Solved

Hijack this log shows bho's. How do I ID bad ones and remove?

Posted on 2011-09-25
12
1,250 Views
Last Modified: 2013-12-06
Browser redirect virus affects all browsers. I have run:
spybot, malwarebytes, TDSSKILLER without successful ID and removal of threats.
At EE suggestion I ran Hijack this. Here is the log from hijack this. BTW, the virus won't let me download and install anti virus stuff. Have to get all on usb stick from clean computer.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:48:50 PM, on 9/24/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {0222D6D9-E01F-49B0-B6E5-CEA67F24FFF1} - C:\Users\Olivia\AppData\Local\TrayUser.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Reasonable_Software_House Update] C:\Users\Olivia\AppData\Local\Reasonable_Software_House\Reasonable_Software_HouseUpdate\Reasonable_Software_Houseupdt32.exe
O4 - HKCU\..\Run: [WindowsNotifierProfile] rundll32.exe "C:\ProgramData\WindowsNotifierProfile.dll",DllRegisterServer
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Reasonable_Software_House Update] C:\Users\Olivia\AppData\Local\Reasonable_Software_House\Reasonable_Software_HouseUpdate\Reasonable_Software_Houseupdt32.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Reasonable_Software_House Update] C:\Users\Olivia\AppData\Local\Reasonable_Software_House\Reasonable_Software_HouseUpdate\Reasonable_Software_Houseupdt32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Reasonable_Software_House Update] C:\Users\Olivia\AppData\Local\Reasonable_Software_House\Reasonable_Software_HouseUpdate\Reasonable_Software_Houseupdt32.exe (User 'Default user')
O4 - Startup: WePrint Server.lnk = C:\Program Files\WePrint\WePrint Server.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: SATARaid5Manager.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll
O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - C:\Program Files\Silicon Image\3132-W-R\SATARaid5ConfigService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Silicon Image HBA Wakeup Utility (SiHbaWakeupService) - Unknown owner - C:\Program Files\Silicon Image\Silicon Image HBA Wakeup Utility\SiHbaWakeupService.exe

--
0
Comment
Question by:oliviajones
  • 4
  • 2
  • 2
  • +2
12 Comments
 
LVL 3

Expert Comment

by:MattyW
Comment Utility
I have had the browser redirect issue a lot recently and still have not found where it loads from, all I know Hitman gets rid of it. The infection is some type of rootkit that will not show up in hijackthis.
0
 
LVL 23

Assisted Solution

by:phototropic
phototropic earned 100 total points
Comment Utility
"... the virus won't let me download and install anti virus stuff..."

I would recommend downloading RogueKiller:

http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_4922-Rogue-Killer-What-a-great-name.html

and/or  Rkill:

http://www.bleepingcomputer.com/forums/topic308364.html

Download all seven file extensions, then try each in turn until one will run. m Once you have got rid of the rogue process(es), immediately (without rebooting) run TDSSKiller and Mbam.  Please post the logs here for review.

Your HJT log shows no sigh of any malware, but nowdays that is not unusual.
0
 

Author Comment

by:oliviajones
Comment Utility
I am going to be out of town for about a week. (Stem cell collection for transplant)  I will try all of these excellent suggestions when I return. Please don't give up on me, guys, and wish me luck.. Thanks. Olivia
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 300 total points
Comment Utility
Olivia, Good luck and God bless!

Regarding the infected system, it is better to cleanup the infection before installing a new antivirus so it will install without a hitch.

There are also remnants of AVG toolbar there, I assume AVG is already uninstalled.
Fix these entries in Hijackthis and let it fix those items. Before fixing those items disable Spybot's Tea timer.

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

C:\Program Files\AVG <-- then remove this folder.



Download and run ComboFix, and post the resulting log for us to check.
ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

ComboFix tutorial:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


After runninng ComboFix and when the issue is fixed but still unable to install a new AV try running AVG removal tool.
you can also use AVG removal tool http://www.avg.com/us-en/utilities


0
 
LVL 3

Assisted Solution

by:MattyW
MattyW earned 100 total points
Comment Utility
After downloading a avnti virus / maleware tool onto the usb drive from clean computer... what heppens when you try to install it? Does it ask you what program you want to use when installing / running programs (any .exe)? Seen that a lot with this redirect rootkit, and hitman is the only thing I've found that finds it.

 http://support.microsoft.com/kb/950505
some info on fixing the exe problem
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Expert Comment

by:calvert317
Comment Utility
I will be back to computer tomorrow to try suggestions. hope this reactivates question so I can solve and award points to you guys. thanks. olivia
0
 

Author Comment

by:oliviajones
Comment Utility
Logs are all below. Many threats found. I have done nothing until EE tells me what to do. My untrained summary is that Rogue killer found nothing, RKill found one bad process and stopped it, TDSSKiller found no threats, and Malbytes(last one) found 6 trojans, 2 as registry values, one as registry key, and three in files.  I know the bad processes will restart if my computer reboots. I want this stuff out of here, but I want to do it the right way so please guide me through what's next.

Rogue Killer  log: RogueKiller V6.1.1 [09/28/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: Olivia [Admin rights]
Mode: Scan -- Date : 10/03/2011 09:16:03
Bad processes: 0
Registry Entries: 12
[SUSP PATH] HKCU\[...]\Run : Reasonable_Software_House Update (C:\Users\Olivia\AppData\Local\Reasonable_Software_House\Reasonable_Software_HouseUpdate\Reasonable_Software_Houseupdt32.exe) -> FOUND
[BLACKLIST DLL] HKCU\[...]\Run : WindowsNotifierProfile (rundll32.exe "C:\ProgramData\WindowsNotifierProfile.dll",DllRegisterServer) -> FOUND
[SUSP PATH] HKUS\.DEFAULT[...]\Run : Reasonable_Software_House Update (C:\Users\Olivia\AppData\Local\Reasonable_Software_House\Reasonable_Software_HouseUpdate\Reasonable_Software_Houseupdt32.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-19[...]\Run : Reasonable_Software_House Update (C:\Users\Olivia\AppData\Local\Reasonable_Software_House\Reasonable_Software_HouseUpdate\Reasonable_Software_Houseupdt32.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-20[...]\Run : Reasonable_Software_House Update (C:\Users\Olivia\AppData\Local\Reasonable_Software_House\Reasonable_Software_HouseUpdate\Reasonable_Software_Houseupdt32.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3768743925-346203782-3717336564-1001[...]\Run : Reasonable_Software_House Update (C:\Users\Olivia\AppData\Local\Reasonable_Software_House\Reasonable_Software_HouseUpdate\Reasonable_Software_Houseupdt32.exe) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-3768743925-346203782-3717336564-1001[...]\Run : WindowsNotifierProfile (rundll32.exe "C:\ProgramData\WindowsNotifierProfile.dll",DllRegisterServer) -> FOUND
[SUSP PATH] HKUS\S-1-5-18[...]\Run : Reasonable_Software_House Update (C:\Users\Olivia\AppData\Local\Reasonable_Software_House\Reasonable_Software_HouseUpdate\Reasonable_Software_Houseupdt32.exe) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
Particular Files / Folders:
Driver: [LOADED]
HOSTS File:
Finished : << RKreport[1].txt >>
RKreport[1].txt



 RKILL log stopped one process. here's the log:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 10/03/2011 at  9:30:41.
Operating System: Windows 7 Professional
Processes terminated by Rkill or while it was running:

C:\Windows\System32\grpconv.exe


Rkill completed on 10/03/2011 at  9:30:41.
Rkill completed on 10/03/2011 at  9:31:20.





TDSSKILLER Log :
09:53:15.0753 4056      TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
09:53:22.0993 4056      ============================================================
09:53:22.0994 4056      Current date / time: 2011/10/03 09:53:22.0993
09:53:22.0994 4056      SystemInfo:
09:53:22.0994 4056      
09:53:22.0994 4056      OS Version: 6.1.7601 ServicePack: 1.0
09:53:22.0994 4056      Product type: Workstation
09:53:22.0994 4056      ComputerName: TREEHOUSE
09:53:22.0995 4056      UserName: Olivia
09:53:22.0995 4056      Windows directory: C:\Windows
09:53:22.0995 4056      System windows directory: C:\Windows
09:53:22.0995 4056      Processor architecture: Intel x86
09:53:22.0995 4056      Number of processors: 2
09:53:22.0995 4056      Page size: 0x1000
09:53:22.0995 4056      Boot type: Normal boot
09:53:22.0995 4056      ============================================================
09:53:23.0913 4056      Initialize success
09:53:28.0298 4040      ============================================================
09:53:28.0298 4040      Scan started
09:53:28.0298 4040      Mode: Manual;
09:53:28.0298 4040      ============================================================
09:53:28.0875 4040      1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
09:53:28.0879 4040      1394ohci - ok
09:53:28.0945 4040      ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
09:53:28.0951 4040      ACPI - ok
09:53:28.0975 4040      AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
09:53:28.0977 4040      AcpiPmi - ok
09:53:29.0069 4040      adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
09:53:29.0076 4040      adp94xx - ok
09:53:29.0107 4040      adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
09:53:29.0112 4040      adpahci - ok
09:53:29.0137 4040      adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
09:53:29.0139 4040      adpu320 - ok
09:53:29.0220 4040      afcdp           (4fa0ca536dab995baf48bd41b4e2ed00) C:\Windows\system32\DRIVERS\afcdp.sys
09:53:29.0222 4040      afcdp - ok
09:53:29.0298 4040      AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
09:53:29.0304 4040      AFD - ok
09:53:29.0331 4040      agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
09:53:29.0333 4040      agp440 - ok
09:53:29.0402 4040      aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
09:53:29.0405 4040      aic78xx - ok
09:53:29.0488 4040      aksfridge       (9e989429631a0588c60c430fd7db7576) C:\Windows\system32\drivers\aksfridge.sys
09:53:29.0496 4040      aksfridge - ok
09:53:29.0537 4040      aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
09:53:29.0539 4040      aliide - ok
09:53:29.0587 4040      amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
09:53:29.0588 4040      amdagp - ok
09:53:29.0605 4040      amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
09:53:29.0606 4040      amdide - ok
09:53:29.0658 4040      AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
09:53:29.0659 4040      AmdK8 - ok
09:53:29.0684 4040      AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:53:29.0685 4040      AmdPPM - ok
09:53:29.0750 4040      amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
09:53:29.0751 4040      amdsata - ok
09:53:29.0772 4040      amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
09:53:29.0774 4040      amdsbs - ok
09:53:29.0800 4040      amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
09:53:29.0801 4040      amdxata - ok
09:53:29.0865 4040      AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
09:53:29.0867 4040      AppID - ok
09:53:29.0933 4040      arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
09:53:29.0937 4040      arc - ok
09:53:29.0953 4040      arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
09:53:29.0955 4040      arcsas - ok
09:53:29.0978 4040      AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:53:29.0979 4040      AsyncMac - ok
09:53:29.0997 4040      atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
09:53:29.0998 4040      atapi - ok
09:53:30.0065 4040      b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
09:53:30.0070 4040      b06bdrv - ok
09:53:30.0082 4040      b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:53:30.0084 4040      b57nd60x - ok
09:53:30.0121 4040      Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:53:30.0121 4040      Beep - ok
09:53:30.0156 4040      blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
09:53:30.0157 4040      blbdrive - ok
09:53:30.0233 4040      bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
09:53:30.0235 4040      bowser - ok
09:53:30.0254 4040      BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:53:30.0255 4040      BrFiltLo - ok
09:53:30.0272 4040      BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:53:30.0273 4040      BrFiltUp - ok
09:53:30.0304 4040      Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:53:30.0308 4040      Brserid - ok
09:53:30.0329 4040      BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:53:30.0330 4040      BrSerWdm - ok
09:53:30.0341 4040      BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:53:30.0342 4040      BrUsbMdm - ok
09:53:30.0359 4040      BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:53:30.0360 4040      BrUsbSer - ok
09:53:30.0369 4040      BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
09:53:30.0370 4040      BTHMODEM - ok
09:53:30.0402 4040      cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:53:30.0403 4040      cdfs - ok
09:53:30.0494 4040      cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
09:53:30.0497 4040      cdrom - ok
09:53:30.0544 4040      circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
09:53:30.0545 4040      circlass - ok
09:53:30.0597 4040      CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:53:30.0601 4040      CLFS - ok
09:53:30.0656 4040      CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:53:30.0657 4040      CmBatt - ok
09:53:30.0706 4040      cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
09:53:30.0707 4040      cmdide - ok
09:53:30.0738 4040      CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
09:53:30.0743 4040      CNG - ok
09:53:30.0764 4040      Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:53:30.0765 4040      Compbatt - ok
09:53:30.0792 4040      CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
09:53:30.0794 4040      CompositeBus - ok
09:53:30.0826 4040      crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
09:53:30.0827 4040      crcdisk - ok
09:53:30.0890 4040      CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
09:53:30.0895 4040      CSC - ok
09:53:30.0961 4040      DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
09:53:30.0962 4040      DfsC - ok
09:53:30.0980 4040      discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:53:30.0981 4040      discache - ok
09:53:31.0046 4040      Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
09:53:31.0047 4040      Disk - ok
09:53:31.0128 4040      Dot4            (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
09:53:31.0132 4040      Dot4 - ok
09:53:31.0175 4040      Dot4Print       (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
09:53:31.0177 4040      Dot4Print - ok
09:53:31.0200 4040      dot4usb         (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
09:53:31.0202 4040      dot4usb - ok
09:53:31.0270 4040      drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:53:31.0270 4040      drmkaud - ok
09:53:31.0339 4040      DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
09:53:31.0350 4040      DXGKrnl - ok
09:53:31.0452 4040      ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
09:53:31.0493 4040      ebdrv - ok
09:53:31.0558 4040      elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
09:53:31.0564 4040      elxstor - ok
09:53:31.0623 4040      ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
09:53:31.0623 4040      ErrDev - ok
09:53:31.0651 4040      exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:53:31.0654 4040      exfat - ok
09:53:31.0678 4040      fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:53:31.0681 4040      fastfat - ok
09:53:31.0715 4040      fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
09:53:31.0716 4040      fdc - ok
09:53:31.0742 4040      FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:53:31.0744 4040      FileInfo - ok
09:53:31.0763 4040      Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:53:31.0764 4040      Filetrace - ok
09:53:31.0782 4040      flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
09:53:31.0783 4040      flpydisk - ok
09:53:31.0832 4040      FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:53:31.0836 4040      FltMgr - ok
09:53:31.0871 4040      FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:53:31.0873 4040      FsDepends - ok
09:53:31.0896 4040      Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
09:53:31.0901 4040      Fs_Rec - ok
09:53:31.0958 4040      fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
09:53:31.0963 4040      fvevol - ok
09:53:31.0990 4040      gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:53:31.0992 4040      gagp30kx - ok
09:53:32.0072 4040      GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:53:32.0073 4040      GEARAspiWDM - ok
09:53:32.0203 4040      HCW85BDA        (89364cc2a694364f4aa148b7cb802d57) C:\Windows\system32\drivers\HCW85BDA.sys
09:53:32.0221 4040      HCW85BDA - ok
09:53:32.0240 4040      hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:53:32.0241 4040      hcw85cir - ok
09:53:32.0297 4040      HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
09:53:32.0301 4040      HdAudAddService - ok
09:53:32.0363 4040      HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
09:53:32.0365 4040      HDAudBus - ok
09:53:32.0385 4040      HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
09:53:32.0386 4040      HidBatt - ok
09:53:32.0401 4040      HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
09:53:32.0403 4040      HidBth - ok
09:53:32.0425 4040      HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
09:53:32.0426 4040      HidIr - ok
09:53:32.0515 4040      HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
09:53:32.0516 4040      HidUsb - ok
09:53:32.0551 4040      HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
09:53:32.0552 4040      HpSAMD - ok
09:53:32.0632 4040      HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
09:53:32.0638 4040      HTTP - ok
09:53:32.0690 4040      hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
09:53:32.0692 4040      hwpolicy - ok
09:53:32.0754 4040      i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
09:53:32.0756 4040      i8042prt - ok
09:53:32.0813 4040      iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
09:53:32.0821 4040      iaStorV - ok
09:53:32.0843 4040      iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
09:53:32.0844 4040      iirsp - ok
09:53:32.0871 4040      intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
09:53:32.0872 4040      intelide - ok
09:53:32.0913 4040      intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
09:53:32.0914 4040      intelppm - ok
09:53:32.0935 4040      IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:53:32.0936 4040      IpFilterDriver - ok
09:53:32.0961 4040      IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
09:53:32.0962 4040      IPMIDRV - ok
09:53:32.0985 4040      IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:53:32.0986 4040      IPNAT - ok
09:53:33.0043 4040      IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:53:33.0044 4040      IRENUM - ok
09:53:33.0069 4040      isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
09:53:33.0070 4040      isapnp - ok
09:53:33.0124 4040      iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
09:53:33.0145 4040      iScsiPrt - ok
09:53:33.0230 4040      kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
09:53:33.0232 4040      kbdclass - ok
09:53:33.0259 4040      kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
09:53:33.0260 4040      kbdhid - ok
09:53:33.0310 4040      KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
09:53:33.0312 4040      KSecDD - ok
09:53:33.0330 4040      KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
09:53:33.0332 4040      KSecPkg - ok
09:53:33.0430 4040      LHidFilt        (f5e165b4e3df145f6e8bf3c0573f94d8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
09:53:33.0431 4040      LHidFilt - ok
09:53:33.0489 4040      lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:53:33.0491 4040      lltdio - ok
09:53:33.0538 4040      LMouFilt        (b46e39b8ae439d7ce75a923e7f950040) C:\Windows\system32\DRIVERS\LMouFilt.Sys
09:53:33.0540 4040      LMouFilt - ok
09:53:33.0584 4040      LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:53:33.0586 4040      LSI_FC - ok
09:53:33.0606 4040      LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:53:33.0608 4040      LSI_SAS - ok
09:53:33.0642 4040      LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:53:33.0643 4040      LSI_SAS2 - ok
09:53:33.0666 4040      LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:53:33.0668 4040      LSI_SCSI - ok
09:53:33.0691 4040      luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:53:33.0693 4040      luafv - ok
09:53:33.0740 4040      megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
09:53:33.0741 4040      megasas - ok
09:53:33.0753 4040      MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
09:53:33.0756 4040      MegaSR - ok
09:53:33.0780 4040      Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:53:33.0781 4040      Modem - ok
09:53:33.0815 4040      monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:53:33.0816 4040      monitor - ok
09:53:33.0874 4040      mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
09:53:33.0875 4040      mouclass - ok
09:53:33.0918 4040      mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:53:33.0919 4040      mouhid - ok
09:53:33.0966 4040      mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
09:53:33.0968 4040      mountmgr - ok
09:53:34.0024 4040      mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
09:53:34.0028 4040      mpio - ok
09:53:34.0053 4040      mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:53:34.0056 4040      mpsdrv - ok
09:53:34.0119 4040      MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
09:53:34.0123 4040      MRxDAV - ok
09:53:34.0204 4040      mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:53:34.0207 4040      mrxsmb - ok
09:53:34.0267 4040      mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:53:34.0273 4040      mrxsmb10 - ok
09:53:34.0301 4040      mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:53:34.0305 4040      mrxsmb20 - ok
09:53:34.0336 4040      msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
09:53:34.0338 4040      msahci - ok
09:53:34.0362 4040      msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
09:53:34.0364 4040      msdsm - ok
09:53:34.0436 4040      Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:53:34.0437 4040      Msfs - ok
09:53:34.0453 4040      mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:53:34.0454 4040      mshidkmdf - ok
09:53:34.0462 4040      msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
09:53:34.0463 4040      msisadrv - ok
09:53:34.0495 4040      MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:53:34.0496 4040      MSKSSRV - ok
09:53:34.0517 4040      MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:53:34.0518 4040      MSPCLOCK - ok
09:53:34.0541 4040      MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:53:34.0542 4040      MSPQM - ok
09:53:34.0571 4040      MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:53:34.0574 4040      MsRPC - ok
09:53:34.0595 4040      mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
09:53:34.0596 4040      mssmbios - ok
09:53:34.0623 4040      MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:53:34.0624 4040      MSTEE - ok
09:53:34.0645 4040      MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
09:53:34.0646 4040      MTConfig - ok
09:53:34.0672 4040      Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:53:34.0673 4040      Mup - ok
09:53:34.0712 4040      NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:53:34.0716 4040      NativeWifiP - ok
09:53:34.0796 4040      NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
09:53:34.0812 4040      NDIS - ok
09:53:34.0849 4040      NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:53:34.0852 4040      NdisCap - ok
09:53:34.0883 4040      NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:53:34.0884 4040      NdisTapi - ok
09:53:34.0931 4040      Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
09:53:34.0933 4040      Ndisuio - ok
09:53:34.0993 4040      NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
09:53:34.0995 4040      NdisWan - ok
09:53:35.0048 4040      NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
09:53:35.0049 4040      NDProxy - ok
09:53:35.0092 4040      NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:53:35.0093 4040      NetBIOS - ok
09:53:35.0153 4040      NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
09:53:35.0157 4040      NetBT - ok
09:53:35.0224 4040      nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
09:53:35.0225 4040      nfrd960 - ok
09:53:35.0253 4040      Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:53:35.0254 4040      Npfs - ok
09:53:35.0270 4040      nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:53:35.0271 4040      nsiproxy - ok
09:53:35.0355 4040      Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
09:53:35.0369 4040      Ntfs - ok
09:53:35.0405 4040      Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:53:35.0405 4040      Null - ok
09:53:35.0475 4040      NVENETFD        (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
09:53:35.0480 4040      NVENETFD - ok
09:53:35.0754 4040      nvlddmkm        (8b75f652726a2ba3197860f300514e3f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:53:35.0870 4040      nvlddmkm - ok
09:53:36.0005 4040      nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
09:53:36.0007 4040      nvraid - ok
09:53:36.0031 4040      nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
09:53:36.0033 4040      nvstor - ok
09:53:36.0098 4040      nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
09:53:36.0099 4040      nv_agp - ok
09:53:36.0119 4040      ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
09:53:36.0120 4040      ohci1394 - ok
09:53:36.0205 4040      PalmUSBD        (803cf09c795290825607505d37819135) C:\Windows\system32\drivers\PalmUSBD.sys
09:53:36.0207 4040      PalmUSBD - ok
09:53:36.0268 4040      Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
09:53:36.0271 4040      Parport - ok
09:53:36.0329 4040      partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
09:53:36.0331 4040      partmgr - ok
09:53:36.0358 4040      Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
09:53:36.0359 4040      Parvdm - ok
09:53:36.0387 4040      pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
09:53:36.0390 4040      pci - ok
09:53:36.0410 4040      pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
09:53:36.0411 4040      pciide - ok
09:53:36.0440 4040      pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
09:53:36.0443 4040      pcmcia - ok
09:53:36.0470 4040      pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:53:36.0471 4040      pcw - ok
09:53:36.0502 4040      PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:53:36.0511 4040      PEAUTH - ok
09:53:36.0594 4040      PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:53:36.0595 4040      PptpMiniport - ok
09:53:36.0612 4040      Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
09:53:36.0613 4040      Processor - ok
09:53:36.0685 4040      Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:53:36.0687 4040      Psched - ok
09:53:36.0741 4040      ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
09:53:36.0756 4040      ql2300 - ok
09:53:36.0786 4040      ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
09:53:36.0787 4040      ql40xx - ok
09:53:36.0810 4040      QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:53:36.0811 4040      QWAVEdrv - ok
09:53:36.0834 4040      RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:53:36.0834 4040      RasAcd - ok
09:53:36.0888 4040      RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:53:36.0890 4040      RasAgileVpn - ok
09:53:36.0919 4040      Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:53:36.0922 4040      Rasl2tp - ok
09:53:36.0958 4040      RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:53:36.0961 4040      RasPppoe - ok
09:53:36.0985 4040      RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:53:36.0987 4040      RasSstp - ok
09:53:37.0044 4040      rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
09:53:37.0048 4040      rdbss - ok
09:53:37.0067 4040      rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
09:53:37.0069 4040      rdpbus - ok
09:53:37.0121 4040      RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:53:37.0122 4040      RDPCDD - ok
09:53:37.0187 4040      RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
09:53:37.0190 4040      RDPDR - ok
09:53:37.0219 4040      RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:53:37.0220 4040      RDPENCDD - ok
09:53:37.0239 4040      RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:53:37.0240 4040      RDPREFMP - ok
09:53:37.0305 4040      RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
09:53:37.0309 4040      RDPWD - ok
09:53:37.0366 4040      rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
09:53:37.0369 4040      rdyboost - ok
09:53:37.0404 4040      rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:53:37.0406 4040      rspndr - ok
09:53:37.0457 4040      s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
09:53:37.0458 4040      s3cap - ok
09:53:37.0544 4040      sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
09:53:37.0546 4040      sbp2port - ok
09:53:37.0588 4040      scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
09:53:37.0589 4040      scfilter - ok
09:53:37.0614 4040      secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:53:37.0615 4040      secdrv - ok
09:53:37.0674 4040      Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
09:53:37.0675 4040      Serenum - ok
09:53:37.0702 4040      Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
09:53:37.0703 4040      Serial - ok
09:53:37.0747 4040      sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
09:53:37.0748 4040      sermouse - ok
09:53:37.0814 4040      sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
09:53:37.0815 4040      sffdisk - ok
09:53:37.0830 4040      sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
09:53:37.0831 4040      sffp_mmc - ok
09:53:37.0851 4040      sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
09:53:37.0852 4040      sffp_sd - ok
09:53:37.0871 4040      sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
09:53:37.0871 4040      sfloppy - ok
09:53:37.0932 4040      Si3132r5        (227e56633d6423e1f7d869618ac8404f) C:\Windows\system32\DRIVERS\Si3132r5.sys
09:53:37.0938 4040      Si3132r5 - ok
09:53:37.0995 4040      SiFilter        (dbdee2a96f2f616726817373516cb0bd) C:\Windows\system32\DRIVERS\SiWinAcc.sys
09:53:37.0997 4040      SiFilter - ok
09:53:38.0058 4040      SiRemFil        (3e6b438e5cb674a1382b2955aa98f637) C:\Windows\system32\DRIVERS\SiRemFil.sys
09:53:38.0060 4040      SiRemFil - ok
09:53:38.0122 4040      sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
09:53:38.0124 4040      sisagp - ok
09:53:38.0145 4040      SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:53:38.0146 4040      SiSRaid2 - ok
09:53:38.0168 4040      SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
09:53:38.0170 4040      SiSRaid4 - ok
09:53:38.0192 4040      Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:53:38.0194 4040      Smb - ok
09:53:38.0278 4040      snapman         (84128ebefa781de7985bc8a628da5af8) C:\Windows\system32\DRIVERS\snapman.sys
09:53:38.0281 4040      snapman - ok
09:53:38.0317 4040      spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:53:38.0318 4040      spldr - ok
09:53:38.0414 4040      srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
09:53:38.0421 4040      srv - ok
09:53:38.0450 4040      srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
09:53:38.0458 4040      srv2 - ok
09:53:38.0476 4040      srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
09:53:38.0480 4040      srvnet - ok
09:53:38.0528 4040      stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
09:53:38.0530 4040      stexstor - ok
09:53:38.0601 4040      storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
09:53:38.0602 4040      storflt - ok
09:53:38.0625 4040      storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
09:53:38.0626 4040      storvsc - ok
09:53:38.0651 4040      swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
09:53:38.0652 4040      swenum - ok
09:53:38.0749 4040      Tcpip           (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
09:53:38.0764 4040      Tcpip - ok
09:53:38.0800 4040      TCPIP6          (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
09:53:38.0807 4040      TCPIP6 - ok
09:53:38.0859 4040      tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
09:53:38.0860 4040      tcpipreg - ok
09:53:38.0915 4040      TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
09:53:38.0916 4040      TDPIPE - ok
09:53:39.0026 4040      tdrpman258      (8de3e45000ba8c9ebb16737d3f83e216) C:\Windows\system32\DRIVERS\tdrpm258.sys
09:53:39.0043 4040      tdrpman258 - ok
09:53:39.0060 4040      TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
09:53:39.0062 4040      TDTCP - ok
09:53:39.0123 4040      tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
09:53:39.0125 4040      tdx - ok
09:53:39.0139 4040      TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
09:53:39.0141 4040      TermDD - ok
09:53:39.0241 4040      timounter       (3e06987fedbcdfbff8e85ef8108565f9) C:\Windows\system32\DRIVERS\timntr.sys
09:53:39.0248 4040      timounter - ok
09:53:39.0501 4040      TrueSight       (155b6cb5488f3194208012e7f9b8d888) C:\Users\Olivia\Desktop\TrueSight.sys
09:53:39.0504 4040      TrueSight - ok
09:53:39.0545 4040      tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:53:39.0546 4040      tssecsrv - ok
09:53:39.0606 4040      TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
09:53:39.0608 4040      TsUsbFlt - ok
09:53:39.0684 4040      tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
09:53:39.0686 4040      tunnel - ok
09:53:39.0740 4040      uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
09:53:39.0742 4040      uagp35 - ok
09:53:39.0801 4040      udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
09:53:39.0805 4040      udfs - ok
09:53:39.0877 4040      uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
09:53:39.0880 4040      uliagpkx - ok
09:53:39.0966 4040      umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
09:53:39.0968 4040      umbus - ok
09:53:39.0999 4040      UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
09:53:40.0000 4040      UmPass - ok
09:53:40.0057 4040      USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
09:53:40.0058 4040      USBAAPL - ok
09:53:40.0129 4040      usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
09:53:40.0131 4040      usbaudio - ok
09:53:40.0150 4040      usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
09:53:40.0153 4040      usbccgp - ok
09:53:40.0169 4040      usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
09:53:40.0171 4040      usbcir - ok
09:53:40.0189 4040      usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
09:53:40.0191 4040      usbehci - ok
09:53:40.0224 4040      usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
09:53:40.0229 4040      usbhub - ok
09:53:40.0246 4040      usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
09:53:40.0247 4040      usbohci - ok
09:53:40.0277 4040      usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:53:40.0279 4040      usbprint - ok
09:53:40.0338 4040      usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
09:53:40.0340 4040      usbscan - ok
09:53:40.0361 4040      USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
09:53:40.0363 4040      USBSTOR - ok
09:53:40.0392 4040      usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
09:53:40.0394 4040      usbuhci - ok
09:53:40.0475 4040      vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
09:53:40.0477 4040      vdrvroot - ok
09:53:40.0504 4040      vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:53:40.0505 4040      vga - ok
09:53:40.0522 4040      VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:53:40.0524 4040      VgaSave - ok
09:53:40.0546 4040      vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
09:53:40.0549 4040      vhdmp - ok
09:53:40.0578 4040      viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
09:53:40.0579 4040      viaagp - ok
09:53:40.0605 4040      ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
09:53:40.0607 4040      ViaC7 - ok
09:53:40.0627 4040      viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
09:53:40.0628 4040      viaide - ok
09:53:40.0660 4040      vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
09:53:40.0663 4040      vmbus - ok
09:53:40.0685 4040      VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
09:53:40.0686 4040      VMBusHID - ok
09:53:40.0712 4040      volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
09:53:40.0714 4040      volmgr - ok
09:53:40.0739 4040      volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:53:40.0743 4040      volmgrx - ok
09:53:40.0766 4040      volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
09:53:40.0770 4040      volsnap - ok
09:53:40.0801 4040      vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
09:53:40.0804 4040      vsmraid - ok
09:53:40.0880 4040      VSTHWBS2        (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
09:53:40.0885 4040      VSTHWBS2 - ok
09:53:40.0931 4040      VST_DPV         (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
09:53:40.0944 4040      VST_DPV - ok
09:53:40.0966 4040      vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
09:53:40.0967 4040      vwifibus - ok
09:53:41.0000 4040      WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
09:53:41.0001 4040      WacomPen - ok
09:53:41.0073 4040      WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:53:41.0076 4040      WANARP - ok
09:53:41.0088 4040      Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:53:41.0090 4040      Wanarpv6 - ok
09:53:41.0183 4040      Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
09:53:41.0184 4040      Wd - ok
09:53:41.0215 4040      Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:53:41.0222 4040      Wdf01000 - ok
09:53:41.0267 4040      WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:53:41.0268 4040      WfpLwf - ok
09:53:41.0276 4040      WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:53:41.0277 4040      WIMMount - ok
09:53:41.0309 4040      winachsf        (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
09:53:41.0317 4040      winachsf - ok
09:53:41.0395 4040      WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
09:53:41.0396 4040      WinUsb - ok
09:53:41.0445 4040      WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
09:53:41.0446 4040      WmiAcpi - ok
09:53:41.0495 4040      ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:53:41.0496 4040      ws2ifsl - ok
09:53:41.0526 4040      WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
09:53:41.0527 4040      WudfPf - ok
09:53:41.0558 4040      WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:53:41.0560 4040      WUDFRd - ok
09:53:41.0594 4040      MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:53:41.0598 4040      \Device\Harddisk0\DR0 - ok
09:53:41.0605 4040      MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
09:53:41.0609 4040      \Device\Harddisk1\DR1 - ok
09:53:41.0612 4040      Boot (0x1200)   (a6c958f10256efae3275430c44dbf2e5) \Device\Harddisk0\DR0\Partition0
09:53:41.0613 4040      \Device\Harddisk0\DR0\Partition0 - ok
09:53:41.0640 4040      Boot (0x1200)   (19875f962b850fae146aa71dfb368ade) \Device\Harddisk0\DR0\Partition1
09:53:41.0641 4040      \Device\Harddisk0\DR0\Partition1 - ok
09:53:41.0658 4040      Boot (0x1200)   (d0cc535416b1f3c8d82582f24e5ca8e0) \Device\Harddisk0\DR0\Partition2
09:53:41.0658 4040      \Device\Harddisk0\DR0\Partition2 - ok
09:53:41.0661 4040      Boot (0x1200)   (6ff08ce744431d9a064c211ef2d00251) \Device\Harddisk1\DR1\Partition0
09:53:41.0662 4040      \Device\Harddisk1\DR1\Partition0 - ok
09:53:41.0674 4040      Boot (0x1200)   (876491fe96c68b9b5341b3324f15d2b7) \Device\Harddisk1\DR1\Partition1
09:53:41.0674 4040      \Device\Harddisk1\DR1\Partition1 - ok
09:53:41.0681 4040      Boot (0x1200)   (ff5058e1eef7970988180e7a9b8a6975) \Device\Harddisk1\DR1\Partition2
09:53:41.0681 4040      \Device\Harddisk1\DR1\Partition2 - ok
09:53:41.0681 4040      ============================================================
09:53:41.0681 4040      Scan finished
09:53:41.0681 4040      ============================================================
09:53:41.0694 5452      Detected object count: 0
09:53:41.0694 5452      Actual detected object count: 0
09:57:02.0717 0508      Deinitialize success


Malbytes finds multiple trojans:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7854

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/3/2011 2:33:48 PM
mbam-log-2011-10-03 (14-33-26).txt

Scan type: Full scan (C:\|D:\|E:\|H:\|J:\|)
Objects scanned: 549424
Time elapsed: 1 hour(s), 28 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Reasonable_Software_House Update (Trojan.Agent) -> Value: Reasonable_Software_House Update -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Reasonable_Software_House Update (Trojan.Agent) -> Value: Reasonable_Software_House Update -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Olivia\AppData\Local\reasonable_software_house\reasonable_software_houseupdate\reasonable_software_houseupdt32.exe (Trojan.Agent) -> No action taken.
c:\Users\Olivia\AppData\Local\reasonable_software_house\reasonable_software_houseupdate\reasonable_software_houseupdt32.dll (Trojan.Agent) -> No action taken.
c:\Users\Olivia\Desktop\rd trouble shoot\rk_quarantine\reasonable_software_houseupdt32.exe.vir (Trojan.Agent) -> No action taken.





 malbytes scan finds trojans
0
 

Author Comment

by:oliviajones
Comment Utility
I thought I had resolved this issue after following much of the advice above and some other advice from an IT neighbor. I reran hijack this, mbam, TDSSkiller, AV Antivirus and found no threats. The browsers worked, with no redirects. Then I just ran an updated spybotSD scan which said that  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} contained a trojan. I deleted that registry key. That sneaky leftover virus got me scared, so I disabled all AV's, etc, and ran combofix. I am attaching the combofix log. Do you see anything else lurking? If not I'd like to accept and award points for all the help you have given to get my machine up and running.

Here's the ComboFix text:

ComboFix 11-10-10.04 - Olivia 10/10/2011  22:45:11.4.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3006.1948 [GMT -4:00]
Running from: c:\users\Olivia\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\mydnswatch
.
.
(((((((((((((((((((((((((   Files Created from 2011-09-11 to 2011-10-11  )))))))))))))))))))))))))))))))
.
.
2011-10-11 02:51 . 2011-10-11 02:51      --------      d-----w-      c:\users\Default\AppData\Local\temp
2011-10-10 01:24 . 2011-10-10 01:25      --------      d-----w-      c:\program files\AVG Secure Search
2011-10-10 01:24 . 2011-10-10 01:24      --------      d-----w-      c:\program files\Common Files\AVG Secure Search
2011-10-10 01:23 . 2011-10-10 21:43      --------      d-----w-      c:\windows\system32\drivers\AVG
2011-10-10 01:23 . 2011-10-10 01:23      --------      d-----w-      c:\program files\AVG
2011-10-09 21:10 . 2011-10-09 21:10      --------      d-----w-      c:\program files\VS Revo Group
2011-10-05 22:15 . 2011-10-11 01:44      --------      d-----w-      c:\program files\MALWAREBYTES ANTI-MALWARE
2011-10-04 22:08 . 2011-10-10 01:37      --------      d-----w-      c:\programdata\AVG2012
2011-10-04 17:02 . 2011-10-04 17:02      23624      ----a-w-      c:\windows\system32\drivers\hitmanpro35.sys
2011-10-04 17:02 . 2011-10-04 17:02      --------      d-----w-      c:\program files\Hitman Pro 3.5
2011-10-04 17:01 . 2011-10-04 17:01      --------      d-----w-      c:\programdata\Hitman Pro
2011-10-04 16:32 . 2011-10-11 02:51      --------      d-----w-      c:\users\Olivia\AppData\Local\temp
2011-10-04 08:33 . 2011-09-21 13:00      7269712      ----a-w-      c:\programdata\Microsoft\Windows Defender\Definition Updates\{72237C11-1C66-4763-950B-5020130E554E}\mpengine.dll
2011-09-24 18:47 . 2011-09-24 18:47      388096      ----a-r-      c:\users\Olivia\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-09-24 18:47 . 2011-09-24 18:47      --------      d-----w-      c:\program files\Trend Micro
2011-09-24 17:42 . 2011-09-24 18:41      --------      d-----w-      c:\programdata\Spybot - Search & Destroy
2011-09-24 17:42 . 2011-09-24 17:45      --------      d-----w-      c:\program files\Spybot - Search & Destroy
2011-09-22 17:53 . 2011-09-22 17:53      --------      d-----w-      c:\users\Olivia\AppData\Roaming\AVG2012
2011-09-13 10:30 . 2011-09-13 10:30      32592      ----a-w-      c:\windows\system32\drivers\avgrkx86.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-11 01:34 . 2011-09-11 01:34      86528      ----a-w-      c:\windows\system32\iesysprep.dll
2011-09-11 01:34 . 2011-09-11 01:34      76800      ----a-w-      c:\windows\system32\SetIEInstalledDate.exe
2011-09-11 01:34 . 2011-09-11 01:34      74752      ----a-w-      c:\windows\system32\RegisterIEPKEYs.exe
2011-09-11 01:34 . 2011-09-11 01:34      74752      ----a-w-      c:\windows\system32\iesetup.dll
2011-09-11 01:34 . 2011-09-11 01:34      63488      ----a-w-      c:\windows\system32\tdc.ocx
2011-09-11 01:34 . 2011-09-11 01:34      48640      ----a-w-      c:\windows\system32\mshtmler.dll
2011-09-11 01:34 . 2011-09-11 01:34      420864      ----a-w-      c:\windows\system32\vbscript.dll
2011-09-11 01:34 . 2011-09-11 01:34      367104      ----a-w-      c:\windows\system32\html.iec
2011-09-11 01:34 . 2011-09-11 01:34      35840      ----a-w-      c:\windows\system32\imgutil.dll
2011-09-11 01:34 . 2011-09-11 01:34      2382848      ----a-w-      c:\windows\system32\mshtml.tlb
2011-09-11 01:34 . 2011-09-11 01:34      23552      ----a-w-      c:\windows\system32\licmgr10.dll
2011-09-11 01:34 . 2011-09-11 01:34      1797632      ----a-w-      c:\windows\system32\jscript9.dll
2011-09-11 01:34 . 2011-09-11 01:34      161792      ----a-w-      c:\windows\system32\msls31.dll
2011-09-11 01:34 . 2011-09-11 01:34      152064      ----a-w-      c:\windows\system32\wextract.exe
2011-09-11 01:34 . 2011-09-11 01:34      150528      ----a-w-      c:\windows\system32\iexpress.exe
2011-09-11 01:34 . 2011-09-11 01:34      142848      ----a-w-      c:\windows\system32\ieUnatt.exe
2011-09-11 01:34 . 2011-09-11 01:34      1427456      ----a-w-      c:\windows\system32\inetcpl.cpl
2011-09-11 01:34 . 2011-09-11 01:34      11776      ----a-w-      c:\windows\system32\mshta.exe
2011-09-11 01:34 . 2011-09-11 01:34      1126912      ----a-w-      c:\windows\system32\wininet.dll
2011-09-11 01:34 . 2011-09-11 01:34      110592      ----a-w-      c:\windows\system32\IEAdvpack.dll
2011-09-11 01:34 . 2011-09-11 01:34      101888      ----a-w-      c:\windows\system32\admparse.dll
2011-08-31 21:00 . 2010-10-18 19:11      22216      ----a-w-      c:\windows\system32\drivers\mbam.sys
2011-08-17 18:05 . 2011-06-20 23:32      404640      ----a-w-      c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-08 10:08 . 2011-08-08 10:08      40016      ----a-w-      c:\windows\system32\drivers\avgmfx86.sys
2011-08-05 20:02 . 2009-07-14 02:05      152576      ----a-w-      c:\windows\system32\msclmd.dll
2011-07-16 04:27 . 2011-08-10 04:39      290816      ----a-w-      c:\windows\system32\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 04:39      4096      ---ha-w-      c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      4096      ---ha-w-      c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      5120      ---ha-w-      c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      4608      ---ha-w-      c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      4096      ---ha-w-      c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      4096      ---ha-w-      c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      4096      ---ha-w-      c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      3584      ---ha-w-      c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      3584      ---ha-w-      c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      3584      ---ha-w-      c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      3584      ---ha-w-      c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      3584      ---ha-w-      c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      3584      ---ha-w-      c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 04:39      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 04:39      6144      ---ha-w-      c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 04:39      4608      ---ha-w-      c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 04:39      3584      ---ha-w-      c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 04:39      3072      ---ha-w-      c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-09-12 03:00 . 2011-04-04 13:55      134104      ----a-w-      c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-10-10 01:24      1451336      ----a-w-      c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-10-10 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-10-10 218440]
.
c:\users\Olivia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
WePrint Server.lnk - c:\program files\WePrint\WePrint Server.exe [2011-2-13 2400256]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-11 51984]
SATARaid5Manager.lnk - c:\windows\Installer\{2ABC904F-6915-40AC-8CF8-B48743698CEC}\_19B708D90CBD3F24F241B9.exe [2010-5-29 1206]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-08-14 01:31      13672      ----a-w-      c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17      64592      ----a-w-      c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute      REG_MULTI_SZ         autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2010-03-27 20:07      362232      ----a-w-      c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48      58656      ----a-w-      c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24      54840      ----a-w-      c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2010-06-16 17:40      2736128      ----a-w-      c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2010-03-27 20:06      5107232      ----a-w-      c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
2010-02-25 12:33      364544      ----a-w-      c:\windows\System32\WDBtnMgr.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SATARaid5 Config Service;SATARaid5 Configuration Service;c:\program files\Silicon Image\3132-W-R\SATARaid5ConfigService.exe [2005-10-05 131072]
R2 SiHbaWakeupService;Silicon Image HBA Wakeup Utility;c:\program files\Silicon Image\Silicon Image HBA Wakeup Utility\SiHbaWakeupService.exe [2009-07-28 62464]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-05-21 160704]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-05-21 2480048]
R4 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]
R4 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R4 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R4 Media Center 14 Service;Media Center 14 Service;c:\program files\J River\Media Center 14\JRService.exe [2010-05-05 379392]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-05-21 911680]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-11 229840]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-10-10 246600]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-07-13 1394688]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService      REG_MULTI_SZ         HPSLPSVC
HPZ12      REG_MULTI_SZ         Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt      REG_MULTI_SZ         hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 17:38      451872      ----a-w-      c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/advanced_search?hl=en&num=30
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: pnc.com\www.onlinebanking
TCP: DhcpNameServer = 71.252.0.12 71.242.0.12
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
FF - ProfilePath - c:\users\Olivia\AppData\Roaming\Mozilla\Firefox\Profiles\of0j4p2m.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/advanced_search?hl=en&num=30
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-10  22:53:06
ComboFix-quarantined-files.txt  2011-10-11 02:53
.
Pre-Run: 282,947,252,224 bytes free
Post-Run: 282,928,332,800 bytes free
.
- - End Of File - - AE862267002F455E7BD440295371C402
0
 

Author Closing Comment

by:oliviajones
Comment Utility
All contributed to final solution which was found later and elsewhere. Thanks!
0
 
LVL 47

Expert Comment

by:rpggamergirl
Comment Utility
oliviajones,

My apology for being gone for few weeks and weren't able to monitor your question, sorry.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
This video discusses moving either the default database or any database to a new volume.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now