Author Topic: [Resolved] Redirects and Slow Computer (Read 1094 times)

christopher.ellis01 · « **on:** April 10, 2012, 08:29:17 PM »

Hello Everyone,

I need some help with what is becoming a nasty redirect problem. I have run scans with AdAware, Symantec Endpoint Protection and a few other things, but cant seem to find any culprits. I am getting redirects to happili.com (not sure if it is spelled right...) from Google searches. If I return to the Google Results page and reclick the link, it goes to the correct site.

A couple of months ago, I was getting redirects to other sites, but it seems to have returned. I apologize, but I don't remember all of the steps or programs I used to solve the issue last time.

I'm not sure if it is related or not, but my computer has also been running very slowly for several months. I originally thought it was because it is several years old, but now I'm not so sure...

Here are my logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_17
Run by Daddy's Laptop at 21:20:51 on 2012-04-10
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.890 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Daddy's Laptop\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
mWinlogon: Userinit=C:\Windows\SysWOW64\userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [Google Update] "C:\Users\Daddy's Laptop\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [cdloader] "C:\Users\Daddy's Laptop\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [MusicManager] "C:\Users\Daddy's Laptop\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
mRun: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking10\Ereg.ini
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun: [ToolBoxFX] "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\DADDY'~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 192.168.69.69
TCP: Interfaces\{976A4EB2-AB54-4C9B-B3EA-B58E6A16EE34} : DhcpNameServer = 192.168.69.69
TCP: Interfaces\{976A4EB2-AB54-4C9B-B3EA-B58E6A16EE34}\3646563316 : DhcpNameServer = 192.168.69.69
TCP: Interfaces\{976A4EB2-AB54-4C9B-B3EA-B58E6A16EE34}\C696E6B6379737 : DhcpNameServer = 192.168.69.69
TCP: Interfaces\{976A4EB2-AB54-4C9B-B3EA-B58E6A16EE34}\D696461647C616E64796362626 : DhcpNameServer = 10.71.0.1
TCP: Interfaces\{976A4EB2-AB54-4C9B-B3EA-B58E6A16EE34}\F457270284F6573756 : DhcpNameServer = 192.168.5.5
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
mRun-x64: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking10\Ereg.ini
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
mRun-x64: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun-x64: [ToolBoxFX] "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
Hosts: 192.168.69.74 NPI977642
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Daddy's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\h01zjw8d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig|https://mail.google.com/mail/?shva=1#inbox|http://www.techforless.com/cgi-bin/tech4less/hot_deal.html?mv_pc=email804m
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npmfv.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - plugin: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Daddy's Laptop\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Daddy's Laptop\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Daddy's Laptop\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 archlp;archlp;C:\Windows\system32\drivers\archlp.sys --> C:\Windows\system32\drivers\archlp.sys [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-12 1153368]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\system32\DRIVERS\AcpiVpc.sys --> C:\Windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-1 138360]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-3-6 652360]
.
=============== Created Last 30 ================
.
2012-03-29 17:42:55   --------   d-----w-   C:\Program Files\iPod
2012-03-29 17:42:53   --------   d-----w-   C:\Program Files\iTunes
2012-03-18 02:40:50   592824   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 02:40:50   44472   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-15 17:54:57   --------   d-----w-   C:\Windows\System32\MpEngineStore
2012-03-15 08:09:43   5559152   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2012-03-15 08:09:41   3968368   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-15 08:09:39   3913584   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 18:03:03   3145728   ----a-w-   C:\Windows\System32\win32k.sys
2012-03-14 18:02:57   1544192   ----a-w-   C:\Windows\System32\DWrite.dll
2012-03-14 18:02:57   1077248   ----a-w-   C:\Windows\SysWow64\DWrite.dll
2012-03-14 18:02:44   9216   ----a-w-   C:\Windows\System32\rdrmemptylst.exe
2012-03-14 18:02:44   77312   ----a-w-   C:\Windows\System32\rdpwsx.dll
2012-03-14 18:02:44   149504   ----a-w-   C:\Windows\System32\rdpcorekmts.dll
2012-03-14 18:01:29   1031680   ----a-w-   C:\Windows\System32\rdpcore.dll
2012-03-14 18:01:28   826880   ----a-w-   C:\Windows\SysWow64\rdpcore.dll
2012-03-14 18:01:27   23552   ----a-w-   C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 18:01:27   210944   ----a-w-   C:\Windows\System32\drivers\rdpwd.sys
2012-03-13 17:46:47   27424   ----a-w-   C:\Windows\System32\drivers\hitmanpro36.sys
2012-03-12 22:59:40   --------   d-----w-   C:\ProgramData\HitmanPro
2012-03-12 22:59:04   --------   d-----w-   C:\ProgramData\Hitman Pro
2012-03-12 21:59:50   --------   d-----w-   C:\ProgramData\Spybot - Search & Destroy
2012-03-12 21:59:50   --------   d-----w-   C:\Program Files (x86)\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2012-03-10 03:00:54   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 21:21:24.59 ===============

And:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/29/2010 8:39:03 PM
System Uptime: 4/10/2012 5:20:32 PM (4 hours ago)
.
Motherboard: LENOVO | | IGT30
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1500/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 11.27 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet CM1017
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CM1017
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet 4500 G510n-z
Device ID: ROOT\IMAGE\0001
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\IMAGE\0001
Service: StillCam
.
==== System Restore Points ===================
.
RP262: 3/15/2012 3:00:37 AM - Windows Update
RP263: 3/21/2012 12:34:19 PM - Windows Update
RP264: 3/29/2012 1:45:08 PM - Scheduled Checkpoint
RP265: 4/9/2012 6:47:24 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
Adobe Reader 9.5.0
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
ArcSoft TotalMedia Theatre 3
BufferChm
calibre
CANYON USB PC CAMERA
Celestia 1.6.1
Chinese Traditional Fonts Support For Adobe Reader 9
Command & Conquer 3 Kane's Wrath
CoreAVC Professional Edition (remove only)
Coupon Printer for Windows
D3DX10
Daniusoft Video Converter Ultimate(Build 3.1.1.0)
Defense Grid Gold
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
Device Doctor
DeviceDiscovery
DeviceManagementQFolder
DocMgr
DocProc
DocProcQFolder
Dragon NaturallySpeaking 10
Duplicate Cleaner 1.4.7c
DVD Flick 1.3.0.7
EasyCapture
Energy Management
eSupportQFolder
Fax
GameSpy Comrade
Google Chrome
Google Earth Plug-in
Google SketchUp 8
Google Talk Plugin
Google Update Helper
GPBaseService2
Haali Media Splitter
HandBrake 0.9.5
HiJackThis
HP Photo Creations
HP Update
hppCLJCM1017
hppFonts
hppIOFiles
hppManualsCM1017
hpPrintProjects
HPProductAssistant
hppscanCM1017
hppScanTo
hppTLBXFXCM1017
HPSSupply
hpWLPGInstaller
hpzTLBXFX
IBM Lotus Forms Viewer 3.5.1
Imprudence Viewer 1.3.2 (SSE2 optimized)
Impulse
IrfanView (remove only)
Java(TM) 6 Update 17
JDownloader
LiveUpdate 3.3 (Symantec Corporation)
magicJack
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Microsoft .NET Framework 1.1
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WorldWide Telescope
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
Pando Media Booster
Philips Songbird
Photodex Presenter
Product_Full_QFolder
Product_Min_QFolder
QuickTime
Reader for PC
Reader Library by Sony
Realtek High Definition Audio Driver
RICOH R5U8xx Media Driver ver.3.62.02
Safari
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization V
Sins of a Solar Empire
Sins of a Solar Empire - Entrenchment
Skype Toolbars
Skype™ 5.3
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Star Trek Online
StarCraft
Status
Steam
Stellarium 0.10.6.1
swMSM
Toolbox
Total Annihilation
TrayApp
TuneUp Companion 2.4.2.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
USB Video Device
VirtualCloneDrive
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
4/9/2012 6:23:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
4/9/2012 6:20:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
4/9/2012 6:20:15 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/10/2012 9:02:44 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
4/10/2012 5:22:12 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
4/10/2012 5:22:12 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.69.3, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
4/10/2012 12:29:38 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
.
==== End Of File ===========================

Any assistance or suggestions would be appreciated!

C

Hoov · « **Reply #1 on:** April 10, 2012, 08:37:51 PM »

Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.Also tell me any other problems you are having, no matter how small or long you have been dealing with them.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

Now onto trying to fix your computer.

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on click on the change parameters option.
Once you are in there, check all four boxes and then click on the OK button.
Now click the Start Scan button.
This is what you will see during the scan,

and this is what you will see when the scan is done if any threats are found. Don't change any of the recommended actions. Click the continue button.
Once the fix is done you might see this,

or it may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot''s Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes'' Anti-Malware
Launch Malwarebytes'' Anti-Malware

Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click ''Show Results'' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM''s database version and your operating system.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

christopher.ellis01 · « **Reply #2 on:** April 11, 2012, 03:55:47 PM »

OK... Lots of Questions here are the answers

Last time I had a similar issue I ran scans with Symantic Endpoint Protection Scans, Kapersky online, AdAware, Spybot S&D, MBAM and Hitman Pro. I believe it was the Hitman program that fixed the issue, although I am not sure. This time I have done nothing to fix the problem, but my son may have done something that he didn't tell me about.

My data is backed up and I currently do not have a service that encrypts or backs up my Hard Drive.

The PC is mine and no one else is responsible for IT matters. It is several years old. It is a Lenovo 3000 y410 with 2gb RAM and a 300 GB Hard Drive. I am running Win 7 Pro and all updates have been installed. I believe my son was running Peer to Peer programs on the PC and also my wife visited several streaming video sites. That is when the problems started several months ago.

Here is the KTSSKiller Report:

16:08:25.0202 5768   TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
16:08:25.0500 5768   ============================================================
16:08:25.0500 5768   Current date / time: 2012/04/11 16:08:25.0500
16:08:25.0500 5768   SystemInfo:
16:08:25.0500 5768
16:08:25.0500 5768   OS Version: 6.1.7601 ServicePack: 1.0
16:08:25.0500 5768   Product type: Workstation
16:08:25.0500 5768   ComputerName: DADDYSLAPTOP-PC
16:08:25.0500 5768   UserName: Daddy's Laptop
16:08:25.0500 5768   Windows directory: C:\Windows
16:08:25.0500 5768   System windows directory: C:\Windows
16:08:25.0500 5768   Running under WOW64
16:08:25.0500 5768   Processor architecture: Intel x64
16:08:25.0500 5768   Number of processors: 2
16:08:25.0500 5768   Page size: 0x1000
16:08:25.0500 5768   Boot type: Normal boot
16:08:25.0500 5768   ============================================================
16:08:27.0773 5768   Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:08:27.0780 5768   \Device\Harddisk0\DR0:
16:08:27.0781 5768   MBR used
16:08:27.0781 5768   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:08:27.0781 5768   \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
16:08:27.0881 5768   Initialize success
16:08:27.0881 5768   ============================================================
16:08:52.0154 2164   ============================================================
16:08:52.0154 2164   Scan started
16:08:52.0154 2164   Mode: Manual; SigCheck; TDLFS;
16:08:52.0154 2164   ============================================================
16:08:54.0629 2164   1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:08:54.0914 2164   1394ohci - ok
16:08:55.0009 2164   ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:08:55.0110 2164   ACPI - ok
16:08:55.0195 2164   AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:08:55.0316 2164   AcpiPmi - ok
16:08:55.0377 2164   ACPIVPC (800b7a007380dce6d7fc0e476553c6cf) C:\Windows\system32\DRIVERS\AcpiVpc.sys
16:08:55.0521 2164   ACPIVPC - ok
16:08:55.0584 2164   adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:08:55.0702 2164   adp94xx - ok
16:08:55.0760 2164   adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:08:55.0857 2164   adpahci - ok
16:08:55.0899 2164   adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:08:55.0974 2164   adpu320 - ok
16:08:56.0004 2164   AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:08:56.0208 2164   AeLookupSvc - ok
16:08:56.0323 2164   AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:08:56.0411 2164   AFD - ok
16:08:56.0476 2164   agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:08:56.0553 2164   agp440 - ok
16:08:56.0592 2164   ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:08:56.0643 2164   ALG - ok
16:08:56.0679 2164   aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:08:56.0755 2164   aliide - ok
16:08:56.0786 2164   amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:08:56.0919 2164   amdide - ok
16:08:56.0980 2164   AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:08:57.0046 2164   AmdK8 - ok
16:08:57.0068 2164   AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:08:57.0122 2164   AmdPPM - ok
16:08:57.0199 2164   amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:08:57.0270 2164   amdsata - ok
16:08:57.0329 2164   amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:08:57.0371 2164   amdsbs - ok
16:08:57.0398 2164   amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:08:57.0465 2164   amdxata - ok
16:08:57.0566 2164   ApfiltrService (763c7b8af89235d3f59a9285897cef1c) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:08:57.0635 2164   ApfiltrService - ok
16:08:57.0731 2164   AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:08:57.0969 2164   AppID - ok
16:08:58.0005 2164   AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:08:58.0089 2164   AppIDSvc - ok
16:08:58.0178 2164   Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:08:58.0263 2164   Appinfo - ok
16:08:58.0399 2164   Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:08:58.0488 2164   Apple Mobile Device - ok
16:08:58.0601 2164   AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
16:08:58.0694 2164   AppMgmt - ok
16:08:58.0739 2164   arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:08:58.0842 2164   arc - ok
16:08:58.0935 2164   archlp (f97c3aaf0699e0b85df1a02de8aae333) C:\Windows\system32\drivers\archlp.sys
16:08:59.0022 2164   archlp - ok
16:08:59.0084 2164   arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:08:59.0183 2164   arcsas - ok
16:08:59.0237 2164   aspnet_state - ok
16:08:59.0306 2164   AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:08:59.0383 2164   AsyncMac - ok
16:08:59.0452 2164   atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:08:59.0502 2164   atapi - ok
16:08:59.0630 2164   AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:08:59.0736 2164   AudioEndpointBuilder - ok
16:08:59.0751 2164   AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:08:59.0820 2164   AudioSrv - ok
16:08:59.0898 2164   AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:09:00.0097 2164   AxInstSV - ok
16:09:00.0283 2164   b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:09:00.0442 2164   b06bdrv - ok
16:09:00.0550 2164   b57nd60a (93af5ccce5145aa3c2f0a41e7f65149a) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:09:00.0639 2164   b57nd60a - ok
16:09:00.0693 2164   BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:09:00.0813 2164   BDESVC - ok
16:09:00.0894 2164   Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:09:00.0981 2164   Beep - ok
16:09:01.0069 2164   BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:09:01.0174 2164   BFE - ok
16:09:01.0253 2164   BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:09:01.0453 2164   BITS - ok
16:09:01.0523 2164   blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:09:01.0585 2164   blbdrive - ok
16:09:01.0725 2164   Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:09:01.0813 2164   Bonjour Service - ok
16:09:01.0951 2164   bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:09:02.0058 2164   bowser - ok
16:09:02.0118 2164   BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:09:02.0248 2164   BrFiltLo - ok
16:09:02.0280 2164   BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:09:02.0382 2164   BrFiltUp - ok
16:09:02.0429 2164   Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:09:02.0529 2164   Browser - ok
16:09:02.0552 2164   Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:09:02.0685 2164   Brserid - ok
16:09:02.0709 2164   BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:09:02.0767 2164   BrSerWdm - ok
16:09:02.0787 2164   BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:09:02.0836 2164   BrUsbMdm - ok
16:09:02.0851 2164   BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:09:02.0898 2164   BrUsbSer - ok
16:09:02.0980 2164   BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:09:03.0098 2164   BthEnum - ok
16:09:03.0135 2164   BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:09:03.0202 2164   BTHMODEM - ok
16:09:03.0256 2164   BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:09:03.0318 2164   BthPan - ok
16:09:03.0368 2164   BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:09:03.0465 2164   BTHPORT - ok
16:09:03.0495 2164   bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:09:03.0592 2164   bthserv - ok
16:09:03.0639 2164   BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:09:03.0690 2164   BTHUSB - ok
16:09:03.0767 2164   btwaudio (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys
16:09:03.0844 2164   btwaudio - ok
16:09:03.0898 2164   btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
16:09:03.0980 2164   btwavdt - ok
16:09:04.0115 2164   btwdins (31da517946ffe416442e864592548f8a) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:09:04.0194 2164   btwdins - ok
16:09:04.0318 2164   btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
16:09:04.0417 2164   btwl2cap - ok
16:09:04.0516 2164   btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
16:09:04.0596 2164   btwrchid - ok
16:09:04.0815 2164   BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
16:09:05.0078 2164   BVRPMPR5a64 - ok
16:09:05.0240 2164   ccEvtMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
16:09:05.0293 2164   ccEvtMgr - ok
16:09:05.0300 2164   ccSetMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
16:09:05.0331 2164   ccSetMgr - ok
16:09:05.0412 2164   cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:09:05.0497 2164   cdfs - ok
16:09:05.0599 2164   cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:09:05.0661 2164   cdrom - ok
16:09:05.0736 2164   CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:09:05.0870 2164   CertPropSvc - ok
16:09:05.0927 2164   circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:09:05.0987 2164   circlass - ok
16:09:06.0038 2164   CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:09:06.0115 2164   CLFS - ok
16:09:06.0183 2164   clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:09:06.0333 2164   clr_optimization_v2.0.50727_32 - ok
16:09:06.0383 2164   clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:09:06.0462 2164   clr_optimization_v2.0.50727_64 - ok
16:09:06.0590 2164   clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:09:06.0695 2164   clr_optimization_v4.0.30319_32 - ok
16:09:06.0737 2164   clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:09:06.0797 2164   clr_optimization_v4.0.30319_64 - ok
16:09:06.0880 2164   CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:09:06.0931 2164   CmBatt - ok
16:09:06.0997 2164   cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:09:07.0072 2164   cmdide - ok
16:09:07.0126 2164   CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:09:07.0246 2164   CNG - ok
16:09:07.0294 2164   Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:09:07.0353 2164   Compbatt - ok
16:09:07.0437 2164   CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:09:07.0484 2164   CompositeBus - ok
16:09:07.0512 2164   COMSysApp - ok
16:09:07.0629 2164   cpuz132 - ok
16:09:07.0662 2164   crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:09:07.0729 2164   crcdisk - ok
16:09:07.0827 2164   CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:09:07.0925 2164   CryptSvc - ok
16:09:08.0041 2164   CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:09:08.0156 2164   CSC - ok
16:09:08.0216 2164   CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
16:09:08.0287 2164   CscService - ok
16:09:08.0326 2164   DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:09:08.0443 2164   DcomLaunch - ok
16:09:08.0482 2164   defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:09:08.0575 2164   defragsvc - ok
16:09:08.0650 2164   DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:09:08.0734 2164   DfsC - ok
16:09:08.0814 2164   Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:09:08.0923 2164   Dhcp - ok
16:09:08.0964 2164   discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:09:09.0139 2164   discache - ok
16:09:09.0199 2164   Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:09:09.0271 2164   Disk - ok
16:09:09.0368 2164   Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:09:09.0503 2164   Dnscache - ok
16:09:09.0601 2164   dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:09:09.0721 2164   dot3svc - ok
16:09:09.0849 2164   Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:09:09.0911 2164   Dot4 - ok
16:09:09.0963 2164   Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:09:10.0002 2164   Dot4Print - ok
16:09:10.0080 2164   dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:09:10.0168 2164   dot4usb - ok
16:09:10.0294 2164   DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:09:10.0397 2164   DPS - ok
16:09:10.0433 2164   drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:09:10.0506 2164   drmkaud - ok
16:09:10.0605 2164   DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:09:10.0734 2164   DXGKrnl - ok
16:09:10.0836 2164   EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:09:10.0920 2164   EapHost - ok
16:09:11.0057 2164   ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:09:11.0232 2164   ebdrv - ok
16:09:11.0381 2164   eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:09:11.0473 2164   eeCtrl - ok
16:09:11.0581 2164   EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:09:11.0651 2164   EFS - ok
16:09:11.0737 2164   ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:09:11.0952 2164   ehRecvr - ok
16:09:11.0999 2164   ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:09:12.0193 2164   ehSched - ok
16:09:12.0313 2164   ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
16:09:12.0380 2164   ElbyCDIO - ok
16:09:12.0459 2164   elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:09:12.0573 2164   elxstor - ok
16:09:12.0780 2164   EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:09:12.0864 2164   EraserUtilRebootDrv - ok
16:09:12.0979 2164   ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:09:13.0020 2164   ErrDev - ok
16:09:13.0085 2164   EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:09:13.0179 2164   EventSystem - ok
16:09:13.0214 2164   exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:09:13.0297 2164   exfat - ok
16:09:13.0325 2164   fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:09:13.0418 2164   fastfat - ok
16:09:13.0518 2164   Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:09:13.0624 2164   Fax - ok
16:09:13.0652 2164   fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:09:13.0701 2164   fdc - ok
16:09:13.0745 2164   fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:09:13.0824 2164   fdPHost - ok
16:09:13.0847 2164   FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:09:13.0924 2164   FDResPub - ok
16:09:13.0952 2164   FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:09:14.0031 2164   FileInfo - ok
16:09:14.0072 2164   Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:09:14.0156 2164   Filetrace - ok
16:09:14.0183 2164   flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:09:14.0219 2164   flpydisk - ok
16:09:14.0296 2164   FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:09:14.0369 2164   FltMgr - ok
16:09:14.0449 2164   FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:09:14.0530 2164   FontCache - ok
16:09:14.0606 2164   FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:09:14.0704 2164   FontCache3.0.0.0 - ok
16:09:14.0784 2164   FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:09:14.0856 2164   FsDepends - ok
16:09:14.0947 2164   Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:09:14.0981 2164   Fs_Rec - ok
16:09:15.0313 2164   funfrm - ok
16:09:15.0485 2164   fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:09:15.0577 2164   fvevol - ok
16:09:15.0645 2164   gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:09:15.0691 2164   gagp30kx - ok
16:09:15.0771 2164   GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:09:15.0837 2164   GEARAspiWDM - ok
16:09:15.0956 2164   gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:09:16.0059 2164   gpsvc - ok
16:09:16.0235 2164   gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:09:16.0597 2164   gupdate - ok
16:09:16.0668 2164   gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:09:16.0709 2164   gupdatem - ok
16:09:16.0961 2164   hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:09:17.0053 2164   hcw85cir - ok
16:09:17.0221 2164   HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:09:17.0319 2164   HdAudAddService - ok
16:09:17.0390 2164   HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:09:17.0457 2164   HDAudBus - ok
16:09:17.0510 2164   HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:09:17.0593 2164   HidBatt - ok
16:09:17.0625 2164   HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:09:17.0706 2164   HidBth - ok
16:09:17.0758 2164   HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:09:17.0819 2164   HidIr - ok
16:09:17.0861 2164   hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:09:17.0943 2164   hidserv - ok
16:09:18.0045 2164   HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:09:18.0073 2164   HidUsb - ok
16:09:18.0147 2164   hitmanpro35 (8ab06ddaf6fe854db1e28f7c0ab1fce3) C:\Windows\system32\drivers\hitmanpro36.sys
16:09:18.0222 2164   hitmanpro35 - ok
16:09:18.0275 2164   hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:09:18.0429 2164   hkmsvc - ok
16:09:18.0496 2164   HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:09:18.0587 2164   HomeGroupListener - ok
16:09:18.0657 2164   HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:09:18.0725 2164   HomeGroupProvider - ok
16:09:19.0063 2164   hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
16:09:19.0135 2164   hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
16:09:19.0136 2164   hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
16:09:19.0221 2164   hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
16:09:19.0273 2164   hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
16:09:19.0274 2164   hpqddsvc - detected UnsignedFile.Multi.Generic (1)
16:09:19.0493 2164   HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:09:19.0590 2164   HpSAMD - ok
16:09:19.0943 2164   HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
16:09:20.0024 2164   HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
16:09:20.0024 2164   HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
16:09:20.0259 2164   HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:09:20.0365 2164   HTTP - ok
16:09:20.0484 2164   hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:09:20.0552 2164   hwpolicy - ok
16:09:20.0658 2164   i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:09:20.0729 2164   i8042prt - ok
16:09:20.0871 2164   iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:09:20.0961 2164   iaStorV - ok
16:09:21.0129 2164   IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:09:21.0237 2164   IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:09:21.0237 2164   IDriverT - detected UnsignedFile.Multi.Generic (1)
16:09:21.0809 2164   idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:09:21.0930 2164   idsvc - ok
16:09:24.0223 2164   igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:09:24.0504 2164   igfx - ok
16:09:24.0602 2164   iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:09:24.0679 2164   iirsp - ok
16:09:25.0059 2164   IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:09:25.0167 2164   IKEEXT - ok
16:09:25.0964 2164   IntcAzAudAddService (96b0a408842b0e214edcb41e89438999) C:\Windows\system32\drivers\RTKVHD64.sys
16:09:26.0156 2164   IntcAzAudAddService - ok
16:09:26.0606 2164   intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:09:26.0674 2164   intelide - ok
16:09:26.0725 2164   intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:09:26.0772 2164   intelppm - ok
16:09:26.0834 2164   IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:09:26.0910 2164   IPBusEnum - ok
16:09:27.0083 2164   IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:09:27.0176 2164   IpFilterDriver - ok
16:09:27.0352 2164   iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:09:27.0457 2164   iphlpsvc - ok
16:09:27.0511 2164   IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:09:27.0591 2164   IPMIDRV - ok
16:09:27.0670 2164   IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:09:27.0775 2164   IPNAT - ok
16:09:28.0031 2164   iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
16:09:28.0117 2164   iPod Service - ok
16:09:28.0539 2164   IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:09:28.0657 2164   IRENUM - ok
16:09:28.0715 2164   isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:09:28.0789 2164   isapnp - ok
16:09:28.0849 2164   iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:09:28.0904 2164   iScsiPrt - ok
16:09:28.0927 2164   kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:09:29.0043 2164   kbdclass - ok
16:09:29.0343 2164   kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:09:29.0407 2164   kbdhid - ok
16:09:29.0481 2164   KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:09:29.0509 2164   KeyIso - ok
16:09:29.0635 2164   KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:09:29.0726 2164   KSecDD - ok
16:09:29.0816 2164   KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:09:29.0877 2164   KSecPkg - ok
16:09:29.0937 2164   ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:09:30.0011 2164   ksthunk - ok
16:09:30.0237 2164   KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:09:30.0363 2164   KtmRm - ok
16:09:30.0514 2164   LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:09:30.0606 2164   LanmanServer - ok
16:09:30.0670 2164   LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:09:30.0756 2164   LanmanWorkstation - ok
16:09:31.0098 2164   LiveUpdate (e34152d03caaaaa81dd66d803f392522) C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
16:09:31.0369 2164   LiveUpdate - ok
16:09:31.0485 2164   lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:09:31.0561 2164   lltdio - ok
16:09:31.0645 2164   lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:09:31.0725 2164   lltdsvc - ok
16:09:31.0744 2164   lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:09:31.0807 2164   lmhosts - ok
16:09:31.0862 2164   LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:09:31.0930 2164   LSI_FC - ok
16:09:31.0989 2164   LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:09:32.0059 2164   LSI_SAS - ok
16:09:32.0096 2164   LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:09:32.0158 2164   LSI_SAS2 - ok
16:09:32.0194 2164   LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:09:32.0263 2164   LSI_SCSI - ok
16:09:32.0310 2164   luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:09:32.0501 2164   luafv - ok
16:09:32.0643 2164   MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
16:09:32.0739 2164   MBAMProtector - ok
16:09:32.0829 2164   MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:09:32.0951 2164   MBAMService - ok
16:09:33.0114 2164   Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:09:33.0152 2164   Mcx2Svc - ok
16:09:33.0202 2164   megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:09:33.0283 2164   megasas - ok
16:09:33.0377 2164   MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:09:33.0454 2164   MegaSR - ok
16:09:33.0636 2164   Microsoft SharePoint Workspace Audit Service - ok
16:09:33.0803 2164   MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:09:33.0885 2164   MMCSS - ok
16:09:33.0942 2164   Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:09:34.0015 2164   Modem - ok
16:09:34.0085 2164   MODEMCSA (e38aef079cd3bcfa19f2072a214f829d) C:\Windows\system32\drivers\MODEMCSA.sys
16:09:34.0126 2164   MODEMCSA - ok
16:09:34.0165 2164   monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:09:34.0235 2164   monitor - ok
16:09:34.0286 2164   MotioninJoyXFilter (16f9f464da6e02a020bce626c56a1797) C:\Windows\system32\DRIVERS\MijXfilt.sys
16:09:34.0374 2164   MotioninJoyXFilter - ok
16:09:34.0451 2164   mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:09:34.0511 2164   mouclass - ok
16:09:34.0572 2164   mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:09:34.0600 2164   mouhid - ok
16:09:34.0655 2164   mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:09:34.0730 2164   mountmgr - ok
16:09:34.0786 2164   mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:09:34.0874 2164   mpio - ok
16:09:34.0929 2164   mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:09:34.0995 2164   mpsdrv - ok
16:09:35.0072 2164   MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:09:35.0180 2164   MpsSvc - ok
16:09:35.0235 2164   MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:09:35.0304 2164   MRxDAV - ok
16:09:35.0352 2164   mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:09:35.0420 2164   mrxsmb - ok
16:09:35.0483 2164   mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:09:35.0540 2164   mrxsmb10 - ok
16:09:35.0580 2164   mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:09:35.0609 2164   mrxsmb20 - ok
16:09:35.0660 2164   msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:09:35.0741 2164   msahci - ok
16:09:35.0799 2164   msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:09:35.0863 2164   msdsm - ok
16:09:35.0908 2164   MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:09:35.0971 2164   MSDTC - ok
16:09:36.0033 2164   Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:09:36.0093 2164   Msfs - ok
16:09:36.0108 2164   mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:09:36.0234 2164   mshidkmdf - ok
16:09:36.0290 2164   msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:09:36.0316 2164   msisadrv - ok
16:09:36.0356 2164   MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:09:36.0436 2164   MSiSCSI - ok
16:09:36.0445 2164   msiserver - ok
16:09:36.0491 2164   MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:09:36.0564 2164   MSKSSRV - ok
16:09:36.0583 2164   MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:09:36.0671 2164   MSPCLOCK - ok
16:09:36.0701 2164   MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:09:36.0780 2164   MSPQM - ok
16:09:36.0841 2164   MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:09:36.0948 2164   MsRPC - ok
16:09:37.0005 2164   mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:09:37.0082 2164   mssmbios - ok
16:09:37.0142 2164   MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:09:37.0220 2164   MSTEE - ok
16:09:37.0242 2164   MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:09:37.0285 2164   MTConfig - ok
16:09:37.0322 2164   Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:09:37.0393 2164   Mup - ok
16:09:37.0454 2164   napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:09:37.0534 2164   napagent - ok
16:09:37.0583 2164   NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:09:37.0633 2164   NativeWifiP - ok
16:09:37.0782 2164   NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120410.020\ENG64.SYS
16:09:37.0819 2164   NAVENG - ok
16:09:37.0931 2164   NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20120410.020\EX64.SYS
16:09:38.0135 2164   NAVEX15 - ok
16:09:38.0285 2164   NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:09:38.0370 2164   NDIS - ok
16:09:38.0426 2164   NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:09:38.0509 2164   NdisCap - ok
16:09:38.0546 2164   NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:09:38.0613 2164   NdisTapi - ok
16:09:38.0670 2164   Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:09:38.0746 2164   Ndisuio - ok
16:09:38.0813 2164   NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:09:38.0893 2164   NdisWan - ok
16:09:38.0961 2164   NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:09:39.0046 2164   NDProxy - ok
16:09:39.0141 2164   Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
16:09:39.0173 2164   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:09:39.0173 2164   Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:09:39.0222 2164   NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:09:39.0305 2164   NetBIOS - ok
16:09:39.0360 2164   NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:09:39.0452 2164   NetBT - ok
16:09:39.0498 2164   Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:09:39.0526 2164   Netlogon - ok
16:09:39.0558 2164   Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:09:39.0650 2164   Netman - ok
16:09:39.0682 2164   netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:09:39.0766 2164   netprofm - ok

christopher.ellis01 · « **Reply #3 on:** April 11, 2012, 03:57:24 PM »

and the second half of the above message:

16:09:39.0825 2164   NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:09:39.0893 2164   NetTcpPortSharing - ok
16:09:40.0173 2164   netw5v64 (50d4c98bc85e87e5f38bd3960457c18b) C:\Windows\system32\DRIVERS\netw5v64.sys
16:09:40.0524 2164   netw5v64 - ok
16:09:40.0689 2164   nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:09:40.0765 2164   nfrd960 - ok
16:09:40.0856 2164   NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:09:40.0946 2164   NlaSvc - ok
16:09:40.0979 2164   Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:09:41.0041 2164   Npfs - ok
16:09:41.0068 2164   nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:09:41.0146 2164   nsi - ok
16:09:41.0172 2164   nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:09:41.0266 2164   nsiproxy - ok
16:09:41.0369 2164   Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:09:41.0463 2164   Ntfs - ok
16:09:41.0495 2164   Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:09:41.0578 2164   Null - ok
16:09:41.0656 2164   nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:09:41.0731 2164   nvraid - ok
16:09:41.0781 2164   nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:09:41.0863 2164   nvstor - ok
16:09:41.0917 2164   nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:09:41.0959 2164   nv_agp - ok
16:09:42.0017 2164   ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:09:42.0070 2164   ohci1394 - ok
16:09:42.0161 2164   ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:09:42.0222 2164   ose - ok
16:09:42.0444 2164   osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:09:42.0671 2164   osppsvc - ok
16:09:42.0756 2164   p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:09:42.0824 2164   p2pimsvc - ok
16:09:42.0869 2164   p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:09:42.0947 2164   p2psvc - ok
16:09:43.0018 2164   Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:09:43.0058 2164   Parport - ok
16:09:43.0110 2164   partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:09:43.0140 2164   partmgr - ok
16:09:43.0162 2164   PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:09:43.0216 2164   PcaSvc - ok
16:09:43.0276 2164   pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:09:43.0356 2164   pci - ok
16:09:43.0393 2164   pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:09:43.0509 2164   pciide - ok
16:09:43.0561 2164   pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:09:43.0656 2164   pcmcia - ok
16:09:43.0694 2164   pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:09:43.0759 2164   pcw - ok
16:09:43.0804 2164   PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:09:43.0911 2164   PEAUTH - ok
16:09:43.0984 2164   PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
16:09:44.0075 2164   PeerDistSvc - ok
16:09:44.0137 2164   PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:09:44.0202 2164   PerfHost - ok
16:09:44.0338 2164   pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:09:44.0506 2164   pla - ok
16:09:44.0602 2164   PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:09:44.0733 2164   PlugPlay - ok
16:09:44.0834 2164   Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
16:09:44.0872 2164   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:09:44.0873 2164   Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:09:44.0914 2164   PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:09:44.0951 2164   PNRPAutoReg - ok
16:09:44.0981 2164   PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:09:45.0016 2164   PNRPsvc - ok
16:09:45.0094 2164   PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:09:45.0189 2164   PolicyAgent - ok
16:09:45.0219 2164   Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:09:45.0306 2164   Power - ok
16:09:45.0379 2164   PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:09:45.0463 2164   PptpMiniport - ok
16:09:45.0501 2164   Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:09:45.0549 2164   Processor - ok
16:09:45.0622 2164   ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:09:45.0702 2164   ProfSvc - ok
16:09:45.0748 2164   ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:09:45.0776 2164   ProtectedStorage - ok
16:09:45.0840 2164   Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:09:45.0901 2164   Psched - ok
16:09:45.0987 2164   ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:09:46.0157 2164   ql2300 - ok
16:09:46.0187 2164   ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:09:46.0250 2164   ql40xx - ok
16:09:46.0311 2164   QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:09:46.0394 2164   QWAVE - ok
16:09:46.0434 2164   QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:09:46.0492 2164   QWAVEdrv - ok
16:09:46.0520 2164   RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:09:46.0600 2164   RasAcd - ok
16:09:46.0648 2164   RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:09:46.0730 2164   RasAgileVpn - ok
16:09:46.0755 2164   RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:09:46.0844 2164   RasAuto - ok
16:09:46.0900 2164   Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:09:46.0981 2164   Rasl2tp - ok
16:09:47.0047 2164   RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:09:47.0124 2164   RasMan - ok
16:09:47.0164 2164   RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:09:47.0230 2164   RasPppoe - ok
16:09:47.0253 2164   RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:09:47.0336 2164   RasSstp - ok
16:09:47.0403 2164   rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:09:47.0536 2164   rdbss - ok
16:09:47.0568 2164   rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:09:47.0616 2164   rdpbus - ok
16:09:47.0641 2164   RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:09:47.0748 2164   RDPCDD - ok
16:09:47.0800 2164   RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:09:47.0841 2164   RDPDR - ok
16:09:47.0875 2164   RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:09:47.0956 2164   RDPENCDD - ok
16:09:47.0988 2164   RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:09:48.0048 2164   RDPREFMP - ok
16:09:48.0109 2164   RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:09:48.0177 2164   RDPWD - ok
16:09:48.0245 2164   rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:09:48.0330 2164   rdyboost - ok
16:09:48.0387 2164   RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:09:48.0483 2164   RemoteAccess - ok
16:09:48.0526 2164   RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:09:48.0623 2164   RemoteRegistry - ok
16:09:48.0718 2164   RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:09:48.0778 2164   RFCOMM - ok
16:09:48.0857 2164   rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
16:09:48.0914 2164   rimmptsk - ok
16:09:48.0955 2164   rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
16:09:49.0050 2164   rimsptsk - ok
16:09:49.0093 2164   rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
16:09:49.0177 2164   rismxdp - ok
16:09:49.0230 2164   RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:09:49.0312 2164   RpcEptMapper - ok
16:09:49.0357 2164   RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:09:49.0406 2164   RpcLocator - ok
16:09:49.0465 2164   RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:09:49.0534 2164   RpcSs - ok
16:09:49.0580 2164   rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:09:49.0647 2164   rspndr - ok
16:09:49.0697 2164   s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:09:49.0770 2164   s3cap - ok
16:09:49.0817 2164   SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:09:49.0845 2164   SamSs - ok
16:09:49.0902 2164   sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:09:49.0980 2164   sbp2port - ok
16:09:50.0153 2164   SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
16:09:50.0272 2164   SBSDWSCService - ok
16:09:50.0370 2164   SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:09:50.0496 2164   SCardSvr - ok
16:09:50.0585 2164   scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:09:50.0661 2164   scfilter - ok
16:09:50.0749 2164   Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:09:50.0852 2164   Schedule - ok
16:09:50.0899 2164   SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:09:50.0959 2164   SCPolicySvc - ok
16:09:51.0037 2164   sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
16:09:51.0072 2164   sdbus - ok
16:09:51.0140 2164   SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:09:51.0192 2164   SDRSVC - ok
16:09:51.0235 2164   secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:09:51.0294 2164   secdrv - ok
16:09:51.0342 2164   seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:09:51.0432 2164   seclogon - ok
16:09:51.0473 2164   SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:09:51.0550 2164   SENS - ok
16:09:51.0572 2164   SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:09:51.0671 2164   SensrSvc - ok
16:09:51.0722 2164   Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:09:51.0768 2164   Serenum - ok
16:09:51.0805 2164   Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:09:51.0844 2164   Serial - ok
16:09:51.0893 2164   sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:09:51.0978 2164   sermouse - ok
16:09:52.0029 2164   SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:09:52.0104 2164   SessionEnv - ok
16:09:52.0161 2164   sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
16:09:52.0236 2164   sffdisk - ok
16:09:52.0257 2164   sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:09:52.0307 2164   sffp_mmc - ok
16:09:52.0332 2164   sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:09:52.0383 2164   sffp_sd - ok
16:09:52.0406 2164   sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:09:52.0530 2164   sfloppy - ok
16:09:52.0589 2164   SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:09:52.0669 2164   SharedAccess - ok
16:09:52.0740 2164   ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:09:52.0821 2164   ShellHWDetection - ok
16:09:52.0886 2164   SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:09:52.0924 2164   SiSRaid2 - ok
16:09:52.0949 2164   SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:09:53.0029 2164   SiSRaid4 - ok
16:09:53.0085 2164   Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:09:53.0157 2164   Smb - ok
16:09:53.0389 2164   SmcService (ad97b711074cf27da0c00f2c26e1a62c) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
16:09:53.0615 2164   SmcService - ok
16:09:53.0759 2164   smserial (22631aaf0ac9e9881ce76beac27d8030) C:\Windows\system32\DRIVERS\smserial.sys
16:09:53.0873 2164   smserial - ok
16:09:54.0030 2164   SNAC (91bd8e268d93aaf5f59aac9de84a25bb) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
16:09:54.0094 2164   SNAC - ok
16:09:54.0211 2164   SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:09:54.0267 2164   SNMPTRAP - ok
16:09:54.0672 2164   SNP2UVC (3586cd8db614951d0d78edbb2d8aee7c) C:\Windows\system32\DRIVERS\snp2uvc.sys
16:09:55.0092 2164   SNP2UVC - ok
16:09:55.0202 2164   Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
16:09:55.0259 2164   Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - warning
16:09:55.0259 2164   Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic (1)
16:09:55.0355 2164   spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:09:55.0440 2164   spldr - ok
16:09:55.0539 2164   Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:09:55.0608 2164   Spooler - ok
16:09:55.0768 2164   sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:09:56.0144 2164   sppsvc - ok
16:09:56.0245 2164   sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:09:56.0318 2164   sppuinotify - ok
16:09:56.0394 2164   SRTSP (32900ac9cfdc578531279886ca16a4df) C:\Windows\system32\Drivers\SRTSP64.SYS
16:09:56.0461 2164   SRTSP - ok
16:09:56.0516 2164   SRTSPL (8929566d1f14685fd78eaf25bee3ecc7) C:\Windows\system32\Drivers\SRTSPL64.SYS
16:09:56.0614 2164   SRTSPL - ok
16:09:56.0651 2164   SRTSPX (cb2fdf47ee67f8cca5362ed9b94fe955) C:\Windows\system32\Drivers\SRTSPX64.SYS
16:09:56.0704 2164   SRTSPX - ok
16:09:56.0764 2164   srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:09:56.0865 2164   srv - ok
16:09:56.0911 2164   srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:09:56.0969 2164   srv2 - ok
16:09:56.0999 2164   srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:09:57.0030 2164   srvnet - ok
16:09:57.0073 2164   SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:09:57.0165 2164   SSDPSRV - ok
16:09:57.0200 2164   SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:09:57.0307 2164   SstpSvc - ok
16:09:57.0400 2164   Steam Client Service - ok
16:09:57.0504 2164   stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:09:57.0581 2164   stexstor - ok
16:09:57.0690 2164   StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
16:09:57.0735 2164   StillCam - ok
16:09:57.0813 2164   stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:09:57.0893 2164   stisvc - ok
16:09:57.0975 2164   storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:09:58.0004 2164   storflt - ok
16:09:58.0040 2164   StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
16:09:58.0134 2164   StorSvc - ok
16:09:58.0167 2164   storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:09:58.0241 2164   storvsc - ok
16:09:58.0272 2164   swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:09:58.0402 2164   swenum - ok
16:09:58.0456 2164   swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:09:58.0556 2164   swprv - ok
16:09:58.0728 2164   Symantec AntiVirus (ba2fb8f8ab24d0279caa98a4c118150e) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
16:09:58.0867 2164   Symantec AntiVirus - ok
16:09:58.0983 2164   SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:09:59.0024 2164   SymEvent - ok
16:09:59.0129 2164   SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:09:59.0235 2164   SysMain - ok
16:09:59.0285 2164   TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:09:59.0341 2164   TabletInputService - ok
16:09:59.0416 2164   taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
16:09:59.0493 2164   taphss - ok
16:09:59.0550 2164   TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:09:59.0629 2164   TapiSrv - ok
16:09:59.0658 2164   TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:09:59.0766 2164   TBS - ok
16:09:59.0898 2164   Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:10:00.0009 2164   Tcpip - ok
16:10:00.0091 2164   TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:10:00.0182 2164   TCPIP6 - ok
16:10:00.0236 2164   tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:10:00.0330 2164   tcpipreg - ok
16:10:00.0371 2164   TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:10:00.0466 2164   TDPIPE - ok
16:10:00.0531 2164   TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:10:00.0578 2164   TDTCP - ok
16:10:00.0689 2164   tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:10:00.0776 2164   tdx - ok
16:10:00.0864 2164   Teefer2 (13657dc475de564247745bf4da23207c) C:\Windows\system32\DRIVERS\teefer2.sys
16:10:00.0934 2164   Teefer2 - ok
16:10:00.0990 2164   TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:10:01.0017 2164   TermDD - ok
16:10:01.0060 2164   TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:10:01.0168 2164   TermService - ok
16:10:01.0227 2164   Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:10:01.0284 2164   Themes - ok
16:10:01.0321 2164   THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:10:01.0383 2164   THREADORDER - ok
16:10:01.0421 2164   TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:10:01.0495 2164   TrkWks - ok
16:10:01.0551 2164   TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:10:01.0631 2164   TrustedInstaller - ok
16:10:01.0726 2164   tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:10:01.0798 2164   tssecsrv - ok
16:10:01.0859 2164   TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:10:01.0905 2164   TsUsbFlt - ok
16:10:01.0977 2164   tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:10:02.0055 2164   tunnel - ok
16:10:02.0085 2164   uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:10:02.0164 2164   uagp35 - ok
16:10:02.0239 2164   udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:10:02.0342 2164   udfs - ok
16:10:02.0395 2164   UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:10:02.0463 2164   UI0Detect - ok
16:10:02.0517 2164   uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:10:02.0582 2164   uliagpkx - ok
16:10:02.0632 2164   umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:10:02.0678 2164   umbus - ok
16:10:02.0712 2164   UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:10:02.0752 2164   UmPass - ok
16:10:02.0810 2164   UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
16:10:02.0860 2164   UmRdpService - ok
16:10:02.0903 2164   upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:10:02.0991 2164   upnphost - ok
16:10:03.0090 2164   USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:10:03.0127 2164   USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
16:10:03.0127 2164   USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
16:10:03.0221 2164   usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:10:03.0265 2164   usbaudio - ok
16:10:03.0322 2164   usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:10:03.0412 2164   usbccgp - ok
16:10:03.0473 2164   usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:10:03.0517 2164   usbcir - ok
16:10:03.0581 2164   usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:10:03.0609 2164   usbehci - ok
16:10:03.0682 2164   usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:10:03.0737 2164   usbhub - ok
16:10:03.0776 2164   usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
16:10:03.0811 2164   usbohci - ok
16:10:03.0841 2164   usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:10:03.0938 2164   usbprint - ok
16:10:04.0008 2164   usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:10:04.0100 2164   usbscan - ok
16:10:04.0150 2164   USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:10:04.0229 2164   USBSTOR - ok
16:10:04.0293 2164   usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
16:10:04.0320 2164   usbuhci - ok
16:10:04.0398 2164   usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:10:04.0443 2164   usbvideo - ok
16:10:04.0481 2164   UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:10:04.0574 2164   UxSms - ok
16:10:04.0615 2164   VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:10:04.0643 2164   VaultSvc - ok
16:10:04.0702 2164   VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
16:10:04.0769 2164   VClone - ok
16:10:04.0824 2164   vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:10:04.0852 2164   vdrvroot - ok
16:10:04.0926 2164   vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:10:05.0017 2164   vds - ok
16:10:05.0051 2164   vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:10:05.0090 2164   vga - ok
16:10:05.0108 2164   VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:10:05.0181 2164   VgaSave - ok
16:10:05.0308 2164   vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:10:05.0401 2164   vhdmp - ok
16:10:05.0456 2164   viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:10:05.0494 2164   viaide - ok
16:10:05.0517 2164   vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:10:05.0602 2164   vmbus - ok
16:10:05.0638 2164   VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:10:05.0686 2164   VMBusHID - ok
16:10:05.0720 2164   volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:10:05.0781 2164   volmgr - ok
16:10:05.0844 2164   volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:10:05.0912 2164   volmgrx - ok
16:10:05.0950 2164   volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:10:06.0090 2164   volsnap - ok
16:10:06.0144 2164   vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:10:06.0226 2164   vsmraid - ok
16:10:06.0309 2164   VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:10:06.0434 2164   VSS - ok
16:10:06.0473 2164   vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:10:06.0568 2164   vwifibus - ok
16:10:06.0615 2164   W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:10:06.0687 2164   W32Time - ok
16:10:06.0713 2164   WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:10:06.0828 2164   WacomPen - ok
16:10:06.0906 2164   WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:10:07.0075 2164   WANARP - ok
16:10:07.0081 2164   Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:10:07.0145 2164   Wanarpv6 - ok
16:10:07.0235 2164   WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:10:07.0312 2164   WatAdminSvc - ok
16:10:07.0420 2164   wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:10:07.0586 2164   wbengine - ok
16:10:07.0630 2164   WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:10:07.0679 2164   WbioSrvc - ok
16:10:07.0744 2164   wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:10:07.0830 2164   wcncsvc - ok
16:10:07.0859 2164   WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:10:07.0906 2164   WcsPlugInService - ok
16:10:07.0955 2164   Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:10:08.0032 2164   Wd - ok
16:10:08.0122 2164   WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
16:10:08.0198 2164   WDC_SAM - ok
16:10:08.0233 2164   Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:10:08.0313 2164   Wdf01000 - ok
16:10:08.0362 2164   WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:10:08.0457 2164   WdiServiceHost - ok
16:10:08.0463 2164   WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:10:08.0502 2164   WdiSystemHost - ok
16:10:08.0565 2164   WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:10:08.0648 2164   WebClient - ok
16:10:08.0681 2164   Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:10:08.0770 2164   Wecsvc - ok
16:10:08.0799 2164   wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:10:08.0879 2164   wercplsupport - ok
16:10:08.0918 2164   WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:10:08.0982 2164   WerSvc - ok
16:10:09.0018 2164   WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:10:09.0076 2164   WfpLwf - ok
16:10:09.0101 2164   WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:10:09.0174 2164   WIMMount - ok
16:10:09.0209 2164   WinDefend - ok
16:10:09.0219 2164   WinHttpAutoProxySvc - ok
16:10:09.0296 2164   Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:10:09.0368 2164   Winmgmt - ok
16:10:09.0467 2164   WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:10:09.0629 2164   WinRM - ok
16:10:09.0720 2164   WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:10:09.0759 2164   WinUsb - ok
16:10:09.0812 2164   Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:10:09.0889 2164   Wlansvc - ok
16:10:10.0046 2164   wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:10:10.0170 2164   wlidsvc - ok
16:10:10.0318 2164   WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:10:10.0382 2164   WmiAcpi - ok
16:10:10.0465 2164   wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:10:10.0563 2164   wmiApSrv - ok
16:10:10.0618 2164   WMPNetworkSvc - ok
16:10:10.0655 2164   WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:10:10.0713 2164   WPCSvc - ok
16:10:10.0777 2164   WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:10:10.0887 2164   WPDBusEnum - ok
16:10:10.0961 2164   WPS (6cab753b203f39b4ce05ff10013de2ef) C:\Windows\system32\drivers\wpsdrvnt.sys
16:10:11.0018 2164   WPS - ok
16:10:11.0103 2164   WpsHelper (d9b5a13804b7d97770c42da484a9d86e) C:\Windows\system32\drivers\WpsHelper.sys
16:10:11.0176 2164   WpsHelper - ok
16:10:11.0223 2164   ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:10:11.0298 2164   ws2ifsl - ok
16:10:11.0369 2164   WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
16:10:11.0424 2164   WsAudio_DeviceS(1) - ok
16:10:11.0479 2164   WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
16:10:11.0502 2164   WsAudio_DeviceS(2) - ok
16:10:11.0513 2164   WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
16:10:11.0537 2164   WsAudio_DeviceS(3) - ok
16:10:11.0618 2164   WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
16:10:11.0644 2164   WsAudio_DeviceS(4) - ok
16:10:11.0662 2164   WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
16:10:11.0685 2164   WsAudio_DeviceS(5) - ok
16:10:11.0730 2164   wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:10:11.0790 2164   wscsvc - ok
16:10:11.0802 2164   WSearch - ok
16:10:11.0919 2164   wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:10:12.0076 2164   wuauserv - ok
16:10:12.0144 2164   WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:10:12.0229 2164   WudfPf - ok
16:10:12.0299 2164   WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:10:12.0409 2164   WUDFRd - ok
16:10:12.0458 2164   wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:10:12.0519 2164   wudfsvc - ok
16:10:12.0628 2164   WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:10:12.0705 2164   WwanSvc - ok
16:10:12.0742 2164   xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys
16:10:12.0778 2164   xusb21 - ok
16:10:12.0853 2164   MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:10:12.0991 2164   \Device\Harddisk0\DR0 - ok
16:10:13.0001 2164   Boot (0x1200) (c6a0254a844c778f005ffd76f98d3818) \Device\Harddisk0\DR0\Partition0
16:10:13.0003 2164   \Device\Harddisk0\DR0\Partition0 - ok
16:10:13.0042 2164   Boot (0x1200) (6814f8297244d0ba7c5c18d4a07b5b92) \Device\Harddisk0\DR0\Partition1
16:10:13.0044 2164   \Device\Harddisk0\DR0\Partition1 - ok
16:10:13.0045 2164   ============================================================
16:10:13.0045 2164   Scan finished
16:10:13.0045 2164   ============================================================
16:10:13.0072 2252   Detected object count: 8
16:10:13.0072 2252   Actual detected object count: 8
16:11:33.0836 2252   hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
16:11:33.0836 2252   hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:11:33.0837 2252   hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:11:33.0837 2252   hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:11:33.0840 2252   HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
16:11:33.0840 2252   HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:11:33.0843 2252   IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:11:33.0843 2252   IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:11:33.0845 2252   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:11:33.0846 2252   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:11:33.0849 2252   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:11:33.0849 2252   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:11:33.0853 2252   Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:11:33.0853 2252   Sony SCSI Helper Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:11:33.0856 2252   USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
16:11:33.0857 2252   USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Here is the Malwarebites Anti Malware Log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.11.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Daddy's Laptop :: DADDYSLAPTOP-PC [administrator]

4/11/2012 4:28:58 PM
mbam-log-2012-04-11 (16-28-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240657
Time elapsed: 20 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Thanks for your assistance

C

Hoov · « **Reply #4 on:** April 11, 2012, 04:35:32 PM »

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix''s window while it''s running. That may cause it to stall

christopher.ellis01 · « **Reply #5 on:** April 12, 2012, 06:29:57 PM »

ComboFix Log is attached... Thanks!

ComboFix 12-04-12.03 - Daddy's Laptop 04/12/2012 18:38:31.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.1028 [GMT -5:00]
Running from: c:\users\Daddy's Laptop\Desktop\Spyware Removal\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Daddy's Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AD4A0C87-650C-4E13-ABA5-A29D4B894EA4}.xps
c:\users\Daddy's Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DE49C04C-2619-4D16-BC28-A79A5CD27ED3}.xps
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
.
.
2012-04-11 02:44 . 2012-03-01 06:46   23408   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2012-04-11 02:44 . 2012-03-01 06:38   220672   ----a-w-   c:\windows\system32\wintrust.dll
2012-04-11 02:44 . 2012-03-01 06:33   81408   ----a-w-   c:\windows\system32\imagehlp.dll
2012-04-11 02:44 . 2012-03-01 06:28   5120   ----a-w-   c:\windows\system32\wmi.dll
2012-04-11 02:44 . 2012-03-01 05:37   172544   ----a-w-   c:\windows\SysWow64\wintrust.dll
2012-04-11 02:44 . 2012-03-01 05:33   159232   ----a-w-   c:\windows\SysWow64\imagehlp.dll
2012-04-11 02:44 . 2012-03-01 05:29   5120   ----a-w-   c:\windows\SysWow64\wmi.dll
2012-03-29 17:42 . 2012-03-29 17:42   --------   d-----w-   c:\program files\iPod
2012-03-29 17:42 . 2012-03-29 17:44   --------   d-----w-   c:\program files\iTunes
2012-03-18 02:40 . 2012-03-18 02:40   592824   ----a-w-   c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 02:40 . 2012-03-18 02:40   44472   ----a-w-   c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-15 17:54 . 2012-04-11 02:44   --------   d-----w-   c:\windows\system32\MpEngineStore
2012-03-14 18:03 . 2012-02-03 04:34   3145728   ----a-w-   c:\windows\system32\win32k.sys
2012-03-14 18:02 . 2012-02-10 06:36   1544192   ----a-w-   c:\windows\system32\DWrite.dll
2012-03-14 18:02 . 2012-02-10 05:38   1077248   ----a-w-   c:\windows\SysWow64\DWrite.dll
2012-03-14 18:02 . 2012-01-25 06:38   77312   ----a-w-   c:\windows\system32\rdpwsx.dll
2012-03-14 18:02 . 2012-01-25 06:38   149504   ----a-w-   c:\windows\system32\rdpcorekmts.dll
2012-03-14 18:02 . 2012-01-25 06:33   9216   ----a-w-   c:\windows\system32\rdrmemptylst.exe
2012-03-14 18:01 . 2012-02-17 06:38   1031680   ----a-w-   c:\windows\system32\rdpcore.dll
2012-03-14 18:01 . 2012-02-17 05:34   826880   ----a-w-   c:\windows\SysWow64\rdpcore.dll
2012-03-14 18:01 . 2012-02-17 04:58   210944   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-03-14 18:01 . 2012-02-17 04:57   23552   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 20:56 . 2011-03-06 21:51   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-13 17:46 . 2012-03-13 17:46   27424   ----a-w-   c:\windows\system32\drivers\hitmanpro36.sys
2012-03-10 03:00 . 2011-05-18 11:32   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 23:44 . 2012-03-06 23:44   388096   ----a-r-   c:\users\Daddy's Laptop\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-14 17:09 . 2012-02-14 17:09   1070352   ----a-w-   c:\windows\SysWow64\MSCOMCTL.OCX
2012-01-22 22:22 . 2010-06-24 07:03   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-09-24 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"cdloader"="c:\users\Daddy's Laptop\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"MusicManager"="c:\users\Daddy's Laptop\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-03-20 13324288]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2008-05-26 5533184]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2008-07-25 8857488]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-08 115560]
"Philips Device Listener"="c:\program files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-05-27 375296]
"Reader Library Launcher"="c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-12 906648]
"ToolBoxFX"="c:\program files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2007-05-17 53248]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Reader Application Helper"="c:\program files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.exe" [2011-09-24 892928]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Daddy's Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files (x86)\Stardock\Impulse\Now\ImpulseNow.exe [2010-7-7 2042088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 funfrm;funfrm;

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 136176]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys

R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 136176]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys

S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-03 138360]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys

S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys

S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys

S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys

S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 01:01]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 01:01]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2872109295-2336179542-2905573493-1000Core.job
- c:\users\Daddy's Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-16 21:33]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2872109295-2336179542-2905573493-1000UA.job
- c:\users\Daddy's Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-16 21:33]
.
2012-04-12 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-11-16 10:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-30 10806816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1702400]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-29 569344]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-04-14 295936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.69.69
FF - ProfilePath - c:\users\Daddy's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\h01zjw8d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig|https://mail.google.com/mail/?shva=1#inbox|http://www.techforless.com/cgi-bin/tech4less/hot_deal.html?mv_pc=email804m
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Notify-igfxcui - (no file)
SafeBoot-Symantec Antvirus
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{E44D14E2-A6D0-4F38-BF06-2E4244E23FED} - c:\programdata\{E700EA29-049A-42E5-B85D-D2A74571B520}\infocus_setup_ext.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2872109295-2336179542-2905573493-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* %Ü**]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2872109295-2336179542-2905573493-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* %Ü**\OpenWithList]
@Class="Shell"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-12 18:58:55
ComboFix-quarantined-files.txt 2012-04-12 23:58
.
Pre-Run: 8,857,104,384 bytes free
Post-Run: 9,177,587,712 bytes free
.
- - End Of File - - 0879B007C178BF6572131722D9F676D6

Hoov · « **Reply #6 on:** April 12, 2012, 08:01:08 PM »

Are you still being redirected? How is the computer running?

christopher.ellis01 · « **Reply #7 on:** April 13, 2012, 11:49:49 AM »

It is still running really slow, but I think it is because its on its last leg and needs to be replaced.

The redirects have stopped tho! Did you see anything that would have caused it?

C

Hoov · « **Reply #8 on:** April 13, 2012, 10:23:11 PM »

Combofix removed a few things, chances are it was one of them.

As for the slow computer,

1.Download and scan with CCleaner
When you get to the website, there is a dark grey box on the left side with two tabs along the top. Inside this Dark Grey box is a light grey box. Below that light grey box is where the download links are at. The pay amount is for paid support.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:

Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.

In the Applications Tab:

Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Reboot the computer and let me know how it is running.

Hoov · « **Reply #9 on:** April 17, 2012, 07:11:37 PM »

christopher.ellis01, do you still need help?

christopher.ellis01 · « **Reply #10 on:** April 18, 2012, 09:14:28 PM »

Hoov,

I apologize, I have been out of town on business. The PC is running much better now. Thanks for all of your assistance with these issues. I am going to replace the PC soon but need it to continue to run until I get a new one and can get the data off of the hard drive.

Do you recommend any particular AV program? I can get Norton System Works or McAfee from work, but not sure which to use. Norton seems to have let me down by letting these redirects through and seems to bog down the system. What are your thoughts?

Thanks again for your help,

Christopher

Hoov · « **Reply #11 on:** April 18, 2012, 09:55:17 PM »

I don't recommend either of those products, they have gotten to big and take to many resources. We have a list of free AV scanners here, but I also recommend AVG, because I use it. Microsoft Security Essentials also gets good reviews from people I trust.

christopher.ellis01 · « **Reply #12 on:** April 19, 2012, 08:30:31 PM »

Thanks again for your assistance. I will look at AVG and MS Essentials. Have a great weekend!

Christopher

Hoov · « **Reply #13 on:** April 19, 2012, 08:37:40 PM »

We are not totally done yet. There is a bit of cleanup to do.

Now there are a few thing's you need to do to fully clean your system and keep it secure.

Run OTC
Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Cleaning out Temporary Files etc. There are several different products that you can use for this. You can go thru the Internet Options in the windows Control Panel. There are several programs that also do the job better than windows does it, in my opinion. There is System Security Suite, EasyCleaner, Ccleaner. Also sometimes other program sometimes do it as well as what you originally got it for like ZoneAlarm Security Suite. Just make sure to keep them updated and use them regularly.

Disable and Enable System Restore.
I recommend you turn off System restore, and then turn it back on so that you will not be able to restore your problems to a clean computer.
For Vista use these instructions, Windows Vista Restore Guide
For XP use these instructions, Windows XP System Restore Guide
Reboot
Re-enable system restore with instructions from tutorial above
Create a System Restore Point
Go to all programs, then to accessories, then to system tools, then to system restore. Check the box for create restore point (not select a restore point), then click next and follow the instructions.

Make your Internet Explorer more secure - This can be done by following these simple instructions: (unless you are using ZoneAlarm Security Suite or something similar, then you would secure the browser thru the firewall). There are some good basic instructions for that here.

Use a different browser other than IE (most exploits are pointed towards IE). One of them is
Firefox.
It is also worth trying Thunderbird for controlling spam in your e-mail.

Always use an UPDATED anti-virus program Make sure you update this at least weekly, if not more often. This is one thing that may save you more than anything else.

Run malware scanners. Three free ones are Spybot Search and Destroy, and AdAware and Malwarebytes' Anti-Malware

Always use a firewall.
Any firewall is better than none, and you should pick a firewall that you will use, as even the best firewall is worthless if you turn it off.

Learn how to use your firewall Only programs that need it should have access to the net. But these are specific to the firewall you use, so you will need to learn how. Several firewalls have support forums here. My page will help you with ZoneAlarm if that is what you choose.

Never run two Antivirus programs or two Firewalls at the same time. They can interfere with each other and cause problems. Some people swear that more protection is provided, but the reverse is true. They tend to argue amongst themselves and end up leaving holes. Now I have more than 1 AV installed on my computer, and I keep them up to date. I only run one at a time, but each program has weakness's, so I keep a backup in case my computer starts acting up.

MOST IMPORTANT : Windows and IE, and whatever other software that you have that connects to the net, needs to be kept updated. The reason is, these programs connect to the net, and if there is an internal security problem, you have already told your firewall to allow the communication, and thus you will have allowed a hole. UPDATES are important. I suggest that you make sure that Windows Updates and the updates for your antivirus and antimalware programs are set for automatic updates. I also suggest running Secunia PSI. It will monitor the software you have installed and let you know when something needs to be updated.

Don't ever use P2P or filesharing software Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

Before using any malware detection / removal software Check with Rogue/Suspect Spyware List That way you will know if the program you are looking at is on the up and up. If you want to know how it stacks up against other programs check out SpywareWarrior

We have a good guide here at Spyware Hammer on how to prevent Malware in the Future. You might want to peruse this and follow the recommendations in there.
PLEASE READ IT AND FOLLOW THE RECOMMENDATIONS TO PROTECT YOURSELF.

Let us know if you have any more problems, either new or old.
Have a good time surfing the net, but stay safe.
If you have no more problems, let me know and I will mark this as resolved. Or if you have more questions, ask away, that is why I am here.

News:

Author Topic: [Resolved] Redirects and Slow Computer (Read 1094 times)

christopher.ellis01

[Resolved] Redirects and Slow Computer

Hoov

Re: [In Progress] Redirects and Slow Computer

christopher.ellis01

Re: [In Progress] Redirects and Slow Computer

christopher.ellis01

Re: [In Progress] Redirects and Slow Computer

Hoov

Re: [In Progress] Redirects and Slow Computer

christopher.ellis01

Re: [In Progress] Redirects and Slow Computer

Hoov

Re: [In Progress] Redirects and Slow Computer

christopher.ellis01

Re: [In Progress] Redirects and Slow Computer

Hoov

Re: [In Progress] Redirects and Slow Computer

Hoov

Re: [In Progress] Redirects and Slow Computer

christopher.ellis01

Re: [In Progress] Redirects and Slow Computer

Hoov

Re: [In Progress] Redirects and Slow Computer

christopher.ellis01

Re: [In Progress] Redirects and Slow Computer

Hoov

Re: [In Progress] Redirects and Slow Computer