamSs - ok
18:43:00.0535 3524 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:43:00.0535 3524 sbp2port - ok
18:43:00.0566 3524 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) E:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
18:43:00.0581 3524 SBSDWSCService - ok
18:43:00.0597 3524 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:43:00.0597 3524 SCardSvr - ok
18:43:00.0613 3524 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:43:00.0613 3524 scfilter - ok
18:43:00.0644 3524 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:43:00.0659 3524 Schedule - ok
18:43:00.0675 3524 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:43:00.0675 3524 SCPolicySvc - ok
18:43:00.0675 3524 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:43:00.0691 3524 SDRSVC - ok
18:43:00.0706 3524 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:43:00.0706 3524 secdrv - ok
18:43:00.0706 3524 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:43:00.0722 3524 seclogon - ok
18:43:00.0737 3524 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:43:00.0737 3524 SENS - ok
18:43:00.0753 3524 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:43:00.0753 3524 SensrSvc - ok
18:43:00.0769 3524 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:43:00.0769 3524 Serenum - ok
18:43:00.0784 3524 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:43:00.0784 3524 Serial - ok
18:43:00.0800 3524 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:43:00.0800 3524 sermouse - ok
18:43:00.0815 3524 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:43:00.0815 3524 SessionEnv - ok
18:43:00.0831 3524 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:43:00.0831 3524 sffdisk - ok
18:43:00.0847 3524 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:43:00.0847 3524 sffp_mmc - ok
18:43:00.0862 3524 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:43:00.0862 3524 sffp_sd - ok
18:43:00.0878 3524 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:43:00.0878 3524 sfloppy - ok
18:43:00.0893 3524 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:43:00.0893 3524 SharedAccess - ok
18:43:00.0909 3524 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:43:00.0925 3524 ShellHWDetection - ok
18:43:00.0925 3524 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:43:00.0940 3524 SiSRaid2 - ok
18:43:00.0940 3524 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:43:00.0940 3524 SiSRaid4 - ok
18:43:00.0956 3524 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:43:00.0956 3524 Smb - ok
18:43:00.0971 3524 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:43:00.0987 3524 SNMPTRAP - ok
18:43:00.0987 3524 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:43:00.0987 3524 spldr - ok
18:43:01.0003 3524 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:43:01.0018 3524 Spooler - ok
18:43:01.0081 3524 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:43:01.0127 3524 sppsvc - ok
18:43:01.0127 3524 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:43:01.0143 3524 sppuinotify - ok
18:43:01.0143 3524 sprtsvc_verizondm - ok
18:43:01.0159 3524 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
18:43:01.0174 3524 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
18:43:01.0174 3524 sptd ( LockedFile.Multi.Generic ) - warning
18:43:01.0174 3524 sptd - detected LockedFile.Multi.Generic (1)
18:43:01.0190 3524 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:43:01.0190 3524 srv - ok
18:43:01.0205 3524 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:43:01.0221 3524 srv2 - ok
18:43:01.0237 3524 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:43:01.0237 3524 srvnet - ok
18:43:01.0252 3524 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:43:01.0252 3524 SSDPSRV - ok
18:43:01.0268 3524 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:43:01.0268 3524 SstpSvc - ok
18:43:01.0283 3524 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:43:01.0283 3524 stexstor - ok
18:43:01.0299 3524 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:43:01.0315 3524 stisvc - ok
18:43:01.0330 3524 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:43:01.0330 3524 storflt - ok
18:43:01.0346 3524 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:43:01.0346 3524 storvsc - ok
18:43:01.0361 3524 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:43:01.0361 3524 swenum - ok
18:43:01.0361 3524 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:43:01.0377 3524 SwitchBoard - ok
18:43:01.0393 3524 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:43:01.0393 3524 swprv - ok
18:43:01.0408 3524 Synth3dVsc - ok
18:43:01.0439 3524 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:43:01.0471 3524 SysMain - ok
18:43:01.0471 3524 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:43:01.0486 3524 TabletInputService - ok
18:43:01.0502 3524 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:43:01.0517 3524 TapiSrv - ok
18:43:01.0517 3524 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:43:01.0533 3524 TBS - ok
18:43:01.0564 3524 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:43:01.0580 3524 Tcpip - ok
18:43:01.0611 3524 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:43:01.0611 3524 TCPIP6 - ok
18:43:01.0627 3524 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:43:01.0627 3524 tcpipreg - ok
18:43:01.0642 3524 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:43:01.0642 3524 TDPIPE - ok
18:43:01.0658 3524 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:43:01.0658 3524 TDTCP - ok
18:43:01.0673 3524 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:43:01.0673 3524 tdx - ok
18:43:01.0689 3524 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:43:01.0689 3524 TermDD - ok
18:43:01.0705 3524 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:43:01.0720 3524 TermService - ok
18:43:01.0720 3524 tgsrvc_verizondm - ok
18:43:01.0736 3524 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:43:01.0736 3524 Themes - ok
18:43:01.0751 3524 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:43:01.0751 3524 THREADORDER - ok
18:43:01.0767 3524 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:43:01.0783 3524 TrkWks - ok
18:43:01.0783 3524 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:43:01.0783 3524 TrustedInstaller - ok
18:43:01.0798 3524 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:43:01.0798 3524 tssecsrv - ok
18:43:01.0814 3524 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:43:01.0814 3524 TsUsbFlt - ok
18:43:01.0829 3524 tsusbhub - ok
18:43:01.0829 3524 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:43:01.0845 3524 tunnel - ok
18:43:01.0845 3524 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:43:01.0861 3524 uagp35 - ok
18:43:01.0876 3524 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:43:01.0876 3524 udfs - ok
18:43:01.0892 3524 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:43:01.0892 3524 UI0Detect - ok
18:43:01.0907 3524 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:43:01.0907 3524 uliagpkx - ok
18:43:01.0923 3524 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:43:01.0923 3524 umbus - ok
18:43:01.0939 3524 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:43:01.0939 3524 UmPass - ok
18:43:01.0954 3524 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
18:43:01.0954 3524 UmRdpService - ok
18:43:01.0970 3524 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:43:01.0985 3524 upnphost - ok
18:43:02.0001 3524 US30Sys (5d9432fce8528d33bcb8d140175e9150) C:\Windows\syswow64\drivers\US40fs64.sys
18:43:02.0001 3524 US30Sys - ok
18:43:02.0017 3524 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:43:02.0017 3524 usbccgp - ok
18:43:02.0032 3524 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:43:02.0032 3524 usbcir - ok
18:43:02.0048 3524 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:43:02.0048 3524 usbehci - ok
18:43:02.0063 3524 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:43:02.0063 3524 usbhub - ok
18:43:02.0079 3524 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:43:02.0079 3524 usbohci - ok
18:43:02.0095 3524 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:43:02.0095 3524 usbprint - ok
18:43:02.0110 3524 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:43:02.0110 3524 usbscan - ok
18:43:02.0110 3524 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:43:02.0126 3524 USBSTOR - ok
18:43:02.0126 3524 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:43:02.0126 3524 usbuhci - ok
18:43:02.0141 3524 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:43:02.0157 3524 UxSms - ok
18:43:02.0157 3524 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:43:02.0173 3524 VaultSvc - ok
18:43:02.0173 3524 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:43:02.0173 3524 vdrvroot - ok
18:43:02.0188 3524 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:43:02.0204 3524 vds - ok
18:43:02.0219 3524 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:43:02.0219 3524 vga - ok
18:43:02.0235 3524 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:43:02.0235 3524 VgaSave - ok
18:43:02.0251 3524 VGPU - ok
18:43:02.0266 3524 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:43:02.0266 3524 vhdmp - ok
18:43:02.0282 3524 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:43:02.0282 3524 viaide - ok
18:43:02.0297 3524 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:43:02.0297 3524 vmbus - ok
18:43:02.0313 3524 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:43:02.0313 3524 VMBusHID - ok
18:43:02.0313 3524 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:43:02.0329 3524 volmgr - ok
18:43:02.0344 3524 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:43:02.0344 3524 volmgrx - ok
18:43:02.0360 3524 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:43:02.0360 3524 volsnap - ok
18:43:02.0375 3524 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:43:02.0375 3524 vsmraid - ok
18:43:02.0407 3524 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:43:02.0438 3524 VSS - ok
18:43:02.0438 3524 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:43:02.0438 3524 vwifibus - ok
18:43:02.0453 3524 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:43:02.0469 3524 W32Time - ok
18:43:02.0485 3524 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:43:02.0485 3524 WacomPen - ok
18:43:02.0500 3524 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:43:02.0500 3524 WANARP - ok
18:43:02.0500 3524 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:43:02.0500 3524 Wanarpv6 - ok
18:43:02.0531 3524 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:43:02.0547 3524 WatAdminSvc - ok
18:43:02.0578 3524 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:43:02.0609 3524 wbengine - ok
18:43:02.0625 3524 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:43:02.0625 3524 WbioSrvc - ok
18:43:02.0641 3524 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:43:02.0656 3524 wcncsvc - ok
18:43:02.0672 3524 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:43:02.0672 3524 WcsPlugInService - ok
18:43:02.0687 3524 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:43:02.0687 3524 Wd - ok
18:43:02.0703 3524 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:43:02.0719 3524 Wdf01000 - ok
18:43:02.0734 3524 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:43:02.0734 3524 WdiServiceHost - ok
18:43:02.0734 3524 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:43:02.0750 3524 WdiSystemHost - ok
18:43:02.0765 3524 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:43:02.0765 3524 WebClient - ok
18:43:02.0781 3524 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:43:02.0797 3524 Wecsvc - ok
18:43:02.0812 3524 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:43:02.0812 3524 wercplsupport - ok
18:43:02.0828 3524 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:43:02.0828 3524 WerSvc - ok
18:43:02.0843 3524 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:43:02.0843 3524 WfpLwf - ok
18:43:02.0859 3524 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:43:02.0859 3524 WIMMount - ok
18:43:02.0859 3524 WinDefend - ok
18:43:02.0875 3524 WinHttpAutoProxySvc - ok
18:43:02.0890 3524 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:43:02.0890 3524 Winmgmt - ok
18:43:02.0921 3524 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:43:02.0953 3524 WinRM - ok
18:43:02.0968 3524 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:43:02.0999 3524 Wlansvc - ok
18:43:03.0015 3524 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:43:03.0046 3524 wlidsvc - ok
18:43:03.0062 3524 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:43:03.0062 3524 WmiAcpi - ok
18:43:03.0077 3524 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:43:03.0077 3524 wmiApSrv - ok
18:43:03.0077 3524 WMPNetworkSvc - ok
18:43:03.0093 3524 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:43:03.0093 3524 WPCSvc - ok
18:43:03.0109 3524 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:43:03.0124 3524 WPDBusEnum - ok
18:43:03.0124 3524 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:43:03.0124 3524 ws2ifsl - ok
18:43:03.0140 3524 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:43:03.0155 3524 wscsvc - ok
18:43:03.0155 3524 WSearch - ok
18:43:03.0202 3524 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:43:03.0233 3524 wuauserv - ok
18:43:03.0249 3524 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:43:03.0249 3524 WudfPf - ok
18:43:03.0265 3524 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:43:03.0265 3524 WUDFRd - ok
18:43:03.0280 3524 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:43:03.0280 3524 wudfsvc - ok
18:43:03.0296 3524 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:43:03.0311 3524 WwanSvc - ok
18:43:03.0311 3524 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
18:43:03.0311 3524 \Device\Harddisk1\DR1 - ok
18:43:03.0311 3524 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
18:43:03.0343 3524 \Device\Harddisk2\DR2 - ok
18:43:03.0343 3524 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:43:03.0358 3524 \Device\Harddisk0\DR0 - ok
18:43:03.0358 3524 Boot (0x1200) (eafb5537a7f9f17fba8b134f442047ac) \Device\Harddisk1\DR1\Partition0
18:43:03.0358 3524 \Device\Harddisk1\DR1\Partition0 - ok
18:43:03.0358 3524 Boot (0x1200) (3f8ccb797c4a8b2598a741cca45e3c97) \Device\Harddisk1\DR1\Partition1
18:43:03.0358 3524 \Device\Harddisk1\DR1\Partition1 - ok
18:43:03.0358 3524 Boot (0x1200) (c9bd97385bb2dadf99887d4463610585) \Device\Harddisk2\DR2\Partition0
18:43:03.0358 3524 \Device\Harddisk2\DR2\Partition0 - ok
18:43:03.0358 3524 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk0\DR0\Partition0
18:43:03.0358 3524 \Device\Harddisk0\DR0\Partition0 - ok
18:43:03.0358 3524 Boot (0x1200) (3700ec990749b8ab462b96ab27d9b744) \Device\Harddisk0\DR0\Partition1
18:43:03.0358 3524 \Device\Harddisk0\DR0\Partition1 - ok
18:43:03.0358 3524 Boot (0x1200) (56fb5684077f2e95727690d7445a7eff) \Device\Harddisk0\DR0\Partition2
18:43:03.0358 3524 \Device\Harddisk0\DR0\Partition2 - ok
18:43:03.0374 3524 ============================================================
18:43:03.0374 3524 Scan finished
18:43:03.0374 3524 ============================================================
18:43:03.0374 4964 Detected object count: 1
18:43:03.0374 4964 Actual detected object count: 1
18:43:15.0542 4964 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:43:15.0542 4964 sptd ( LockedFile.Multi.Generic ) - User select action: Skip




aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-03 18:49:18
-----------------------------
18:49:18.800 OS Version: Windows x64 6.1.7601 Service Pack 1
18:49:18.800 Number of processors: 3 586 0x403
18:49:18.800 ComputerName: JBITZ-PC UserName: Jbitz
18:49:18.941 Initialize success
18:50:16.694 AVAST engine defs: 12040302
18:52:37.562 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-3
18:52:37.562 Disk 0 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 3
18:52:37.562 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
18:52:37.562 Disk 1 Vendor: OCZ-AGILITY2 1.11 Size: 57241MB BusType: 3
18:52:37.562 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T1L0-5
18:52:37.562 Disk 2 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 3
18:52:37.562 Disk 1 MBR read successfully
18:52:37.562 Disk 1 MBR scan
18:52:37.562 Disk 1 Windows 7 default MBR code
18:52:37.578 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:52:37.578 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 57139 MB offset 206848
18:52:37.578 Disk 1 scanning C:\Windows\system32\drivers
18:52:39.902 Service scanning
18:52:47.172 Modules scanning
18:52:47.172 Disk 1 trace - called modules:
18:52:47.172 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800cb322c0]<<spdk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:52:47.172 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800da2b580]
18:52:47.172 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa800da01e40]
18:52:47.187 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800da00060]
18:52:47.187 \Driver\atapi[0xfffffa800cb6c6d0] -> IRP_MJ_CREATE -> 0xfffffa800cb322c0
18:52:47.328 AVAST engine scan C:\Windows
18:52:48.638 AVAST engine scan C:\Windows\system32
18:54:12.987 AVAST engine scan C:\Windows\system32\drivers
18:54:15.764 AVAST engine scan C:\Users\Jbitz
18:54:26.996 File: C:\Users\Jbitz\AppData\Roaming\avidemux\avidemux\mijimxh.dll **INFECTED** Win32:Rootkit-gen [Rtk]
18:54:43.875 AVAST engine scan C:\ProgramData
18:54:58.851 Scan finished successfully
18:55:37.930 Disk 1 MBR has been saved successfully to "C:\Users\Jbitz\Desktop\MBR.dat"
18:55:37.930 The log file has been saved successfully to "C:\Users\Jbitz\Desktop\aswMBR.txt"

ComboFix 12-03-29.02 - Jbitz 03/29/2012 17:52:01.1.3 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16382.9603 [GMT -4:00]
Running from: c:\users\Jbitz\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jbitz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{79EAA0AC-3F51-4486-A5F9-639038E7C3EB}.xps
c:\users\Jbitz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{80446A0C-3316-41AE-880E-DB6C3219D781}.xps
c:\users\Jbitz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9A24BF28-E4B7-40A1-BAF0-CD3D243FDD67}.xps
c:\users\Jbitz\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B16460B2-0F9E-41AF-983A-27598028EF20}.xps
c:\users\Jbitz\AppData\Roaming\Adobe\plugs
c:\users\Jbitz\AppData\Roaming\Adobe\shed
c:\users\Jbitz\Taskmgr.exe
c:\windows\SysWow64\REN9781.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))))
.
.
2012-03-29 21:54 . 2012-03-29 21:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-16 19:16 . 2012-03-16 19:16 -------- d-----w- c:\users\Jbitz\AppData\Local\SupportSoft
2012-03-16 19:16 . 2012-03-16 19:16 -------- d-----w- c:\programdata\SupportSoft
2012-03-16 18:52 . 2012-03-16 18:52 -------- d-----w- c:\program files\Verizon
2012-03-16 18:51 . 2012-03-16 19:16 260 ----a-w- c:\windows\SysWow64\cmdVBS.vbs
2012-03-16 18:51 . 2012-03-16 19:16 256 ----a-w- c:\windows\SysWow64\MSIevent.bat
2012-03-16 18:51 . 2011-05-26 19:00 23896576 ----a-w- c:\windows\VzInHomeAgentInstaller.msi
2012-03-16 18:49 . 2012-03-16 18:51 -------- d-----w- c:\program files (x86)\Verizon
2012-03-14 06:45 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 06:45 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 06:45 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 04:57 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 04:57 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 04:57 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 04:56 . 2012-02-17 06:38 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-03-14 04:56 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 04:56 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 04:56 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 04:56 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 04:56 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 04:56 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 04:56 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-03 00:09 . 2012-02-27 00:32 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-19 19:55 . 2011-04-15 01:04 9796096 ----a-w- c:\windows\VerizonDM.msi
2012-01-04 10:44 . 2012-02-15 06:35 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 06:35 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jbitz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jbitz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jbitz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="e:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2010-10-01 329096]
"US4Service"="c:\programdata\Everstrike\US4Service.exe" [2010-03-24 39552]
"TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-04-22 9919104]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe" [2010-03-25 888960]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"KeePass 2 PreLoad"="e:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2011-07-12 1764352]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="e:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Jbitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jbitz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0\0e:\progra~2\AVG\AVG10\avgchsva.exe /sync\0e:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 PowerAlert Agent;PowerAlert Agent;c:\program files (x86)\TrippLite\PowerAlert\engine\pal.exe [2010-05-14 1644368]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-12-01 206120]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-28 96896]
S2 AVGIDSAgent;AVGIDSAgent;e:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
S2 avgwd;AVG WatchDog;e:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 SBSDWSCService;SBSD Security Center Service;e:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-12-01 185640]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2428319956-2832503307-2180716793-1000Core.job
- c:\users\Jbitz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 01:27]
.
2012-03-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2428319956-2832503307-2180716793-1000UA.job
- c:\users\Jbitz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-05 01:27]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jbitz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jbitz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Jbitz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jbitz\AppData\Roaming\Mozilla\Firefox\Profiles\zgj3icx9.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-nLite_is1 - h:\program files (x86)\nLite\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\DAODx.exe
c:\program files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
c:\program files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
.
**************************************************************************
.
Completion time: 2012-03-29 17:58:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-29 21:58
.
Pre-Run: 10,132,684,800 bytes free
Post-Run: 9,512,538,112 bytes free
.
- - End Of File - - 627739A42C67AED6F0925F5CD0120F07
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Google redirect problem

Unread postby pgmigg » April 4th, 2012, 2:22 pm

Hello jbitz,

Good job!... :) Let continue our treatment.

For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before most of my instructions sets...

Step 0.
Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks please click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection, then choose Create.
  4. In the System Restore dialog box, type a description for the restore point and then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK, then close the System Restore dialog.

If you have successfully created a System Restore Point... we can proceed.
If you have NOT successfully created a System Restore Point... do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 1.
Disable CD Emulation drive by DeFogger
Please download DeFogger to your desktop.
Right click DeFogger And select "Run as administrator..." to run the tool.
  1. The application window will appear
  2. Click the Disable button to disable your CD Emulation drivers
  3. Click Yes to continue
  4. A 'Finished!' message will appear
  5. Click OK
  6. DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Note: Do not re-enable these drivers until otherwise instructed.

Step 2.
TDSSKiller - Scan only
You should still have TDSSKiller.exe on your desktop.
  1. Right-click and select "Run As Administrator" TDSSKiller.exe to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
    1. If the scan completes with nothing found please
      • Click Report at the right upper corner to open it now.
      • Copy and paste the contents of that report in your next reply and click Close to exit.
    2. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
      • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
      • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
      • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
      • Copy and paste the contents of that file in your next reply.

Step 3.
OTL - Download
Please download OTL.exe by Old Timer and save it to your
Desktop.

Step 4.
OTL - Run Fix Script
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image
    text box. Do not include the word Code
    Code: Select all
    :Files
    C:\Users\Jbitz\AppData\Roaming\avidemux\avidemux\mijimxh.dll
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    

  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 5.
Fresh OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the box at the top, labeled Include 64-bit scans
  4. Check the boxes labeled:
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  5. Click on Run Scan at the top left hand corner.
  6. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  7. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of TDSSKiller report file.
  3. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log file after OTL fix.
  4. Contents of a OTL.txt log file
  5. Contents of a Extras.txt log file
  6. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect problem

Unread postby jbitz » April 4th, 2012, 9:49 pm

No Problems executing the instructions.
It is better than it was. I ran about 20 various searches and had only two redirects.

18:42:40.0083 2032 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
18:42:40.0317 2032 ============================================================
18:42:40.0317 2032 Current date / time: 2012/04/03 18:42:40.0317
18:42:40.0317 2032 SystemInfo:
18:42:40.0317 2032
18:42:40.0317 2032 OS Version: 6.1.7601 ServicePack: 1.0
18:42:40.0317 2032 Product type: Workstation
18:42:40.0317 2032 ComputerName: JBITZ-PC
18:42:40.0317 2032 UserName: Jbitz
18:42:40.0317 2032 Windows directory: C:\Windows
18:42:40.0317 2032 System windows directory: C:\Windows
18:42:40.0317 2032 Running under WOW64
18:42:40.0317 2032 Processor architecture: Intel x64
18:42:40.0317 2032 Number of processors: 3
18:42:40.0317 2032 Page size: 0x1000
18:42:40.0317 2032 Boot type: Normal boot
18:42:40.0317 2032 ============================================================
18:42:40.0489 2032 Drive \Device\Harddisk1\DR1 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:42:40.0504 2032 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:42:40.0520 2032 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:42:40.0520 2032 \Device\Harddisk1\DR1:
18:42:40.0520 2032 MBR used
18:42:40.0520 2032 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:42:40.0520 2032 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F99800
18:42:40.0520 2032 \Device\Harddisk2\DR2:
18:42:40.0520 2032 MBR used
18:42:40.0520 2032 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
18:42:40.0520 2032 \Device\Harddisk0\DR0:
18:42:40.0520 2032 GPT used
18:42:40.0520 2032 \Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {6483CBF6-24D8-49EB-8827-BD8D83EDBF95}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
18:42:40.0520 2032 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {8C40B852-B9B0-47C3-9C2C-8EFF85D98D42}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x17318000
18:42:40.0520 2032 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {77050DA0-7C65-4619-A43D-ABCD5B06C187}, Name: Basic data partition, StartLBA 0x17358800, BlocksNum 0xD1AAF800
18:42:40.0629 2032 Initialize success
18:42:40.0629 2032 ============================================================
18:42:55.0028 3524 ============================================================
18:42:55.0028 3524 Scan started
18:42:55.0028 3524 Mode: Manual;
18:42:55.0028 3524 ============================================================
18:42:55.0106 3524 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:42:55.0121 3524 1394ohci - ok
18:42:55.0121 3524 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
18:42:55.0121 3524 61883 - ok
18:42:55.0153 3524 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:42:55.0153 3524 ACPI - ok
18:42:55.0168 3524 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:42:55.0168 3524 AcpiPmi - ok
18:42:55.0168 3524 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:42:55.0168 3524 AdobeARMservice - ok
18:42:55.0184 3524 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:42:55.0199 3524 adp94xx - ok
18:42:55.0215 3524 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:42:55.0215 3524 adpahci - ok
18:42:55.0231 3524 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:42:55.0231 3524 adpu320 - ok
18:42:55.0246 3524 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:42:55.0246 3524 AeLookupSvc - ok
18:42:55.0262 3524 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:42:55.0262 3524 AFD - ok
18:42:55.0277 3524 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:42:55.0277 3524 agp440 - ok
18:42:55.0293 3524 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:42:55.0293 3524 ALG - ok
18:42:55.0309 3524 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:42:55.0309 3524 aliide - ok
18:42:55.0324 3524 AMD External Events Utility (87e226c0e11182943d28e8bec61618cd) C:\Windows\system32\atiesrxx.exe
18:42:55.0324 3524 AMD External Events Utility - ok
18:42:55.0324 3524 AMD FUEL Service - ok
18:42:55.0340 3524 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:42:55.0340 3524 amdide - ok
18:42:55.0355 3524 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
18:42:55.0355 3524 amdiox64 - ok
18:42:55.0355 3524 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:42:55.0355 3524 AmdK8 - ok
18:42:55.0496 3524 amdkmdag (446a1aad34191665a8df6092bd8eb5a8) C:\Windows\system32\DRIVERS\atikmdag.sys
18:42:55.0605 3524 amdkmdag - ok
18:42:55.0636 3524 amdkmdap (f8f8a908fdb005a65ddf7238c814eea5) C:\Windows\system32\DRIVERS\atikmpag.sys
18:42:55.0636 3524 amdkmdap - ok
18:42:55.0652 3524 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:42:55.0652 3524 AmdPPM - ok
18:42:55.0652 3524 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
18:42:55.0667 3524 amdsata - ok
18:42:55.0683 3524 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:42:55.0683 3524 amdsbs - ok
18:42:55.0699 3524 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
18:42:55.0699 3524 amdxata - ok
18:42:55.0699 3524 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:42:55.0699 3524 AODDriver4.01 - ok
18:42:55.0714 3524 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:42:55.0714 3524 AppID - ok
18:42:55.0730 3524 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:42:55.0730 3524 AppIDSvc - ok
18:42:55.0745 3524 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:42:55.0745 3524 Appinfo - ok
18:42:55.0745 3524 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
18:42:55.0761 3524 AppMgmt - ok
18:42:55.0761 3524 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:42:55.0777 3524 arc - ok
18:42:55.0777 3524 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:42:55.0792 3524 arcsas - ok
18:42:55.0792 3524 AsIO (f6bda026e4157dc4e321ca391e9d9bc6) C:\Windows\syswow64\drivers\AsIO.sys
18:42:55.0792 3524 AsIO - ok
18:42:55.0808 3524 AsSysCtrlService (954ffbff05b0b60eb63b52af561436c4) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
18:42:55.0808 3524 AsSysCtrlService - ok
18:42:55.0808 3524 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:42:55.0823 3524 AsyncMac - ok
18:42:55.0823 3524 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:42:55.0823 3524 atapi - ok
18:42:55.0839 3524 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
18:42:55.0839 3524 AtiHDAudioService - ok
18:42:55.0855 3524 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:42:55.0855 3524 AtiPcie - ok
18:42:55.0870 3524 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:42:55.0886 3524 AudioEndpointBuilder - ok
18:42:55.0886 3524 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:42:55.0901 3524 AudioSrv - ok
18:42:55.0901 3524 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
18:42:55.0901 3524 Avc - ok
18:42:56.0104 3524 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) E:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
18:42:56.0167 3524 AVGIDSAgent - ok
18:42:56.0182 3524 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
18:42:56.0182 3524 AVGIDSDriver - ok
18:42:56.0198 3524 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
18:42:56.0198 3524 AVGIDSEH - ok
18:42:56.0198 3524 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
18:42:56.0198 3524 AVGIDSFilter - ok
18:42:56.0213 3524 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
18:42:56.0229 3524 Avgldx64 - ok
18:42:56.0229 3524 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
18:42:56.0229 3524 Avgmfx64 - ok
18:42:56.0245 3524 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
18:42:56.0245 3524 Avgrkx64 - ok
18:42:56.0260 3524 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
18:42:56.0260 3524 Avgtdia - ok
18:42:56.0291 3524 avgwd (fc2bc51120a945f7c70376495e4e7737) E:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
18:42:56.0291 3524 avgwd - ok
18:42:56.0291 3524 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:42:56.0307 3524 AxInstSV - ok
18:42:56.0323 3524 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:42:56.0323 3524 b06bdrv - ok
18:42:56.0338 3524 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:42:56.0338 3524 b57nd60a - ok
18:42:56.0354 3524 BCUService (7ed4e1d2e124ad4e6a287cf49dbc9bba) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
18:42:56.0354 3524 BCUService - ok
18:42:56.0354 3524 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:42:56.0369 3524 BDESVC - ok
18:42:56.0369 3524 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:42:56.0369 3524 Beep - ok
18:42:56.0401 3524 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:42:56.0401 3524 BFE - ok
18:42:56.0416 3524 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:42:56.0432 3524 BITS - ok
18:42:56.0447 3524 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:42:56.0447 3524 blbdrive - ok
18:42:56.0463 3524 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:42:56.0463 3524 bowser - ok
18:42:56.0479 3524 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:42:56.0479 3524 BrFiltLo - ok
18:42:56.0479 3524 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:42:56.0494 3524 BrFiltUp - ok
18:42:56.0494 3524 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:42:56.0494 3524 BridgeMP - ok
18:42:56.0510 3524 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:42:56.0510 3524 Browser - ok
18:42:56.0525 3524 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:42:56.0525 3524 Brserid - ok
18:42:56.0541 3524 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:42:56.0541 3524 BrSerWdm - ok
18:42:56.0557 3524 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:42:56.0557 3524 BrUsbMdm - ok
18:42:56.0572 3524 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:42:56.0572 3524 BrUsbSer - ok
18:42:56.0588 3524 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:42:56.0588 3524 BTHMODEM - ok
18:42:56.0603 3524 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:42:56.0603 3524 bthserv - ok
18:42:56.0603 3524 catchme - ok
18:42:56.0619 3524 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:42:56.0619 3524 cdfs - ok
18:42:56.0635 3524 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:42:56.0635 3524 cdrom - ok
18:42:56.0650 3524 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:42:56.0650 3524 CertPropSvc - ok
18:42:56.0650 3524 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:42:56.0666 3524 circlass - ok
18:42:56.0666 3524 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:42:56.0681 3524 CLFS - ok
18:42:56.0681 3524 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:42:56.0681 3524 clr_optimization_v2.0.50727_32 - ok
18:42:56.0697 3524 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:42:56.0697 3524 clr_optimization_v2.0.50727_64 - ok
18:42:56.0697 3524 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:42:56.0713 3524 clr_optimization_v4.0.30319_32 - ok
18:42:56.0713 3524 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:42:56.0713 3524 clr_optimization_v4.0.30319_64 - ok
18:42:56.0728 3524 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:42:56.0728 3524 CmBatt - ok
18:42:56.0744 3524 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:42:56.0744 3524 cmdide - ok
18:42:56.0759 3524 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:42:56.0759 3524 CNG - ok
18:42:56.0775 3524 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:42:56.0775 3524 Compbatt - ok
18:42:56.0791 3524 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:42:56.0791 3524 CompositeBus - ok
18:42:56.0806 3524 COMSysApp - ok
18:42:56.0806 3524 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:42:56.0822 3524 crcdisk - ok
18:42:56.0822 3524 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:42:56.0837 3524 CryptSvc - ok
18:42:56.0853 3524 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
18:42:56.0853 3524 CSC - ok
18:42:56.0869 3524 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
18:42:56.0884 3524 CscService - ok
18:42:56.0900 3524 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:42:56.0915 3524 DcomLaunch - ok
18:42:56.0915 3524 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:42:56.0931 3524 defragsvc - ok
18:42:56.0931 3524 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:42:56.0947 3524 DfsC - ok
18:42:56.0947 3524 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:42:56.0962 3524 Dhcp - ok
18:42:56.0978 3524 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:42:56.0978 3524 discache - ok
18:42:56.0978 3524 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:42:56.0993 3524 Disk - ok
18:42:56.0993 3524 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:42:57.0009 3524 Dnscache - ok
18:42:57.0009 3524 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:42:57.0025 3524 dot3svc - ok
18:42:57.0025 3524 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:42:57.0040 3524 DPS - ok
18:42:57.0040 3524 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:42:57.0040 3524 drmkaud - ok
18:42:57.0071 3524 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:42:57.0071 3524 DXGKrnl - ok
18:42:57.0087 3524 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:42:57.0087 3524 EapHost - ok
18:42:57.0134 3524 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:42:57.0165 3524 ebdrv - ok
18:42:57.0181 3524 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:42:57.0181 3524 EFS - ok
18:42:57.0196 3524 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:42:57.0196 3524 ehRecvr - ok
18:42:57.0212 3524 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:42:57.0212 3524 ehSched - ok
18:42:57.0227 3524 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:42:57.0227 3524 elxstor - ok
18:42:57.0243 3524 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:42:57.0243 3524 ErrDev - ok
18:42:57.0259 3524 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:42:57.0274 3524 EventSystem - ok
18:42:57.0290 3524 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:42:57.0290 3524 exfat - ok
18:42:57.0305 3524 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:42:57.0305 3524 fastfat - ok
18:42:57.0321 3524 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:42:57.0321 3524 Fax - ok
18:42:57.0337 3524 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:42:57.0337 3524 fdc - ok
18:42:57.0352 3524 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:42:57.0352 3524 fdPHost - ok
18:42:57.0368 3524 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:42:57.0368 3524 FDResPub - ok
18:42:57.0383 3524 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:42:57.0383 3524 FileInfo - ok
18:42:57.0399 3524 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:42:57.0399 3524 Filetrace - ok
18:42:57.0399 3524 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:42:57.0399 3524 flpydisk - ok
18:42:57.0415 3524 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:42:57.0430 3524 FltMgr - ok
18:42:57.0446 3524 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:42:57.0461 3524 FontCache - ok
18:42:57.0461 3524 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:42:57.0461 3524 FontCache3.0.0.0 - ok
18:42:57.0477 3524 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:42:57.0477 3524 FsDepends - ok
18:42:57.0493 3524 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:42:57.0493 3524 Fs_Rec - ok
18:42:57.0508 3524 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:42:57.0508 3524 fvevol - ok
18:42:57.0524 3524 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:42:57.0524 3524 gagp30kx - ok
18:42:57.0539 3524 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:42:57.0555 3524 gpsvc - ok
18:42:57.0555 3524 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:42:57.0555 3524 hcw85cir - ok
18:42:57.0571 3524 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:42:57.0586 3524 HdAudAddService - ok
18:42:57.0586 3524 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:42:57.0602 3524 HDAudBus - ok
18:42:57.0602 3524 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:42:57.0602 3524 HidBatt - ok
18:42:57.0617 3524 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:42:57.0617 3524 HidBth - ok
18:42:57.0633 3524 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:42:57.0633 3524 HidIr - ok
18:42:57.0649 3524 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:42:57.0649 3524 hidserv - ok
18:42:57.0664 3524 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:42:57.0664 3524 HidUsb - ok
18:42:57.0680 3524 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:42:57.0680 3524 hkmsvc - ok
18:42:57.0695 3524 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:42:57.0695 3524 HomeGroupListener - ok
18:42:57.0711 3524 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:42:57.0711 3524 HomeGroupProvider - ok
18:42:57.0727 3524 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:42:57.0727 3524 HpSAMD - ok
18:42:57.0742 3524 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:42:57.0758 3524 HTTP - ok
18:42:57.0773 3524 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:42:57.0773 3524 hwpolicy - ok
18:42:57.0789 3524 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:42:57.0789 3524 i8042prt - ok
18:42:57.0805 3524 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:42:57.0805 3524 iaStorV - ok
18:42:57.0820 3524 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:42:57.0836 3524 idsvc - ok
18:42:57.0836 3524 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:42:57.0851 3524 iirsp - ok
18:42:57.0867 3524 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:42:57.0867 3524 IKEEXT - ok
18:42:57.0914 3524 IntcAzAudAddService (a3bcbd0f710580a07d1b929d787d36ce) C:\Windows\system32\drivers\RTKVHD64.sys
18:42:57.0929 3524 IntcAzAudAddService - ok
18:42:57.0929 3524 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:42:57.0929 3524 intelide - ok
18:42:57.0961 3524 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:42:57.0961 3524 intelppm - ok
18:42:57.0976 3524 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:42:57.0976 3524 IPBusEnum - ok
18:42:57.0992 3524 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:42:57.0992 3524 IpFilterDriver - ok
18:42:58.0007 3524 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:42:58.0007 3524 iphlpsvc - ok
18:42:58.0023 3524 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:42:58.0023 3524 IPMIDRV - ok
18:42:58.0039 3524 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:42:58.0039 3524 IPNAT - ok
18:42:58.0054 3524 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:42:58.0054 3524 IRENUM - ok
18:42:58.0070 3524 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:42:58.0070 3524 isapnp - ok
18:42:58.0085 3524 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:42:58.0085 3524 iScsiPrt - ok
18:42:58.0101 3524 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:42:58.0101 3524 kbdclass - ok
18:42:58.0117 3524 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:42:58.0117 3524 kbdhid - ok
18:42:58.0117 3524 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:42:58.0132 3524 KeyIso - ok
18:42:58.0132 3524 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:42:58.0148 3524 KSecDD - ok
18:42:58.0148 3524 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:42:58.0148 3524 KSecPkg - ok
18:42:58.0163 3524 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:42:58.0163 3524 ksthunk - ok
18:42:58.0179 3524 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:42:58.0195 3524 KtmRm - ok
18:42:58.0195 3524 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:42:58.0210 3524 LanmanServer - ok
18:42:58.0226 3524 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:42:58.0226 3524 LanmanWorkstation - ok
18:42:58.0241 3524 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:42:58.0241 3524 lltdio - ok
18:42:58.0257 3524 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:42:58.0273 3524 lltdsvc - ok
18:42:58.0273 3524 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:42:58.0288 3524 lmhosts - ok
18:42:58.0288 3524 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:42:58.0304 3524 LSI_FC - ok
18:42:58.0304 3524 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:42:58.0319 3524 LSI_SAS - ok
18:42:58.0319 3524 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:42:58.0319 3524 LSI_SAS2 - ok
18:42:58.0335 3524 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:42:58.0335 3524 LSI_SCSI - ok
18:42:58.0351 3524 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:42:58.0351 3524 luafv - ok
18:42:58.0366 3524 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:42:58.0366 3524 Mcx2Svc - ok
18:42:58.0382 3524 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:42:58.0382 3524 megasas - ok
18:42:58.0397 3524 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:42:58.0397 3524 MegaSR - ok
18:42:58.0413 3524 Microsoft SharePoint Workspace Audit Service - ok
18:42:58.0413 3524 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:42:58.0429 3524 MMCSS - ok
18:42:58.0429 3524 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:42:58.0444 3524 Modem - ok
18:42:58.0444 3524 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:42:58.0444 3524 monitor - ok
18:42:58.0460 3524 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:42:58.0460 3524 mouclass - ok
18:42:58.0475 3524 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:42:58.0475 3524 mouhid - ok
18:42:58.0491 3524 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:42:58.0491 3524 mountmgr - ok
18:42:58.0507 3524 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:42:58.0507 3524 mpio - ok
18:42:58.0522 3524 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:42:58.0522 3524 mpsdrv - ok
18:42:58.0538 3524 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:42:58.0553 3524 MpsSvc - ok
18:42:58.0569 3524 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:42:58.0569 3524 MRxDAV - ok
18:42:58.0585 3524 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:42:58.0585 3524 mrxsmb - ok
18:42:58.0600 3524 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:42:58.0600 3524 mrxsmb10 - ok
18:42:58.0616 3524 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:42:58.0616 3524 mrxsmb20 - ok
18:42:58.0631 3524 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:42:58.0631 3524 msahci - ok
18:42:58.0631 3524 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:42:58.0647 3524 msdsm - ok
18:42:58.0647 3524 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:42:58.0663 3524 MSDTC - ok
18:42:58.0678 3524 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
18:42:58.0678 3524 MSDV - ok
18:42:58.0694 3524 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:42:58.0694 3524 Msfs - ok
18:42:58.0694 3524 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:42:58.0694 3524 mshidkmdf - ok
18:42:58.0709 3524 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:42:58.0709 3524 msisadrv - ok
18:42:58.0725 3524 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:42:58.0725 3524 MSiSCSI - ok
18:42:58.0741 3524 msiserver - ok
18:42:58.0756 3524 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:42:58.0756 3524 MSKSSRV - ok
18:42:58.0756 3524 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:42:58.0772 3524 MSPCLOCK - ok
18:42:58.0772 3524 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:42:58.0772 3524 MSPQM - ok
18:42:58.0787 3524 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:42:58.0803 3524 MsRPC - ok
18:42:58.0803 3524 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:42:58.0803 3524 mssmbios - ok
18:42:58.0819 3524 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:42:58.0819 3524 MSTEE - ok
18:42:58.0834 3524 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:42:58.0834 3524 MTConfig - ok
18:42:58.0850 3524 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
18:42:58.0850 3524 MTsensor - ok
18:42:58.0865 3524 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:42:58.0865 3524 Mup - ok
18:42:58.0881 3524 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:42:58.0881 3524 napagent - ok
18:42:58.0897 3524 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:42:58.0912 3524 NativeWifiP - ok
18:42:58.0928 3524 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:42:58.0943 3524 NDIS - ok
18:42:58.0959 3524 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:42:58.0959 3524 NdisCap - ok
18:42:58.0959 3524 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:42:58.0975 3524 NdisTapi - ok
18:42:58.0975 3524 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:42:58.0975 3524 Ndisuio - ok
18:42:58.0990 3524 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:42:58.0990 3524 NdisWan - ok
18:42:59.0006 3524 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:42:59.0006 3524 NDProxy - ok
18:42:59.0021 3524 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:42:59.0021 3524 NetBIOS - ok
18:42:59.0037 3524 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:42:59.0037 3524 NetBT - ok
18:42:59.0053 3524 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:42:59.0053 3524 Netlogon - ok
18:42:59.0068 3524 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:42:59.0084 3524 Netman - ok
18:42:59.0099 3524 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:42:59.0099 3524 netprofm - ok
18:42:59.0115 3524 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:42:59.0115 3524 NetTcpPortSharing - ok
18:42:59.0131 3524 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:42:59.0131 3524 nfrd960 - ok
18:42:59.0146 3524 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:42:59.0146 3524 NlaSvc - ok
18:42:59.0162 3524 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:42:59.0162 3524 Npfs - ok
18:42:59.0177 3524 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:42:59.0177 3524 nsi - ok
18:42:59.0193 3524 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:42:59.0193 3524 nsiproxy - ok
18:42:59.0224 3524 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:42:59.0240 3524 Ntfs - ok
18:42:59.0255 3524 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:42:59.0255 3524 Null - ok
18:42:59.0271 3524 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
18:42:59.0271 3524 nusb3hub - ok
18:42:59.0287 3524 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:42:59.0287 3524 nusb3xhc - ok
18:42:59.0302 3524 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:42:59.0302 3524 nvraid - ok
18:42:59.0318 3524 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:42:59.0318 3524 nvstor - ok
18:42:59.0333 3524 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:42:59.0333 3524 nv_agp - ok
18:42:59.0349 3524 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:42:59.0349 3524 ohci1394 - ok
18:42:59.0349 3524 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:42:59.0349 3524 ose - ok
18:42:59.0411 3524 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:42:59.0474 3524 osppsvc - ok
18:42:59.0489 3524 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:42:59.0505 3524 p2pimsvc - ok
18:42:59.0521 3524 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:42:59.0521 3524 p2psvc - ok
18:42:59.0536 3524 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:42:59.0536 3524 Parport - ok
18:42:59.0552 3524 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:42:59.0552 3524 partmgr - ok
18:42:59.0567 3524 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:42:59.0567 3524 PcaSvc - ok
18:42:59.0583 3524 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:42:59.0583 3524 pci - ok
18:42:59.0599 3524 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:42:59.0599 3524 pciide - ok
18:42:59.0614 3524 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:42:59.0614 3524 pcmcia - ok
18:42:59.0630 3524 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:42:59.0630 3524 pcw - ok
18:42:59.0645 3524 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:42:59.0661 3524 PEAUTH - ok
18:42:59.0692 3524 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
18:42:59.0708 3524 PeerDistSvc - ok
18:42:59.0723 3524 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:42:59.0723 3524 PerfHost - ok
18:42:59.0755 3524 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:42:59.0770 3524 pla - ok
18:42:59.0786 3524 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:42:59.0801 3524 PlugPlay - ok
18:42:59.0801 3524 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:42:59.0817 3524 PNRPAutoReg - ok
18:42:59.0817 3524 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:42:59.0833 3524 PNRPsvc - ok
18:42:59.0848 3524 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:42:59.0848 3524 PolicyAgent - ok
18:42:59.0864 3524 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:42:59.0879 3524 Power - ok
18:42:59.0895 3524 PowerAlert Agent (95c335f234c3ffe883cf9fd1094b6cd6) C:\Program Files (x86)\TrippLite\PowerAlert\engine\pal.exe
18:42:59.0911 3524 PowerAlert Agent - ok
18:42:59.0926 3524 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:42:59.0926 3524 PptpMiniport - ok
18:42:59.0942 3524 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:42:59.0942 3524 Processor - ok
18:42:59.0957 3524 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:42:59.0957 3524 ProfSvc - ok
18:42:59.0973 3524 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:42:59.0973 3524 ProtectedStorage - ok
18:42:59.0989 3524 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:42:59.0989 3524 Psched - ok
18:43:00.0004 3524 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:43:00.0004 3524 PxHlpa64 - ok
18:43:00.0035 3524 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:43:00.0051 3524 ql2300 - ok
18:43:00.0067 3524 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:43:00.0067 3524 ql40xx - ok
18:43:00.0082 3524 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:43:00.0098 3524 QWAVE - ok
18:43:00.0098 3524 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:43:00.0113 3524 QWAVEdrv - ok
18:43:00.0113 3524 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:43:00.0113 3524 RasAcd - ok
18:43:00.0129 3524 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:43:00.0129 3524 RasAgileVpn - ok
18:43:00.0145 3524 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:43:00.0160 3524 RasAuto - ok
18:43:00.0160 3524 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:43:00.0176 3524 Rasl2tp - ok
18:43:00.0176 3524 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:43:00.0191 3524 RasMan - ok
18:43:00.0207 3524 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:43:00.0223 3524 RasPppoe - ok
18:43:00.0223 3524 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:43:00.0223 3524 RasSstp - ok
18:43:00.0238 3524 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:43:00.0254 3524 rdbss - ok
18:43:00.0254 3524 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:43:00.0269 3524 rdpbus - ok
18:43:00.0269 3524 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:43:00.0269 3524 RDPCDD - ok
18:43:00.0285 3524 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
18:43:00.0301 3524 RDPDR - ok
18:43:00.0301 3524 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:43:00.0301 3524 RDPENCDD - ok
18:43:00.0316 3524 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:43:00.0316 3524 RDPREFMP - ok
18:43:00.0332 3524 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
18:43:00.0332 3524 RdpVideoMiniport - ok
18:43:00.0347 3524 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:43:00.0347 3524 RDPWD - ok
18:43:00.0363 3524 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:43:00.0363 3524 rdyboost - ok
18:43:00.0379 3524 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:43:00.0379 3524 RemoteAccess - ok
18:43:00.0394 3524 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:43:00.0410 3524 RemoteRegistry - ok
18:43:00.0410 3524 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:43:00.0425 3524 RpcEptMapper - ok
18:43:00.0425 3524 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:43:00.0441 3524 RpcLocator - ok
18:43:00.0457 3524 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
18:43:00.0457 3524 RpcSs - ok
18:43:00.0472 3524 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:43:00.0472 3524 rspndr - ok
18:43:00.0488 3524 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:43:00.0488 3524 RTL8167 - ok
18:43:00.0503 3524 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
18:43:00.0503 3524 s3cap - ok
18:43:00.0519 3524 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:43:00.0519 3524 SamSs - ok
18:43:00.0535 3524 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:43:00.0535 3524 sbp2port - ok
18:43:00.0566 3524 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) E:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
18:43:00.0581 3524 SBSDWSCService - ok
18:43:00.0597 3524 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:43:00.0597 3524 SCardSvr - ok
18:43:00.0613 3524 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:43:00.0613 3524 scfilter - ok
18:43:00.0644 3524 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:43:00.0659 3524 Schedule - ok
18:43:00.0675 3524 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:43:00.0675 3524 SCPolicySvc - ok
18:43:00.0675 3524 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:43:00.0691 3524 SDRSVC - ok
18:43:00.0706 3524 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:43:00.0706 3524 secdrv - ok
18:43:00.0706 3524 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:43:00.0722 3524 seclogon - ok
18:43:00.0737 3524 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:43:00.0737 3524 SENS - ok
18:43:00.0753 3524 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:43:00.0753 3524 SensrSvc - ok
18:43:00.0769 3524 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:43:00.0769 3524 Serenum - ok
18:43:00.0784 3524 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:43:00.0784 3524 Serial - ok
18:43:00.0800 3524 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:43:00.0800 3524 sermouse - ok
18:43:00.0815 3524 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:43:00.0815 3524 SessionEnv - ok
18:43:00.0831 3524 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:43:00.0831 3524 sffdisk - ok
18:43:00.0847 3524 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:43:00.0847 3524 sffp_mmc - ok
18:43:00.0862 3524 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:43:00.0862 3524 sffp_sd - ok
18:43:00.0878 3524 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:43:00.0878 3524 sfloppy - ok
18:43:00.0893 3524 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:43:00.0893 3524 SharedAccess - ok
18:43:00.0909 3524 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:43:00.0925 3524 ShellHWDetection - ok
18:43:00.0925 3524 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:43:00.0940 3524 SiSRaid2 - ok
18:43:00.0940 3524 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:43:00.0940 3524 SiSRaid4 - ok
18:43:00.0956 3524 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:43:00.0956 3524 Smb - ok
18:43:00.0971 3524 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:43:00.0987 3524 SNMPTRAP - ok
18:43:00.0987 3524 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:43:00.0987 3524 spldr - ok
18:43:01.0003 3524 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:43:01.0018 3524 Spooler - ok
18:43:01.0081 3524 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:43:01.0127 3524 sppsvc - ok
18:43:01.0127 3524 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:43:01.0143 3524 sppuinotify - ok
18:43:01.0143 3524 sprtsvc_verizondm - ok
18:43:01.0159 3524 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
18:43:01.0174 3524 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
18:43:01.0174 3524 sptd ( LockedFile.Multi.Generic ) - warning
18:43:01.0174 3524 sptd - detected LockedFile.Multi.Generic (1)
18:43:01.0190 3524 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:43:01.0190 3524 srv - ok
18:43:01.0205 3524 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:43:01.0221 3524 srv2 - ok
18:43:01.0237 3524 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:43:01.0237 3524 srvnet - ok
18:43:01.0252 3524 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:43:01.0252 3524 SSDPSRV - ok
18:43:01.0268 3524 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:43:01.0268 3524 SstpSvc - ok
18:43:01.0283 3524 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:43:01.0283 3524 stexstor - ok
18:43:01.0299 3524 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:43:01.0315 3524 stisvc - ok
18:43:01.0330 3524 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
18:43:01.0330 3524 storflt - ok
18:43:01.0346 3524 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
18:43:01.0346 3524 storvsc - ok
18:43:01.0361 3524 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:43:01.0361 3524 swenum - ok
18:43:01.0361 3524 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:43:01.0377 3524 SwitchBoard - ok
18:43:01.0393 3524 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:43:01.0393 3524 swprv - ok
18:43:01.0408 3524 Synth3dVsc - ok
18:43:01.0439 3524 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:43:01.0471 3524 SysMain - ok
18:43:01.0471 3524 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:43:01.0486 3524 TabletInputService - ok
18:43:01.0502 3524 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:43:01.0517 3524 TapiSrv - ok
18:43:01.0517 3524 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:43:01.0533 3524 TBS - ok
18:43:01.0564 3524 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:43:01.0580 3524 Tcpip - ok
18:43:01.0611 3524 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:43:01.0611 3524 TCPIP6 - ok
18:43:01.0627 3524 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:43:01.0627 3524 tcpipreg - ok
18:43:01.0642 3524 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:43:01.0642 3524 TDPIPE - ok
18:43:01.0658 3524 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:43:01.0658 3524 TDTCP - ok
18:43:01.0673 3524 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:43:01.0673 3524 tdx - ok
18:43:01.0689 3524 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:43:01.0689 3524 TermDD - ok
18:43:01.0705 3524 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:43:01.0720 3524 TermService - ok
18:43:01.0720 3524 tgsrvc_verizondm - ok
18:43:01.0736 3524 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:43:01.0736 3524 Themes - ok
18:43:01.0751 3524 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:43:01.0751 3524 THREADORDER - ok
18:43:01.0767 3524 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:43:01.0783 3524 TrkWks - ok
18:43:01.0783 3524 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:43:01.0783 3524 TrustedInstaller - ok
18:43:01.0798 3524 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:43:01.0798 3524 tssecsrv - ok
18:43:01.0814 3524 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:43:01.0814 3524 TsUsbFlt - ok
18:43:01.0829 3524 tsusbhub - ok
18:43:01.0829 3524 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:43:01.0845 3524 tunnel - ok
18:43:01.0845 3524 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:43:01.0861 3524 uagp35 - ok
18:43:01.0876 3524 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:43:01.0876 3524 udfs - ok
18:43:01.0892 3524 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:43:01.0892 3524 UI0Detect - ok
18:43:01.0907 3524 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:43:01.0907 3524 uliagpkx - ok
18:43:01.0923 3524 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:43:01.0923 3524 umbus - ok
18:43:01.0939 3524 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:43:01.0939 3524 UmPass - ok
18:43:01.0954 3524 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
18:43:01.0954 3524 UmRdpService - ok
18:43:01.0970 3524 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:43:01.0985 3524 upnphost - ok
18:43:02.0001 3524 US30Sys (5d9432fce8528d33bcb8d140175e9150) C:\Windows\syswow64\drivers\US40fs64.sys
18:43:02.0001 3524 US30Sys - ok
18:43:02.0017 3524 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:43:02.0017 3524 usbccgp - ok
18:43:02.0032 3524 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:43:02.0032 3524 usbcir - ok
18:43:02.0048 3524 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:43:02.0048 3524 usbehci - ok
18:43:02.0063 3524 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:43:02.0063 3524 usbhub - ok
18:43:02.0079 3524 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:43:02.0079 3524 usbohci - ok
18:43:02.0095 3524 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:43:02.0095 3524 usbprint - ok
18:43:02.0110 3524 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:43:02.0110 3524 usbscan - ok
18:43:02.0110 3524 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:43:02.0126 3524 USBSTOR - ok
18:43:02.0126 3524 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:43:02.0126 3524 usbuhci - ok
18:43:02.0141 3524 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:43:02.0157 3524 UxSms - ok
18:43:02.0157 3524 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:43:02.0173 3524 VaultSvc - ok
18:43:02.0173 3524 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:43:02.0173 3524 vdrvroot - ok
18:43:02.0188 3524 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:43:02.0204 3524 vds - ok
18:43:02.0219 3524 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:43:02.0219 3524 vga - ok
18:43:02.0235 3524 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:43:02.0235 3524 VgaSave - ok
18:43:02.0251 3524 VGPU - ok
18:43:02.0266 3524 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:43:02.0266 3524 vhdmp - ok
18:43:02.0282 3524 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:43:02.0282 3524 viaide - ok
18:43:02.0297 3524 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
18:43:02.0297 3524 vmbus - ok
18:43:02.0313 3524 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
18:43:02.0313 3524 VMBusHID - ok
18:43:02.0313 3524 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:43:02.0329 3524 volmgr - ok
18:43:02.0344 3524 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:43:02.0344 3524 volmgrx - ok
18:43:02.0360 3524 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:43:02.0360 3524 volsnap - ok
18:43:02.0375 3524 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:43:02.0375 3524 vsmraid - ok
18:43:02.0407 3524 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:43:02.0438 3524 VSS - ok
18:43:02.0438 3524 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:43:02.0438 3524 vwifibus - ok
18:43:02.0453 3524 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:43:02.0469 3524 W32Time - ok
18:43:02.0485 3524 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:43:02.0485 3524 WacomPen - ok
18:43:02.0500 3524 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:43:02.0500 3524 WANARP - ok
18:43:02.0500 3524 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:43:02.0500 3524 Wanarpv6 - ok
18:43:02.0531 3524 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:43:02.0547 3524 WatAdminSvc - ok
18:43:02.0578 3524 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:43:02.0609 3524 wbengine - ok
18:43:02.0625 3524 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:43:02.0625 3524 WbioSrvc - ok
18:43:02.0641 3524 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:43:02.0656 3524 wcncsvc - ok
18:43:02.0672 3524 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:43:02.0672 3524 WcsPlugInService - ok
18:43:02.0687 3524 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:43:02.0687 3524 Wd - ok
18:43:02.0703 3524 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:43:02.0719 3524 Wdf01000 - ok
18:43:02.0734 3524 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:43:02.0734 3524 WdiServiceHost - ok
18:43:02.0734 3524 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:43:02.0750 3524 WdiSystemHost - ok
18:43:02.0765 3524 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:43:02.0765 3524 WebClient - ok
18:43:02.0781 3524 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:43:02.0797 3524 Wecsvc - ok
18:43:02.0812 3524 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:43:02.0812 3524 wercplsupport - ok
18:43:02.0828 3524 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:43:02.0828 3524 WerSvc - ok
18:43:02.0843 3524 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:43:02.0843 3524 WfpLwf - ok
18:43:02.0859 3524 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:43:02.0859 3524 WIMMount - ok
18:43:02.0859 3524 WinDefend - ok
18:43:02.0875 3524 WinHttpAutoProxySvc - ok
18:43:02.0890 3524 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:43:02.0890 3524 Winmgmt - ok
18:43:02.0921 3524 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:43:02.0953 3524 WinRM - ok
18:43:02.0968 3524 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:43:02.0999 3524 Wlansvc - ok
18:43:03.0015 3524 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:43:03.0046 3524 wlidsvc - ok
18:43:03.0062 3524 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:43:03.0062 3524 WmiAcpi - ok
18:43:03.0077 3524 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:43:03.0077 3524 wmiApSrv - ok
18:43:03.0077 3524 WMPNetworkSvc - ok
18:43:03.0093 3524 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:43:03.0093 3524 WPCSvc - ok
18:43:03.0109 3524 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:43:03.0124 3524 WPDBusEnum - ok
18:43:03.0124 3524 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:43:03.0124 3524 ws2ifsl - ok
18:43:03.0140 3524 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:43:03.0155 3524 wscsvc - ok
18:43:03.0155 3524 WSearch - ok
18:43:03.0202 3524 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:43:03.0233 3524 wuauserv - ok
18:43:03.0249 3524 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:43:03.0249 3524 WudfPf - ok
18:43:03.0265 3524 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:43:03.0265 3524 WUDFRd - ok
18:43:03.0280 3524 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:43:03.0280 3524 wudfsvc - ok
18:43:03.0296 3524 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:43:03.0311 3524 WwanSvc - ok
18:43:03.0311 3524 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
18:43:03.0311 3524 \Device\Harddisk1\DR1 - ok
18:43:03.0311 3524 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
18:43:03.0343 3524 \Device\Harddisk2\DR2 - ok
18:43:03.0343 3524 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:43:03.0358 3524 \Device\Harddisk0\DR0 - ok
18:43:03.0358 3524 Boot (0x1200) (eafb5537a7f9f17fba8b134f442047ac) \Device\Harddisk1\DR1\Partition0
18:43:03.0358 3524 \Device\Harddisk1\DR1\Partition0 - ok
18:43:03.0358 3524 Boot (0x1200) (3f8ccb797c4a8b2598a741cca45e3c97) \Device\Harddisk1\DR1\Partition1
18:43:03.0358 3524 \Device\Harddisk1\DR1\Partition1 - ok
18:43:03.0358 3524 Boot (0x1200) (c9bd97385bb2dadf99887d4463610585) \Device\Harddisk2\DR2\Partition0
18:43:03.0358 3524 \Device\Harddisk2\DR2\Partition0 - ok
18:43:03.0358 3524 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk0\DR0\Partition0
18:43:03.0358 3524 \Device\Harddisk0\DR0\Partition0 - ok
18:43:03.0358 3524 Boot (0x1200) (3700ec990749b8ab462b96ab27d9b744) \Device\Harddisk0\DR0\Partition1
18:43:03.0358 3524 \Device\Harddisk0\DR0\Partition1 - ok
18:43:03.0358 3524 Boot (0x1200) (56fb5684077f2e95727690d7445a7eff) \Device\Harddisk0\DR0\Partition2
18:43:03.0358 3524 \Device\Harddisk0\DR0\Partition2 - ok
18:43:03.0374 3524 ============================================================
18:43:03.0374 3524 Scan finished
18:43:03.0374 3524 ============================================================
18:43:03.0374 4964 Detected object count: 1
18:43:03.0374 4964 Actual detected object count: 1
18:43:15.0542 4964 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:43:15.0542 4964 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:47:13.0779 2796 Deinitialize success

All processes killed
========== FILES ==========
C:\Users\Jbitz\AppData\Roaming\avidemux\avidemux\mijimxh.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jbitz
->Temp folder emptied: 64369870 bytes
->Temporary Internet Files folder emptied: 53960860 bytes
->Java cache emptied: 47956 bytes
->FireFox cache emptied: 49441855 bytes
->Google Chrome cache emptied: 6846435 bytes
->Flash cache emptied: 8183912 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2212 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66784 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 174.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.39.2 log created on 04042012_212441

Files\Folders moved on Reboot...
C:\Users\Jbitz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Google redirect problem

Unread postby jbitz » April 4th, 2012, 9:55 pm

OTL logfile created on: 4/4/2012 9:30:45 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Jbitz\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 13.89 Gb Available Physical Memory | 86.79% Memory free
31.99 Gb Paging File | 29.71 Gb Available in Paging File | 92.87% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.80 Gb Total Space | 10.03 Gb Free Space | 17.97% Space Free | Partition Type: NTFS
Drive E: | 185.55 Gb Total Space | 69.30 Gb Free Space | 37.35% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1137.34 Gb Free Space | 61.05% Space Free | Partition Type: NTFS
Drive H: | 1677.34 Gb Total Space | 271.24 Gb Free Space | 16.17% Space Free | Partition Type: NTFS

Computer Name: JBITZ-PC | User Name: Jbitz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/04 21:20:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jbitz\Desktop\OTL.exe
PRC - [2012/03/13 00:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation) -- e:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/02/14 19:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jbitz\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/09/06 22:05:29 | 000,640,888 | ---- | M] (BitTorrent, Inc.) -- E:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/01 11:54:56 | 000,329,096 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/04/22 19:23:54 | 009,919,104 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010/04/22 15:56:42 | 001,109,120 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010/03/25 11:02:12 | 000,888,960 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
PRC - [2010/03/24 14:57:22 | 000,039,552 | ---- | M] () -- C:\ProgramData\Everstrike\US4Service.exe
PRC - [2010/03/16 18:22:40 | 005,309,056 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2010/02/10 15:45:40 | 001,135,232 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\GPU Boost Driver\GpuBoostServer.exe
PRC - [2010/01/22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/12/28 09:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/10/26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- E:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/13 00:39:07 | 001,969,080 | ---- | M] () -- e:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/29 16:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2010/03/24 14:57:22 | 000,039,552 | ---- | M] () -- C:\ProgramData\Everstrike\US4Service.exe
MOD - [2010/02/08 17:19:52 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll
MOD - [2010/01/08 17:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll
MOD - [2010/01/08 17:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
MOD - [2009/09/29 23:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009/06/27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/06/24 08:47:14 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\flashobj.dll
MOD - [2009/04/22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsusService.dll
MOD - [2009/03/30 02:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2008/12/10 20:04:54 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/08 13:42:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/09/08 13:29:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- E:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- E:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/05/14 10:05:30 | 001,644,368 | ---- | M] (Tripp Lite) [Auto | Stopped] -- C:\Program Files (x86)\TrippLite\PowerAlert\engine\pal.exe -- (PowerAlert Agent)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/28 09:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/10/26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/08 14:27:22 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/08 12:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/06/06 18:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/14 09:23:28 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/03/04 09:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/10/07 06:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 06:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/15 23:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 20:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 20:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 21:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3045277


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 19 79 E7 72 FF 0D CD 01 [binary data]
IE - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000\..\SearchScopes,DefaultScope = {9A6B3E67-EFA1-4768-AAB5-F66E0B9E113F}
IE - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000\..\SearchScopes\{4A855DEE-DB34-4e0d-8178-D61371DF5F99}: "URL" = http://www.google.com/custom?client=pub ... 1&hl=en&q={searchTerms}
IE - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000\..\SearchScopes\{9A6B3E67-EFA1-4768-AAB5-F66E0B9E113F}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3045277
IE - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/webhp?hl=en&tab=ww"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jbitz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jbitz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: E:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/02/02 22:27:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: e:\Program Files (x86)\Mozilla Firefox\components [2012/03/29 19:04:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: e:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: E:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/20 02:37:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: E:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8B1DCD74-16C1-48EB-9717-A3A8C870BA1D}: C:\Users\Jbitz\AppData\Local\{8B1DCD74-16C1-48EB-9717-A3A8C870BA1D}\

[2011/08/11 09:48:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jbitz\AppData\Roaming\Mozilla\Extensions
[2010/11/23 22:36:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jbitz\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/03/29 11:30:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jbitz\AppData\Roaming\Mozilla\Firefox\Profiles\zgj3icx9.default\extensions
[2011/08/27 13:50:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\JBITZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZGJ3ICX9.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
() (No name found) -- C:\USERS\JBITZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZGJ3ICX9.DEFAULT\EXTENSIONS\ZDCDIVFIHR@ZDCDIVFIHR.ORG.XPI
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jbitz\AppData\Local\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Users\Jbitz\AppData\Local\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jbitz\AppData\Local\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jbitz\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\Jbitz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2012/03/29 17:56:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] e:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [US4Service] C:\ProgramData\Everstrike\US4Service.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000..\Run: [uTorrent] E:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Jbitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jbitz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O7 - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FCA6E5B-5754-4411-B60F-E252A12EE303}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/04 21:24:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/04 21:20:55 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Jbitz\Desktop\OTL.exe
[2012/04/03 18:40:07 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jbitz\Desktop\aswMBR.exe
[2012/04/03 18:39:33 | 002,072,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jbitz\Desktop\tdsskiller.exe
[2012/04/02 09:26:51 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jbitz\Desktop\dds.scr
[2012/03/29 18:26:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/29 17:58:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/29 17:51:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/29 17:51:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/29 17:51:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/29 17:51:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/29 17:50:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/29 17:49:41 | 004,448,838 | R--- | C] (Swearware) -- C:\Users\Jbitz\Desktop\ComboFix.exe
[2012/03/29 17:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/25 11:20:09 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\{054D42F5-1253-4EB4-9711-2F5E1571A663}
[2012/03/25 11:19:59 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\{EE0574A6-6821-4D6F-A444-964F8D04AFC4}
[2012/03/25 10:26:05 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\{0C7E9C7D-1520-4C2B-8225-363149CDC77E}
[2012/03/25 10:25:56 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\{E2DDAF1F-5D8E-4C48-9788-C12957849009}
[2012/03/24 21:45:49 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\{228C892A-7DB8-4C9F-AD0F-1343B576154E}
[2012/03/24 21:43:38 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\{55ADA4BF-6A38-4DD7-ABF3-957A1E2E8451}
[2012/03/24 21:43:29 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\{B7240DFF-867D-4789-94C7-A67ABCBE2E3F}
[2012/03/20 23:42:41 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\{9B483293-3C51-410E-A730-C4D201A267FA}
[2012/03/20 23:42:19 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\{FCC5B605-9434-4BE4-858E-9FBF72A786E6}
[2012/03/20 23:41:57 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\{3A7B5410-1733-4C66-A0FF-BF090C2A4330}
[2012/03/20 23:40:06 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\{EFABE24E-41E5-48D1-A4A2-BFBF038B830D}
[2012/03/20 23:39:57 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\{E89BEAAF-398D-4707-92C5-B8919E72951E}
[2012/03/20 23:38:51 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\{F5787C43-B0F7-4C2E-8361-BC951E084EDF}
[2012/03/20 23:38:42 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\{77896F9F-03F6-4A21-B8CC-6BE454562752}
[2012/03/16 15:18:14 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/03/16 15:16:46 | 000,000,000 | ---D | C] -- C:\Users\Jbitz\AppData\Local\SupportSoft
[2012/03/16 15:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft
[2012/03/16 14:52:21 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
[2012/03/16 14:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon
[2012/03/14 02:45:13 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/14 02:45:13 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 02:45:12 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 00:57:17 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 00:56:12 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/03/14 00:56:12 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 00:56:12 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/14 00:56:12 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 00:56:12 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 00:56:12 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe

========== Files - Modified Within 30 Days ==========

[2012/04/04 21:30:16 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/04 21:30:16 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/04 21:30:16 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/04 21:25:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/04 21:22:24 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/04 21:22:24 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/04 21:20:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Jbitz\Desktop\OTL.exe
[2012/04/04 21:13:50 | 000,000,188 | ---- | M] () -- C:\Users\Jbitz\defogger_reenable
[2012/04/04 21:13:02 | 000,050,477 | ---- | M] () -- C:\Users\Jbitz\Desktop\Defogger.exe
[2012/04/04 20:56:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2428319956-2832503307-2180716793-1000UA.job
[2012/04/04 19:50:35 | 093,671,270 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/03 18:55:37 | 000,000,512 | ---- | M] () -- C:\Users\Jbitz\Desktop\MBR.dat
[2012/04/03 18:40:07 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jbitz\Desktop\aswMBR.exe
[2012/04/03 18:39:33 | 002,072,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jbitz\Desktop\tdsskiller.exe
[2012/04/02 17:14:23 | 000,378,316 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/02 09:26:52 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jbitz\Desktop\dds.scr
[2012/04/02 07:56:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2428319956-2832503307-2180716793-1000Core.job
[2012/03/31 08:57:33 | 000,002,409 | ---- | M] () -- C:\Users\Jbitz\Desktop\Google Chrome.lnk
[2012/03/29 19:04:28 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/29 17:56:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/29 17:49:41 | 004,448,838 | R--- | M] (Swearware) -- C:\Users\Jbitz\Desktop\ComboFix.exe
[2012/03/29 17:17:46 | 000,000,937 | ---- | M] () -- C:\Users\Jbitz\Desktop\Spybot - Search & Destroy.lnk
[2012/03/16 15:16:44 | 000,000,260 | ---- | M] () -- C:\Windows\SysWow64\cmdVBS.vbs
[2012/03/16 15:16:44 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\MSIevent.bat
[2012/03/14 19:55:04 | 000,113,193 | ---- | M] () -- C:\Users\Jbitz\Documents\renters.xps
[2012/03/14 05:44:00 | 004,968,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/06 23:35:00 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2012/04/04 21:13:50 | 000,000,188 | ---- | C] () -- C:\Users\Jbitz\defogger_reenable
[2012/04/04 21:13:01 | 000,050,477 | ---- | C] () -- C:\Users\Jbitz\Desktop\Defogger.exe
[2012/04/03 18:55:37 | 000,000,512 | ---- | C] () -- C:\Users\Jbitz\Desktop\MBR.dat
[2012/03/29 19:04:28 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/29 19:04:28 | 000,000,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/29 17:51:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/29 17:51:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/29 17:51:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/29 17:51:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/29 17:51:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/29 17:17:46 | 000,000,937 | ---- | C] () -- C:\Users\Jbitz\Desktop\Spybot - Search & Destroy.lnk
[2012/03/16 14:51:59 | 000,000,260 | ---- | C] () -- C:\Windows\SysWow64\cmdVBS.vbs
[2012/03/16 14:51:59 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\MSIevent.bat
[2012/03/16 14:51:49 | 023,896,576 | ---- | C] () -- C:\Windows\VzInHomeAgentInstaller.msi
[2012/03/14 19:55:03 | 000,113,193 | ---- | C] () -- C:\Users\Jbitz\Documents\renters.xps
[2012/03/06 23:35:00 | 000,000,794 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/08/12 20:36:14 | 000,007,606 | ---- | C] () -- C:\Users\Jbitz\AppData\Local\Resmon.ResmonCfg
[2011/03/17 13:51:44 | 000,003,929 | R--- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/10/28 07:11:10 | 000,011,832 | RH-- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/10/28 07:11:10 | 000,010,216 | RH-- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/10/20 12:37:13 | 000,073,220 | R--- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010/10/20 12:37:13 | 000,031,053 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010/10/20 12:37:13 | 000,029,114 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010/10/20 12:37:13 | 000,027,417 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010/10/20 12:37:13 | 000,021,021 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010/10/20 12:37:13 | 000,015,670 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010/10/20 12:37:13 | 000,013,280 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010/10/20 12:37:13 | 000,010,673 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010/10/20 12:37:13 | 000,004,943 | R--- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010/10/20 12:37:13 | 000,001,140 | R--- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010/10/20 12:37:13 | 000,001,140 | R--- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010/10/20 12:37:13 | 000,001,137 | R--- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010/10/20 12:37:13 | 000,001,130 | R--- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010/10/20 12:37:13 | 000,001,130 | R--- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010/10/20 12:37:13 | 000,001,104 | R--- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010/10/20 12:37:13 | 000,000,097 | R--- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010/10/20 12:36:40 | 000,000,044 | ---- | C] () -- C:\Windows\EPWF500.ini
[2010/10/08 11:50:22 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/10/08 11:50:22 | 000,013,440 | RH-- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/10/08 10:38:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/10/08 10:29:58 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/10/08 10:29:56 | 000,032,400 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== LOP Check ==========

[2010/10/08 11:13:55 | 000,000,000 | ---D | M] -- C:\Users\Jbitz\AppData\Roaming\AVG10
[2012/03/29 11:30:23 | 000,000,000 | ---D | M] -- C:\Users\Jbitz\AppData\Roaming\avidemux
[2011/11/20 02:06:28 | 000,000,000 | ---D | M] -- C:\Users\Jbitz\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/29 22:11:24 | 000,000,000 | ---D | M] -- C:\Users\Jbitz\AppData\Roaming\DAEMON Tools Lite
[2012/04/04 21:27:06 | 000,000,000 | ---D | M] -- C:\Users\Jbitz\AppData\Roaming\Dropbox
[2011/07/16 16:49:38 | 000,000,000 | ---D | M] -- C:\Users\Jbitz\AppData\Roaming\HandBrake
[2012/04/04 21:24:58 | 000,000,000 | ---D | M] -- C:\Users\Jbitz\AppData\Roaming\KeePass
[2010/10/20 12:42:12 | 000,000,000 | ---D | M] -- C:\Users\Jbitz\AppData\Roaming\Leadertech
[2011/11/20 02:38:29 | 000,000,000 | ---D | M] -- C:\Users\Jbitz\AppData\Roaming\PACE Anti-Piracy
[2011/11/20 02:08:52 | 000,000,000 | ---D | M] -- C:\Users\Jbitz\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/11/23 22:36:45 | 000,000,000 | ---D | M] -- C:\Users\Jbitz\AppData\Roaming\Thunderbird
[2012/04/04 21:28:41 | 000,000,000 | ---D | M] -- C:\Users\Jbitz\AppData\Roaming\uTorrent
[2010/10/08 11:11:41 | 000,000,000 | ---D | M] -- C:\Users\Jbitz\AppData\Roaming\WinPatrol
[2012/01/16 08:15:33 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1107 bytes -> C:\Users\Jbitz\AppData\Local\lirPIOEUd8:oZcgvseJdaYV0U3JZ8S

< End of report >
OTL Extras logfile created on: 4/4/2012 9:30:45 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Jbitz\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

16.00 Gb Total Physical Memory | 13.89 Gb Available Physical Memory | 86.79% Memory free
31.99 Gb Paging File | 29.71 Gb Available in Paging File | 92.87% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.80 Gb Total Space | 10.03 Gb Free Space | 17.97% Space Free | Partition Type: NTFS
Drive E: | 185.55 Gb Total Space | 69.30 Gb Free Space | 37.35% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1137.34 Gb Free Space | 61.05% Space Free | Partition Type: NTFS
Drive H: | 1677.34 Gb Total Space | 271.24 Gb Free Space | 16.17% Space Free | Partition Type: NTFS

Computer Name: JBITZ-PC | User Name: Jbitz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- e:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "e:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Program Files\Adobe Premiere Pro CS5.5\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "e:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "e:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Program Files\Adobe Premiere Pro CS5.5\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "e:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CC44ABB-62F1-FDA7-02C8-DCCC2A239DDE}" = AMD Fuel
"{119CFC4D-EB75-D47F-1209-032721858C32}" = ccc-utility64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.4.2499.0 x64
"{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}" = AMD Catalyst Install Manager
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61A3F855-4587-4187-9D77-2EF8CD825A47}" = AVG 2011
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8FE5B227-1506-4CCE-9002-CC26D6B3F7AA}" = AVG 2011
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A73F0084-A1CC-6E42-06DF-D088D583CC2A}" = AMD Media Foundation Decoders
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E33AC780-456C-6295-E0F3-10A8D39A09FB}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2011
"CCleaner" = CCleaner
"EPSON WorkForce 500 Series" = EPSON WorkForce 500 Series Printer Uninstall
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}" = Adobe Premiere Pro CS5.5
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13AE7598-928A-83E7-548B-44FA68242798}" = CCC Help English
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{211D9A2A-0ECA-7AC7-ABAA-03ED3242F33E}" = AMD VISION Engine Control Center
"{24712BBD-E7C5-49CB-A685-F72B1E66462E}_is1" = Dragon Age Origins
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5066FFF7-0029-BBA3-DD41-D71599987F1B}" = Catalyst Control Center InstallProxy
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{88E7FC62-7948-4262-93E2-1D0B1E992C84}" = PowerAlert Local Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8887E02-C910-4498-A7C0-186ABFDCD110}" = GPU Boost Driver
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D547A594-AA85-4B92-80EB-47B371B98C68}" = Verizon Download Manager
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FECCC297-24D6-F2B0-2BEC-446AC0205EEB}" = Catalyst Control Center Graphics Previews Common
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"BeerSmith 2" = BeerSmith 2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"CSOL" = CSOL
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8 Qt_is1" = DVDFab 8.1.1.2 (08/08/2011) Qt
"EPSON Scanner" = EPSON Scan
"HandBrake" = HandBrake 0.9.5
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.16
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Mozilla Thunderbird 11.0.1 (x86 en-US)" = Mozilla Thunderbird 11.0.1 (x86 en-US)
"nLite_is1" = nLite 1.4.9.1
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials
"WinPatrol" = WinPatrol

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/25/2012 10:32:34 AM | Computer Name = Jbitz-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mspaint.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bca29 Faulting module name: mspaint.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bca29 Exception code: 0xc0000005 Fault offset: 0x000000000001757c Faulting
process id: 0x12e8 Faulting application start time: 0x01cd0a9338e2b751 Faulting application
path: C:\Windows\system32\mspaint.exe Faulting module path: C:\Windows\system32\mspaint.exe
Report
Id: 5c4b3092-7687-11e1-a032-20cf3023bbc1

Error - 3/30/2012 2:07:38 AM | Computer Name = Jbitz-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "e:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "e:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 3/31/2012 10:47:10 AM | Computer Name = Jbitz-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "e:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "e:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 4/1/2012 11:10:53 AM | Computer Name = Jbitz-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "e:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "e:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 4/2/2012 1:45:01 PM | Computer Name = Jbitz-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mpc-hc64.exe, version: 1.4.2499.0, time
stamp: 0x4c8648a1 Faulting module name: mpc-hc64.exe, version: 1.4.2499.0, time
stamp: 0x4c8648a1 Exception code: 0xc0000005 Fault offset: 0x00000000002e6cd3 Faulting
process id: 0x25f4 Faulting application start time: 0x01cd10f853dcb243 Faulting application
path: C:\Program Files\Media Player Classic - Home Cinema\mpc-hc64.exe Faulting
module path: C:\Program Files\Media Player Classic - Home Cinema\mpc-hc64.exe Report
Id: 922e68d7-7ceb-11e1-aea4-20cf3023bbc1

Error - 4/2/2012 1:58:17 PM | Computer Name = Jbitz-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mpc-hc64.exe, version: 1.4.2499.0, time
stamp: 0x4c8648a1 Faulting module name: mpc-hc64.exe, version: 1.4.2499.0, time
stamp: 0x4c8648a1 Exception code: 0xc0000005 Fault offset: 0x00000000002e6cd3 Faulting
process id: 0x238 Faulting application start time: 0x01cd10fa2ca577a8 Faulting application
path: C:\Program Files\Media Player Classic - Home Cinema\mpc-hc64.exe Faulting
module path: C:\Program Files\Media Player Classic - Home Cinema\mpc-hc64.exe Report
Id: 6c9f8d43-7ced-11e1-aea4-20cf3023bbc1

Error - 4/2/2012 1:58:23 PM | Computer Name = Jbitz-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mpc-hc64.exe, version: 1.4.2499.0, time
stamp: 0x4c8648a1 Faulting module name: mpc-hc64.exe, version: 1.4.2499.0, time
stamp: 0x4c8648a1 Exception code: 0xc0000005 Fault offset: 0x00000000002e6cd3 Faulting
process id: 0x1ac4 Faulting application start time: 0x01cd10fa3062b4bc Faulting application
path: C:\Program Files\Media Player Classic - Home Cinema\mpc-hc64.exe Faulting
module path: C:\Program Files\Media Player Classic - Home Cinema\mpc-hc64.exe Report
Id: 6fc458ac-7ced-11e1-aea4-20cf3023bbc1

Error - 4/2/2012 1:58:36 PM | Computer Name = Jbitz-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mpc-hc64.exe, version: 1.4.2499.0, time
stamp: 0x4c8648a1 Faulting module name: mpc-hc64.exe, version: 1.4.2499.0, time
stamp: 0x4c8648a1 Exception code: 0xc0000005 Fault offset: 0x00000000002e6cd3 Faulting
process id: 0x26f8 Faulting application start time: 0x01cd10fa3779146d Faulting application
path: C:\Program Files\Media Player Classic - Home Cinema\mpc-hc64.exe Faulting
module path: C:\Program Files\Media Player Classic - Home Cinema\mpc-hc64.exe Report
Id: 7772dbe7-7ced-11e1-aea4-20cf3023bbc1

Error - 4/2/2012 3:58:53 PM | Computer Name = Jbitz-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "e:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "e:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 4/4/2012 9:01:40 PM | Computer Name = Jbitz-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "e:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "e:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 4/4/2012 6:08:48 AM | Computer Name = Jbitz-PC | Source = Service Control Manager | ID = 7034
Description = The PowerAlert Agent service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/4/2012 6:09:20 AM | Computer Name = Jbitz-PC | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%2

Error - 4/4/2012 7:47:13 PM | Computer Name = Jbitz-PC | Source = Service Control Manager | ID = 7034
Description = The PowerAlert Agent service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/4/2012 7:47:45 PM | Computer Name = Jbitz-PC | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%2

Error - 4/4/2012 9:14:13 PM | Computer Name = Jbitz-PC | Source = DCOM | ID = 10010
Description =

Error - 4/4/2012 9:15:22 PM | Computer Name = Jbitz-PC | Source = Service Control Manager | ID = 7034
Description = The PowerAlert Agent service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/4/2012 9:15:55 PM | Computer Name = Jbitz-PC | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%2

Error - 4/4/2012 9:24:41 PM | Computer Name = Jbitz-PC | Source = Service Control Manager | ID = 7034
Description = The Adobe Acrobat Update Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/4/2012 9:26:04 PM | Computer Name = Jbitz-PC | Source = Service Control Manager | ID = 7034
Description = The PowerAlert Agent service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/4/2012 9:26:40 PM | Computer Name = Jbitz-PC | Source = Service Control Manager | ID = 7023
Description = The Superfetch service terminated with the following error: %%2


< End of report >
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Google redirect problem

Unread postby pgmigg » April 5th, 2012, 1:29 pm

Hello jbitz,

I need to ask you to run a few additional scans...

Step 1.
Online Virus Total file scan
  1. Please go to Virus Total to upload the following files one by one for scanning:

    C:\Windows\system32\Drivers\sptd.sys
  2. Press the Browse button and navigate to the file in the list.
  3. Double click the located file name... The file name should now appear in the online scanner's text entry box.
  4. Click on Send File...button.
  5. The file will be queued, uploaded and scanned by various antivirus scanners - this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  6. When all scans have completed... the results page is displayed
  7. Please highlight and copy the page web address link from your browser window.
    Example of web address:
    Image
  8. Please repeat steps 2-7 for every file in the list.
  9. Paste the Web address link(s) for the scan results in your next reply.

Step 2.
OTL - Run Fix Script
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image
    text box. Do not include the word Code
    Code: Select all
    :OTL
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3045277
    IE - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3045277
    O4 - HKU\S-1-5-21-2428319956-2832503307-2180716793-1000..\Run: [uTorrent] E:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    
    :Files
    C:\Users\Jbitz\AppData\Roaming\uTorrent
    E:\Program Files (x86)\uTorrent
    @C:\Users\Jbitz\AppData\Local\lirPIOEUd8:oZcgvseJdaYV0U3JZ8S
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    

  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 3.
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  1. Firstly please Disable any Antivirus you have active, as shown in This topic.
  2. Note: Don't forget to re-enable it after the scan.
  3. Next please click on the following link to open a new window to ESET online scannner
  4. Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  5. Select the option YES, I accept the Terms of Use then click on: Image
  6. When prompted allow the Add-On/Active X to install.
  7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  8. Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  9. Now click on: Image
  10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  11. When completed the Online Scan will begin automatically.
  12. Do not touch either the mouse or keyboard during the scan otherwise it may stall.
  13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  14. Now click on: Image
  15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  16. Copy and paste that log as a reply to this topic.

Step 4.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Double-click SystemLook_x64.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries from Code Box into SystemLook's main text entry window.
    Code: Select all
    :filefind
    *conduit*
    *uTorrent*
    
    :regfind
    conduit
    uTorrent
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. The resulting web link after online file scan by Virus Total.
  3. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log file after OTL fix.
  4. Contents of scan results from C:\Program Files\ESET\EsetOnlineScanner\log.txt file.

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect problem

Unread postby jbitz » April 6th, 2012, 12:22 pm

I an unable to do the Online virus total file scan. I can locate the file by navigating to it on my system, but the file does not show when searching using IE or Firefox as a browser with Online Virus Total.
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Google redirect problem

Unread postby pgmigg » April 6th, 2012, 3:55 pm

Hello jbitz,
I an unable to do the Online virus total file scan. I can locate the file by navigating to it on my system, but the file does not show when searching using IE or Firefox as a browser with Online Virus Total.
Don't worry...

Please do the following:

Step 0.
  1. Right click on Start button and select Open Windows Explorer.
  2. Navigate to C:\Windows\system32\Drivers\sptd.sys and Copy/Paste the sptd.sys to root directory of you drive C:\

Step 1.
Online Virus Total file scan
  1. Please go to Virus Total to upload the following files one by one for scanning:

    C:\sptd.sys

  2. Press the Browse button and navigate to the file in the list.
  3. Double click the located file name... The file name should now appear in the online scanner's text entry box.
  4. Click on Send File...button.
  5. The file will be queued, uploaded and scanned by various antivirus scanners - this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  6. When all scans have completed... the results page is displayed
  7. Please highlight and copy the page web address link from your browser window.
    Example of web address:
    Image
  8. Paste the Web address link(s) for the scan results in your next reply.

Then, please run all other steps from my previous post.
Note: please proceed to all these steps even in case you could not run VirusTotal scan step successfully again!

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect problem

Unread postby jbitz » April 6th, 2012, 7:28 pm

No problems executing instructions this time.
Here are my results:

https://www.virustotal.com/file/c9b734f ... 333753821/

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
E:\Program Files (x86)\uTorrent\uTorrent.exe moved successfully.
========== FILES ==========
C:\Users\Jbitz\AppData\Roaming\uTorrent\ie folder moved successfully.
C:\Users\Jbitz\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Jbitz\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Jbitz\AppData\Roaming\uTorrent folder moved successfully.
E:\Program Files (x86)\uTorrent folder moved successfully.
ADS C:\Users\Jbitz\AppData\Local\lirPIOEUd8:oZcgvseJdaYV0U3JZ8S deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jbitz
->Temp folder emptied: 167788 bytes
->Temporary Internet Files folder emptied: 2063442 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43012156 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 473 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 388 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 43.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.39.2 log created on 04052012_194343

Files\Folders moved on Reboot...
C:\Users\Jbitz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jbitz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U8IWASH5\features[1].htm moved successfully.
C:\Users\Jbitz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EKGG0S0C\fastbutton[1].htm moved successfully.
C:\Users\Jbitz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EKGG0S0C\like[1].htm moved successfully.
C:\Users\Jbitz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Jbitz\AppData\Local\Mozilla\Firefox\Profiles\zgj3icx9.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Google redirect problem

Unread postby pgmigg » April 7th, 2012, 9:08 am

Hello jbitz,
No problems executing instructions this time.
I glad to hear it... But you did not run Systemlook step or post results.

Please post your report from previous run of SystemLook if you forgot to do it or follow instructions below:

SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Double-click SystemLook_x64.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries from Code Box into SystemLook's main text entry window.
    Code: Select all
    :filefind
    *conduit*
    *uTorrent*
    
    :regfind
    conduit
    uTorrent
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of SystemLook.txt log file

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google redirect problem

Unread postby jbitz » April 7th, 2012, 2:21 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 14:19 on 07/04/2012 by Jbitz
Administrator - Elevation successful

========== filefind ==========

Searching for "*conduit*"
No files found.

Searching for "*uTorrent*"
C:\_OTL\MovedFiles\04052012_194343\C_Users\Jbitz\AppData\Roaming\uTorrent\utorrent.lng --a---- 728895 bytes [01:42 11/12/2010] [01:42 11/12/2010] E8274DC174E61D33DDCC8AE5617054A8
C:\_OTL\MovedFiles\04052012_194343\E_Program Files (x86)\uTorrent\uTorrent.exe --a---- 640888 bytes [02:05 07/09/2011] [02:05 07/09/2011] 11E8A3D1F90A9827F4E6AD484E311EEE

========== regfind ==========

Searching for "conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar]
"SearchServerUrl"="http://search.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar]
"Server"="users.conduit.com"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\settings]
"SearchFromAdressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&amp;q=MYSEARCHTERM"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar\settings\LanguagePack]
"LanguagePackServerUrl"="http://translation.users.conduit.com/Translation.ashx"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll"="12/10/2010 8:45 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\IEHelpers]
"Conduit Toolbar"="900"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Conduit.Engine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\uTorrentBar\Communicator]
"Url"="http://servicemap.conduit-services.com/Toolbar/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\uTorrentBar\toolbar]
"Server"="users.conduit.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\uTorrentBar\toolbar]
"PlatformType"="ConduitToolbar"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\AppDataLow\Software\uTorrentBar\toolbar]
"GroupingServerURL"="http://grouping.services.conduit.com/"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\AppDataLow\Software\uTorrentBar\toolbar]
"SearchServerUrl"="http://search.conduit.com"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\AppDataLow\Software\uTorrentBar\toolbar]
"Server"="users.conduit.com"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\AppDataLow\Software\uTorrentBar\toolbar]
"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\AppDataLow\Software\uTorrentBar\toolbar\Repository\conduit_CT2786678]
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\AppDataLow\Software\uTorrentBar\toolbar\settings]
"SearchFromAdressUrl"="http://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&amp;q=MYSEARCHTERM"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\AppDataLow\Software\uTorrentBar\toolbar\settings\LanguagePack]
"LanguagePackServerUrl"="http://translation.users.conduit.com/Translation.ashx"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll"="12/10/2010 8:45 PM"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\BillP Studios\WinPatrol\IEHelpers]
"Conduit Toolbar"="900"

Searching for "uTorrent"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar]
"WebServerUrl"="http://uTorrentBar.OurToolbar.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar\toolbar]
"DisplayName"="uTorrentBar"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\ActiveTasks]
"E:\PROGRAM FILES (X86)\uTorrent\uTorrent.exe"="09/06/2011 10:15 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\uTorrentBar\tbuTor.dll"="12/10/2010 8:46 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\uTorrentBar2\prxtbuTor.dll"="08/27/2011 1:24 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\Startup]
"C:\Program Files (x86)\uTorrent\uTorrent.exe"="10/10/2010 8:39 AM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\Startup]
"e:\Program Files (x86)\uTorrent\uTorrent.exe /MINIMIZED"="08/27/2011 1:24 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\Detected\Startup]
"E:\PROGRAM FILES (X86)\UTORRENT\UTORRENT.EXE"="03/06/2012 10:30 PM"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\uTorrent\uTorrent.exe"="11"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Run]
"e:\Program Files (x86)\uTorrent\uTorrent.exe /MINIMIZED"="11"
[HKEY_CURRENT_USER\Software\BitTorrent\uTorrent]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]
"b"="uTorrent.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\UserChoice]
"Progid"="uTorrent"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264\OpenWithList]
"a"="uTorrent.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-Felony\OpenWithList]
"a"="uTorrent.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.X264-LCHD\OpenWithList]
"a"="uTorrent.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-MACHD\OpenWithList]
"a"="uTorrent.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-METiS\OpenWithList]
"a"="uTorrent.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-REVEiLLE\OpenWithList]
"a"="uTorrent.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-SceneHD\OpenWithList]
"a"="uTorrent.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-SiNNERS\OpenWithList]
"a"="uTorrent.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-TENEIGHTY\OpenWithList]
"a"="uTorrent.exe"
[HKEY_CURRENT_USER\Software\uTorrentBar]
[HKEY_CURRENT_USER\Software\Classes\.btsearch]
@="uTorrent"
[HKEY_CURRENT_USER\Software\Classes\.btsearch\OpenWithProgids]
"uTorrent"=""
[HKEY_CURRENT_USER\Software\Classes\.torrent]
@="uTorrent"
[HKEY_CURRENT_USER\Software\Classes\.torrent\OpenWithProgids]
"uTorrent"=""
[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]
[HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\shell\open\command]
@=""E:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
[HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon]
@=""E:\Program Files (x86)\uTorrent\uTorrent.exe" ",0"
[HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command]
@=""E:\Program Files (x86)\uTorrent\uTorrent.exe" "/DNA""
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Program Files (x86)\uTorrent\uTorrent.exe"="µTorrent"
[HKEY_CURRENT_USER\Software\Classes\Magnet\DefaultIcon]
@=""E:\Program Files (x86)\uTorrent\uTorrent.exe",0"
[HKEY_CURRENT_USER\Software\Classes\Magnet\shell\open\command]
@=""E:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
[HKEY_CURRENT_USER\Software\Classes\uTorrent]
[HKEY_CURRENT_USER\Software\Classes\uTorrent\DefaultIcon]
@=""E:\Program Files (x86)\uTorrent\uTorrent.exe",0"
[HKEY_CURRENT_USER\Software\Classes\uTorrent\shell\open\command]
@=""E:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
"C:\Program Files (x86)\uTorrentBar\UNWISE.EXE"="WINXPSP2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\AppPaths\client]
"AppPath"="e:\Program Files (x86)\uTorrent\uTorrent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B336B543-0D1B-47E4-8B5C-E564492ACC2D}]
"AppPath"="C:\Program Files (x86)\uTorrentBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B336B543-0D1B-47E4-8B5C-E564492ACC2D}]
"AppName"="uTorrentBarToolbarHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\uTorrentBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\uTorrentBar\toolbar]
"DisplayName"="uTorrentBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\uTorrentBar\toolbar]
"DisplayTitle"="uTorrentBar Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\uTorrentBar\toolbar]
"Path"="C:\Program Files (x86)\uTorrentBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\uTorrentBar\toolbar]
"ToolbarHelperFileName"="C:\Program Files (x86)\uTorrentBar\uTorrentBarToolbarHelper.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{917CEF3E-D6FB-4A1F-BEE9-88186A9F972B}C:\program files (x86)\utorrent\utorrent.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Defer=User|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{908745EE-5570-43EF-A62E-4866B158C6CE}C:\program files (x86)\utorrent\utorrent.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Defer=User|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6DDE412C-4AC5-45A1-AD9F-DCA7AFE1102F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=E:\Program Files (x86)\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DE8F85-7A55-4107-84DB-4F69B35BE424}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=E:\Program Files (x86)\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{917CEF3E-D6FB-4A1F-BEE9-88186A9F972B}C:\program files (x86)\utorrent\utorrent.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Defer=User|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{908745EE-5570-43EF-A62E-4866B158C6CE}C:\program files (x86)\utorrent\utorrent.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Defer=User|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6DDE412C-4AC5-45A1-AD9F-DCA7AFE1102F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=E:\Program Files (x86)\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DE8F85-7A55-4107-84DB-4F69B35BE424}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=E:\Program Files (x86)\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{917CEF3E-D6FB-4A1F-BEE9-88186A9F972B}C:\program files (x86)\utorrent\utorrent.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Defer=User|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"UDP Query User{908745EE-5570-43EF-A62E-4866B158C6CE}C:\program files (x86)\utorrent\utorrent.exe"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|Defer=User|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6DDE412C-4AC5-45A1-AD9F-DCA7AFE1102F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=E:\Program Files (x86)\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DE8F85-7A55-4107-84DB-4F69B35BE424}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=E:\Program Files (x86)\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\AppDataLow\Software\uTorrentBar]
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\AppDataLow\Software\uTorrentBar\toolbar]
"WebServerUrl"="http://uTorrentBar.OurToolbar.com/"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\AppDataLow\Software\uTorrentBar\toolbar]
"DisplayName"="uTorrentBar"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\BillP Studios\Detected\ActiveTasks]
"E:\PROGRAM FILES (X86)\uTorrent\uTorrent.exe"="09/06/2011 10:15 PM"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\uTorrentBar\tbuTor.dll"="12/10/2010 8:46 PM"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\BillP Studios\Detected\IEHelper]
"C:\Program Files (x86)\uTorrentBar2\prxtbuTor.dll"="08/27/2011 1:24 PM"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\BillP Studios\Detected\Startup]
"C:\Program Files (x86)\uTorrent\uTorrent.exe"="10/10/2010 8:39 AM"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\BillP Studios\Detected\Startup]
"e:\Program Files (x86)\uTorrent\uTorrent.exe /MINIMIZED"="08/27/2011 1:24 PM"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\BillP Studios\Detected\Startup]
"E:\PROGRAM FILES (X86)\UTORRENT\UTORRENT.EXE"="03/06/2012 10:30 PM"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\BillP Studios\WinPatrol\Run]
"C:\Program Files (x86)\uTorrent\uTorrent.exe"="11"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\BillP Studios\WinPatrol\Run]
"e:\Program Files (x86)\uTorrent\uTorrent.exe /MINIMIZED"="11"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\BitTorrent\uTorrent]
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\OpenWithList]
"b"="uTorrent.exe"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent\UserChoice]
"Progid"="uTorrent"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264\OpenWithList]
"a"="uTorrent.exe"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-Felony\OpenWithList]
"a"="uTorrent.exe"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.X264-LCHD\OpenWithList]
"a"="uTorrent.exe"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-MACHD\OpenWithList]
"a"="uTorrent.exe"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-METiS\OpenWithList]
"a"="uTorrent.exe"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-REVEiLLE\OpenWithList]
"a"="uTorrent.exe"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-SceneHD\OpenWithList]
"a"="uTorrent.exe"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-SiNNERS\OpenWithList]
"a"="uTorrent.exe"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-TENEIGHTY\OpenWithList]
"a"="uTorrent.exe"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\uTorrentBar]
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\.btsearch]
@="uTorrent"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\.btsearch\OpenWithProgids]
"uTorrent"=""
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\.torrent]
@="uTorrent"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\.torrent\OpenWithProgids]
"uTorrent"=""
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\Applications\uTorrent.exe]
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\Applications\uTorrent.exe\shell\open\command]
@=""E:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\btdna\DefaultIcon]
@=""E:\Program Files (x86)\uTorrent\uTorrent.exe" ",0"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\btdna\shell\open\command]
@=""E:\Program Files (x86)\uTorrent\uTorrent.exe" "/DNA""
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Program Files (x86)\uTorrent\uTorrent.exe"="µTorrent"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\Magnet\DefaultIcon]
@=""E:\Program Files (x86)\uTorrent\uTorrent.exe",0"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\Magnet\shell\open\command]
@=""E:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\uTorrent]
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\uTorrent\DefaultIcon]
@=""E:\Program Files (x86)\uTorrent\uTorrent.exe",0"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\uTorrent\shell\open\command]
@=""E:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\.btsearch]
@="uTorrent"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\.btsearch\OpenWithProgids]
"uTorrent"=""
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\.torrent]
@="uTorrent"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\.torrent\OpenWithProgids]
"uTorrent"=""
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\Applications\uTorrent.exe]
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\Applications\uTorrent.exe\shell\open\command]
@=""E:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\btdna\DefaultIcon]
@=""E:\Program Files (x86)\uTorrent\uTorrent.exe" ",0"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\btdna\shell\open\command]
@=""E:\Program Files (x86)\uTorrent\uTorrent.exe" "/DNA""
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"E:\Program Files (x86)\uTorrent\uTorrent.exe"="µTorrent"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\Magnet\DefaultIcon]
@=""E:\Program Files (x86)\uTorrent\uTorrent.exe",0"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\Magnet\shell\open\command]
@=""E:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\uTorrent]
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\uTorrent\DefaultIcon]
@=""E:\Program Files (x86)\uTorrent\uTorrent.exe",0"
[HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\uTorrent\shell\open\command]
@=""E:\Program Files (x86)\uTorrent\uTorrent.exe" "%1""

-= EOF =-
jbitz
Regular Member
 
Posts: 38
Joined: August 12th, 2011, 7:04 pm

Re: Google redirect problem

Unread postby pgmigg » April 8th, 2012, 12:07 pm

Hello jbitz,

Step 0.
Regbak - Backup Windows 7 registry
Please download regbak.zip... Copyright © 2002 - 2012 Acelogix Software and save it to your Desktop.
  1. Unzip or extract all files to your desktop or other convenient place.
  2. Right click regbak64.exe ... choose "Run As Administrator".
  3. Allow the backup location to default to the shown folder.
  4. Make sure the following (default) hives are selected for backup:
    • System
    • Current User
    • Other available hives
  5. Press the "Advanced Options" link.
    In the "Default backup folder" box ...copy and paste the following to the END of the line (no spaces)
    <TIME>\
    It should look like: %SystemRoot%\RegBak\<DATE>\<TIME>\
    This adds the current time to the folder name, allowing multiple backups in one day, without removing previous backups.
    DO NOT change any other options.
  6. Press OK. Reply Yes to any folder creation prompts.
  7. Press Start at the confirmation screen.
  8. When the backup has successfully completed... press Cancel to end the program.

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image
    text box. Do not include the word Code
    Code: Select all
    :Reg
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\uTorrentBar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Conduit.Engine]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\uTorrentBar]
    [-HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\AppDataLow\Software\uTorrentBar]
    [-HKEY_CURRENT_USER\Software\BitTorrent\uTorrent]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264\OpenWithList]
    "a"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-Felony\OpenWithList]
    "a"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.X264-LCHD\OpenWithList]
    "a"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-MACHD\OpenWithList]
    "a"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-METiS\OpenWithList]
    "a"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-REVEiLLE\OpenWithList]
    "a"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-SceneHD\OpenWithList]
    "a"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-SiNNERS\OpenWithList]
    "a"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-TENEIGHTY\OpenWithList]
    "a"=-
    [-HKEY_CURRENT_USER\Software\uTorrentBar]
    [HKEY_CURRENT_USER\Software\Classes\.btsearch]
    @=-
    [HKEY_CURRENT_USER\Software\Classes\.btsearch\OpenWithProgids]
    "uTorrent"=-
    [-HKEY_CURRENT_USER\Software\Classes\.torrent]
    [-HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe]
    [HKEY_CURRENT_USER\Software\Classes\btdna\DefaultIcon]
    @=-
    [HKEY_CURRENT_USER\Software\Classes\btdna\shell\open\command]
    @=-
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "E:\Program Files (x86)\uTorrent\uTorrent.exe"=-
    [HKEY_CURRENT_USER\Software\Classes\Magnet\DefaultIcon]
    @=-
    [HKEY_CURRENT_USER\Software\Classes\Magnet\shell\open\command]
    @=-
    [-HKEY_CURRENT_USER\Software\Classes\uTorrent]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
    "C:\Program Files (x86)\uTorrentBar\UNWISE.EXE"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\AppPaths\client]
    "AppPath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B336B543-0D1B-47E4-8B5C-E564492ACC2D}]
    "AppPath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B336B543-0D1B-47E4-8B5C-E564492ACC2D}]
    "AppName"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\uTorrentBar]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "TCP Query User{917CEF3E-D6FB-4A1F-BEE9-88186A9F972B}C:\program files (x86)\utorrent\utorrent.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "UDP Query User{908745EE-5570-43EF-A62E-4866B158C6CE}C:\program files (x86)\utorrent\utorrent.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{6DDE412C-4AC5-45A1-AD9F-DCA7AFE1102F}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04DE8F85-7A55-4107-84DB-4F69B35BE424}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "TCP Query User{917CEF3E-D6FB-4A1F-BEE9-88186A9F972B}C:\program files (x86)\utorrent\utorrent.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "UDP Query User{908745EE-5570-43EF-A62E-4866B158C6CE}C:\program files (x86)\utorrent\utorrent.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{6DDE412C-4AC5-45A1-AD9F-DCA7AFE1102F}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04DE8F85-7A55-4107-84DB-4F69B35BE424}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "TCP Query User{917CEF3E-D6FB-4A1F-BEE9-88186A9F972B}C:\program files (x86)\utorrent\utorrent.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "UDP Query User{908745EE-5570-43EF-A62E-4866B158C6CE}C:\program files (x86)\utorrent\utorrent.exe"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{6DDE412C-4AC5-45A1-AD9F-DCA7AFE1102F}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04DE8F85-7A55-4107-84DB-4F69B35BE424}"=-
    [-HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\AppDataLow\Software\uTorrentBar]
    [-HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\BitTorrent\uTorrent]
    [-HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent]
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264\OpenWithList]
    "a"=-
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-Felony\OpenWithList]
    "a"=-
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.X264-LCHD\OpenWithList]
    "a"=-
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-MACHD\OpenWithList]
    "a"=-
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-METiS\OpenWithList]
    "a"=-
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-REVEiLLE\OpenWithList]
    "a"=-
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-SceneHD\OpenWithList]
    "a"=-
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-SiNNERS\OpenWithList]
    "a"=-
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-TENEIGHTY\OpenWithList]
    "a"=-
    [-HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\uTorrentBar]
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\.btsearch]
    @=-
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\.btsearch\OpenWithProgids]
    "uTorrent"=-
    [-HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\.torrent]
    [-HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\Applications\uTorrent.exe]
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\btdna\DefaultIcon]
    @=-
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\btdna\shell\open\command]
    @=-
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "E:\Program Files (x86)\uTorrent\uTorrent.exe"=-
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\Magnet\DefaultIcon]
    @=-
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\Magnet\shell\open\command]
    @=-
    [-HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000\Software\Classes\uTorrent]
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\.btsearch]
    @=-
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\.btsearch\OpenWithProgids]
    "uTorrent"=-
    [-HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\.torrent]
    [-HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\Applications\uTorrent.exe]
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\btdna\DefaultIcon]
    @=-
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\btdna\shell\open\command]
    @=-
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "E:\Program Files (x86)\uTorrent\uTorrent.exe"=-
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\Magnet\DefaultIcon]
    @=-
    [HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\Magnet\shell\open\command]
    @=-
    [-HKEY_USERS\S-1-5-21-2428319956-2832503307-2180716793-1000_Classes\uTorrent]
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    

  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 2.
SystemLook
You should still have SystemLook_x64.exe on your desktop.
  1. Double-click SystemLook_x64.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries from Code Box into SystemLook's main text entry window.
    Code: Select all
    :regfind
    conduit
    uTorrent
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

NEXT:
Please reboot your computer, make some searching with every of your browsers, and tell me, which of your browsers still are redirecting?

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log file after OTL fix.
  3. Contents of SystemLook.txt log file
  4. Answer for the question about browsers redirecting.
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 384 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware