Author Topic: [Resolved] Paging 1972vet. suspected virus in svchost.exe (Read 1224 times)

chris222 · « **on:** April 20, 2012, 07:26:19 AM »

1972vet, you helped me out with an issue I had on another machine about a month and a half ago and offered to help again if I marked a new thread to your attention. Well, I'm back! This machine picked up something around November or December of last year and started acting up: fake anti-virus pop-ups, redirects, ping.exe issues, etc. I tried to clean it as best I could with my limited knowledge, but there still seem to be problems. There are lots of svchost.exe processes running and some eat up lots of resources. I have posted the DSS and ATTACH logs below. Thanks in advance for your help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_24
Run by Dusty at 9:05:10 on 2012-04-20
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3837.2300 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_a02f3f3d\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_a02f3f3d\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDS.exe
C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\HPPU.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDH.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\Dusty\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge]
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [PUStarter] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe
mRun: [RunPUTasktray] "C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\HPPU.exe" --regkeypath=Software\Hewlett-Packard\HP Printer Utility\HPPURun --valuename=InstallTTM
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Dusty\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dusty\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Dusty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: doi.gov\www.itims
Trusted Zone: hp.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 24.247.15.53 24.247.24.53
TCP: Interfaces\{12CCA53B-4D68-4709-B953-AA0C2F5C49DA} : DhcpNameServer = 24.247.15.53 24.247.24.53
Handler: HPPUDCS - {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll
Handler: hppufile - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
Handler: hppusam - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
Handler: hppuzip - {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [PUStarter] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe
mRun-x64: [RunPUTasktray] "C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\HPPU.exe" --regkeypath=Software\Hewlett-Packard\HP Printer Utility\HPPURun --valuename=InstallTTM
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dusty\AppData\Roaming\Mozilla\Firefox\Profiles\hhiopp9z.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPJinit13122.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Users\Dusty\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Dusty\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: C:\Users\Dusty\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R0 Amddfltr64;Amd Disk Lower Filter Driver;C:\Windows\system32\DRIVERS\Amddfltr64.sys --> C:\Windows\system32\DRIVERS\Amddfltr64.sys [?]
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_a02f3f3d\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_a02f3f3d\AESTSr64.exe [?]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Windows\SMINST\BLService.exe [2008-5-21 341328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2008-11-7 24652]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-5-21 193840]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;C:\Windows\system32\DRIVERS\PTDMBus.sys --> C:\Windows\system32\DRIVERS\PTDMBus.sys [?]
S3 PTDMMdm;PANTECH USB Modem Drivers ;C:\Windows\system32\DRIVERS\PTDMMdm.sys --> C:\Windows\system32\DRIVERS\PTDMMdm.sys [?]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;C:\Windows\system32\DRIVERS\PTDMVsp.sys --> C:\Windows\system32\DRIVERS\PTDMVsp.sys [?]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;C:\Windows\system32\DRIVERS\PTDMWWAN.sys --> C:\Windows\system32\DRIVERS\PTDMWWAN.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2010-10-17 366840]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2010-10-17 1145816]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-17 93184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.txt=
.
=============== Created Last 30 ================
.
2012-04-11 22:51:36   --------   d-----r-   C:\Users\Dusty\Dropbox
2012-04-11 22:49:43   --------   d-----w-   C:\Users\Dusty\AppData\Roaming\Dropbox
.
==================== Find3M ====================
.
2012-02-07 15:02:40   1070352   ----a-w-   C:\Windows\SysWow64\MSCOMCTL.OCX
.
============= FINISH: 9:10:30.87 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/12/2008 4:08:13 AM
System Uptime: 4/20/2012 8:59:37 AM (1 hours ago)
.
Motherboard: HP | | 30F2
Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-72 | Socket M2/S1G1 | 2100/1800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 84.707 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.837 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C7200 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C7200 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Designjet T1100 44in
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP Designjet T1100 44in
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: hp color LaserJet 5500
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: Hewlett-Packard
Name: hp color LaserJet 5500
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8500 A910
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: HP
Name: Officejet Pro 8500 A910
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
8500A909_eDocs
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Photoshop 5.5
Adobe Reader 8.1.0
AIM 6
AIO_Scan
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Bing Bar
Bing Bar Platform
BPD_DSWizards
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
C7200
C7200_doccd
c7200_Help
Cards_Calendar_OrderGift_DoMorePlugout
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Copy
CRCU 2011 SSL Certificate
CustomerResearchQFolder
CyberLink DVD Suite
CyberLink YouCam
Destinations
DeviceDiscovery
DeviceManagementQFolder
DocMgr
DocProc
DocProcQFolder
Dropbox
eSupportQFolder
Facebook Plug-In
Fax
Garmin WebUpdater
Google SketchUp 7
GPBaseService2
GPL Ghostscript Lite 8.70
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Designjet T1100 Printer Series
HP Doc Viewer
HP Help and Support
HP MULTIPLE MODEM INSTALLER for VISTA
HP Photosmart Essential 2.5
HP Printer Utility
HP Proactive Services
HP Quick Launch Buttons 6.40 D3
HP QuickPlay 3.7
HP Total Care Advisor
HP Update
HP User Guides 0102
HP Web Registration
HP Wireless Assistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
HPTCSSetup
IDT Audio
Jagged Alliance 2
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 5
LabelPrint
LightScribe System Software 1.12.33.2
MarketResearch
Microsoft Age of Empires Gold
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Move Media Player
Mozilla Firefox (3.6.24)
MPM
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Oracle JInitiator 1.3.1.22
OverDrive Media Console
PanoStandAlone
Power2Go
PowerDirector
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
PSSWCORE
QuickPlay SlingPlayer 0.4.6
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sid Meier's Civilization IV Colonization
Skins
Slingbox Flash Tour
SlingPlayer
SmartWebPrinting
SolutionCenter
Spotify
Spyware Doctor 8.0
Status
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VZAccess Manager
WebReg
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/20/2012 9:01:10 AM, Error: Application Popup [1801] - The hardware has reported an uncorrectable memory error.
4/20/2012 9:00:42 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 00234D0AA78C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
4/19/2012 8:12:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the hpqwmiex service to connect.
4/19/2012 8:12:34 PM, Error: Service Control Manager [7000] - The hpqwmiex service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/19/2012 8:12:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
4/19/2012 8:11:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
.
==== End Of File ===========================

1972vet · « **Reply #1 on:** April 20, 2012, 07:32:26 AM »

Greetings chris222, and welcome back! While I look over your logs, please tell me everything you have done to date, to try and fix your issue. By the way, svchost.exe is a normal process (could be a problem, but it just all depends...). And, it's also common that multiple instances of it are running on most systems at all times. Nonetheless, we'll have a look at it to see what's going on. Thanks again for returning to us and I look forward to hearing from you regarding my question above.

chris222 · « **Reply #2 on:** April 20, 2012, 07:39:23 AM »

Thanks! I will try to remember exactly what I have done as it has been a few months since I tried anything. I ran multiple scans with Malwarebytes and ESET online scanner. I also ran the DSSKiller at least once. I may have taken some other measures, but I can't really remember. Whatever I did seems to have gotten rid of the anti-virus pop-ups, redirects, and other really obvious symptoms.

1972vet · « **Reply #3 on:** April 20, 2012, 07:42:01 AM »

Great thanks! Please post the TDSSKiller log, the ESET log, and the last MBAM log.

chris222 · « **Reply #4 on:** April 20, 2012, 07:48:24 AM »

Here is the DSSKiller log. I will try to find the others.

09:58:15.0999 4084   TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
09:58:16.0451 4084   ============================================================
09:58:16.0451 4084   Current date / time: 2012/01/04 09:58:16.0451
09:58:16.0451 4084   SystemInfo:
09:58:16.0451 4084
09:58:16.0451 4084   OS Version: 6.0.6001 ServicePack: 1.0
09:58:16.0451 4084   Product type: Workstation
09:58:16.0451 4084   ComputerName: DUSTY-LAPTOP
09:58:16.0451 4084   UserName: Dusty
09:58:16.0451 4084   Windows directory: C:\Windows
09:58:16.0451 4084   System windows directory: C:\Windows
09:58:16.0451 4084   Running under WOW64
09:58:16.0451 4084   Processor architecture: Intel x64
09:58:16.0451 4084   Number of processors: 2
09:58:16.0451 4084   Page size: 0x1000
09:58:16.0451 4084   Boot type: Normal boot
09:58:16.0451 4084   ============================================================
09:58:19.0306 4084   Initialize success
09:58:21.0084 3284   ============================================================
09:58:21.0084 3284   Scan started
09:58:21.0084 3284   Mode: Manual;
09:58:21.0084 3284   ============================================================
09:58:21.0771 3284   Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
09:58:21.0771 3284   Accelerometer - ok
09:58:21.0802 3284   ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
09:58:21.0818 3284   ACPI - ok
09:58:21.0942 3284   adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
09:58:21.0942 3284   adfs - ok
09:58:22.0130 3284   adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
09:58:22.0145 3284   adp94xx - ok
09:58:22.0192 3284   adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
09:58:22.0192 3284   adpahci - ok
09:58:22.0208 3284   adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
09:58:22.0208 3284   adpu160m - ok
09:58:22.0223 3284   adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
09:58:22.0239 3284   adpu320 - ok
09:58:22.0379 3284   AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
09:58:22.0395 3284   AFD - ok
09:58:22.0613 3284   AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys
09:58:22.0660 3284   AgereSoftModem - ok
09:58:22.0785 3284   agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
09:58:22.0785 3284   agp440 - ok
09:58:22.0847 3284   ahcix64s (bcb2a9b0563a5d2fd145f8eb956ae922) C:\Windows\system32\DRIVERS\ahcix64s.sys
09:58:22.0847 3284   ahcix64s - ok
09:58:22.0878 3284   aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
09:58:22.0894 3284   aic78xx - ok
09:58:22.0956 3284   aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
09:58:22.0956 3284   aliide - ok
09:58:23.0066 3284   Amddfltr64 (f8e5490961f1728d60295b7565dbdbd2) C:\Windows\system32\DRIVERS\Amddfltr64.sys
09:58:23.0066 3284   Amddfltr64 - ok
09:58:23.0112 3284   amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
09:58:23.0112 3284   amdide - ok
09:58:23.0206 3284   AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
09:58:23.0206 3284   AmdK8 - ok
09:58:23.0284 3284   arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
09:58:23.0300 3284   arc - ok
09:58:23.0331 3284   arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
09:58:23.0331 3284   arcsas - ok
09:58:23.0362 3284   AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
09:58:23.0362 3284   AsyncMac - ok
09:58:23.0409 3284   atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
09:58:23.0409 3284   atapi - ok
09:58:23.0799 3284   athr (7392080816811f6500ff685b8db66d7f) C:\Windows\system32\DRIVERS\athrx.sys
09:58:23.0814 3284   athr - ok
09:58:24.0002 3284   atikmdag (f83e06ebd2db41e65b28be72c179e26b) C:\Windows\system32\DRIVERS\atikmdag.sys
09:58:24.0095 3284   atikmdag - ok
09:58:24.0142 3284   AtiPcie (69eebb256503cded9bd0e9e43128c626) C:\Windows\system32\DRIVERS\AtiPcie.sys
09:58:24.0142 3284   AtiPcie - ok
09:58:24.0220 3284   BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys
09:58:24.0251 3284   BCM43XV - ok
09:58:24.0314 3284   Beep - ok
09:58:24.0376 3284   blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
09:58:24.0376 3284   blbdrive - ok
09:58:24.0470 3284   bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
09:58:24.0485 3284   bowser - ok
09:58:24.0532 3284   BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
09:58:24.0548 3284   BrFiltLo - ok
09:58:24.0641 3284   BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
09:58:24.0641 3284   BrFiltUp - ok
09:58:24.0672 3284   Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
09:58:24.0672 3284   Brserid - ok
09:58:24.0704 3284   BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
09:58:24.0704 3284   BrSerWdm - ok
09:58:24.0719 3284   BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
09:58:24.0719 3284   BrUsbMdm - ok
09:58:24.0750 3284   BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
09:58:24.0750 3284   BrUsbSer - ok
09:58:24.0797 3284   BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
09:58:24.0797 3284   BTHMODEM - ok
09:58:24.0828 3284   catchme - ok
09:58:24.0875 3284   cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
09:58:24.0891 3284   cdfs - ok
09:58:24.0953 3284   cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
09:58:24.0953 3284   cdrom - ok
09:58:25.0016 3284   circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
09:58:25.0016 3284   circlass - ok
09:58:25.0047 3284   CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
09:58:25.0062 3284   CLFS - ok
09:58:25.0187 3284   CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
09:58:25.0203 3284   CmBatt - ok
09:58:25.0250 3284   cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
09:58:25.0265 3284   cmdide - ok
09:58:25.0328 3284   Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
09:58:25.0328 3284   Compbatt - ok
09:58:25.0406 3284   crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
09:58:25.0406 3284   crcdisk - ok
09:58:25.0515 3284   DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
09:58:25.0515 3284   DfsC - ok
09:58:25.0593 3284   disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
09:58:25.0608 3284   disk - ok
09:58:25.0671 3284   drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
09:58:25.0671 3284   drmkaud - ok
09:58:25.0733 3284   DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
09:58:25.0967 3284   DXGKrnl - ok
09:58:26.0264 3284   E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
09:58:26.0264 3284   E1G60 - ok
09:58:26.0326 3284   Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
09:58:26.0342 3284   Ecache - ok
09:58:26.0373 3284   elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
09:58:26.0388 3284   elxstor - ok
09:58:26.0435 3284   enecir (3a70dc8951b995c73a22b9a23210833e) C:\Windows\system32\DRIVERS\enecir.sys
09:58:26.0435 3284   enecir - ok
09:58:26.0576 3284   ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
09:58:26.0607 3284   ErrDev - ok
09:58:26.0669 3284   exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
09:58:26.0669 3284   exfat - ok
09:58:26.0700 3284   fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
09:58:26.0700 3284   fastfat - ok
09:58:26.0763 3284   fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
09:58:26.0763 3284   fdc - ok
09:58:26.0872 3284   FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
09:58:26.0872 3284   FileInfo - ok
09:58:26.0919 3284   Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
09:58:26.0919 3284   Filetrace - ok
09:58:26.0950 3284   flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
09:58:26.0950 3284   flpydisk - ok
09:58:26.0997 3284   FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
09:58:26.0997 3284   FltMgr - ok
09:58:27.0044 3284   Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
09:58:27.0044 3284   Fs_Rec - ok
09:58:27.0090 3284   gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
09:58:27.0122 3284   gagp30kx - ok
09:58:27.0215 3284   GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:58:27.0215 3284   GEARAspiWDM - ok
09:58:27.0278 3284   grmnusb (38f92e8510b8faec9bbb9e31724236dc) C:\Windows\system32\drivers\grmnusb.sys
09:58:27.0278 3284   grmnusb - ok
09:58:27.0356 3284   HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
09:58:27.0371 3284   HdAudAddService - ok
09:58:27.0402 3284   HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:58:27.0402 3284   HDAudBus - ok
09:58:27.0434 3284   HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
09:58:27.0449 3284   HidBth - ok
09:58:27.0480 3284   HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
09:58:27.0480 3284   HidIr - ok
09:58:27.0636 3284   HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
09:58:27.0668 3284   HidUsb - ok
09:58:27.0777 3284   HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
09:58:27.0777 3284   HpCISSs - ok
09:58:27.0808 3284   hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
09:58:27.0808 3284   hpdskflt - ok
09:58:27.0870 3284   HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
09:58:27.0886 3284   HpqKbFiltr - ok
09:58:27.0917 3284   HpqRemHid (e53d53d66d61794af8160741946d0b43) C:\Windows\system32\DRIVERS\HpqRemHid.sys
09:58:27.0917 3284   HpqRemHid - ok
09:58:28.0073 3284   HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
09:58:28.0073 3284   HSFHWAZL - ok
09:58:28.0182 3284   HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
09:58:28.0229 3284   HSF_DPV - ok
09:58:28.0385 3284   HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
09:58:28.0401 3284   HTTP - ok
09:58:28.0479 3284   i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
09:58:28.0479 3284   i2omp - ok
09:58:28.0526 3284   i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
09:58:28.0526 3284   i8042prt - ok
09:58:28.0557 3284   iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
09:58:28.0572 3284   iaStorV - ok
09:58:28.0650 3284   iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
09:58:28.0650 3284   iirsp - ok
09:58:28.0822 3284   intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
09:58:28.0822 3284   intelide - ok
09:58:28.0947 3284   intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
09:58:28.0947 3284   intelppm - ok
09:58:28.0994 3284   IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:58:28.0994 3284   IpFilterDriver - ok
09:58:29.0025 3284   IpInIp - ok
09:58:29.0056 3284   IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
09:58:29.0072 3284   IPMIDRV - ok
09:58:29.0118 3284   IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
09:58:29.0118 3284   IPNAT - ok
09:58:29.0181 3284   IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
09:58:29.0181 3284   IRENUM - ok
09:58:29.0228 3284   isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
09:58:29.0228 3284   isapnp - ok
09:58:29.0274 3284   iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
09:58:29.0274 3284   iScsiPrt - ok
09:58:29.0321 3284   iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
09:58:29.0337 3284   iteatapi - ok
09:58:29.0415 3284   iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
09:58:29.0415 3284   iteraid - ok
09:58:29.0446 3284   kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
09:58:29.0446 3284   kbdclass - ok
09:58:29.0477 3284   kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:58:29.0477 3284   kbdhid - ok
09:58:29.0680 3284   KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
09:58:29.0711 3284   KSecDD - ok
09:58:29.0758 3284   ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
09:58:29.0758 3284   ksthunk - ok
09:58:29.0836 3284   lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
09:58:29.0836 3284   lltdio - ok
09:58:29.0914 3284   LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
09:58:29.0914 3284   LSI_FC - ok
09:58:29.0961 3284   LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
09:58:29.0961 3284   LSI_SAS - ok
09:58:30.0039 3284   LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
09:58:30.0039 3284   LSI_SCSI - ok
09:58:30.0054 3284   luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
09:58:30.0054 3284   luafv - ok
09:58:30.0132 3284   MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
09:58:30.0132 3284   MBAMProtector - ok
09:58:30.0210 3284   megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
09:58:30.0210 3284   megasas - ok
09:58:30.0382 3284   MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
09:58:30.0382 3284   MegaSR - ok
09:58:30.0444 3284   Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
09:58:30.0444 3284   Modem - ok
09:58:30.0507 3284   monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
09:58:30.0522 3284   monitor - ok
09:58:31.0006 3284   mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
09:58:31.0022 3284   mouclass - ok
09:58:31.0068 3284   mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
09:58:31.0068 3284   mouhid - ok
09:58:31.0115 3284   MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
09:58:31.0115 3284   MountMgr - ok
09:58:31.0505 3284   mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
09:58:31.0505 3284   mpio - ok
09:58:31.0552 3284   mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
09:58:31.0552 3284   mpsdrv - ok
09:58:31.0583 3284   Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
09:58:31.0583 3284   Mraid35x - ok
09:58:31.0583 3284   MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
09:58:31.0599 3284   MRxDAV - ok
09:58:31.0646 3284   mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:58:31.0646 3284   mrxsmb - ok
09:58:31.0755 3284   mrxsmb10 (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:58:31.0770 3284   mrxsmb10 - ok
09:58:31.0880 3284   mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:58:31.0880 3284   mrxsmb20 - ok
09:58:32.0004 3284   msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
09:58:32.0004 3284   msahci - ok
09:58:32.0238 3284   msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
09:58:32.0285 3284   msdsm - ok
09:58:32.0348 3284   Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
09:58:32.0363 3284   Msfs - ok
09:58:32.0426 3284   msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
09:58:32.0426 3284   msisadrv - ok
09:58:32.0488 3284   MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
09:58:32.0488 3284   MSKSSRV - ok
09:58:32.0535 3284   MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
09:58:32.0535 3284   MSPCLOCK - ok
09:58:32.0597 3284   MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
09:58:32.0613 3284   MSPQM - ok
09:58:32.0722 3284   MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
09:58:32.0738 3284   MsRPC - ok
09:58:32.0769 3284   mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
09:58:32.0769 3284   mssmbios - ok
09:58:32.0800 3284   MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
09:58:32.0800 3284   MSTEE - ok
09:58:32.0847 3284   Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
09:58:32.0847 3284   Mup - ok
09:58:32.0987 3284   NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
09:58:33.0003 3284   NativeWifiP - ok
09:58:33.0081 3284   NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
09:58:33.0096 3284   NDIS - ok
09:58:33.0143 3284   NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
09:58:33.0143 3284   NdisTapi - ok
09:58:33.0190 3284   Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
09:58:33.0206 3284   Ndisuio - ok
09:58:33.0237 3284   NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
09:58:33.0268 3284   NdisWan - ok
09:58:33.0346 3284   NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
09:58:33.0362 3284   NDProxy - ok
09:58:33.0440 3284   NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
09:58:33.0440 3284   NetBIOS - ok
09:58:33.0486 3284   netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
09:58:33.0486 3284   netbt - ok
09:58:33.0518 3284   nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
09:58:33.0518 3284   nfrd960 - ok
09:58:33.0549 3284   Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
09:58:33.0564 3284   Npfs - ok
09:58:33.0611 3284   nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
09:58:33.0627 3284   nsiproxy - ok
09:58:33.0970 3284   Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
09:58:34.0017 3284   Ntfs - ok
09:58:34.0251 3284   Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
09:58:34.0251 3284   Null - ok
09:58:34.0563 3284   NVENETFD (9733f305fa84aaf84e7fb09c0b345adb) C:\Windows\system32\DRIVERS\nvm60x64.sys
09:58:34.0578 3284   NVENETFD - ok
09:58:34.0672 3284   nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
09:58:34.0672 3284   nvraid - ok
09:58:34.0688 3284   nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
09:58:34.0703 3284   nvstor - ok
09:58:34.0719 3284   nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
09:58:34.0719 3284   nv_agp - ok
09:58:34.0734 3284   NwlnkFlt - ok
09:58:34.0750 3284   NwlnkFwd - ok
09:58:34.0766 3284   ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
09:58:34.0781 3284   ohci1394 - ok
09:58:34.0797 3284   Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
09:58:34.0812 3284   Parport - ok
09:58:34.0812 3284   partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
09:58:34.0812 3284   partmgr - ok
09:58:34.0844 3284   pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
09:58:34.0859 3284   pci - ok
09:58:34.0875 3284   pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
09:58:34.0875 3284   pciide - ok
09:58:35.0171 3284   pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
09:58:35.0187 3284   pcmcia - ok
09:58:35.0327 3284   PCTCore (3db59fe90f3525cd9bf120b726c11800) C:\Windows\system32\drivers\PCTCore64.sys
09:58:35.0358 3284   PCTCore - ok
09:58:35.0436 3284   pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
09:58:35.0468 3284   pctDS - ok
09:58:35.0514 3284   pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys
09:58:35.0530 3284   pctEFA - ok
09:58:35.0592 3284   PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
09:58:35.0655 3284   PEAUTH - ok
09:58:36.0045 3284   PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
09:58:36.0060 3284   PptpMiniport - ok
09:58:36.0185 3284   Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
09:58:36.0185 3284   Processor - ok
09:58:36.0248 3284   PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
09:58:36.0248 3284   PSched - ok
09:58:36.0357 3284   PTDMBus (8554adc8c9b8671514815a77148ab36b) C:\Windows\system32\DRIVERS\PTDMBus.sys
09:58:36.0357 3284   PTDMBus - ok
09:58:36.0513 3284   PTDMMdm (796819e59bb28186e98cb19f81b9200e) C:\Windows\system32\DRIVERS\PTDMMdm.sys
09:58:36.0528 3284   PTDMMdm - ok
09:58:36.0575 3284   PTDMVsp (9e9de722dcf8223f85954758fb8bbef2) C:\Windows\system32\DRIVERS\PTDMVsp.sys
09:58:36.0575 3284   PTDMVsp - ok
09:58:36.0622 3284   PTDMWWAN (282a3f6f2a8103a95bd348e9e5db6f5d) C:\Windows\system32\DRIVERS\PTDMWWAN.sys
09:58:36.0638 3284   PTDMWWAN - ok
09:58:36.0809 3284   ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
09:58:36.0840 3284   ql2300 - ok
09:58:36.0934 3284   ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
09:58:36.0934 3284   ql40xx - ok
09:58:36.0981 3284   QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
09:58:36.0981 3284   QWAVEdrv - ok
09:58:37.0028 3284   RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
09:58:37.0028 3284   RasAcd - ok
09:58:37.0059 3284   Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:58:37.0059 3284   Rasl2tp - ok
09:58:37.0168 3284   RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
09:58:37.0184 3284   RasPppoe - ok
09:58:37.0262 3284   RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
09:58:37.0277 3284   RasSstp - ok
09:58:37.0308 3284   rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
09:58:37.0308 3284   rdbss - ok
09:58:37.0355 3284   RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:58:37.0355 3284   RDPCDD - ok
09:58:37.0402 3284   rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
09:58:37.0402 3284   rdpdr - ok
09:58:37.0433 3284   RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
09:58:37.0433 3284   RDPENCDD - ok
09:58:37.0542 3284   RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
09:58:37.0558 3284   RDPWD - ok
09:58:37.0745 3284   rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
09:58:37.0745 3284   rspndr - ok
09:58:37.0792 3284   RTL8169 (bf55641fc2f759281b9bf59d5daa8fde) C:\Windows\system32\DRIVERS\Rtlh64.sys
09:58:37.0792 3284   RTL8169 - ok
09:58:37.0839 3284   RTSTOR (325eeec3c29c8bfc495cc422b4449b2b) C:\Windows\system32\drivers\RTSTOR64.SYS
09:58:37.0839 3284   RTSTOR - ok
09:58:37.0870 3284   sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
09:58:37.0870 3284   sbp2port - ok
09:58:38.0010 3284   secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:58:38.0010 3284   secdrv - ok
09:58:38.0057 3284   Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
09:58:38.0073 3284   Serenum - ok
09:58:38.0104 3284   Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
09:58:38.0104 3284   Serial - ok
09:58:38.0135 3284   sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
09:58:38.0135 3284   sermouse - ok
09:58:38.0182 3284   sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
09:58:38.0182 3284   sffdisk - ok
09:58:38.0276 3284   sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
09:58:38.0276 3284   sffp_mmc - ok
09:58:38.0322 3284   sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
09:58:38.0322 3284   sffp_sd - ok
09:58:38.0369 3284   sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
09:58:38.0385 3284   sfloppy - ok
09:58:38.0416 3284   SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
09:58:38.0416 3284   SiSRaid2 - ok
09:58:38.0447 3284   SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
09:58:38.0447 3284   SiSRaid4 - ok
09:58:38.0478 3284   Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
09:58:38.0478 3284   Smb - ok
09:58:38.0556 3284   spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
09:58:38.0556 3284   spldr - ok
09:58:38.0728 3284   srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
09:58:38.0759 3284   srv - ok
09:58:38.0900 3284   srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
09:58:38.0915 3284   srv2 - ok
09:58:39.0024 3284   srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
09:58:39.0024 3284   srvnet - ok
09:58:39.0165 3284   STHDA (15e8d68d561ff524c08d8ddc53750d44) C:\Windows\system32\DRIVERS\stwrt64.sys
09:58:39.0196 3284   STHDA - ok
09:58:39.0305 3284   StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
09:58:39.0305 3284   StillCam - ok
09:58:39.0352 3284   swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
09:58:39.0352 3284   swenum - ok
09:58:39.0508 3284   Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
09:58:39.0508 3284   Symc8xx - ok
09:58:39.0524 3284   Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
09:58:39.0524 3284   Sym_hi - ok
09:58:39.0539 3284   Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
09:58:39.0539 3284   Sym_u3 - ok
09:58:39.0617 3284   SynTP (b432c6063d4c621241c2b6e05ca0c3e3) C:\Windows\system32\DRIVERS\SynTP.sys
09:58:39.0617 3284   SynTP - ok
09:58:40.0226 3284   Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
09:58:40.0272 3284   Tcpip - ok
09:58:40.0616 3284   Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
09:58:40.0631 3284   Tcpip6 - ok
09:58:40.0974 3284   tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
09:58:40.0974 3284   tcpipreg - ok
09:58:41.0021 3284   TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
09:58:41.0037 3284   TDPIPE - ok
09:58:41.0084 3284   TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
09:58:41.0099 3284   TDTCP - ok
09:58:41.0162 3284   tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
09:58:41.0162 3284   tdx - ok
09:58:41.0193 3284   TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
09:58:41.0208 3284   TermDD - ok
09:58:41.0271 3284   tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:58:41.0286 3284   tssecsrv - ok
09:58:41.0333 3284   tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
09:58:41.0333 3284   tunmp - ok
09:58:41.0380 3284   tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
09:58:41.0380 3284   tunnel - ok
09:58:41.0442 3284   uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
09:58:41.0442 3284   uagp35 - ok
09:58:41.0536 3284   udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
09:58:41.0536 3284   udfs - ok
09:58:41.0598 3284   uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
09:58:41.0614 3284   uliagpkx - ok
09:58:41.0661 3284   uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
09:58:41.0661 3284   uliahci - ok
09:58:41.0708 3284   UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
09:58:41.0708 3284   UlSata - ok
09:58:41.0754 3284   ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
09:58:41.0754 3284   ulsata2 - ok
09:58:41.0770 3284   umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
09:58:41.0770 3284   umbus - ok
09:58:41.0879 3284   USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
09:58:41.0879 3284   USBAAPL64 - ok
09:58:41.0973 3284   usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
09:58:41.0988 3284   usbccgp - ok
09:58:42.0035 3284   usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
09:58:42.0051 3284   usbcir - ok
09:58:42.0082 3284   usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
09:58:42.0098 3284   usbehci - ok
09:58:42.0144 3284   usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
09:58:42.0160 3284   usbhub - ok
09:58:42.0191 3284   usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
09:58:42.0191 3284   usbohci - ok
09:58:42.0269 3284   usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
09:58:42.0269 3284   usbprint - ok
09:58:42.0363 3284   usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
09:58:42.0394 3284   usbscan - ok
09:58:42.0488 3284   USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:58:42.0503 3284   USBSTOR - ok
09:58:42.0566 3284   usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
09:58:42.0566 3284   usbuhci - ok
09:58:42.0628 3284   usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
09:58:42.0628 3284   usbvideo - ok
09:58:42.0737 3284   usb_rndisx (567d09d1c41809550ece9ed22d6d612b) C:\Windows\system32\DRIVERS\usb8023x.sys
09:58:42.0753 3284   usb_rndisx - ok
09:58:42.0800 3284   vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
09:58:42.0800 3284   vga - ok
09:58:42.0862 3284   VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
09:58:42.0862 3284   VgaSave - ok
09:58:42.0940 3284   viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
09:58:42.0940 3284   viaide - ok
09:58:43.0002 3284   volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
09:58:43.0002 3284   volmgr - ok
09:58:43.0049 3284   volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
09:58:43.0080 3284   volmgrx - ok
09:58:43.0143 3284   volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
09:58:43.0143 3284   volsnap - ok
09:58:43.0190 3284   vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
09:58:43.0205 3284   vsmraid - ok
09:58:43.0252 3284   WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
09:58:43.0268 3284   WacomPen - ok
09:58:43.0330 3284   Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
09:58:43.0346 3284   Wanarp - ok
09:58:43.0346 3284   Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
09:58:43.0361 3284   Wanarpv6 - ok
09:58:43.0377 3284   Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
09:58:43.0377 3284   Wd - ok
09:58:43.0439 3284   Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
09:58:43.0455 3284   Wdf01000 - ok
09:58:43.0533 3284   winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
09:58:43.0564 3284   winachsf - ok
09:58:43.0642 3284   WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:58:43.0642 3284   WmiAcpi - ok
09:58:43.0938 3284   WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
09:58:43.0938 3284   WpdUsb - ok
09:58:44.0001 3284   ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
09:58:44.0001 3284   ws2ifsl - ok
09:58:44.0079 3284   WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:58:44.0079 3284   WUDFRd - ok
09:58:44.0141 3284   MBR (0x1B8) (85d751f0e41b8e520aee8c07a8da777b) \Device\Harddisk0\DR0
09:58:44.0250 3284   \Device\Harddisk0\DR0 - ok
09:58:44.0313 3284   Boot (0x1200) (da5f0a608b91255515d10edb4e34a74e) \Device\Harddisk0\DR0\Partition0
09:58:44.0344 3284   \Device\Harddisk0\DR0\Partition0 - ok
09:58:44.0360 3284   Boot (0x1200) (e1ae511fa40e19491a079c21c0a44c22) \Device\Harddisk0\DR0\Partition1
09:58:44.0360 3284   \Device\Harddisk0\DR0\Partition1 - ok
09:58:44.0360 3284   ============================================================
09:58:44.0360 3284   Scan finished
09:58:44.0360 3284   ============================================================
09:58:44.0375 3036   Detected object count: 0
09:58:44.0375 3036   Actual detected object count: 0
09:59:08.0992 2820   Deinitialize success

chris222 · « **Reply #5 on:** April 20, 2012, 07:53:20 AM »

Alright, I can't find the other logs. I may have removed them, or maybe I never ran the scans. I am not sure. I do have an old Malwarebytes setup file on the machine, but the program is no longer installed, so I must have uninstalled it. Should I reinstall and run the Malwarebytes and ESET scans?

1972vet · « **Reply #6 on:** April 20, 2012, 08:18:05 AM »

Please uninstall these:
Java(TM) 6 Update 24
Java(TM) 6 Update 5
...and if you didn't obtain a license for it, then please uninstall this too if the trial period is over:
Spyware Doctor 8.0
Viewpoint Media Player<--and this one is just foistware

Next, please install the latest version of Jave Here.

Next, since TDSSKiller hasn't been run in quite a while, and since it's been updated quite a bit since December, let's just start with a fresh scan:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Double-click on TDSSKiller.exe to run the application. Click the "Change parameters". Under Additional options, check the box next to both options, "Verify Driver Digital Signature" and "Detect TDLFS file system" and click the OK button.
Click the Start scan button.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
You may be prompted to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file back here on your next reply.
...otherwise, if a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". If this was the case, then we need to see that log.

chris222 · « **Reply #7 on:** April 20, 2012, 08:48:27 AM »

Followed your instructions. I couldn't get the Spyware Doctor 8.0 to uninstall. Kept getting a "could not unpack" error.

The DSSKiller report is below. It is too long to post in one reply so I will post it in two.

10:41:10.0237 3528   TDSS rootkit removing tool 2.7.30.0 Apr 19 2012 15:10:31
10:41:10.0565 3528   ============================================================
10:41:10.0565 3528   Current date / time: 2012/04/20 10:41:10.0565
10:41:10.0565 3528   SystemInfo:
10:41:10.0565 3528
10:41:10.0565 3528   OS Version: 6.0.6001 ServicePack: 1.0
10:41:10.0565 3528   Product type: Workstation
10:41:10.0565 3528   ComputerName: DUSTY-LAPTOP
10:41:10.0565 3528   UserName: Dusty
10:41:10.0565 3528   Windows directory: C:\Windows
10:41:10.0565 3528   System windows directory: C:\Windows
10:41:10.0565 3528   Running under WOW64
10:41:10.0565 3528   Processor architecture: Intel x64
10:41:10.0565 3528   Number of processors: 2
10:41:10.0565 3528   Page size: 0x1000
10:41:10.0565 3528   Boot type: Normal boot
10:41:10.0565 3528   ============================================================
10:41:12.0156 3528   Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:41:12.0172 3528   \Device\Harddisk0\DR0:
10:41:12.0172 3528   MBR partitions:
10:41:12.0172 3528   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23E54FC1
10:41:12.0172 3528   \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23E55000, BlocksNum 0x15D8000
10:41:12.0187 3528   C: <-> \Device\Harddisk0\DR0\Partition0
10:41:12.0281 3528   D: <-> \Device\Harddisk0\DR0\Partition1
10:41:12.0281 3528   Initialize success
10:41:12.0281 3528   ============================================================
10:41:31.0609 3812   ============================================================
10:41:31.0609 3812   Scan started
10:41:31.0609 3812   Mode: Manual; SigCheck; TDLFS;
10:41:31.0609 3812   ============================================================
10:41:32.0764 3812   Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
10:41:32.0904 3812   Accelerometer - ok
10:41:32.0982 3812   ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
10:41:32.0998 3812   ACPI - ok
10:41:33.0138 3812   adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
10:41:33.0169 3812   adfs - ok
10:41:33.0295 3812   adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
10:41:33.0311 3812   adp94xx - ok
10:41:33.0420 3812   adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
10:41:33.0436 3812   adpahci - ok
10:41:33.0451 3812   adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
10:41:33.0467 3812   adpu160m - ok
10:41:33.0514 3812   adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
10:41:33.0529 3812   adpu320 - ok
10:41:33.0560 3812   AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
10:41:33.0826 3812   AeLookupSvc - ok
10:41:33.0919 3812   AESTFilters (05f4262fdbdfaeca7ef9b3f0807508fc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_a02f3f3d\AESTSr64.exe
10:41:33.0982 3812   AESTFilters - ok
10:41:34.0106 3812   AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
10:41:34.0200 3812   AFD - ok
10:41:34.0248 3812   AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe
10:41:34.0326 3812   AgereModemAudio - ok
10:41:34.0419 3812   AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys
10:41:34.0560 3812   AgereSoftModem - ok
10:41:34.0638 3812   agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
10:41:34.0653 3812   agp440 - ok
10:41:34.0700 3812   ahcix64s (bcb2a9b0563a5d2fd145f8eb956ae922) C:\Windows\system32\DRIVERS\ahcix64s.sys
10:41:34.0731 3812   ahcix64s - ok
10:41:34.0794 3812   aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
10:41:34.0825 3812   aic78xx - ok
10:41:34.0903 3812   ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
10:41:35.0028 3812   ALG - ok
10:41:35.0168 3812   aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
10:41:35.0184 3812   aliide - ok
10:41:35.0293 3812   Amddfltr64 (f8e5490961f1728d60295b7565dbdbd2) C:\Windows\system32\DRIVERS\Amddfltr64.sys
10:41:35.0309 3812   Amddfltr64 - ok
10:41:35.0449 3812   amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
10:41:35.0480 3812   amdide - ok
10:41:35.0589 3812   AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
10:41:35.0714 3812   AmdK8 - ok
10:41:35.0792 3812   Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
10:41:35.0933 3812   Appinfo - ok
10:41:36.0057 3812   Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:41:36.0073 3812   Apple Mobile Device - ok
10:41:36.0182 3812   arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
10:41:36.0213 3812   arc - ok
10:41:36.0260 3812   arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
10:41:36.0276 3812   arcsas - ok
10:41:36.0323 3812   AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
10:41:36.0432 3812   AsyncMac - ok
10:41:36.0463 3812   atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
10:41:36.0494 3812   atapi - ok
10:41:36.0619 3812   athr (7392080816811f6500ff685b8db66d7f) C:\Windows\system32\DRIVERS\athrx.sys
10:41:36.0775 3812   athr - ok
10:41:36.0900 3812   Ati External Event Utility (23db4fa0eb117837bc112fc470201473) C:\Windows\system32\Ati2evxx.exe
10:41:37.0009 3812   Ati External Event Utility - ok
10:41:37.0243 3812   atikmdag (f83e06ebd2db41e65b28be72c179e26b) C:\Windows\system32\DRIVERS\atikmdag.sys
10:41:37.0493 3812   atikmdag - ok
10:41:37.0571 3812   AtiPcie (69eebb256503cded9bd0e9e43128c626) C:\Windows\system32\DRIVERS\AtiPcie.sys
10:41:37.0602 3812   AtiPcie - ok
10:41:37.0711 3812   AudioEndpointBuilder (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
10:41:37.0789 3812   AudioEndpointBuilder - ok
10:41:37.0836 3812   AudioSrv (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
10:41:37.0914 3812   AudioSrv - ok
10:41:38.0023 3812   BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:41:38.0257 3812   BCM43XV - ok
10:41:38.0351 3812   Beep - ok
10:41:38.0413 3812   BFE (bc4737aaffa5964e4f8827c9b8c0eb8e) C:\Windows\System32\bfe.dll
10:41:38.0491 3812   BFE - ok
10:41:38.0600 3812   BITS (d896a0d43f8ab81ecb1fc6c24decfd58) C:\Windows\system32\qmgr.dll
10:41:38.0694 3812   BITS - ok
10:41:38.0756 3812   blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
10:41:38.0819 3812   blbdrive - ok
10:41:38.0990 3812   Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:41:39.0021 3812   Bonjour Service - ok
10:41:39.0131 3812   bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
10:41:39.0209 3812   bowser - ok
10:41:39.0287 3812   BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
10:41:39.0349 3812   BrFiltLo - ok
10:41:39.0396 3812   BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
10:41:39.0521 3812   BrFiltUp - ok
10:41:39.0630 3812   Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
10:41:39.0770 3812   Browser - ok
10:41:39.0957 3812   Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
10:41:40.0020 3812   Brserid - ok
10:41:40.0457 3812   BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
10:41:40.0535 3812   BrSerWdm - ok
10:41:40.0597 3812   BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
10:41:40.0675 3812   BrUsbMdm - ok
10:41:40.0706 3812   BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
10:41:40.0800 3812   BrUsbSer - ok
10:41:40.0893 3812   BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
10:41:40.0971 3812   BTHMODEM - ok
10:41:41.0112 3812   catchme - ok
10:41:41.0205 3812   cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
10:41:41.0252 3812   cdfs - ok
10:41:41.0315 3812   cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
10:41:41.0393 3812   cdrom - ok
10:41:41.0486 3812   CertPropSvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
10:41:41.0549 3812   CertPropSvc - ok
10:41:41.0627 3812   circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
10:41:41.0689 3812   circlass - ok
10:41:41.0751 3812   CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
10:41:41.0783 3812   CLFS - ok
10:41:41.0923 3812   clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:41:41.0923 3812   clr_optimization_v2.0.50727_32 - ok
10:41:42.0017 3812   clr_optimization_v2.0.50727_64 (fa58b51ed71c9133e141164eaa7c54eb) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:41:42.0032 3812   clr_optimization_v2.0.50727_64 - ok
10:41:42.0173 3812   clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:41:42.0188 3812   clr_optimization_v4.0.30319_32 - ok
10:41:42.0219 3812   clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:41:42.0219 3812   clr_optimization_v4.0.30319_64 - ok
10:41:42.0344 3812   CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
10:41:42.0391 3812   CmBatt - ok
10:41:42.0453 3812   cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
10:41:42.0469 3812   cmdide - ok
10:41:42.0641 3812   Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
10:41:42.0656 3812   Com4QLBEx - ok
10:41:42.0719 3812   Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
10:41:42.0734 3812   Compbatt - ok
10:41:42.0781 3812   COMSysApp - ok
10:41:42.0812 3812   crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
10:41:42.0812 3812   crcdisk - ok
10:41:42.0906 3812   CryptSvc (4374f784121d8b3bb466b03f5e5ebd33) C:\Windows\system32\cryptsvc.dll
10:41:42.0999 3812   CryptSvc - ok
10:41:43.0124 3812   DcomLaunch (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
10:41:43.0233 3812   DcomLaunch - ok
10:41:43.0374 3812   DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
10:41:43.0421 3812   DfsC - ok
10:41:43.0623 3812   DFSR (1781f99840979ee7b126c9073c377fd0) C:\Windows\system32\DFSR.exe
10:41:43.0795 3812   DFSR - ok
10:41:43.0889 3812   Dhcp (fdaa0edfcfb70cd529589ad654651b40) C:\Windows\System32\dhcpcsvc.dll
10:41:43.0967 3812   Dhcp - ok
10:41:44.0045 3812   disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
10:41:44.0060 3812   disk - ok
10:41:44.0169 3812   Dnscache (daf05293c1264e251d3a25e7e24b2ddf) C:\Windows\System32\dnsrslvr.dll
10:41:44.0216 3812   Dnscache - ok
10:41:44.0294 3812   dot3svc (cc661867677627f2911c2a4970dee0f1) C:\Windows\System32\dot3svc.dll
10:41:44.0403 3812   dot3svc - ok
10:41:44.0466 3812   DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
10:41:44.0528 3812   DPS - ok
10:41:44.0606 3812   drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
10:41:44.0653 3812   drmkaud - ok
10:41:44.0747 3812   DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
10:41:44.0903 3812   DXGKrnl - ok
10:41:45.0043 3812   E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
10:41:45.0121 3812   E1G60 - ok
10:41:45.0261 3812   EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
10:41:45.0308 3812   EapHost - ok
10:41:45.0402 3812   Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
10:41:45.0402 3812   Ecache - ok
10:41:45.0511 3812   ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
10:41:45.0605 3812   ehRecvr - ok
10:41:45.0636 3812   ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
10:41:45.0698 3812   ehSched - ok
10:41:45.0729 3812   ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
10:41:45.0776 3812   ehstart - ok
10:41:45.0901 3812   elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
10:41:45.0932 3812   elxstor - ok
10:41:45.0995 3812   EMDMgmt (e4eb76d0a8fc43db7f36302e1f33791f) C:\Windows\system32\emdmgmt.dll
10:41:46.0057 3812   EMDMgmt - ok
10:41:46.0182 3812   enecir (3a70dc8951b995c73a22b9a23210833e) C:\Windows\system32\DRIVERS\enecir.sys
10:41:46.0244 3812   enecir - ok
10:41:46.0307 3812   ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
10:41:46.0369 3812   ErrDev - ok
10:41:46.0479 3812   EventSystem (6b1a97bf9fefbdc83f3c7c7d0f826c66) C:\Windows\system32\es.dll
10:41:46.0542 3812   EventSystem - ok
10:41:46.0588 3812   exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
10:41:46.0682 3812   exfat - ok
10:41:46.0760 3812   fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
10:41:46.0838 3812   fastfat - ok
10:41:46.0900 3812   fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
10:41:46.0963 3812   fdc - ok
10:41:47.0025 3812   fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
10:41:47.0088 3812   fdPHost - ok
10:41:47.0228 3812   FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
10:41:47.0322 3812   FDResPub - ok
10:41:47.0634 3812   FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
10:41:47.0649 3812   FileInfo - ok
10:41:47.0821 3812   Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
10:41:47.0899 3812   Filetrace - ok
10:41:48.0008 3812   flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:41:48.0117 3812   flpydisk - ok
10:41:48.0211 3812   FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
10:41:48.0242 3812   FltMgr - ok
10:41:48.0351 3812   FontCache3.0.0.0 (73d0f1d32edae3dcc4e84468bf910add) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:41:48.0367 3812   FontCache3.0.0.0 - ok
10:41:48.0523 3812   Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
10:41:48.0616 3812   Fs_Rec - ok
10:41:48.0741 3812   gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
10:41:48.0757 3812   gagp30kx - ok
10:41:48.0850 3812   GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
10:41:48.0882 3812   GameConsoleService - ok
10:41:48.0991 3812   GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:41:49.0006 3812   GEARAspiWDM - ok
10:41:49.0116 3812   gpsvc (9e5b254d58232ec8921ec3c5a94c81ed) C:\Windows\System32\gpsvc.dll
10:41:49.0287 3812   gpsvc - ok
10:41:49.0396 3812   grmnusb (38f92e8510b8faec9bbb9e31724236dc) C:\Windows\system32\drivers\grmnusb.sys
10:41:49.0443 3812   grmnusb - ok
10:41:49.0521 3812   HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
10:41:49.0677 3812   HdAudAddService - ok
10:41:49.0786 3812   HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:41:49.0911 3812   HDAudBus - ok
10:41:50.0020 3812   HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
10:41:50.0176 3812   HidBth - ok
10:41:50.0254 3812   HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
10:41:50.0379 3812   HidIr - ok
10:41:50.0473 3812   hidserv (0aa154538544e988429da2d5aa803a6c) C:\Windows\System32\hidserv.dll
10:41:50.0535 3812   hidserv - ok
10:41:50.0629 3812   HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
10:41:50.0707 3812   HidUsb - ok
10:41:50.0785 3812   hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
10:41:50.0832 3812   hkmsvc - ok
10:41:50.0972 3812   HP Health Check Service (d13e6bfd7e9189d26a42e94cb2447044) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
10:41:50.0972 3812   HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
10:41:50.0972 3812   HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
10:41:51.0034 3812   HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
10:41:51.0050 3812   HpCISSs - ok
10:41:51.0097 3812   hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
10:41:51.0112 3812   hpdskflt - ok
10:41:51.0284 3812   hpqcxs08 (97aac45a375168c6a2297beeb9692e31) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
10:41:51.0300 3812   hpqcxs08 - ok
10:41:51.0393 3812   hpqddsvc (19a4fb67b1c97ea18edff44340973cd9) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
10:41:51.0409 3812   hpqddsvc - ok
10:41:51.0534 3812   HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
10:41:51.0580 3812   HpqKbFiltr - ok
10:41:51.0736 3812   HpqRemHid (e53d53d66d61794af8160741946d0b43) C:\Windows\system32\DRIVERS\HpqRemHid.sys
10:41:51.0783 3812   HpqRemHid - ok
10:41:51.0877 3812   hpqwmiex (d50fdad1e57aa60f1973cfc77d905f0e) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
10:41:51.0892 3812   hpqwmiex - ok
10:41:52.0080 3812   HPSLPSVC (1be48b0542c91487bb8a94bf2278f55d) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
10:41:52.0111 3812   HPSLPSVC - ok
10:41:52.0236 3812   hpsrv (6bf024ea61d7894bf4af0b10a90b546e) C:\Windows\system32\Hpservice.exe
10:41:52.0267 3812   hpsrv - ok
10:41:52.0376 3812   HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:41:52.0438 3812   HSFHWAZL - ok
10:41:52.0579 3812   HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:41:52.0766 3812   HSF_DPV - ok
10:41:52.0875 3812   HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
10:41:52.0953 3812   HTTP - ok
10:41:53.0000 3812   i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
10:41:53.0016 3812   i2omp - ok
10:41:53.0078 3812   i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
10:41:53.0140 3812   i8042prt - ok
10:41:53.0234 3812   iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
10:41:53.0250 3812   iaStorV - ok
10:41:53.0374 3812   IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
10:41:53.0390 3812   IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:41:53.0390 3812   IDriverT - detected UnsignedFile.Multi.Generic (1)
10:41:53.0577 3812   idsvc (76ea63cdb2d88dae7209691d089bef1d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:41:53.0671 3812   idsvc - ok
10:41:53.0733 3812   iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
10:41:53.0749 3812   iirsp - ok
10:41:53.0889 3812   IKEEXT (3a3b232140c33376e134e7b61a0eaa44) C:\Windows\System32\ikeext.dll
10:41:53.0967 3812   IKEEXT - ok
10:41:54.0061 3812   intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
10:41:54.0061 3812   intelide - ok
10:41:54.0123 3812   intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
10:41:54.0170 3812   intelppm - ok
10:41:54.0232 3812   IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
10:41:54.0310 3812   IPBusEnum - ok
10:41:54.0388 3812   IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:41:54.0435 3812   IpFilterDriver - ok
10:41:54.0529 3812   iphlpsvc (3a0427f35e7f8c16bbc5b1be32b8de76) C:\Windows\System32\iphlpsvc.dll
10:41:54.0560 3812   iphlpsvc - ok
10:41:54.0576 3812   IpInIp - ok
10:41:54.0622 3812   IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
10:41:54.0669 3812   IPMIDRV - ok
10:41:54.0716 3812   IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
10:41:54.0763 3812   IPNAT - ok
10:41:54.0856 3812   iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
10:41:54.0934 3812   iPod Service - ok
10:41:55.0012 3812   IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
10:41:55.0075 3812   IRENUM - ok
10:41:55.0122 3812   isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
10:41:55.0137 3812   isapnp - ok
10:41:55.0168 3812   iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
10:41:55.0184 3812   iScsiPrt - ok
10:41:55.0246 3812   iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
10:41:55.0262 3812   iteatapi - ok
10:41:55.0324 3812   iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
10:41:55.0324 3812   iteraid - ok
10:41:55.0356 3812   kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
10:41:55.0371 3812   kbdclass - ok
10:41:55.0418 3812   kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
10:41:55.0449 3812   kbdhid - ok
10:41:55.0543 3812   KeyIso (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
10:41:55.0605 3812   KeyIso - ok
10:41:55.0714 3812   KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
10:41:55.0777 3812   KSecDD - ok
10:41:55.0855 3812   ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
10:41:55.0933 3812   ksthunk - ok
10:41:56.0026 3812   KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
10:41:56.0120 3812   KtmRm - ok
10:41:56.0292 3812   LanmanServer (3f27c9cdae606d74431e3ab39571a7f3) C:\Windows\System32\srvsvc.dll
10:41:56.0370 3812   LanmanServer - ok
10:41:56.0494 3812   LanmanWorkstation (6e25ffc6fead6544c6e9f1d23329570c) C:\Windows\System32\wkssvc.dll
10:41:56.0557 3812   LanmanWorkstation - ok
10:41:56.0682 3812   LightScribeService (984ecb68ed2a2b2e6a544e87e24fba2d) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:41:56.0697 3812   LightScribeService ( UnsignedFile.Multi.Generic ) - warning
10:41:56.0697 3812   LightScribeService - detected UnsignedFile.Multi.Generic (1)
10:41:56.0791 3812   lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
10:41:56.0869 3812   lltdio - ok
10:41:56.0947 3812   lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
10:41:57.0009 3812   lltdsvc - ok
10:41:57.0056 3812   lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
10:41:57.0118 3812   lmhosts - ok
10:41:57.0212 3812   LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
10:41:57.0228 3812   LSI_FC - ok
10:41:57.0306 3812   LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
10:41:57.0321 3812   LSI_SAS - ok
10:41:57.0384 3812   LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
10:41:57.0399 3812   LSI_SCSI - ok
10:41:57.0430 3812   luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
10:41:57.0493 3812   luafv - ok
10:41:57.0555 3812   Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
10:41:57.0586 3812   Mcx2Svc - ok
10:41:57.0680 3812   megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
10:41:57.0696 3812   megasas - ok
10:41:57.0774 3812   MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
10:41:57.0805 3812   MegaSR - ok
10:41:57.0883 3812   MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
10:41:57.0945 3812   MMCSS - ok
10:41:58.0008 3812   Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
10:41:58.0086 3812   Modem - ok
10:41:58.0195 3812   monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
10:41:58.0242 3812   monitor - ok
10:41:58.0304 3812   mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
10:41:58.0304 3812   mouclass - ok
10:41:58.0398 3812   mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
10:41:58.0476 3812   mouhid - ok
10:41:58.0569 3812   MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
10:41:58.0585 3812   MountMgr - ok
10:41:58.0678 3812   mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
10:41:58.0694 3812   mpio - ok
10:41:58.0756 3812   mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
10:41:58.0819 3812   mpsdrv - ok
10:41:58.0959 3812   MpsSvc (8a670648c755867a3aa38da50ba569aa) C:\Windows\system32\mpssvc.dll
10:41:59.0146 3812   MpsSvc - ok
10:41:59.0349 3812   Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
10:41:59.0365 3812   Mraid35x - ok
10:41:59.0412 3812   MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
10:41:59.0505 3812   MRxDAV - ok
10:41:59.0614 3812   mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:41:59.0692 3812   mrxsmb - ok
10:41:59.0817 3812   mrxsmb10 (9a797e27fd28500ee13d43000c931435) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:41:59.0864 3812   mrxsmb10 - ok
10:41:59.0958 3812   mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:42:00.0004 3812   mrxsmb20 - ok
10:42:00.0082 3812   msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
10:42:00.0098 3812   msahci - ok
10:42:00.0160 3812   msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
10:42:00.0176 3812   msdsm - ok
10:42:00.0270 3812   MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
10:42:00.0332 3812   MSDTC - ok
10:42:00.0410 3812   Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
10:42:00.0488 3812   Msfs - ok
10:42:00.0597 3812   msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
10:42:00.0613 3812   msisadrv - ok
10:42:00.0706 3812   MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
10:42:00.0800 3812   MSiSCSI - ok
10:42:00.0847 3812   msiserver - ok
10:42:00.0878 3812   MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
10:42:00.0956 3812   MSKSSRV - ok
10:42:01.0034 3812   MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
10:42:01.0096 3812   MSPCLOCK - ok
10:42:01.0174 3812   MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
10:42:01.0221 3812   MSPQM - ok
10:42:01.0284 3812   MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
10:42:01.0299 3812   MsRPC - ok
10:42:01.0440 3812   mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
10:42:01.0440 3812   mssmbios - ok
10:42:01.0580 3812   MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
10:42:01.0674 3812   MSTEE - ok
10:42:01.0752 3812   Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
10:42:01.0783 3812   Mup - ok
10:42:01.0908 3812   napagent (c25022cdd18980846973b598900915f8) C:\Windows\system32\qagentRT.dll
10:42:02.0048 3812   napagent - ok
10:42:02.0126 3812   NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
10:42:02.0204 3812   NativeWifiP - ok
10:42:02.0329 3812   NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
10:42:02.0407 3812   NDIS - ok
10:42:02.0485 3812   NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
10:42:02.0578 3812   NdisTapi - ok
10:42:02.0641 3812   Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
10:42:02.0766 3812   Ndisuio - ok
10:42:02.0781 3812   NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
10:42:02.0906 3812   NdisWan - ok
10:42:03.0015 3812   NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
10:42:03.0124 3812   NDProxy - ok
10:42:03.0218 3812   Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
10:42:03.0265 3812   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:42:03.0265 3812   Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:42:03.0327 3812   NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
10:42:03.0405 3812   NetBIOS - ok
10:42:03.0514 3812   netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
10:42:03.0608 3812   netbt - ok
10:42:03.0748 3812   Netlogon (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
10:42:03.0780 3812   Netlogon - ok
10:42:03.0826 3812   Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
10:42:03.0982 3812   Netman - ok
10:42:04.0045 3812   netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
10:42:04.0185 3812   netprofm - ok
10:42:04.0279 3812   NetTcpPortSharing (b84613b469b98e09f50a748c1d02e132) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:42:04.0294 3812   NetTcpPortSharing - ok
10:42:04.0435 3812   nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
10:42:04.0450 3812   nfrd960 - ok
10:42:04.0544 3812   NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
10:42:04.0606 3812   NlaSvc - ok
10:42:04.0653 3812   Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
10:42:04.0731 3812   Npfs - ok

chris222 · « **Reply #8 on:** April 20, 2012, 08:49:31 AM »

3812   nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
10:42:04.0840 3812   nsi - ok
10:42:04.0903 3812   nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
10:42:04.0965 3812   nsiproxy - ok
10:42:05.0074 3812   Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
10:42:05.0184 3812   Ntfs - ok
10:42:05.0262 3812   Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
10:42:05.0324 3812   Null - ok
10:42:05.0433 3812   NVENETFD (9733f305fa84aaf84e7fb09c0b345adb) C:\Windows\system32\DRIVERS\nvm60x64.sys
10:42:05.0480 3812   NVENETFD - ok
10:42:05.0574 3812   nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
10:42:05.0589 3812   nvraid - ok
10:42:05.0667 3812   nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
10:42:05.0667 3812   nvstor - ok
10:42:05.0761 3812   nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
10:42:05.0776 3812   nv_agp - ok
10:42:05.0792 3812   NwlnkFlt - ok
10:42:05.0808 3812   NwlnkFwd - ok
10:42:05.0995 3812   odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:42:06.0042 3812   odserv - ok
10:42:06.0120 3812   ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
10:42:06.0198 3812   ohci1394 - ok
10:42:06.0260 3812   ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:42:06.0291 3812   ose - ok
10:42:06.0416 3812   p2pimsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
10:42:06.0478 3812   p2pimsvc - ok
10:42:06.0572 3812   p2psvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
10:42:06.0634 3812   p2psvc - ok
10:42:06.0744 3812   Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
10:42:06.0822 3812   Parport - ok
10:42:06.0884 3812   partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
10:42:06.0884 3812   partmgr - ok
10:42:06.0978 3812   PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
10:42:07.0009 3812   PcaSvc - ok
10:42:07.0134 3812   pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
10:42:07.0149 3812   pci - ok
10:42:07.0258 3812   pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
10:42:07.0274 3812   pciide - ok
10:42:07.0352 3812   pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
10:42:07.0368 3812   pcmcia - ok
10:42:07.0524 3812   PCTCore (3db59fe90f3525cd9bf120b726c11800) C:\Windows\system32\drivers\PCTCore64.sys
10:42:07.0555 3812   PCTCore - ok
10:42:07.0664 3812   pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
10:42:07.0726 3812   pctDS - ok
10:42:07.0820 3812   pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys
10:42:07.0898 3812   pctEFA - ok
10:42:08.0038 3812   PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
10:42:08.0257 3812   PEAUTH - ok
10:42:08.0366 3812   PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
10:42:08.0491 3812   PerfHost - ok
10:42:08.0709 3812   pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
10:42:08.0990 3812   pla - ok
10:42:09.0193 3812   PlugPlay (5aaa0c5534b05ed49919fcd9dbd11a5b) C:\Windows\system32\umpnpmgr.dll
10:42:09.0333 3812   PlugPlay - ok
10:42:09.0442 3812   Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
10:42:09.0505 3812   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:42:09.0505 3812   Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:42:09.0614 3812   PNRPAutoReg (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
10:42:09.0692 3812   PNRPAutoReg - ok
10:42:09.0817 3812   PNRPsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
10:42:09.0926 3812   PNRPsvc - ok
10:42:10.0035 3812   PolicyAgent (eef3688d5e9592cbbbed00de71dda1ef) C:\Windows\System32\ipsecsvc.dll
10:42:10.0129 3812   PolicyAgent - ok
10:42:10.0285 3812   PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
10:42:10.0410 3812   PptpMiniport - ok
10:42:10.0503 3812   Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
10:42:10.0581 3812   Processor - ok
10:42:10.0690 3812   ProfSvc (b21fe10dad3ab59e78df7aa3fbf41e70) C:\Windows\system32\profsvc.dll
10:42:10.0753 3812   ProfSvc - ok
10:42:10.0831 3812   ProtectedStorage (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
10:42:10.0846 3812   ProtectedStorage - ok
10:42:10.0987 3812   PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
10:42:11.0002 3812   PSched - ok
10:42:11.0112 3812   PTDMBus (8554adc8c9b8671514815a77148ab36b) C:\Windows\system32\DRIVERS\PTDMBus.sys
10:42:11.0158 3812   PTDMBus - ok
10:42:11.0299 3812   PTDMMdm (796819e59bb28186e98cb19f81b9200e) C:\Windows\system32\DRIVERS\PTDMMdm.sys
10:42:11.0330 3812   PTDMMdm - ok
10:42:11.0408 3812   PTDMVsp (9e9de722dcf8223f85954758fb8bbef2) C:\Windows\system32\DRIVERS\PTDMVsp.sys
10:42:11.0439 3812   PTDMVsp - ok
10:42:11.0580 3812   PTDMWWAN (282a3f6f2a8103a95bd348e9e5db6f5d) C:\Windows\system32\DRIVERS\PTDMWWAN.sys
10:42:11.0642 3812   PTDMWWAN - ok
10:42:11.0782 3812   ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
10:42:11.0860 3812   ql2300 - ok
10:42:11.0954 3812   ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
10:42:11.0970 3812   ql40xx - ok
10:42:12.0110 3812   QPCapSvc (026d1fa4033b82f18b99e44351d7e82e) C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
10:42:12.0126 3812   QPCapSvc - ok
10:42:12.0188 3812   QPSched (7697bca450eae30a6cdb98898239e8b7) C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
10:42:12.0188 3812   QPSched - ok
10:42:12.0313 3812   QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
10:42:12.0344 3812   QWAVE - ok
10:42:12.0453 3812   QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
10:42:12.0484 3812   QWAVEdrv - ok
10:42:12.0609 3812   RapiMgr (ed4e69c31ef566266be13638ebe9da56) C:\Windows\WindowsMobile\rapimgr.dll
10:42:12.0672 3812   RapiMgr - ok
10:42:12.0828 3812   RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
10:42:12.0874 3812   RasAcd - ok
10:42:12.0968 3812   RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
10:42:13.0015 3812   RasAuto - ok
10:42:13.0077 3812   Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:42:13.0171 3812   Rasl2tp - ok
10:42:13.0233 3812   RasMan (2a63d46b01685fd4be9778ca3c231c2d) C:\Windows\System32\rasmans.dll
10:42:13.0296 3812   RasMan - ok
10:42:13.0420 3812   RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
10:42:13.0467 3812   RasPppoe - ok
10:42:13.0530 3812   RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
10:42:13.0576 3812   RasSstp - ok
10:42:13.0639 3812   rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
10:42:13.0701 3812   rdbss - ok
10:42:13.0764 3812   RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:42:13.0810 3812   RDPCDD - ok
10:42:13.0888 3812   rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
10:42:13.0951 3812   rdpdr - ok
10:42:14.0013 3812   RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
10:42:14.0060 3812   RDPENCDD - ok
10:42:14.0122 3812   RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
10:42:14.0185 3812   RDPWD - ok
10:42:14.0247 3812   Recovery Service for Windows (b9570481a1babcc4a9e941c553596077) C:\Windows\SMINST\BLService.exe
10:42:14.0263 3812   Recovery Service for Windows - ok
10:42:14.0325 3812   RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
10:42:14.0388 3812   RemoteAccess - ok
10:42:14.0544 3812   RemoteRegistry (416c611369cbe49074b89cee2f83abef) C:\Windows\system32\regsvc.dll
10:42:14.0590 3812   RemoteRegistry - ok
10:42:14.0668 3812   RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
10:42:14.0684 3812   RichVideo - ok
10:42:14.0762 3812   RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
10:42:14.0824 3812   RpcLocator - ok
10:42:14.0934 3812   RpcSs (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
10:42:14.0965 3812   RpcSs - ok
10:42:15.0043 3812   rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
10:42:15.0105 3812   rspndr - ok
10:42:15.0183 3812   RTL8169 (bf55641fc2f759281b9bf59d5daa8fde) C:\Windows\system32\DRIVERS\Rtlh64.sys
10:42:15.0246 3812   RTL8169 - ok
10:42:15.0339 3812   RTSTOR (325eeec3c29c8bfc495cc422b4449b2b) C:\Windows\system32\drivers\RTSTOR64.SYS
10:42:15.0355 3812   RTSTOR - ok
10:42:15.0464 3812   SamSs (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
10:42:15.0495 3812   SamSs - ok
10:42:15.0573 3812   sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
10:42:15.0589 3812   sbp2port - ok
10:42:15.0682 3812   SCardSvr (f024d560fea06f8b56d673849eb89ae6) C:\Windows\System32\SCardSvr.dll
10:42:15.0729 3812   SCardSvr - ok
10:42:15.0885 3812   Schedule (ce75d26e0a1106129f4d156851e298ed) C:\Windows\system32\schedsvc.dll
10:42:16.0041 3812   Schedule - ok
10:42:16.0135 3812   SCPolicySvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
10:42:16.0182 3812   SCPolicySvc - ok
10:42:16.0291 3812   sdAuxService (a1089ac7683826e6c7c9fab9723dd80f) C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
10:42:16.0306 3812   sdAuxService - ok
10:42:16.0447 3812   sdCoreService (13ee00411d0a1d8ec63ab09b3e8159d4) C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
10:42:16.0509 3812   sdCoreService - ok
10:42:16.0650 3812   SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
10:42:16.0696 3812   SDRSVC - ok
10:42:16.0821 3812   SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:42:17.0757 3812   SeaPort - ok
10:42:17.0851 3812   secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:42:18.0085 3812   secdrv - ok
10:42:18.0132 3812   seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
10:42:18.0210 3812   seclogon - ok
10:42:18.0256 3812   SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
10:42:18.0319 3812   SENS - ok
10:42:18.0412 3812   Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
10:42:18.0490 3812   Serenum - ok
10:42:18.0553 3812   Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
10:42:18.0631 3812   Serial - ok
10:42:18.0709 3812   sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
10:42:18.0771 3812   sermouse - ok
10:42:18.0849 3812   SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
10:42:18.0927 3812   SessionEnv - ok
10:42:19.0146 3812   sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
10:42:19.0239 3812   sffdisk - ok
10:42:19.0489 3812   sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
10:42:20.0362 3812   sffp_mmc - ok
10:42:20.0565 3812   sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
10:42:20.0674 3812   sffp_sd - ok
10:42:20.0737 3812   sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
10:42:21.0142 3812   sfloppy - ok
10:42:21.0189 3812   SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
10:42:21.0283 3812   SharedAccess - ok
10:42:21.0439 3812   ShellHWDetection (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\System32\shsvcs.dll
10:42:21.0486 3812   ShellHWDetection - ok
10:42:21.0595 3812   SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
10:42:21.0610 3812   SiSRaid2 - ok
10:42:21.0766 3812   SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
10:42:21.0782 3812   SiSRaid4 - ok
10:42:21.0907 3812   slsvc (a301d2cefb4747dfe0c24425dcbe0b78) C:\Windows\system32\SLsvc.exe
10:42:22.0078 3812   slsvc - ok
10:42:22.0156 3812   SLUINotify (f5ddf7c0af85eb72cb295171f8c3cb35) C:\Windows\system32\SLUINotify.dll
10:42:22.0219 3812   SLUINotify - ok
10:42:22.0281 3812   Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
10:42:22.0328 3812   Smb - ok
10:42:22.0422 3812   SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
10:42:22.0453 3812   SNMPTRAP - ok
10:42:22.0562 3812   spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
10:42:22.0578 3812   spldr - ok
10:42:22.0718 3812   Spooler (92e6738d25c2123be9515c0eac0776cd) C:\Windows\System32\spoolsv.exe
10:42:22.0765 3812   Spooler - ok
10:42:22.0905 3812   srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
10:42:22.0999 3812   srv - ok
10:42:23.0155 3812   srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
10:42:23.0217 3812   srv2 - ok
10:42:23.0358 3812   srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
10:42:23.0404 3812   srvnet - ok
10:42:23.0467 3812   SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
10:42:23.0529 3812   SSDPSRV - ok
10:42:23.0592 3812   SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
10:42:23.0638 3812   SstpSvc - ok
10:42:23.0732 3812   STacSV (049f5c030abf8d7284b5749011efa455) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_a02f3f3d\STacSV64.exe
10:42:23.0763 3812   STacSV - ok
10:42:23.0888 3812   STHDA (15e8d68d561ff524c08d8ddc53750d44) C:\Windows\system32\DRIVERS\stwrt64.sys
10:42:23.0935 3812   STHDA - ok
10:42:24.0028 3812   StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
10:42:24.0091 3812   StillCam - ok
10:42:24.0169 3812   stisvc (f14f7d7d68a66777fb999d5d0f21138d) C:\Windows\System32\wiaservc.dll
10:42:24.0231 3812   stisvc - ok
10:42:24.0309 3812   swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
10:42:24.0309 3812   swenum - ok
10:42:24.0372 3812   swprv (da34d6eb4a3154c0bebaeb0a2483ef3e) C:\Windows\System32\swprv.dll
10:42:24.0465 3812   swprv - ok
10:42:24.0528 3812   Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
10:42:24.0543 3812   Symc8xx - ok
10:42:24.0590 3812   Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
10:42:24.0606 3812   Sym_hi - ok
10:42:24.0621 3812   Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
10:42:24.0621 3812   Sym_u3 - ok
10:42:24.0715 3812   SynTP (b432c6063d4c621241c2b6e05ca0c3e3) C:\Windows\system32\DRIVERS\SynTP.sys
10:42:24.0730 3812   SynTP - ok
10:42:24.0808 3812   SysMain (bea0d5521ed21df8f6ffeed86daede7b) C:\Windows\system32\sysmain.dll
10:42:24.0886 3812   SysMain - ok
10:42:24.0964 3812   TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
10:42:25.0011 3812   TabletInputService - ok
10:42:25.0074 3812   TapiSrv (52091001caf20ae84cf47023ee21b4bb) C:\Windows\System32\tapisrv.dll
10:42:25.0120 3812   TapiSrv - ok
10:42:25.0183 3812   TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
10:42:25.0261 3812   TBS - ok
10:42:25.0417 3812   Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
10:42:25.0526 3812   Tcpip - ok
10:42:25.0620 3812   Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
10:42:25.0744 3812   Tcpip6 - ok
10:42:25.0838 3812   tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
10:42:25.0900 3812   tcpipreg - ok
10:42:25.0978 3812   TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
10:42:26.0025 3812   TDPIPE - ok
10:42:26.0119 3812   TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
10:42:26.0166 3812   TDTCP - ok
10:42:26.0244 3812   tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
10:42:26.0306 3812   tdx - ok
10:42:26.0368 3812   TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
10:42:26.0384 3812   TermDD - ok
10:42:26.0509 3812   TermService (f870a5589d6a94b426efb13689023946) C:\Windows\System32\termsrv.dll
10:42:26.0587 3812   TermService - ok
10:42:26.0727 3812   Themes (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\system32\shsvcs.dll
10:42:26.0743 3812   Themes - ok
10:42:26.0805 3812   THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
10:42:26.0852 3812   THREADORDER - ok
10:42:26.0914 3812   TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
10:42:26.0992 3812   TrkWks - ok
10:42:27.0055 3812   TrustedInstaller (ac6ff1df22ed90bad6417ee5a4c6e2f0) C:\Windows\servicing\TrustedInstaller.exe
10:42:27.0086 3812   TrustedInstaller - ok
10:42:27.0164 3812   tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:42:27.0211 3812   tssecsrv - ok
10:42:27.0289 3812   tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
10:42:27.0336 3812   tunmp - ok
10:42:27.0429 3812   tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
10:42:27.0476 3812   tunnel - ok
10:42:27.0538 3812   uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
10:42:27.0554 3812   uagp35 - ok
10:42:27.0648 3812   udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
10:42:27.0694 3812   udfs - ok
10:42:27.0804 3812   UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
10:42:27.0850 3812   UI0Detect - ok
10:42:27.0944 3812   uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
10:42:27.0960 3812   uliagpkx - ok
10:42:28.0038 3812   uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
10:42:28.0053 3812   uliahci - ok
10:42:28.0178 3812   UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
10:42:28.0178 3812   UlSata - ok
10:42:28.0287 3812   ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
10:42:28.0303 3812   ulsata2 - ok
10:42:28.0350 3812   umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
10:42:28.0412 3812   umbus - ok
10:42:28.0506 3812   upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
10:42:28.0584 3812   upnphost - ok
10:42:28.0708 3812   USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
10:42:28.0740 3812   USBAAPL64 - ok
10:42:28.0802 3812   usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
10:42:28.0880 3812   usbccgp - ok
10:42:28.0942 3812   usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
10:42:29.0020 3812   usbcir - ok
10:42:29.0098 3812   usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
10:42:29.0145 3812   usbehci - ok
10:42:29.0208 3812   usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
10:42:29.0286 3812   usbhub - ok
10:42:29.0364 3812   usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
10:42:29.0457 3812   usbohci - ok
10:42:29.0566 3812   usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
10:42:29.0660 3812   usbprint - ok
10:42:29.0769 3812   usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
10:42:29.0863 3812   usbscan - ok
10:42:29.0941 3812   USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:42:30.0019 3812   USBSTOR - ok
10:42:30.0066 3812   usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
10:42:30.0159 3812   usbuhci - ok
10:42:30.0268 3812   usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
10:42:30.0378 3812   usbvideo - ok
10:42:30.0471 3812   usb_rndisx (567d09d1c41809550ece9ed22d6d612b) C:\Windows\system32\DRIVERS\usb8023x.sys
10:42:30.0596 3812   usb_rndisx - ok
10:42:30.0674 3812   UxSms (9190f03c82547afa87367f1ceca88f3b) C:\Windows\System32\uxsms.dll
10:42:30.0783 3812   UxSms - ok
10:42:30.0939 3812   vds (c15a4a550cba7b9f1f68b72528e04ce1) C:\Windows\System32\vds.exe
10:42:31.0048 3812   vds - ok
10:42:31.0142 3812   vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
10:42:31.0236 3812   vga - ok
10:42:31.0329 3812   VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
10:42:31.0454 3812   VgaSave - ok
10:42:31.0579 3812   viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
10:42:31.0610 3812   viaide - ok
10:42:31.0750 3812   Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
10:42:31.0797 3812   Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - warning
10:42:31.0797 3812   Viewpoint Manager Service - detected UnsignedFile.Multi.Generic (1)
10:42:31.0891 3812   volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
10:42:31.0906 3812   volmgr - ok
10:42:32.0016 3812   volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
10:42:32.0062 3812   volmgrx - ok
10:42:32.0140 3812   volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
10:42:32.0172 3812   volsnap - ok
10:42:32.0265 3812   vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
10:42:32.0296 3812   vsmraid - ok
10:42:32.0484 3812   VSS (186bd53f8a408ad20f5a056c05678629) C:\Windows\system32\vssvc.exe
10:42:32.0624 3812   VSS - ok
10:42:32.0718 3812   W32Time (ba29f34a61cb55c0dee29e787542edf4) C:\Windows\system32\w32time.dll
10:42:32.0842 3812   W32Time - ok
10:42:32.0936 3812   WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
10:42:33.0030 3812   WacomPen - ok
10:42:33.0108 3812   Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
10:42:33.0154 3812   Wanarp - ok
10:42:33.0154 3812   Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
10:42:33.0201 3812   Wanarpv6 - ok
10:42:33.0310 3812   WcesComm (382a7b0b632ec98de5f0658da9de6159) C:\Windows\WindowsMobile\wcescomm.dll
10:42:33.0404 3812   WcesComm - ok
10:42:33.0498 3812   wcncsvc (055449247c490e24b968b44fe8a969eb) C:\Windows\System32\wcncsvc.dll
10:42:33.0576 3812   wcncsvc - ok
10:42:33.0638 3812   WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
10:42:33.0669 3812   WcsPlugInService - ok
10:42:33.0716 3812   Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
10:42:33.0732 3812   Wd - ok
10:42:33.0825 3812   Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
10:42:33.0888 3812   Wdf01000 - ok
10:42:33.0966 3812   WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
10:42:34.0012 3812   WdiServiceHost - ok
10:42:34.0028 3812   WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
10:42:34.0075 3812   WdiSystemHost - ok
10:42:34.0106 3812   WebClient (3d4ab55f8178fd0cd3ca45cd0ec9cf5b) C:\Windows\System32\webclnt.dll
10:42:34.0153 3812   WebClient - ok
10:42:34.0215 3812   Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
10:42:34.0278 3812   Wecsvc - ok
10:42:34.0356 3812   wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
10:42:34.0402 3812   wercplsupport - ok
10:42:34.0449 3812   WerSvc (fc25242b3bcaf7e84d9184082274ae08) C:\Windows\System32\WerSvc.dll
10:42:34.0480 3812   WerSvc - ok
10:42:34.0590 3812   winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:42:34.0746 3812   winachsf - ok
10:42:34.0761 3812   WinHttpAutoProxySvc - ok
10:42:34.0886 3812   Winmgmt (ac98f38feab066a8f983d54ff3f4fd4c) C:\Windows\system32\wbem\WMIsvc.dll
10:42:34.0933 3812   Winmgmt - ok
10:42:35.0058 3812   WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
10:42:35.0198 3812   WinRM - ok
10:42:35.0338 3812   Wlansvc (0a69955261c1b54206adc9beb89517de) C:\Windows\System32\wlansvc.dll
10:42:35.0432 3812   Wlansvc - ok
10:42:35.0619 3812   wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:42:35.0806 3812   wlidsvc - ok
10:42:35.0916 3812   WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:42:36.0009 3812   WmiAcpi - ok
10:42:36.0103 3812   wmiApSrv (d303322dd577c3deda1251ed2e7a496c) C:\Windows\system32\wbem\WmiApSrv.exe
10:42:36.0228 3812   wmiApSrv - ok
10:42:36.0274 3812   WMPNetworkSvc - ok
10:42:36.0368 3812   WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
10:42:36.0462 3812   WPCSvc - ok
10:42:36.0540 3812   WPDBusEnum (a27c8f92d84e2ddc151978e4692c978e) C:\Windows\system32\wpdbusenum.dll
10:42:36.0602 3812   WPDBusEnum - ok
10:42:36.0696 3812   WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
10:42:36.0805 3812   WpdUsb - ok
10:42:37.0023 3812   WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:42:37.0164 3812   WPFFontCache_v0400 - ok
10:42:37.0288 3812   ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
10:42:37.0366 3812   ws2ifsl - ok
10:42:37.0460 3812   wscsvc (cb8ea6d95949384925ccfca21cc6dfd8) C:\Windows\system32\wscsvc.dll
10:42:37.0554 3812   wscsvc - ok
10:42:37.0569 3812   WSearch - ok
10:42:37.0741 3812   wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
10:42:37.0975 3812   wuauserv - ok
10:42:38.0100 3812   WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:42:38.0193 3812   WUDFRd - ok
10:42:38.0271 3812   wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
10:42:38.0365 3812   wudfsvc - ok
10:42:38.0443 3812   MBR (0x1B8) (85d751f0e41b8e520aee8c07a8da777b) \Device\Harddisk0\DR0
10:42:38.0630 3812   \Device\Harddisk0\DR0 - ok
10:42:38.0630 3812   Boot (0x1200) (da5f0a608b91255515d10edb4e34a74e) \Device\Harddisk0\DR0\Partition0
10:42:38.0646 3812   \Device\Harddisk0\DR0\Partition0 - ok
10:42:38.0646 3812   Boot (0x1200) (e1ae511fa40e19491a079c21c0a44c22) \Device\Harddisk0\DR0\Partition1
10:42:38.0646 3812   \Device\Harddisk0\DR0\Partition1 - ok
10:42:38.0646 3812   ============================================================
10:42:38.0646 3812   Scan finished
10:42:38.0646 3812   ============================================================
10:42:38.0677 4556   Detected object count: 6
10:42:38.0677 4556   Actual detected object count: 6
10:43:02.0841 4556   HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:43:02.0841 4556   HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:43:02.0841 4556   IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:43:02.0841 4556   IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:43:02.0841 4556   LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
10:43:02.0841 4556   LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:43:02.0841 4556   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:43:02.0841 4556   Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:43:02.0841 4556   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:43:02.0841 4556   Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:43:02.0857 4556   Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:43:02.0857 4556   Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:44:00.0026 2412   Deinitialize success

1972vet · « **Reply #9 on:** April 20, 2012, 09:06:35 AM »

OK, thanks. That log looks good except it shows "ViewPoint" still aboard. Did you forget to uninstall it?
Please disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here.
...of those, many people overlook the Windows Defender since, for most, there is no icon for it in the system tray. Scroll through those directives above and look for this application specifically, to make certain it is disabled.

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista or Windows 7, you can skip the recovery console step...in Vista/7 it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista or Windows 7 installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall

chris222 · « **Reply #10 on:** April 20, 2012, 11:02:37 AM »

Combofix log

ComboFix 12-04-20.03 - Dusty 04/20/2012 12:25:08.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3837.2131 [GMT -4:00]
Running from: c:\users\Dusty\Desktop\ComboFix.exe
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-03-20 to 2012-04-20 )))))))))))))))))))))))))))))))
.
.
2012-04-20 16:49 . 2012-04-20 16:49   --------   d-----w-   c:\users\Public\AppData\Local\temp
2012-04-20 16:49 . 2012-04-20 16:49   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-04-20 14:40 . 2012-04-20 14:40   --------   d-----w-   c:\program files (x86)\Common Files\Java
2012-04-11 22:51 . 2012-04-20 13:01   --------   d-----r-   c:\users\Dusty\Dropbox
2012-04-11 22:49 . 2012-04-20 13:02   --------   d-----w-   c:\users\Dusty\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-20 14:39 . 2010-07-15 14:15   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-02-07 15:02 . 2012-02-07 15:02   1070352   ----a-w-   c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   94208   ----a-w-   c:\users\Dusty\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   94208   ----a-w-   c:\users\Dusty\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   94208   ----a-w-   c:\users\Dusty\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   94208   ----a-w-   c:\users\Dusty\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RunPUTasktray"="c:\program files (x86)\Hewlett-Packard\HP Printer Utility\HPPU.exe --regkeypath=Software\Hewlett-Packard\HP Printer Utility\HPPURun --valuename=InstallTTM" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-05-15 468264]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"PUStarter"="c:\program files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe" [2007-05-31 81920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Dusty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dusty\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
OneNote Table Of Contents.onetoc2 [2009-5-1 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_a02f3f3d\AESTSr64.exe

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 24030904
*NewlyCreated* - 36850087
*Deregistered* - 24030904
*Deregistered* - 36850087
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-20 c:\windows\Tasks\User_Feed_Synchronization-{A4D74A80-72DB-4313-863F-F60844CA25CC}.job
- c:\windows\system32\msfeedssync.exe [2011-06-17 04:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   97792   ----a-w-   c:\users\Dusty\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   97792   ----a-w-   c:\users\Dusty\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   97792   ----a-w-   c:\users\Dusty\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   97792   ----a-w-   c:\users\Dusty\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-17 1220392]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [2008-04-16 443392]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: doi.gov\www.itims
Trusted Zone: hp.com
TCP: DhcpNameServer = 24.247.15.53 24.247.24.53
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF}
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Dusty\AppData\Roaming\Mozilla\Firefox\Profiles\hhiopp9z.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-04-20 12:55:01
ComboFix-quarantined-files.txt 2012-04-20 16:55
ComboFix2.txt 2012-01-04 19:40
.
Pre-Run: 92,309,250,048 bytes free
Post-Run: 92,412,743,680 bytes free
.
- - End Of File - - 8896A773DA81E8C42A141C9CD452BF69

1972vet · « **Reply #11 on:** April 20, 2012, 04:25:54 PM »

Thanks! You need to remove these from your trusted zone:
Trusted Zone: doi.gov\www.itims
Trusted Zone: hp.com

...to do that, open "Internet Options" from within the control panel. Click the "Security" tab-->Trusted sites-->Sites button. Remove everything you find there inside the "Websites" window. Apply those changes and "OK" your way out to close the properties window...then close the control panel.

Please open a blank Notepad by clicking start-->run...Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated and tell me how that thing is behaving for you now. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

KILLALL::

registry::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@=-

reglock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

chris222 · « **Reply #12 on:** April 20, 2012, 08:16:14 PM »

New Combofix log:

ComboFix 12-04-20.03 - Dusty 04/20/2012 21:37:47.4.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3837.2385 [GMT -4:00]
Running from: c:\users\Dusty\Desktop\ComboFix.exe
Command switches used :: c:\users\Dusty\Desktop\CFScript.txt
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-21 to 2012-04-21 )))))))))))))))))))))))))))))))
.
.
2012-04-21 02:01 . 2012-04-21 02:01   --------   d-----w-   c:\users\Public\AppData\Local\temp
2012-04-21 02:01 . 2012-04-21 02:01   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-04-20 14:40 . 2012-04-20 14:40   --------   d-----w-   c:\program files (x86)\Common Files\Java
2012-04-11 22:51 . 2012-04-21 01:10   --------   d-----r-   c:\users\Dusty\Dropbox
2012-04-11 22:49 . 2012-04-21 01:13   --------   d-----w-   c:\users\Dusty\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-20 14:39 . 2010-07-15 14:15   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-02-23 14:18 . 2009-10-02 19:53   279656   ------w-   c:\windows\system32\MpSigStub.exe
2012-02-07 15:02 . 2012-02-07 15:02   1070352   ----a-w-   c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-20_16.50.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-04-21 02:04   67756 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 15:45 . 2012-04-20 13:02   98078 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-04-21 02:04   98078 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-07 16:12 . 2012-04-21 02:04   23874 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761156235-3440034662-1086303164-1000_UserData.bin
+ 2008-09-12 08:13 . 2012-04-20 19:11   16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-12 08:13 . 2012-04-20 00:13   16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-12 08:13 . 2012-04-20 19:11   32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-12 08:13 . 2012-04-20 00:13   32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-12 08:13 . 2012-04-20 19:11   16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-12 08:13 . 2012-04-20 00:13   16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-21 02:02 . 2012-04-21 02:02   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-20 13:00 . 2012-04-20 13:00   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-20 13:00 . 2012-04-20 13:00   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-21 02:02 . 2012-04-21 02:02   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2006-11-02 12:46 . 2012-04-20 13:08   604502 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-04-21 01:17   604502 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-04-20 13:08   104170 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-04-21 01:17   104170 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   94208   ----a-w-   c:\users\Dusty\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   94208   ----a-w-   c:\users\Dusty\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   94208   ----a-w-   c:\users\Dusty\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   94208   ----a-w-   c:\users\Dusty\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RunPUTasktray"="c:\program files (x86)\Hewlett-Packard\HP Printer Utility\HPPU.exe --regkeypath=Software\Hewlett-Packard\HP Printer Utility\HPPURun --valuename=InstallTTM" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-05-15 468264]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"PUStarter"="c:\program files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\Appinterfaces\HPPUDS.exe" [2007-05-31 81920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Dusty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dusty\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
OneNote Table Of Contents.onetoc2 [2009-5-1 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_a02f3f3d\AESTSr64.exe

.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-21 c:\windows\Tasks\User_Feed_Synchronization-{A4D74A80-72DB-4313-863F-F60844CA25CC}.job
- c:\windows\system32\msfeedssync.exe [2011-06-17 04:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   97792   ----a-w-   c:\users\Dusty\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   97792   ----a-w-   c:\users\Dusty\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   97792   ----a-w-   c:\users\Dusty\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58   97792   ----a-w-   c:\users\Dusty\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-17 1220392]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [2008-04-16 443392]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: hp.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF}
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Dusty\AppData\Roaming\Mozilla\Firefox\Profiles\hhiopp9z.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\SMINST\BLService.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Viewpoint\Common\ViewpointService.exe
c:\program files (x86)\Hewlett-Packard\HP Printer Utility\HPPU.exe
c:\program files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDH.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
.
**************************************************************************
.
Completion time: 2012-04-20 22:12:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-21 02:12
ComboFix2.txt 2012-04-20 16:55
ComboFix3.txt 2012-01-04 19:40
.
Pre-Run: 92,198,498,304 bytes free
Post-Run: 92,016,308,224 bytes free
.
- - End Of File - - 0780EE6225DAEF1A7FF0385C8C451E9D

1972vet · « **Reply #13 on:** April 21, 2012, 02:19:39 AM »

How's that thing running now?

chris222 · « **Reply #14 on:** April 22, 2012, 06:00:17 PM »

It seems to be running better. Thanks for the help! Is there anything else I need to do?

News:

Author Topic: [Resolved] Paging 1972vet. suspected virus in svchost.exe (Read 1224 times)

chris222

[Resolved] Paging 1972vet. suspected virus in svchost.exe

1972vet

Re: [Resolved] Paging 1972vet. suspected virus in svchost.exe

chris222

Re: [Resolved] Paging 1972vet. suspected virus in svchost.exe

1972vet

Re: [Resolved] Paging 1972vet. suspected virus in svchost.exe

chris222

Re: [Resolved] Paging 1972vet. suspected virus in svchost.exe

chris222

Re: [Resolved] Paging 1972vet. suspected virus in svchost.exe

1972vet

Re: [Resolved] Paging 1972vet. suspected virus in svchost.exe

chris222

Re: [Resolved] Paging 1972vet. suspected virus in svchost.exe

chris222

Re: [Resolved] Paging 1972vet. suspected virus in svchost.exe

1972vet

Re: [Resolved] Paging 1972vet. suspected virus in svchost.exe

chris222

Re: [Resolved] Paging 1972vet. suspected virus in svchost.exe

1972vet

Re: [Resolved] Paging 1972vet. suspected virus in svchost.exe

chris222

Re: [Resolved] Paging 1972vet. suspected virus in svchost.exe

1972vet

Re: [Resolved] Paging 1972vet. suspected virus in svchost.exe

chris222

Re: [Resolved] Paging 1972vet. suspected virus in svchost.exe