Jump to content

svchost.exe *32 trojan

tlheyman

By tlheyman
in Resolved Malware Removal Logs

 Share

Recommended Posts

tlheyman

tlheyman

Posted
Posted

Merged post

Hi! Yesterday my computer completely shut down and would only restart to a black screen with a blinking cursor. I was able to get it up and running again by doing a chkdsk /f but was then having all kinds of issues - running very slow, sites redirecting, etc. So, I bought the malwarebytes pro version this morning and I was getting nonstop notifications of outgoing sites being blocked. :( I started searching on the threads here for what to do and I *seem* to have cleared up the issue but was hoping someone could take a look for me...

Combofix Log.txt

Oh and here is my malwarebytes log...mbam-log-2012-02-10 (15-51-52).txt

ComboFix 12-02-10.03 - Tracy 02/10/2012 15:20:23.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6141 [GMT -5:00]

Running from: c:\users\Tracy\Downloads\ComboFix.exe

AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}

SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Tracy\Documents\~WRL0995.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 )))))))))))))))))))))))))))))))

.

.

2012-02-10 20:37 . 2012-02-10 20:37 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-02-10 19:48 . 2012-02-10 19:48 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-10 09:43 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{17B84BD7-1728-433D-B047-92DCE7C0AD3E}\mpengine.dll

2012-02-10 03:56 . 2012-02-10 03:57 -------- d-----w- c:\users\Tracy\Print Labs

2012-02-10 02:52 . 2011-10-13 17:18 25608 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys

2012-02-10 02:52 . 2011-10-13 17:18 142328 ----a-w- c:\windows\system32\drivers\savonaccess.sys

2012-02-07 19:42 . 2012-02-07 19:42 -------- d-----w- c:\program files\iPod

2012-02-07 19:42 . 2012-02-07 19:43 -------- d-----w- c:\program files\iTunes

2012-02-07 19:42 . 2012-02-07 19:43 -------- d-----w- c:\program files (x86)\iTunes

2012-01-31 08:25 . 2012-01-31 08:25 -------- d-----w- C:\found.000

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-27 05:52 . 2009-11-03 01:55 279656 ------w- c:\windows\system32\MpSigStub.exe

2011-12-10 20:24 . 2011-07-01 02:57 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-04 03:54 . 2011-05-24 13:57 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-24 04:52 . 2011-12-15 20:15 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-11-19 14:58 . 2012-01-11 16:17 77312 ----a-w- c:\windows\system32\packager.dll

2011-11-19 14:01 . 2012-01-11 16:17 67072 ----a-w- c:\windows\SysWow64\packager.dll

2011-11-17 06:41 . 2012-01-11 16:17 1731920 ----a-w- c:\windows\system32\ntdll.dll

2011-11-17 05:38 . 2012-01-11 16:17 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]

2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-02 39408]

"Backblaze"="c:\program files (x86)\Backblaze\bzbui.exe" [2012-01-17 495400]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Backblaze"="c:\program files (x86)\Backblaze\bzbui.exe" [2012-01-17 495400]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logo Calibration Loader.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2011-4-10 708608]

ProfileReminder.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2011-4-10 954368]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\sophos\SOPHOS~1\sophos_detoured.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 135664]

R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [x]

R3 EyeOneDisplay;EyeOneDisplay;c:\windows\system32\Drivers\i1display_x64.sys [x]

R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 135664]

R3 SeqCal;SeqCal;c:\windows\system32\DRIVERS\SeqCal.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]

R4 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]

R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x]

R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]

S2 bzserv;Backblaze Service;c:\program files (x86)\Backblaze\bzserv.exe [2012-01-17 211240]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-08 163056]

S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2010-06-04 97520]

S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-08 1541360]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 10:58]

.

2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 10:58]

.

2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2538685935-2764079445-1791342672-1000Core.job

- c:\users\Gene\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-03 01:59]

.

2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2538685935-2764079445-1791342672-1000UA.job

- c:\users\Gene\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-03 01:59]

.

2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2538685935-2764079445-1791342672-1006Core.job

- c:\users\Tracy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-13 07:01]

.

2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2538685935-2764079445-1791342672-1006UA.job

- c:\users\Tracy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-13 07:01]

.

2012-02-09 c:\windows\Tasks\HPCeeScheduleForTracy.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]

.

2012-01-31 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\progra~2\sophos\SOPHOS~1\sophos_detoured_x64.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

FF - ProfilePath - c:\users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\stcifpvd.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe

AddRemove-Bay Photo Economy - c:\windows\system32\javaws.exe

AddRemove-ColorInc ROES - c:\windows\system32\javaws.exe

AddRemove-CPQ Color By You - c:\windows\system32\javaws.exe

AddRemove-McKenna Easy Order - c:\windows\system32\javaws.exe

AddRemove-Miller's ROES - c:\windows\system32\javaws.exe

AddRemove-mpixpro ROES - c:\windows\system32\javaws.exe

AddRemove-ProDPI ROES - c:\windows\system32\javaws.exe

AddRemove-ROES.whcc - c:\windows\system32\javaws.exe

AddRemove-Simply Color Lab ROES - c:\windows\system32\javaws.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.032"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.abr"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.ac3"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amc\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.amc"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.amr"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.ani"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.apd"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.arw"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.bay"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.bmp"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.bw"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.bwf"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.caf"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.cdda"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.cel"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.cr2"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.crw"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.cs1"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.cur"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.dcr"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.dcx"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.dib"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dif\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.dif"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.djv"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.djvu"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.dng"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.dv"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.emf"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.eps"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.erf"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.fff"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.flc"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.fli"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.fpx"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.gif"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gsm\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.gsm"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.hdr"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.icl"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.icn"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.ico"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.iff"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.ilbm"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.int"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.inta"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.iw4"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.j2c"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.j2k"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jbr"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jfif"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jif"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jp2"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jpc"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jpe"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jpeg"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jpg"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jpk"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.jpx"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.kar"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.kdc"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.lbm"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.m15"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.m1a"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.m2a"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.m4b"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.m4p"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.m75"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.mef"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.mos"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.mpv"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.mrw"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.nef"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.nrw"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.orf"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pbm"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pbr"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pcd"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pct"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pcx"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pef"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pgm"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pic"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.pics"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pict"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pix"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.png"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.ppm"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.psd"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.psp"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pspbrush"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.pspimage"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.qcp"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.qt"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.qtpf"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.raf"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.ras"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.raw"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.rgb"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.rgba"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.rle"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.rsb"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.rw2"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.rwl"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sd2\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.sd2"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.sdv"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.sfil"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.sgi"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.smf"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.smi"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.smil"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.sml"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.sr2"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.srf"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.swa"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.tga"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.thm"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.tif"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.tiff"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.ttc"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.ttf"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.ulw"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.v11o"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.v11p"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.v11pf"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2538685935-2764079445-1791342672-1006)

"Progid"="ACDSee Photo Manager 2009.vfw"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.wbm"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.wbmp"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.wmf"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.xbm"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.xif"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.xmp"

.

[HKEY_USERS\S-1-5-21-2538685935-2764079445-1791342672-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Photo Manager 2009.xpm"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-02-10 15:43:12

ComboFix-quarantined-files.txt 2012-02-10 20:43

.

Pre-Run: 352,720,732,160 bytes free

Post-Run: 443,536,531,456 bytes free

.

- - End Of File - - 38AF94EBC11244D6A235765409A3AB1A

My apologies as I just saw the sticky in this thread that explained the first steps and what I *should* have done prior to running Combo fix. Oops. I stumbled upon this forum looking for fixes to my problem and followed the guidance from there without really checking out the other threads/directions. Hopefully i didn't make too much of a mess of things.

Here are the two requested logs. These were done after I ran combofix and TDSS. Sorry!! :blush:

Thanks in advance for any advice you can provide!

Tracy

DDS.txtAttach.txt

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hello and :welcome:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites
tlheyman

tlheyman

Posted
  • Author
Posted

Hi and thanks so much for responding, Elise! I just ran TDSSKiller and it found nothing, thankfully.

10:29:09.0085 2420 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57

10:29:09.0381 2420 ============================================================

10:29:09.0381 2420 Current date / time: 2012/02/11 10:29:09.0381

10:29:09.0381 2420 SystemInfo:

10:29:09.0381 2420

10:29:09.0381 2420 OS Version: 6.1.7601 ServicePack: 1.0

10:29:09.0381 2420 Product type: Workstation

10:29:09.0381 2420 ComputerName: HP-PAVILLION

10:29:09.0381 2420 UserName: Tracy

10:29:09.0381 2420 Windows directory: C:\Windows

10:29:09.0381 2420 System windows directory: C:\Windows

10:29:09.0381 2420 Running under WOW64

10:29:09.0381 2420 Processor architecture: Intel x64

10:29:09.0381 2420 Number of processors: 4

10:29:09.0381 2420 Page size: 0x1000

10:29:09.0381 2420 Boot type: Normal boot

10:29:09.0381 2420 ============================================================

10:29:14.0747 2420 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:29:14.0763 2420 Drive \Device\Harddisk1\DR1 - Size: 0xF4FC8000 (3.83 Gb), SectorSize: 0x200, Cylinders: 0x1F3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

10:29:14.0794 2420 \Device\Harddisk0\DR0:

10:29:14.0794 2420 MBR used

10:29:14.0794 2420 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

10:29:14.0794 2420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72E26000

10:29:14.0794 2420 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72E58800, BlocksNum 0x18AD800

10:29:14.0794 2420 \Device\Harddisk1\DR1:

10:29:14.0794 2420 MBR used

10:29:14.0794 2420 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x7A1333

10:29:15.0028 2420 Initialize success

10:29:15.0028 2420 ============================================================

10:29:16.0791 3884 ============================================================

10:29:16.0791 3884 Scan started

10:29:16.0791 3884 Mode: Manual;

10:29:16.0791 3884 ============================================================

10:29:21.0034 3884 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

10:29:21.0034 3884 1394ohci - ok

10:29:21.0455 3884 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

10:29:21.0471 3884 ACPI - ok

10:29:21.0658 3884 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

10:29:21.0736 3884 AcpiPmi - ok

10:29:22.0267 3884 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

10:29:22.0594 3884 adp94xx - ok

10:29:23.0140 3884 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

10:29:23.0343 3884 adpahci - ok

10:29:23.0842 3884 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

10:29:24.0029 3884 adpu320 - ok

10:29:24.0357 3884 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

10:29:24.0482 3884 AFD - ok

10:29:24.0607 3884 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

10:29:24.0638 3884 agp440 - ok

10:29:24.0778 3884 ahcix64s (3327e85cadb3b65ee36016e35bcc0adc) C:\Windows\system32\DRIVERS\ahcix64s.sys

10:29:24.0794 3884 ahcix64s - ok

10:29:24.0934 3884 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

10:29:24.0981 3884 aliide - ok

10:29:25.0090 3884 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

10:29:25.0168 3884 amdide - ok

10:29:25.0293 3884 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

10:29:25.0340 3884 AmdK8 - ok

10:29:26.0650 3884 amdkmdag (f284da3156166b45d02acc3c228ade1e) C:\Windows\system32\DRIVERS\atipmdag.sys

10:29:26.0775 3884 amdkmdag - ok

10:29:26.0884 3884 amdkmdap (91e1daf0193bd2ab90b1b35c987237fe) C:\Windows\system32\DRIVERS\atikmpag.sys

10:29:26.0900 3884 amdkmdap - ok

10:29:26.0931 3884 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

10:29:26.0931 3884 AmdPPM - ok

10:29:26.0993 3884 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

10:29:27.0009 3884 amdsata - ok

10:29:27.0040 3884 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

10:29:27.0071 3884 amdsbs - ok

10:29:27.0087 3884 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

10:29:27.0087 3884 amdxata - ok

10:29:27.0181 3884 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

10:29:27.0181 3884 AppID - ok

10:29:27.0259 3884 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

10:29:27.0274 3884 arc - ok

10:29:27.0274 3884 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

10:29:27.0290 3884 arcsas - ok

10:29:27.0337 3884 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:29:27.0368 3884 AsyncMac - ok

10:29:27.0399 3884 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

10:29:27.0399 3884 atapi - ok

10:29:27.0446 3884 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys

10:29:27.0477 3884 athr - ok

10:29:27.0508 3884 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys

10:29:27.0508 3884 AtiHdmiService - ok

10:29:28.0335 3884 atikmdag (f284da3156166b45d02acc3c228ade1e) C:\Windows\system32\DRIVERS\atikmdag.sys

10:29:28.0429 3884 atikmdag - ok

10:29:28.0491 3884 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys

10:29:28.0491 3884 AtiPcie - ok

10:29:28.0569 3884 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

10:29:28.0600 3884 b06bdrv - ok

10:29:28.0663 3884 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

10:29:28.0678 3884 b57nd60a - ok

10:29:28.0725 3884 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

10:29:28.0741 3884 Beep - ok

10:29:28.0787 3884 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

10:29:28.0819 3884 blbdrive - ok

10:29:28.0928 3884 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

10:29:28.0928 3884 bowser - ok

10:29:28.0959 3884 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:29:28.0959 3884 BrFiltLo - ok

10:29:28.0975 3884 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:29:28.0990 3884 BrFiltUp - ok

10:29:29.0021 3884 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

10:29:29.0021 3884 BridgeMP - ok

10:29:29.0053 3884 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

10:29:29.0068 3884 Brserid - ok

10:29:29.0099 3884 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

10:29:29.0131 3884 BrSerWdm - ok

10:29:29.0162 3884 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:29:29.0177 3884 BrUsbMdm - ok

10:29:29.0193 3884 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

10:29:29.0193 3884 BrUsbSer - ok

10:29:29.0224 3884 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

10:29:29.0224 3884 BTHMODEM - ok

10:29:29.0723 3884 catchme - ok

10:29:29.0786 3884 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

10:29:29.0864 3884 cdfs - ok

10:29:30.0004 3884 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

10:29:30.0051 3884 cdrom - ok

10:29:30.0254 3884 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

10:29:30.0332 3884 circlass - ok

10:29:30.0457 3884 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

10:29:30.0472 3884 CLFS - ok

10:29:30.0613 3884 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

10:29:30.0628 3884 CmBatt - ok

10:29:30.0722 3884 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

10:29:30.0800 3884 cmdide - ok

10:29:30.0909 3884 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

10:29:30.0909 3884 CNG - ok

10:29:31.0034 3884 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

10:29:31.0096 3884 Compbatt - ok

10:29:31.0268 3884 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

10:29:31.0315 3884 CompositeBus - ok

10:29:31.0471 3884 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

10:29:31.0502 3884 crcdisk - ok

10:29:31.0689 3884 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

10:29:31.0783 3884 DfsC - ok

10:29:31.0845 3884 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

10:29:31.0861 3884 discache - ok

10:29:31.0892 3884 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

10:29:31.0892 3884 Disk - ok

10:29:31.0939 3884 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

10:29:31.0985 3884 drmkaud - ok

10:29:32.0048 3884 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

10:29:32.0079 3884 DXGKrnl - ok

10:29:32.0282 3884 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

10:29:32.0407 3884 ebdrv - ok

10:29:32.0500 3884 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

10:29:32.0547 3884 elxstor - ok

10:29:32.0625 3884 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

10:29:32.0672 3884 ErrDev - ok

10:29:32.0750 3884 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

10:29:32.0765 3884 exfat - ok

10:29:32.0843 3884 EyeOneDisplay (a33e0921d0c256e348e0f6d66c77b7f7) C:\Windows\system32\Drivers\i1display_x64.sys

10:29:32.0875 3884 EyeOneDisplay - ok

10:29:32.0890 3884 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

10:29:32.0890 3884 fastfat - ok

10:29:32.0921 3884 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

10:29:32.0921 3884 fdc - ok

10:29:32.0953 3884 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

10:29:32.0953 3884 FileInfo - ok

10:29:32.0984 3884 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

10:29:32.0999 3884 Filetrace - ok

10:29:33.0046 3884 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

10:29:33.0077 3884 flpydisk - ok

10:29:33.0187 3884 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

10:29:33.0187 3884 FltMgr - ok

10:29:33.0233 3884 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys

10:29:33.0249 3884 FlyUsb - ok

10:29:33.0280 3884 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

10:29:33.0280 3884 FsDepends - ok

10:29:33.0296 3884 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

10:29:33.0296 3884 Fs_Rec - ok

10:29:33.0374 3884 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

10:29:33.0389 3884 fvevol - ok

10:29:33.0421 3884 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

10:29:33.0436 3884 gagp30kx - ok

10:29:33.0483 3884 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

10:29:33.0499 3884 GEARAspiWDM - ok

10:29:33.0545 3884 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

10:29:33.0545 3884 hcw85cir - ok

10:29:33.0623 3884 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

10:29:33.0623 3884 HDAudBus - ok

10:29:33.0639 3884 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

10:29:33.0655 3884 HidBatt - ok

10:29:33.0686 3884 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

10:29:33.0686 3884 HidBth - ok

10:29:33.0717 3884 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

10:29:33.0717 3884 HidIr - ok

10:29:33.0764 3884 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

10:29:33.0764 3884 HidUsb - ok

10:29:33.0811 3884 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

10:29:33.0826 3884 HpSAMD - ok

10:29:33.0904 3884 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

10:29:33.0904 3884 HTTP - ok

10:29:33.0967 3884 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

10:29:33.0967 3884 hwpolicy - ok

10:29:34.0045 3884 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

10:29:34.0076 3884 i8042prt - ok

10:29:34.0154 3884 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

10:29:34.0201 3884 iaStorV - ok

10:29:34.0279 3884 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

10:29:34.0294 3884 iirsp - ok

10:29:34.0372 3884 IntcAzAudAddService (31c32bc56d85d109ebb0c526be5caca7) C:\Windows\system32\drivers\RTKVHD64.sys

10:29:34.0388 3884 IntcAzAudAddService - ok

10:29:34.0419 3884 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

10:29:34.0435 3884 intelide - ok

10:29:34.0466 3884 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

10:29:34.0481 3884 intelppm - ok

10:29:34.0544 3884 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:29:34.0544 3884 IpFilterDriver - ok

10:29:34.0606 3884 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

10:29:34.0622 3884 IPMIDRV - ok

10:29:34.0653 3884 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

10:29:34.0669 3884 IPNAT - ok

10:29:34.0731 3884 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

10:29:34.0731 3884 IRENUM - ok

10:29:34.0793 3884 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

10:29:34.0840 3884 isapnp - ok

10:29:34.0934 3884 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

10:29:34.0949 3884 iScsiPrt - ok

10:29:35.0043 3884 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

10:29:35.0043 3884 kbdclass - ok

10:29:35.0121 3884 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

10:29:35.0137 3884 kbdhid - ok

10:29:35.0199 3884 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

10:29:35.0199 3884 KSecDD - ok

10:29:35.0261 3884 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

10:29:35.0261 3884 KSecPkg - ok

10:29:35.0277 3884 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

10:29:35.0277 3884 ksthunk - ok

10:29:35.0371 3884 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

10:29:35.0371 3884 lltdio - ok

10:29:35.0417 3884 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

10:29:35.0433 3884 LSI_FC - ok

10:29:35.0464 3884 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

10:29:35.0480 3884 LSI_SAS - ok

10:29:35.0527 3884 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

10:29:35.0527 3884 LSI_SAS2 - ok

10:29:35.0558 3884 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

10:29:35.0605 3884 LSI_SCSI - ok

10:29:35.0683 3884 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

10:29:35.0714 3884 luafv - ok

10:29:35.0792 3884 lvpepf64 (07389f6925e490d2db7882110e99921c) C:\Windows\system32\DRIVERS\lv302a64.sys

10:29:35.0823 3884 lvpepf64 - ok

10:29:35.0901 3884 LVRS64 (7f0ba3a6e8996f15693c6b7d81da049e) C:\Windows\system32\DRIVERS\lvrs64.sys

10:29:35.0932 3884 LVRS64 - ok

10:29:36.0104 3884 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\DRIVERS\LVUSBS64.sys

10:29:36.0119 3884 LVUSBS64 - ok

10:29:36.0338 3884 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

10:29:36.0338 3884 MBAMProtector - ok

10:29:36.0385 3884 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

10:29:36.0385 3884 megasas - ok

10:29:36.0431 3884 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

10:29:36.0463 3884 MegaSR - ok

10:29:36.0525 3884 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

10:29:36.0525 3884 Modem - ok

10:29:36.0556 3884 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

10:29:36.0556 3884 monitor - ok

10:29:36.0619 3884 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

10:29:36.0634 3884 mouclass - ok

10:29:36.0665 3884 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

10:29:36.0681 3884 mouhid - ok

10:29:36.0743 3884 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

10:29:36.0743 3884 mountmgr - ok

10:29:36.0821 3884 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

10:29:36.0853 3884 mpio - ok

10:29:36.0884 3884 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

10:29:36.0884 3884 mpsdrv - ok

10:29:37.0009 3884 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

10:29:37.0024 3884 MRxDAV - ok

10:29:37.0071 3884 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:29:37.0087 3884 mrxsmb - ok

10:29:37.0149 3884 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:29:37.0165 3884 mrxsmb10 - ok

10:29:37.0180 3884 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:29:37.0180 3884 mrxsmb20 - ok

10:29:37.0289 3884 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

10:29:37.0336 3884 msahci - ok

10:29:37.0399 3884 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

10:29:37.0414 3884 msdsm - ok

10:29:37.0445 3884 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

10:29:37.0461 3884 Msfs - ok

10:29:37.0477 3884 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

10:29:37.0477 3884 mshidkmdf - ok

10:29:37.0539 3884 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

10:29:37.0539 3884 msisadrv - ok

10:29:37.0601 3884 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

10:29:37.0601 3884 MSKSSRV - ok

10:29:37.0617 3884 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

10:29:37.0633 3884 MSPCLOCK - ok

10:29:37.0648 3884 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

10:29:37.0648 3884 MSPQM - ok

10:29:37.0711 3884 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

10:29:37.0711 3884 MsRPC - ok

10:29:37.0757 3884 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

10:29:37.0757 3884 mssmbios - ok

10:29:37.0820 3884 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

10:29:37.0820 3884 MSTEE - ok

10:29:37.0835 3884 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

10:29:37.0851 3884 MTConfig - ok

10:29:37.0867 3884 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

10:29:37.0867 3884 Mup - ok

10:29:37.0913 3884 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

10:29:37.0913 3884 NativeWifiP - ok

10:29:38.0007 3884 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

10:29:38.0007 3884 NDIS - ok

10:29:38.0023 3884 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

10:29:38.0038 3884 NdisCap - ok

10:29:38.0069 3884 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

10:29:38.0085 3884 NdisTapi - ok

10:29:38.0147 3884 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

10:29:38.0147 3884 Ndisuio - ok

10:29:38.0257 3884 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

10:29:38.0288 3884 NdisWan - ok

10:29:38.0350 3884 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

10:29:38.0350 3884 NDProxy - ok

10:29:38.0366 3884 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

10:29:38.0366 3884 NetBIOS - ok

10:29:38.0491 3884 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

10:29:38.0506 3884 NetBT - ok

10:29:38.0584 3884 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

10:29:38.0600 3884 nfrd960 - ok

10:29:38.0631 3884 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

10:29:38.0647 3884 Npfs - ok

10:29:38.0662 3884 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

10:29:38.0678 3884 nsiproxy - ok

10:29:38.0881 3884 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

10:29:38.0881 3884 Ntfs - ok

10:29:38.0896 3884 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

10:29:38.0927 3884 Null - ok

10:29:38.0974 3884 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

10:29:39.0021 3884 nvraid - ok

10:29:39.0083 3884 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

10:29:39.0115 3884 nvstor - ok

10:29:39.0146 3884 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

10:29:39.0161 3884 nv_agp - ok

10:29:39.0224 3884 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

10:29:39.0255 3884 ohci1394 - ok

10:29:39.0364 3884 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

10:29:39.0395 3884 Parport - ok

10:29:39.0458 3884 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

10:29:39.0458 3884 partmgr - ok

10:29:39.0473 3884 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

10:29:39.0473 3884 pci - ok

10:29:39.0505 3884 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

10:29:39.0505 3884 pciide - ok

10:29:39.0567 3884 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

10:29:39.0598 3884 pcmcia - ok

10:29:39.0629 3884 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

10:29:39.0629 3884 pcw - ok

10:29:39.0645 3884 PDIHWCTL - ok

10:29:39.0661 3884 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

10:29:39.0676 3884 PEAUTH - ok

10:29:39.0785 3884 PID_PEPI (087a343dfc337f37723dd7912de6b6cd) C:\Windows\system32\DRIVERS\LV302V64.SYS

10:29:39.0817 3884 PID_PEPI - ok

10:29:39.0910 3884 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

10:29:39.0926 3884 PptpMiniport - ok

10:29:39.0957 3884 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

10:29:39.0973 3884 Processor - ok

10:29:40.0051 3884 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

10:29:40.0066 3884 Psched - ok

10:29:40.0129 3884 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

10:29:40.0207 3884 ql2300 - ok

10:29:40.0222 3884 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

10:29:40.0238 3884 ql40xx - ok

10:29:40.0253 3884 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

10:29:40.0269 3884 QWAVEdrv - ok

10:29:40.0300 3884 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

10:29:40.0300 3884 RasAcd - ok

10:29:40.0331 3884 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:29:40.0347 3884 RasAgileVpn - ok

10:29:40.0441 3884 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:29:40.0456 3884 Rasl2tp - ok

10:29:40.0503 3884 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

10:29:40.0519 3884 RasPppoe - ok

10:29:40.0519 3884 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

10:29:40.0534 3884 RasSstp - ok

10:29:40.0643 3884 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

10:29:40.0675 3884 rdbss - ok

10:29:40.0753 3884 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

10:29:40.0784 3884 rdpbus - ok

10:29:40.0846 3884 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:29:40.0909 3884 RDPCDD - ok

10:29:40.0971 3884 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

10:29:40.0987 3884 RDPENCDD - ok

10:29:41.0002 3884 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

10:29:41.0018 3884 RDPREFMP - ok

10:29:41.0096 3884 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

10:29:41.0127 3884 RDPWD - ok

10:29:41.0267 3884 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

10:29:41.0267 3884 rdyboost - ok

10:29:41.0361 3884 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

10:29:41.0361 3884 rspndr - ok

10:29:41.0517 3884 RTL8167 (91296f0b2653281b2f11e0fce56aa427) C:\Windows\system32\DRIVERS\Rt64win7.sys

10:29:41.0595 3884 RTL8167 - ok

10:29:41.0720 3884 SAVOnAccess (d9057e8ca97628e275979a09ea66b34b) C:\Windows\system32\DRIVERS\savonaccess.sys

10:29:41.0735 3884 SAVOnAccess - ok

10:29:41.0798 3884 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

10:29:41.0813 3884 sbp2port - ok

10:29:41.0876 3884 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

10:29:41.0891 3884 scfilter - ok

10:29:41.0907 3884 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

10:29:41.0907 3884 secdrv - ok

10:29:41.0969 3884 SeqCal (a33e0921d0c256e348e0f6d66c77b7f7) C:\Windows\system32\DRIVERS\SeqCal.sys

10:29:41.0985 3884 SeqCal - ok

10:29:42.0016 3884 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

10:29:42.0032 3884 Serenum - ok

10:29:42.0047 3884 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

10:29:42.0063 3884 Serial - ok

10:29:42.0110 3884 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

10:29:42.0125 3884 sermouse - ok

10:29:42.0188 3884 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

10:29:42.0203 3884 sffdisk - ok

10:29:42.0219 3884 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

10:29:42.0235 3884 sffp_mmc - ok

10:29:42.0250 3884 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

10:29:42.0266 3884 sffp_sd - ok

10:29:42.0281 3884 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

10:29:42.0297 3884 sfloppy - ok

10:29:42.0344 3884 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

10:29:42.0359 3884 SiSRaid2 - ok

10:29:42.0375 3884 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

10:29:42.0391 3884 SiSRaid4 - ok

10:29:42.0437 3884 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

10:29:42.0437 3884 Smb - ok

10:29:42.0515 3884 SophosBootDriver (69fbe35a8165adbc313aa7f64b868ca1) C:\Windows\system32\DRIVERS\SophosBootDriver.sys

10:29:42.0547 3884 SophosBootDriver - ok

10:29:42.0562 3884 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

10:29:42.0562 3884 spldr - ok

10:29:42.0640 3884 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

10:29:42.0640 3884 srv - ok

10:29:42.0671 3884 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

10:29:42.0671 3884 srv2 - ok

10:29:42.0687 3884 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

10:29:42.0687 3884 srvnet - ok

10:29:42.0734 3884 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

10:29:42.0749 3884 stexstor - ok

10:29:42.0812 3884 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

10:29:42.0827 3884 swenum - ok

10:29:42.0983 3884 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

10:29:43.0015 3884 Tcpip - ok

10:29:43.0108 3884 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

10:29:43.0139 3884 TCPIP6 - ok

10:29:43.0202 3884 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

10:29:43.0202 3884 tcpipreg - ok

10:29:43.0233 3884 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

10:29:43.0264 3884 TDPIPE - ok

10:29:43.0311 3884 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

10:29:43.0342 3884 TDTCP - ok

10:29:43.0389 3884 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

10:29:43.0420 3884 tdx - ok

10:29:43.0436 3884 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

10:29:43.0451 3884 TermDD - ok

10:29:43.0529 3884 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:29:43.0561 3884 tssecsrv - ok

10:29:43.0607 3884 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

10:29:43.0639 3884 TsUsbFlt - ok

10:29:43.0732 3884 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

10:29:43.0763 3884 tunnel - ok

10:29:43.0810 3884 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

10:29:43.0841 3884 uagp35 - ok

10:29:43.0904 3884 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

10:29:43.0951 3884 udfs - ok

10:29:43.0982 3884 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

10:29:43.0997 3884 uliagpkx - ok

10:29:44.0075 3884 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

10:29:44.0107 3884 umbus - ok

10:29:44.0153 3884 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

10:29:44.0185 3884 UmPass - ok

10:29:44.0278 3884 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

10:29:44.0294 3884 USBAAPL64 - ok

10:29:44.0325 3884 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

10:29:44.0341 3884 usbaudio - ok

10:29:44.0356 3884 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

10:29:44.0372 3884 usbccgp - ok

10:29:44.0497 3884 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

10:29:44.0543 3884 usbcir - ok

10:29:44.0543 3884 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

10:29:44.0559 3884 usbehci - ok

10:29:44.0590 3884 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys

10:29:44.0621 3884 usbfilter - ok

10:29:44.0653 3884 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

10:29:44.0699 3884 usbhub - ok

10:29:44.0715 3884 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

10:29:44.0731 3884 usbohci - ok

10:29:44.0762 3884 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

10:29:44.0777 3884 usbprint - ok

10:29:44.0809 3884 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

10:29:44.0824 3884 usbscan - ok

10:29:44.0855 3884 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

10:29:44.0871 3884 USBSTOR - ok

10:29:44.0887 3884 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

10:29:44.0902 3884 usbuhci - ok

10:29:44.0949 3884 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

10:29:44.0949 3884 vdrvroot - ok

10:29:45.0011 3884 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

10:29:45.0043 3884 vga - ok

10:29:45.0058 3884 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

10:29:45.0074 3884 VgaSave - ok

10:29:45.0136 3884 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

10:29:45.0167 3884 vhdmp - ok

10:29:45.0199 3884 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

10:29:45.0214 3884 viaide - ok

10:29:45.0245 3884 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

10:29:45.0245 3884 volmgr - ok

10:29:45.0308 3884 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

10:29:45.0308 3884 volmgrx - ok

10:29:45.0339 3884 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

10:29:45.0339 3884 volsnap - ok

10:29:45.0386 3884 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

10:29:45.0433 3884 vsmraid - ok

10:29:45.0448 3884 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

10:29:45.0479 3884 vwifibus - ok

10:29:45.0511 3884 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

10:29:45.0542 3884 vwififlt - ok

10:29:45.0589 3884 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

10:29:45.0589 3884 vwifimp - ok

10:29:45.0620 3884 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

10:29:45.0651 3884 WacomPen - ok

10:29:45.0682 3884 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:29:45.0682 3884 WANARP - ok

10:29:45.0698 3884 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:29:45.0698 3884 Wanarpv6 - ok

10:29:45.0760 3884 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

10:29:45.0807 3884 Wd - ok

10:29:45.0854 3884 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

10:29:45.0869 3884 Wdf01000 - ok

10:29:45.0916 3884 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

10:29:45.0916 3884 WfpLwf - ok

10:29:45.0947 3884 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

10:29:45.0979 3884 WIMMount - ok

10:29:46.0072 3884 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

10:29:46.0103 3884 WinUsb - ok

10:29:46.0119 3884 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

10:29:46.0135 3884 WmiAcpi - ok

10:29:46.0166 3884 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

10:29:46.0181 3884 ws2ifsl - ok

10:29:46.0244 3884 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

10:29:46.0275 3884 WudfPf - ok

10:29:46.0291 3884 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:29:46.0291 3884 WUDFRd - ok

10:29:46.0337 3884 MBR (0x1B8) (d903658e313289c7e22a468124057bec) \Device\Harddisk0\DR0

10:29:46.0634 3884 \Device\Harddisk0\DR0 - ok

10:29:46.0649 3884 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1

10:29:46.0649 3884 \Device\Harddisk1\DR1 - ok

10:29:46.0649 3884 Boot (0x1200) (4a33f1701d59accaf95a959c61e74e15) \Device\Harddisk0\DR0\Partition0

10:29:46.0649 3884 \Device\Harddisk0\DR0\Partition0 - ok

10:29:46.0681 3884 Boot (0x1200) (43937668241aa4355caf9d2efdfe1143) \Device\Harddisk0\DR0\Partition1

10:29:46.0681 3884 \Device\Harddisk0\DR0\Partition1 - ok

10:29:46.0712 3884 Boot (0x1200) (72245fcf58949617d735cbfc956978df) \Device\Harddisk0\DR0\Partition2

10:29:46.0712 3884 \Device\Harddisk0\DR0\Partition2 - ok

10:29:46.0727 3884 Boot (0x1200) (01c92e07e3a1141ef15f2f2dc1a84ccc) \Device\Harddisk1\DR1\Partition0

10:29:46.0727 3884 \Device\Harddisk1\DR1\Partition0 - ok

10:29:46.0727 3884 ============================================================

10:29:46.0727 3884 Scan finished

10:29:46.0727 3884 ============================================================

10:29:46.0743 3668 Detected object count: 0

10:29:46.0743 3668 Actual detected object count: 0

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Do you have any problem left at this point?

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    2. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    3. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    4. Check "YES, I accept the Terms of Use."
    5. Click the Start button.
    6. Accept any security warnings from your browser.
    7. Under scan settings, check "Scan Archives" and "Remove found threats"
    8. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites
tlheyman

tlheyman

Posted
  • Author
Posted

Thanks, Elise! Yes, unfortunately I'm having problems again this morning. My computer is constantly freezing up and I have to power it down. And, I'm getting notices from my pc that Sophos is turned off but it's showing that it's on. I will run the scan you requested above as soon as I can get my computer running again.

Link to post
Share on other sites
tlheyman

tlheyman

Posted
  • Author
Posted

It finished before I could stop it, although it said stopped by user in the status. I didn't stop it so I'm not sure what that means. It ran for 38 minutes so I'm assuming it scanned everything. It said there were no threats found and but I didn't see an option to produce a log. Does it automatically save one somewhere that I could post for you to take a peek? I guess it's good news that it didn't find anything. My PC is no longer giving message that sophos isn't on and it hasn't frozen up on me either. Hopefully those are all good signs.

Link to post
Share on other sites
tlheyman

tlheyman

Posted
  • Author
Posted

Absolutely. Here it is...

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Tracy at 12:27:27 on 2012-02-11

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.5303 [GMT -5:00]

.

AV: Sophos Anti-Virus *Disabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}

SP: Sophos Anti-Virus *Disabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Backblaze\bzserv.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe

C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Backblaze\bzbui.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\sophos\AutoUpdate\ALMon.exe

C:\Program Files (x86)\AirPort\APAgent.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\SysWOW64\WinMsgBalloonServer.exe

C:\Windows\SysWOW64\WinMsgBalloonClient.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Gene\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\sophos\AutoUpdate\ALMon.exe

C:\Program Files (x86)\AirPort\APAgent.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [backblaze] "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

mRun: [sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

dRun: [backblaze] "C:\Program Files (x86)\Backblaze\bzbui.exe" -quiet

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGOCA~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PROFIL~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

LSP: C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{8AFC352A-3B53-4A5B-9257-7B0134F9DEEB} : DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{F78A3A08-EC59-452C-93A9-F7239DBC2CB8} : DhcpNameServer = 68.87.75.198 68.87.64.150

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

AppInit_DLLs: C:\PROGRA~2\sophos\SOPHOS~1\sophos_detoured.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Sophos Web Content Scanner: {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

BHO-X64: HelloWorldBHO - No File

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

AppInit_DLLs-X64: C:\PROGRA~2\sophos\SOPHOS~1\sophos_detoured.dll

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Tracy\AppData\Roaming\Mozilla\Firefox\Profiles\stcifpvd.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll

FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll

FF - plugin: C:\Users\Tracy\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Users\Tracy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

FF - plugin: C:\Users\Tracy\AppData\Roaming\Mozilla\plugins\npatgpc.dll

FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]

R1 SAVOnAccess;SAVOnAccess;C:\Windows\system32\DRIVERS\savonaccess.sys --> C:\Windows\system32\DRIVERS\savonaccess.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]

R2 bzserv;Backblaze Service;C:\Program Files (x86)\Backblaze\bzserv.exe [2011-8-30 211240]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-10 652360]

R2 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\sophos\Sophos Anti-Virus\SAVAdminService.exe [2010-10-8 163056]

R2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\sophos\Sophos Anti-Virus\SavService.exe [2010-6-4 97520]

R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\sophos\AutoUpdate\ALsvc.exe [2010-9-21 230640]

R2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2010-10-8 1541360]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-26 135664]

S3 EyeOneDisplay;EyeOneDisplay;C:\Windows\system32\Drivers\i1display_x64.sys --> C:\Windows\system32\Drivers\i1display_x64.sys [?]

S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-26 135664]

S3 SeqCal;SeqCal;C:\Windows\system32\DRIVERS\SeqCal.sys --> C:\Windows\system32\DRIVERS\SeqCal.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-8-19 192512]

S4 SophosBootDriver;SophosBootDriver;C:\Windows\system32\DRIVERS\SophosBootDriver.sys --> C:\Windows\system32\DRIVERS\SophosBootDriver.sys [?]

S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

.

=============== Created Last 30 ================

.

2012-02-11 16:14:05 -------- d-----w- C:\Program Files (x86)\ESET

2012-02-10 21:28:02 -------- d-----w- C:\Windows\SysWow64\syncdb

2012-02-10 21:14:48 -------- d-----w- C:\ComboFix

2012-02-10 20:47:46 -------- d-sh--w- C:\$RECYCLE.BIN

2012-02-10 20:06:21 208896 ----a-w- C:\Windows\MBR.exe

2012-02-10 20:06:20 256000 ----a-w- C:\Windows\PEV.exe

2012-02-10 20:06:19 518144 ----a-w- C:\Windows\SWREG.exe

2012-02-10 20:06:18 98816 ----a-w- C:\Windows\sed.exe

2012-02-10 19:48:45 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-10 09:43:06 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{17B84BD7-1728-433D-B047-92DCE7C0AD3E}\mpengine.dll

2012-02-10 03:56:08 -------- d-----w- C:\Users\Tracy\Print Labs

2012-02-10 02:52:14 25608 ----a-w- C:\Windows\System32\drivers\SophosBootDriver.sys

2012-02-10 02:52:13 142328 ----a-w- C:\Windows\System32\drivers\savonaccess.sys

2012-02-07 19:42:51 -------- d-----w- C:\Program Files\iPod

2012-02-07 19:42:50 -------- d-----w- C:\Program Files\iTunes

2012-02-07 19:42:50 -------- d-----w- C:\Program Files (x86)\iTunes

2012-01-31 08:25:20 -------- d-----w- C:\found.000

.

==================== Find3M ====================

.

2012-01-27 05:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe

2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-04 03:54:56 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll

2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys

2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll

2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll

2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll

2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll

2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll

2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe

2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll

2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll

2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 12:27:59.88 ===============

Link to post
Share on other sites
Elise

Elise

Posted
Posted

That looks good! :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Glad I could be of help! :)

You can just delete TDSSkiller (right click file > delete) and ESET can be uninstalled (press Windows key + R, type appwiz.cpl and press enter to open the uninstall list).

If you have no other questions I'll request this topic to be closed.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.