# Win 32: RLoader-B Virus



## Zello (Mar 22, 2012)

Hello all,

I'm hoping that I can get some sort of help as my laptop has a virus that has rendered IE7 incapable of going online. Every time that I attempt to open it a window opens and freezes and I get messages like AppHangProc and the like. I've run Avast and it tells me that the computer is infected by Win32:RLoader-B. Avast won't delete this virus and my computer is all but useless for accessing the internet. 

I've read the sticky regarding the Hijackthis and GMER scans but, as my computer won't go online, are there portable versions of these scans that I could download onto a flash drive and then upload onto the laptop, or perhaps someone here knows of a way to circumvent the IE7 issue I'm having. Your help would be greatly appreciated.

If it helps I'm running Windows Vista (2007 version I think) on an HP laptop.


----------



## kevinf80 (Mar 21, 2006)

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

*Link 1*
*Link 2*


 Save Combofix to a USB stick, transfer directly to the Desktop of the sick PC * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available *Here* if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available *Here* if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read *Here* why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin


----------



## Zello (Mar 22, 2012)

Thank you, Kevin. I ran the scan and the results are pasted below. New problem, though--now when I start up the computer, it won't go to the desktop page, instead I get the following message: 
"The Server is not responding properly. Verify that Credential Manager Server is properly installed on the target server". I have no password on the computer and even went into Safe Mode and opened My Computer and went into computer name settings properties to ensure that there was no password set and still cannot get to the desktop in 'normal' mode. Any help there as well as with the Win32 bug?

As requested, the ComboFix Log:

ComboFix 12-03-22.01 - HO 03/24/2012 4:53.4.2 - x86 MINIMAL
Microsoft® Windows Vista Business 6.0.6000.0.1252.1.1033.18.1407.937 [GMT -5:00]
Running from: I:\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-24 to 2012-03-24 )))))))))))))))))))))))))))))))
.
.
2012-03-24 10:07 . 2012-03-24 10:07 -------- d-----w- c:\users\Recent\AppData\Local\temp
2012-03-24 10:07 . 2012-03-24 10:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-24 10:07 . 2012-03-24 10:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-24 10:07 . 2012-03-24 10:07 -------- d-----w- c:\users\Cookies\AppData\Local\temp
2012-03-24 10:07 . 2012-03-24 10:07 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-03-09 00:05 . 2012-03-09 00:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 19:26 . 2009-10-23 17:54 713728 ----a-w- c:\windows\system32\timedate.cpl
2012-03-07 19:26 . 2007-08-29 03:06 542720 ----a-w- c:\windows\system32\sysmain.dll
2012-03-07 19:26 . 2007-08-31 02:17 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2012-03-07 19:24 . 2007-09-11 02:20 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2012-03-07 19:24 . 2007-12-16 22:50 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-03-07 19:24 . 2007-12-16 09:56 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2012-03-07 19:22 . 2008-08-28 03:24 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-03-07 19:22 . 2008-08-28 03:24 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-03-07 19:22 . 2008-08-28 03:24 347136  ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-03-07 19:21 . 2009-08-29 03:41 1686528 ----a-w- c:\windows\system32\gameux.dll
2012-03-07 19:21 . 2009-08-29 03:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-03-07 19:21 . 2009-08-28 23:31 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-03-07 19:16 . 2007-06-27 02:21 1984512 ----a-w- c:\windows\system32\authui.dll
2012-03-07 19:16 . 2007-06-26 02:51 220160 ----a-w- c:\windows\system32\ntprint.dll
2012-03-07 19:16 . 2007-07-13 02:20 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2012-03-07 19:16 . 2007-06-19 00:48 320000 ----a-w- c:\windows\system32\drivers\csc.sys
2012-03-07 19:16 . 2007-05-24 02:25 69632 ----a-w- c:\windows\system32\sendmail.dll
2012-03-07 19:16 . 2007-06-19 02:09 105984 ----a-w- c:\windows\system32\CscMig.dll
2012-03-07 19:16 . 2007-06-26 02:49 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-03-07 19:16 . 2007-06-26 02:49 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2012-03-07 19:16 . 2007-06-26 02:21 61440 ----a-w- c:\windows\system32\ntprint.exe
2012-03-07 19:15 . 2010-01-25 12:58 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2012-03-07 19:15 . 2010-01-25 12:58 472576 ----a-w- c:\windows\system32\secproc.dll
2012-03-07 19:15 . 2010-01-25 08:36 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-03-07 19:15 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-03-07 19:15 . 2010-01-25 08:36 515584 ----a-w- c:\windows\system32\RMActivate.exe
2012-03-07 19:15 . 2010-01-25 08:36 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-03-07 19:15 . 2010-01-25 12:58 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-03-07 19:15 . 2010-01-25 12:58 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-03-07 19:15 . 2010-01-25 12:56 312320 ----a-w- c:\windows\system32\msdrm.dll
2012-03-07 19:14 . 2007-04-28 02:15 82432 ----a-w- c:\windows\system32\drivers\sdbus.sys
2012-03-07 19:14 . 2007-05-04 00:31 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2012-03-07 19:14 . 2008-10-21 05:16 1645568 ----a-w- c:\windows\system32\connect.dll
2012-03-07 19:07 . 2009-09-10 15:29 1418240 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2012-03-07 19:07 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2012-03-07 19:07 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2012-03-07 19:07 . 2009-09-10 15:29 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2012-03-07 19:07 . 2009-09-10 15:29 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2012-03-07 19:07 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\msdxm.ocx
2012-03-07 19:07 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2012-03-07 19:07 . 2009-09-10 15:29 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2012-03-07 19:07 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2012-02-25 14:41 . 2012-02-25 14:42 -------- d-----w- c:\users\HO\AppData\Roaming\QuickScan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2010-07-02 19:24 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2010-02-15 22:49 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-06-29 08:36 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2010-02-15 22:49 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2010-02-15 22:50 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2010-02-15 22:49 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2010-02-15 22:49 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2010-02-15 22:49 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.

```
<pre>
c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_scheduler .exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr .exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\qlbctrl .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\hpwamain .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\wifimsg .exe
c:\program files\Hp\HP Software Update\hpwuschd2 .exe
c:\program files\InterVideo\DVD Check\dvdcheck  .exe
c:\program files\Java\jre1.6.0\bin\jusched .exe
c:\program files\Microsoft Office\Office12\groovemonitor .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\Spybot - Search & Destroy\teatimer .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
</pre>
```
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-22 1183744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [N/A]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-23 17920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - ECACHE
*Deregistered* - comHost
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec [N/A]
.
Contents of the 'Scheduled Tasks' folder
.
2010-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 11:30]
.
2012-03-24 c:\windows\Tasks\User_Feed_Synchronization-{C0A5A614-1576-473C-A611-ABA1301A013C}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
mStart Page = hxxp://www.hp.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-24 05:09
Windows 6.0.6000 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vhexpmfvpeqtpcj]
"imagepath"="\??\c:\windows\TEMP\BBE7.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-24 05:15:53
ComboFix-quarantined-files.txt 2012-03-24 10:15
ComboFix2.txt 2010-02-20 05:55
.
Pre-Run: 1,297,727,488 bytes free
Post-Run: 1,892,134,912 bytes free
.
- - End Of File - - 054E36B4DCF888917947E1C7900C3BD8


----------



## Zello (Mar 22, 2012)

Okay, I've found a way around a credential manager to get back to the desktop. Will await feedback on the log I've posted. Thank you.


----------



## kevinf80 (Mar 21, 2006)

Why did you run Combofix from I:\drive? I asked you to transfer to and run from the Desktop.....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the Codebox below into it:


```
KillAll::
ClearJavaCache::
File::
c:\windows\TEMP\BBE7.tmp
RenV::
c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_scheduler .exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr .exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\qlbctrl .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\hpwamain .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\wifimsg .exe
c:\program files\Hp\HP Software Update\hpwuschd2 .exe
c:\program files\InterVideo\DVD Check\dvdcheck  .exe
c:\program files\Java\jre1.6.0\bin\jusched .exe
c:\program files\Microsoft Office\Office12\groovemonitor .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\Spybot - Search & Destroy\teatimer .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vhexpmfvpeqtpcj]
```
Save this as *CFScript.txt*, and as Type: *All Files* *(*.*)* *in the same location as ComboFix.exe*



















Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.


----------



## Zello (Mar 22, 2012)

Kevin,

I'd run it from the flash drive when I couldn't get the version I'd saved from the flash to the desktop (I realize now that I'd actually saved a shortcut to the flash drive instead--simpleminded, true, but I've registered on here as a beginner, n'est pas?). At any rate, IE7 is now working on my laptop and I went and directly downloaded ComboFix to my desktop and ran it. Hope that was okay. Here is the log below. Thanks again and I await further notice.

ComboFix 12-03-22.01 - HO 03/24/2012 21:34:13.5.2 - x86
Microsoft® Windows Vista Business 6.0.6000.0.1252.1.1033.18.1407.736 [GMT -5:00]
Running from: c:\users\HO\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))
.
.
2012-03-25 02:46 . 2012-03-25 02:46 -------- d-----w- c:\users\Recent\AppData\Local\temp
2012-03-25 02:46 . 2012-03-25 02:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-25 02:46 . 2012-03-25 02:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-25 02:46 . 2012-03-25 02:46 -------- d-----w- c:\users\Cookies\AppData\Local\temp
2012-03-25 02:46 . 2012-03-25 02:46 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-03-09 00:05 . 2012-03-09 00:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 19:26 . 2009-10-23 17:54 713728 ----a-w- c:\windows\system32\timedate.cpl
2012-03-07 19:26 . 2007-08-29 03:06 542720 ----a-w- c:\windows\system32\sysmain.dll
2012-03-07 19:26 . 2007-08-31 02:17 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2012-03-07 19:24 . 2007-09-11 02:20 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2012-03-07 19:24 . 2007-12-16 22:50 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-03-07 19:24 . 2007-12-16 09:56 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2012-03-07 19:22 . 2008-08-28 03:24 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-03-07 19:22 . 2008-08-28 03:24 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-03-07 19:22 . 2008-08-28 03:24 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-03-07 19:21 . 2009-08-29 03:41 1686528 ----a-w- c:\windows\system32\gameux.dll
2012-03-07 19:21 . 2009-08-29 03:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-03-07 19:21 . 2009-08-28 23:31 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-03-07 19:16 . 2007-06-27 02:21 1984512 ----a-w- c:\windows\system32\authui.dll
2012-03-07 19:16 . 2007-06-26 02:51 220160 ----a-w- c:\windows\system32\ntprint.dll
2012-03-07 19:16 . 2007-07-13 02:20 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2012-03-07 19:16 . 2007-06-19 00:48 320000 ----a-w- c:\windows\system32\drivers\csc.sys
2012-03-07 19:16 . 2007-05-24 02:25 69632 ----a-w- c:\windows\system32\sendmail.dll
2012-03-07 19:16 . 2007-06-19 02:09 105984 ----a-w- c:\windows\system32\CscMig.dll
2012-03-07 19:16 . 2007-06-26 02:49 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-03-07 19:16 . 2007-06-26 02:49 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2012-03-07 19:16 . 2007-06-26 02:21 61440 ----a-w- c:\windows\system32\ntprint.exe
2012-03-07 19:15 . 2010-01-25 12:58 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2012-03-07 19:15 . 2010-01-25 12:58 472576 ----a-w- c:\windows\system32\secproc.dll
2012-03-07 19:15 . 2010-01-25 08:36 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-03-07 19:15 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-03-07 19:15 . 2010-01-25 08:36 515584 ----a-w- c:\windows\system32\RMActivate.exe
2012-03-07 19:15 . 2010-01-25 08:36 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-03-07 19:15 . 2010-01-25 12:58 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-03-07 19:15 . 2010-01-25 12:58 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-03-07 19:15 . 2010-01-25 12:56 312320 ----a-w- c:\windows\system32\msdrm.dll
2012-03-07 19:14 . 2007-04-28 02:15 82432 ----a-w- c:\windows\system32\drivers\sdbus.sys
2012-03-07 19:14 . 2007-05-04 00:31 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2012-03-07 19:14 . 2008-10-21 05:16 1645568 ----a-w- c:\windows\system32\connect.dll
2012-03-07 19:07 . 2009-09-10 15:29 1418240 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2012-03-07 19:07 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2012-03-07 19:07 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2012-03-07 19:07 . 2009-09-10 15:29 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2012-03-07 19:07 . 2009-09-10 15:29 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2012-03-07 19:07 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\msdxm.ocx
2012-03-07 19:07 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2012-03-07 19:07 . 2009-09-10 15:29 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2012-03-07 19:07 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2012-02-25 14:41 . 2012-02-25 14:42 -------- d-----w- c:\users\HO\AppData\Roaming\QuickScan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2010-07-02 19:24 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2010-02-15 22:49 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-06-29 08:36 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2010-02-15 22:49 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2010-02-15 22:50 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2010-02-15 22:49 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2010-02-15 22:49 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2010-02-15 22:49 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.

```
<pre>
c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_scheduler .exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr .exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\qlbctrl .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\hpwamain .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\wifimsg .exe
c:\program files\Hp\HP Software Update\hpwuschd2 .exe
c:\program files\InterVideo\DVD Check\dvdcheck  .exe
c:\program files\Java\jre1.6.0\bin\jusched .exe
c:\program files\Microsoft Office\Office12\groovemonitor .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\Spybot - Search & Destroy\teatimer .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
</pre>
```
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-22 1183744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [N/A]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-23 17920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*Deregistered* - comHost
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec [N/A]
.
Contents of the 'Scheduled Tasks' folder
.
2010-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 11:30]
.
2012-03-25 c:\windows\Tasks\User_Feed_Synchronization-{C0A5A614-1576-473C-A611-ABA1301A013C}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
mStart Page = hxxp://www.hp.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-24 21:46
Windows 6.0.6000 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vhexpmfvpeqtpcj]
"imagepath"="\??\c:\windows\TEMP\BBE7.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-24 21:52:36
ComboFix-quarantined-files.txt 2012-03-25 02:52
ComboFix2.txt 2012-03-24 10:15
ComboFix3.txt 2010-02-20 05:55
.
Pre-Run: 146,255,872 bytes free
Post-Run: 456,966,144 bytes free
.
- - End Of File - - 28768D9CFCDC56C8F13AB0683362A816


----------



## kevinf80 (Mar 21, 2006)

Yep that is OK, to run CF again. The Vundo infection is still there so we can do the fix again as follows....

*Step 1*

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the Codebox below into it:


```
KillAll::
ClearJavaCache::
File::
c:\windows\TEMP\BBE7.tmp
RenV::
c:\program files\Adobe\Reader 8.0\Reader\reader_sl .exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_scheduler .exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr .exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\qlbctrl .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\hpwamain .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\wifimsg .exe
c:\program files\Hp\HP Software Update\hpwuschd2 .exe
c:\program files\InterVideo\DVD Check\dvdcheck  .exe
c:\program files\Java\jre1.6.0\bin\jusched .exe
c:\program files\Microsoft Office\Office12\groovemonitor .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\Spybot - Search & Destroy\teatimer .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vhexpmfvpeqtpcj]
```
Save this as *CFScript.txt*, and as Type: *All Files* *(*.*)* in the same location as ComboFix.exe



















Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

*Step 2*








Please download *Malwarebytes* Anti-Malware and save it to your desktop.
*Alernative D/L mirror*
*Alternative D/L mirror*

Double Click mbam-setup.exe to install the application.

 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Quick Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
 Please save the log to a location you will remember.
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

*Step 3*

Run this online Quickscan by BitDefender, available here http://quickscan.bitdefender.com/# hit the Scan Now tab, when finished there is an option to "view report" do that, Hover your cursor over "view report" and it will open, copy and paste to next reply....

Let me see those 3 logs in your reply,

Nous avons tous commencer comme les débutants

Kevin


----------



## Zello (Mar 22, 2012)

Kevin,

I'd run it via dragging the codebox into combofix last night before going to bed and the log will be posted first below. I also ran the Malwarebytes and bitdefender scans. Everything seems to be working now except that I can't search via Google (hadn't tried another browser) when Avast is up and running. Is it possible that I have too many shields up? Thanks for all your help and as to your last comment, it seems as if it were never more true than in my case.

ComboFix 12-03-22.01 - HO 03/24/2012 22:48:11.6.2 - x86
Microsoft® Windows Vista Business 6.0.6000.0.1252.1.1033.18.1407.746 [GMT -5:00]
Running from: c:\users\HO\Desktop\ComboFix.exe
Command switches used :: c:\users\HO\Desktop\CFScript.txt
* Created a new restore point
.
FILE ::
"c:\windows\TEMP\BBE7.tmp"
.
.
((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 23:15 . 2010-07-02 19:24 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2010-02-15 22:49 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-06-29 08:36 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2010-02-15 22:49 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2010-02-15 22:50 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2010-02-15 22:49 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2010-02-15 22:49 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2010-02-15 22:49 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-22 1183744]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-23 17920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*Deregistered* - comHost
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2010-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 11:30]
.
2012-03-25 c:\windows\Tasks\User_Feed_Synchronization-{C0A5A614-1576-473C-A611-ABA1301A013C}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
mStart Page = hxxp://www.hp.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_ActiveSetup-ccc-core-static - msiexec
.
.
.
**************************************************************************
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-24 23:45:36 - machine was rebooted
.
Pre-Run: 159,055,872 bytes free
Post-Run: 1,768,431,616 bytes free
.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.25.01
Windows Vista x86 NTFS
Internet Explorer 7.0.6000.17037
HO :: QUILOMBO-PC [administrator]
3/25/2012 6:06:19 AM
mbam-log-2012-03-25 (06-06-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217419
Time elapsed: 10 minute(s), 10 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

QuickScan 32-bit v0.9.9.113
---------------------------
Scan date: Sun Mar 25 06:36:28 2012
Machine ID: 3EF04181

No infection found.
-------------------

Processes
---------
APO Access Service (32-bit) 808 C:\Windows\System32\AEADISRV.EXE
avast! Antivirus 1892 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
avast! Antivirus 3340 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
Microsoft® Windows® Operating System 2496 C:\Windows\System32\rundll32.exe
Microsoft® Windows® Operating System 3568 C:\Windows\System32\rundll32.exe
Microsoft® Windows® Operating System 3836 C:\Windows\System32\rundll32.exe
SMax4PNP Application 3492 C:\Program Files\Analog Devices\Core\smax4pnp.exe
(verified) ATI External Event Utility for Windows 964 C:\Windows\System32\Ati2evxx.exe
(verified) ATI External Event Utility for Windows 1652 C:\Windows\System32\Ati2evxx.exe
(verified) Cognizance Identity Manager 3712 C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
(verified) ComcastAntiSpy.exe 2060 C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
(verified) GrooveMonitor Utility 3468 C:\Program Files\Microsoft Office\Office12\groovemonitor.exe
(verified) LightScribe 1904 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(verified) Microsoft® Windows® Operating System 3008 C:\Program Files\Windows Media Player\wmpnetwk.exe
(verified) Microsoft® Windows® Operating System 3528 C:\Program Files\Windows Media Player\wmpnscfg.exe
(verified) Microsoft® Windows® Operating System 1724 C:\Program Files\Windows Sidebar\sidebar.exe
(verified) Microsoft® Windows® Operating System 1384 C:\Program Files\Windows Sidebar\sidebar.exe
(verified) Microsoft® Windows® Operating System 3692 C:\Windows\explorer.exe
(verified) Microsoft® Windows® Operating System 528 C:\Windows\System32\csrss.exe
(verified) Microsoft® Windows® Operating System 588 C:\Windows\System32\csrss.exe
(verified) Microsoft® Windows® Operating System 3632 C:\Windows\System32\dwm.exe
(verified) Microsoft® Windows® Operating System 632 C:\Windows\System32\lsass.exe
(verified) Microsoft® Windows® Operating System 640 C:\Windows\System32\lsm.exe
(verified) Microsoft® Windows® Operating System 2272 C:\Windows\System32\SearchIndexer.exe
(verified) Microsoft® Windows® Operating System 620 C:\Windows\System32\services.exe
(verified) Microsoft® Windows® Operating System 1300 C:\Windows\System32\SLsvc.exe
(verified) Microsoft® Windows® Operating System 428 C:\Windows\System32\smss.exe
(verified) Microsoft® Windows® Operating System 1992 C:\Windows\System32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 824 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2024 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2064 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2108 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2120 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2144 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2196 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1768 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1320 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1232 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1080 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1068 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1460 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1024 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 916 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 884 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 3116 C:\Windows\System32\taskeng.exe
(verified) Microsoft® Windows® Operating System 3596 C:\Windows\System32\taskeng.exe
(verified) Microsoft® Windows® Operating System 576 C:\Windows\System32\wininit.exe
(verified) Microsoft® Windows® Operating System 712 C:\Windows\System32\winlogon.exe
(verified) Microsoft® Windows® Operating System 2688 C:\Windows\System32\wuauclt.exe
(verified) SoftK56 Modem Driver 2440 C:\Windows\System32\drivers\XAudio.exe
(verified) Symantec Security Technologies 1788 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(verified) Windows® Internet Explorer 3544 C:\Program Files\Internet Explorer\iexplore.exe

Network activity
----------------
Process AvastSvc.exe (1892) connected on port 80 (HTTP) --> 72.5.58.54
Process iexplore.exe (3544) connected on port 80 (HTTP) --> 74.125.227.27
Process iexplore.exe (3544) connected on port 80 (HTTP) --> 74.125.227.155
Process iexplore.exe (3544) connected on port 80 (HTTP) --> 74.125.227.27
Process iexplore.exe (3544) connected on port 80 (HTTP) --> 184.30.15.139
Process iexplore.exe (3544) connected on port 80 (HTTP) --> 23.3.68.99
Process iexplore.exe (3544) connected on port 80 (HTTP) --> 64.125.87.101
Process wininit.exe (576) listens on ports: 49152 (RPC)
Process services.exe (620) listens on ports: 49161 (RPC)
Process lsass.exe (632) listens on ports: 49155 (RPC)
Process svchost.exe (916) listens on ports: 135 (RPC)
Process svchost.exe (1024) listens on ports: 49153 (RPC)
Process svchost.exe (1080) listens on ports: 49156 (RPC)
Process svchost.exe (1320) listens on ports: 49154 (RPC)

Autoruns and critical files
---------------------------
Malwarebytes Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
SMax4PNP Application C:\Program Files\Analog Devices\Core\smax4pnp.exe
(verified) Cognizance Identity and Access Manageme c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll
(verified) ComcastAntiSpy.exe  C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) GrooveMonitor Utility C:\Program Files\Microsoft Office\Office12\groovemonitor.exe
(verified) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
(verified) hp digital imaging - hp all-in-one seri C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
(verified) Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\wmpnscfg.exe
(verified) Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
(verified) Microsoft® Windows® Operating System C:\Windows\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Windows® Internet Explorer C:\Windows\system32\msfeedssync.exe
(verified) Windows® Internet Explorer C:\Windows\system32\webcheck.dll

Browser plugins
---------------
avast! WebRep c:\program files\alwil software\avast5\aswwebrepie.dll
Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
(verified) Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
(verified) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\isusweb.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\wshbth.dll
(verified) Norton Confidential c:\program files\common files\symantec shared\coshared\browser\1.0\uibho.dll
(verified) QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.5 (861) C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(verified) Windows Presentation Foundation C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
(verified) Windows® Internet Explorer C:\Windows\system32\ieframe.dll

Missing files
-------------
File not found: C:\Windows\system32\SSBRAN~1.SCR
--> HKCU\Control Panel\Desktop\"SCRNSAVE.EXE"
File not found: c:\program files\xfin_portal\auxi\comcastau.dll
--> HKLM\Software\Classes\CLSID\{bb46be07-13eb-4c49-b0f0-fc78b9ea4983}\InprocServer32\"(default)"

Scan
----
MD5: 53f02d0b63c0581cc75b59feb8727868 C:\Program Files\Alwil Software\Avast5\1033\Base.dll
MD5: e4483e1ad553b637fff75270db6ceab3 C:\Program Files\Alwil Software\Avast5\1033\UILangRes.dll
MD5: c7cec19606f6c6bcef7dbd5056f93724 C:\Program Files\Alwil Software\Avast5\Aavm4h.dll
MD5: b678403bb3864b7288676764d9f3bd05 C:\Program Files\Alwil Software\Avast5\AavmRpch.dll
MD5: 5fa711c78fceb7ba5f34c31ade5707ae C:\Program Files\Alwil Software\Avast5\AhResBhv.dll
MD5: 710d1e35c7904f5b39fe46348dcf1141 C:\Program Files\Alwil Software\Avast5\AhResJs.dll
MD5: 9ad0825d4e06e4059d4b60656cdeb2b5 C:\Program Files\Alwil Software\Avast5\AhResMai.dll
MD5: 5c1d7208e37719966fdc447d135eeadd C:\Program Files\Alwil Software\Avast5\AhResMes.dll
MD5: 51a5228a3a5888c916f3df20075a0873 C:\Program Files\Alwil Software\Avast5\AhResNS.dll
MD5: 0fd1252cb6091d4b2c4da60bcaed8e7a C:\Program Files\Alwil Software\Avast5\AhResP2P.dll
MD5: bb3972c96fc1feceeca79e81433e6be1 C:\Program Files\Alwil Software\Avast5\AhResStd.dll
MD5: 0e6bc5d5ebe89ca95d29963de785277a C:\Program Files\Alwil Software\Avast5\AhResWS.dll
MD5: 23f655904edbe354cacec16148073d1c C:\Program Files\Alwil Software\Avast5\ashBase.dll
MD5: 1b34989ddfd77861d3bfc7bdb0ae45ea C:\Program Files\Alwil Software\Avast5\ashServ.dll
MD5: 751c5383f3995f6d6b3fa24ef89c9446 C:\Program Files\Alwil Software\Avast5\ashShell.dll
MD5: 309391d362fa6036f92919cda11957f7 C:\Program Files\Alwil Software\Avast5\ashTask.dll
MD5: 9765a954bc96d5444a55aacbac91a7c4 C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll
MD5: 90111518c52523789635e09d80c53584 C:\Program Files\Alwil Software\Avast5\aswAra.dll
MD5: 0b8c72a9be02f1f1c6d2876b78f270ad C:\Program Files\Alwil Software\Avast5\aswAux.dll
MD5: 153c55e9f84bf079a276c0d350806dc5 C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll
MD5: c1101c9f70c136106c80c7de073a7801 C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll
MD5: d07f23592281202d8f0bed99dfaf3db2 C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll
MD5: a43709d69b819285970de820d3ce0df4 C:\Program Files\Alwil Software\Avast5\aswData.dll
MD5: aa8b84990d8605565c31daca9903067e C:\Program Files\Alwil Software\Avast5\aswDld.dll
MD5: c0c17ab13efe021d09e278e127560944 C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll
MD5: 172c234f9c72a9bb2c939851acad734b C:\Program Files\Alwil Software\Avast5\aswIdle.dll
MD5: b5b3db22e559bfd2f970a8d8f5ae9275 C:\Program Files\Alwil Software\Avast5\aswJsFlt.dll
MD5: 0bf206e2eac174e9b607fb90930c2477 C:\Program Files\Alwil Software\Avast5\aswLog.dll
MD5: a21f1d4883777c8f2b918b9a33988f52 C:\Program Files\Alwil Software\Avast5\aswProperty.dll
MD5: a218dc737865366494df73601a7b4626 C:\Program Files\Alwil Software\Avast5\aswSqLt.dll
MD5: 7d634bb1b2bc4249e0e00ef39ddd5aab C:\Program Files\Alwil Software\Avast5\aswStrm.dll
MD5: 0db949d42fc8b02cee4fd2a32f9b0910 C:\Program Files\Alwil Software\Avast5\aswUtil.dll
MD5: 1d55d89c711cddc0ddff4665656e13f8 c:\program files\alwil software\avast5\aswwebrepie.dll
MD5: 589c49cebf5b5f0a45810f80c35f358d C:\Program Files\Alwil Software\Avast5\AvastGUIProxy.dll
MD5: 4041d31508a2a084dfb42c595854090f C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
MD5: 782fef655dbf8653c9f2722bebf7a8a6 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
MD5: 5de753d819b3ed72bfb9ce4c57d3d047 C:\Program Files\Alwil Software\Avast5\CommonRes.dll
MD5: 9823e1779eb97ada2bb2b01412fe8377 C:\Program Files\Alwil Software\Avast5\defs\12032401\algo.dll
MD5: cac074d89b94d80cea752a814d2ce9a2 C:\Program Files\Alwil Software\Avast5\defs\12032401\aswCmnBS.dll
MD5: f400fcee6ff5594d36d1ccf6be2bef77 C:\Program Files\Alwil Software\Avast5\defs\12032401\aswCmnIS.dll
MD5: 1d9b569b0bcac111e4dab7d9cec86cba C:\Program Files\Alwil Software\Avast5\defs\12032401\aswCmnOS.dll
MD5: 4bad48f68ef88e69d36304792e51b299 C:\Program Files\Alwil Software\Avast5\defs\12032401\aswEngin.dll
MD5: 8ebd34fadf90782c3a1b77104c463dc4 C:\Program Files\Alwil Software\Avast5\defs\12032401\aswRep.dll
MD5: 7bacb32fdc0da79536b16ea38d1604e1 C:\Program Files\Alwil Software\Avast5\defs\12032401\aswScan.dll
MD5: e0e3a3b9f7b630a99e0dd2a7af514331 C:\Program Files\Alwil Software\Avast5\defs\12032401\uiExt.dll
MD5: 026c3bd6f2f2fdc676eced82062c9f47 C:\Program Files\Alwil Software\Avast5\snxhk.dll
MD5: 5616e23703ddbb615d41923d0768be84 C:\Program Files\Analog Devices\Core\smax4pnp.exe
MD5: f7c6a18f932ca00ce6179701fad08418 C:\Program Files\Analog Devices\Core\SMWDMIF.dll
MD5: 2e68b7ccf979733d8672c54de86e4bca C:\Program Files\Common Files\Symantec Shared\SubmissionEngine\SUBCONN.dll
MD5: a76efc0767acbe3ad7b0fc30905d92d8 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
MD5: 60d0647a2dc2d397b84d0afb0808f85d C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
MD5: d26acbfbbfe3ce1cd760bc78049601d7 C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
MD5: 5fdd0cf1c1fd6172e67577b7f4259916 C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.loc
MD5: 5aef652e978418e7554c09c6706b1fe1 C:\Windows\AppPatch\AcLayers.DLL
MD5: ebc89d1526dc72917d4421551656c54e C:\Windows\Downloaded Program Files\qsax.dll
MD5: 12d23758621b00b8d3134095ec3325fd C:\Windows\System32\AEADISRV.EXE
MD5: 501956fa7ff3e5277beb396e4f5c6f23 C:\Windows\system32\authui.dll
MD5: dc45739bc22d528d2b3e50d3f6761750 C:\Windows\system32\dhcpcsvc.DLL
MD5: b1143be81dd6ae13943b806261ce91a0 C:\Windows\system32\dhcpcsvc6.DLL
MD5: 032c90ad677bf7b7a8013d6087c7a921 c:\windows\system32\dps.dll
MD5: 84fc6df81212d16be5c4f441682feccc C:\Windows\system32\drivers\acpi.sys
MD5: fb9ece3f7b8a03e474e611031ad4cd23 C:\Windows\system32\drivers\ADIHdAud.sys
MD5: 6693141560b1615d8dccf0d8eb00087e C:\Windows\system32\drivers\aswMonFlt.sys
MD5: b35cfcef838382ab6490b321c87edf17 C:\Windows\system32\drivers\atapi.sys
MD5: ed97ad3df1b9005989eaf149bf06c821 C:\Windows\system32\DRIVERS\CmBatt.sys
MD5: 722936afb75a7f509662b69b5632f48a C:\Windows\system32\DRIVERS\compbatt.sys
MD5: ee95a5f89766f199557e5900ce6b2d7d C:\Windows\system32\drivers\csc.sys
MD5: 334988883de69adb27e2cf9f9715bbdb C:\Windows\System32\drivers\dxgkrnl.sys
MD5: 0db613a7e427b5663563677796fd5258 C:\Windows\system32\DRIVERS\HDAudBus.sys
MD5: 7446e104a5fe5987ca9e4983fbac4f97 C:\Windows\system32\DRIVERS\monitor.sys
MD5: 81659cdcbd0f9a9e07e6878ad8c78d3f C:\Windows\system32\DRIVERS\ndistapi.sys
MD5: 6da4a0fc7c0e83df0cb3cfd0a514c3bc C:\Windows\system32\DRIVERS\nwifi.sys
MD5: 2c8bae55247c4e09352e870292e4d1ab C:\Windows\system32\DRIVERS\pacer.sys
MD5: caba65e9c41cd2900d4c92d4f825c5f8 C:\Windows\system32\drivers\pciide.sys
MD5: 7b3973cc28b8aa3e9e2e5d53e720e2c9 C:\Windows\system32\DRIVERS\sdbus.sys
MD5: b0ba9caffe9b0555ec0317f30cb79cd2 C:\Windows\system32\DRIVERS\usbccgp.sys
MD5: c9fcd05b0a80ea08c2768e5a279b14de C:\Windows\system32\DRIVERS\usbehci.sys
MD5: 5e44f7d957f7560da06bfe6b84b58a35 C:\Windows\system32\DRIVERS\usbhub.sys
MD5: 9333e482a173938788cbde8f81ec52fb C:\Windows\system32\DRIVERS\usbohci.sys
MD5: 80dc0c9bcb579ed9815001a4d37cbfd5 C:\Windows\system32\drivers\volsnap.sys
MD5: 6798c1209a53b5a0ded8d437c45145ff C:\Windows\system32\DRIVERS\wanarp.sys
MD5: 17eac0d023a65fa9b02114cc2baacad5 C:\Windows\system32\DRIVERS\wmiacpi.sys
MD5: 8c9ff99f4da0fbceddb2d970f751a62f C:\Windows\system32\hlink.dll
MD5: 312ba286eb3be9eae82da427ed2c0284 C:\Windows\System32\hnetcfg.dll
MD5: c23c2be657e2eee2c7bdaeebbaa65631 C:\Windows\system32\hpowiax4.dll
MD5: 9a82bf4c90b00a63150a606a1e2fd82b C:\Windows\System32\ipnathlp.dll
MD5: e051555f2157272cdec7eae174692770 C:\Windows\system32\kmddsp.tsp
MD5: a303750bf0effc0458175e67958a7324 C:\Windows\system32\Macromed\Flash\Flash11g.ocx
MD5: 1fdfc86e6effc8cfee05105a1b757d54 C:\Windows\system32\ndptsp.tsp
MD5: fde35ae1e3a1f21ae1e31674295f31e9 C:\WINDOWS\system32\netcfgx.dll
MD5: c5bfc12e10afa0c80c8912ba6bbfe44c C:\Windows\system32\PortableDeviceApi.dll
MD5: d05dc087abae3927cee384af9fe184e9 C:\Windows\system32\PortableDeviceTypes.dll
MD5: 4b555106290bd117334e9a08761c035a C:\Windows\System32\rundll32.exe
MD5: e2f160fdeaa1b980c1bb577ab67f7e38 C:\Windows\system32\SYNCENG.dll
MD5: 4b9bfc279106fde746f4a2e50e858e92 C:\Windows\system32\syncui.dll
MD5: 8f2b5fede18bd3c4c926cbf88e6f1264 c:\windows\system32\sysmain.dll
MD5: ba174723b7998bc2332d657de720a9d3 C:\Windows\system32\timedate.cpl
MD5: acd77ab54b83ca133d61209bf526927c C:\Windows\system32\twext.dll
MD5: d024930ae4dffcfce97481a77d485fbb C:\Windows\system32\wbem\wbemcomn.dll
MD5: ad38bd7f36a71d1b0be965bd3cb376ac C:\Windows\system32\windowscodecs.dll
MD5: e25400eefc06af3ac25e0fd64135a607 C:\Windows\system32\wmp.dll
MD5: 1526d7379131a1cdd039ffcf13641371 C:\Windows\system32\wmploc.dll
MD5: 4d14689094bfe7c16cdecf659d8a80f6 C:\Windows\system32\WTSAPI32.dll
MD5: d5e459bed3db9cf7fc6cc1455f177d2d C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL

No file uploaded.
Scan finished - communication took 1 sec
Total traffic - 0.00 MB sent, 0.36 KB recvd
Scanned 872 files and modules - 48 seconds
==============================================================================


----------



## kevinf80 (Mar 21, 2006)

Your logs are clean, what happens when you try to do a Google search, I assume that you are using Internet Explorer as your browser?

Please perform the following scan:

Download *DDS* by sUBs from one of the following links. Save it to your desktop.
*DDS.com*
*DDS.scr*
*DDS.pif*

Double click on the *DDS* icon, allow it to run.
A small box will open, with an explanation about the tool. 
When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt
 Save both reports to your desktop.
 The instructions here ask you to attach the Attach.txt.









*Instead of attaching, please copy/past both logs into your next reply.*
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet. 
Information on A/V control *HERE*

Kevin


----------



## Zello (Mar 22, 2012)

Internet searches are through IE7 for the moment (though I am thinking of going Google Chrome once I'm finished with this cleanup). Funny thing is, I can Google search fine when the shields on Avast are off. When they are on, I get the typical 'Internet Explorer cannot display the page' message. Don't know how to get past that while keeping Avast up.

Will do the scan later tonight and get back to you with the results. Continued thanks for the help.


----------



## Zello (Mar 22, 2012)

Okay, here are the DDS logs (and I have deleted DDS from my computer once I saved the logs). Thanks and I'll await further word.

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 7.0.6000.17037
Run by HO at 23:49:24 on 2012-03-25
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.1407.269 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Office\Office12\groovemonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hp.com
mStart Page = hxxp://www.hp.com
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{2A4E1C5B-17B1-4EA4-B235-27CBB3FECAFE} : DhcpNameServer = 129.7.224.200 129.7.235.45 172.21.0.1
TCP: Interfaces\{3F57DD94-0C8B-4683-8D1D-D1C0C00F6B36} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-29 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-15 337880]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2006-12-27 32000]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2006-11-2 22016]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-15 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-2-15 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-3-17 44768]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
R3 HSX_DPV;HSX_DPV;c:\windows\system32\drivers\HSX_DPV.sys [2006-12-27 987648]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20061025.029\IDSvix86.sys [2006-12-27 202872]
.
=============== Created Last 30 ================
.
2012-03-25 11:04:28 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-25 11:04:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-25 04:09:55 -------- d-----w- C:\$RECYCLE.BIN
2012-03-15 01:14:35 -------- d-----w- c:\windows\pss
2012-03-09 00:05:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 19:26:17 713728 ----a-w- c:\windows\system32\timedate.cpl
2012-03-07 19:26:02 542720 ----a-w- c:\windows\system32\sysmain.dll
2012-03-07 19:26:01 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2012-03-07 19:24:54 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2012-03-07 19:24:44 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2012-03-07 19:24:44 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-03-07 19:22:11 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-03-07 19:22:10 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-03-07 19:22:08 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-03-07 19:21:43 1686528 ----a-w- c:\windows\system32\gameux.dll
2012-03-07 19:21:42 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2012-03-07 19:21:32 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2012-03-07 19:16:47 1984512 ----a-w- c:\windows\system32\authui.dll
2012-03-07 19:16:45 220160 ----a-w- c:\windows\system32\ntprint.dll
2012-03-07 19:16:41 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2012-03-07 19:16:40 320000 ----a-w- c:\windows\system32\drivers\csc.sys
2012-03-07 19:16:39 69632 ----a-w- c:\windows\system32\sendmail.dll
2012-03-07 19:16:37 105984 ----a-w- c:\windows\system32\CscMig.dll
2012-03-07 19:16:35 61440 ----a-w- c:\windows\system32\ntprint.exe
2012-03-07 19:16:35 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-03-07 19:16:35 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2012-03-07 19:15:33 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2012-03-07 19:15:33 472576 ----a-w- c:\windows\system32\secproc.dll
2012-03-07 19:15:30 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2012-03-07 19:15:26 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2012-03-07 19:15:16 515584 ----a-w- c:\windows\system32\RMActivate.exe
2012-03-07 19:15:06 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2012-03-07 19:15:05 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2012-03-07 19:15:04 312320 ----a-w- c:\windows\system32\msdrm.dll
2012-03-07 19:15:04 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2012-03-07 19:14:51 82432 ----a-w- c:\windows\system32\drivers\sdbus.sys
2012-03-07 19:14:46 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2012-03-07 19:14:39 1645568 ----a-w- c:\windows\system32\connect.dll
2012-03-07 19:07:31 1418240 ----a-w- c:\program files\windows media player\setup_wm.exe
2012-03-07 19:07:30 311296 ----a-w- c:\windows\system32\unregmp2.exe
2012-03-07 19:07:26 7680 ----a-w- c:\windows\system32\spwmp.dll
2012-03-07 19:07:26 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2012-03-07 19:07:26 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2012-03-07 19:07:25 4096 ----a-w- c:\windows\system32\msdxm.ocx
2012-03-07 19:07:25 4096 ----a-w- c:\windows\system32\dxmasf.dll
2012-03-07 19:07:25 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2012-03-07 19:07:20 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2012-02-25 14:41:40 -------- d-----w- c:\users\ho\appdata\roaming\QuickScan
.
==================== Find3M ====================
.
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
.
============= FINISH: 23:52:00.92 ===============

And here's the Attach.txt log.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Business 
Boot Device: \Device\HarddiskVolume1
Install Date: 1/11/2007 6:26:50 PM
System Uptime: 3/25/2012 7:39:06 PM (4 hours ago)
.
Motherboard: Hewlett-Packard | | 30B0
Processor: AMD Engineering Sample | U10 | 800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 29 GiB total, 1.564 GiB free.
D: is CDROM (UDF)
E: is FIXED (NTFS) - 2 GiB total, 1.242 GiB free.
F: is FIXED (NTFS) - 6 GiB total, 0.763 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
3600_Help
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
AppCore
Apple Software Update
Application Installer 4.00.B10
ASL_HS_Installer32
ATI Catalyst Install Manager
AV
avast! Free Antivirus
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CA Pest Patrol Realtime Protection
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
ccc-core-static
ccc-utility
CCC Help English
ccCommon
Citrix Presentation Server Client
Comcast Desktop Software (v1.2.1)
CRON-O-METER 0.9.6
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Voice Editor 3
DocProc
DocProcQFolder
Essential System Updates for Microsoft Windows Vista
eSupportQFolder
Fax
Google Toolbar for Internet Explorer
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Backup and Recovery Manager Installer
HP BIOS Configuration for ProtectTools
HP Credential Manager for ProtectTools
HP Customer Experience Enhancements
HP Customer Participation Program 8.0
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 8.0
HP Integrated Module with Bluetooth wireless technology 6.0.1.3100
HP MULTIPLE MODEM INSTALLER for VISTA
HP Notebook Accessories Product Tour
HP OCR Software 8.0
HP Officejet J3600 Series
HP Product Assistant
HP ProtectTools Security Manager 2.00 E4
HP Quick Launch Buttons 6.10 C1
HP Smart Web Printing
HP Solution Center 8.0
HP Update
HP User Guide 0051
HP Wireless Assistant
HPProductAssistant
HPSSupply
InterVideo DVD Check
InterVideo WinDVD
J3600
Java(TM) SE Runtime Environment 6
LightScribe 1.4.124.1
LiveUpdate 3.2 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Easy Assist v2
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Move Networks Media Player for Internet Explorer
MSRedist
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
OGA Notifier 2.0.0048.0
ProductContext
QuickTime
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skins
SolutionCenter
Sonic Activation Module
SoundMAX
SPBBC 32bit
Status
Symantec Real Time Storage Protection Component
SymNet
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vista Default Settings
WebEx
WebReg
Windows Live OneCare safety scanner
.
==== Event Viewer Messages From Past Week ========
.
3/25/2012 11:38:43 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): '\??\C:\Users\HO\ntuser.dat'.
3/25/2012 11:18:13 AM, Error: EventLog [6008] - The previous system shutdown at 11:16:08 AM on 3/25/2012 was unexpected.
3/25/2012 10:17:19 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): '\SystemRoot\System32\Config\SOFTWARE'.
3/24/2012 4:51:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
3/24/2012 4:47:42 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SYMTDI Tcpip tdx Wanarpv6 ws2ifsl
3/24/2012 4:47:42 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/24/2012 4:47:42 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/24/2012 4:29:02 AM, Error: EventLog [6008] - The previous system shutdown at 4:26:20 AM on 3/24/2012 was unexpected.
3/24/2012 10:47:44 PM, Error: Service Control Manager [7034] - The Ati External Event Utility service terminated unexpectedly. It has done this 1 time(s).
3/24/2012 10:47:44 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/24/2012 10:47:43 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/24/2012 10:47:42 PM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/24/2012 10:47:41 PM, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).
3/24/2012 10:47:41 PM, Error: Service Control Manager [7034] - The Andrea ADI Filters Service service terminated unexpectedly. It has done this 1 time(s).
3/24/2012 10:45:18 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/23/2012 6:11:08 PM, Error: EventLog [6008] - The previous system shutdown at 6:07:57 PM on 3/23/2012 was unexpected.
3/23/2012 5:25:31 AM, Error: EventLog [6008] - The previous system shutdown at 10:37:42 PM on 3/22/2012 was unexpected.
3/23/2012 3:55:30 PM, Error: EventLog [6008] - The previous system shutdown at 3:53:38 PM on 3/23/2012 was unexpected.
3/23/2012 2:19:40 PM, Error: EventLog [6008] - The previous system shutdown at 2:10:17 PM on 3/23/2012 was unexpected.
3/23/2012 12:06:06 PM, Error: EventLog [6008] - The previous system shutdown at 12:03:14 PM on 3/23/2012 was unexpected.
3/23/2012 10:49:30 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/23/2012 10:47:58 AM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
3/23/2012 10:26:18 PM, Error: Service Control Manager [7034] - The HP Health Check Service service terminated unexpectedly. It has done this 1 time(s).
3/23/2012 10:26:16 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/23/2012 10:26:15 PM, Error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
3/23/2012 10:26:14 PM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
3/23/2012 10:26:14 PM, Error: Service Control Manager [7034] - The CA Pest Patrol Realtime Protection Service service terminated unexpectedly. It has done this 1 time(s).
3/23/2012 10:26:11 PM, Error: Service Control Manager [7034] - The Comcast AntiSpyware service terminated unexpectedly. It has done this 1 time(s).
3/23/2012 10:26:02 PM, Error: Service Control Manager [7034] - The Symantec AppCore Service service terminated unexpectedly. It has done this 1 time(s).
3/23/2012 10:26:00 PM, Error: Service Control Manager [7034] - The Symantec Lic NetConnect service service terminated unexpectedly. It has done this 1 time(s).
3/23/2012 10:26:00 PM, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
3/23/2012 1:26:50 PM, Error: EventLog [6008] - The previous system shutdown at 1:24:18 PM on 3/23/2012 was unexpected.
3/22/2012 9:48:58 PM, Error: EventLog [6008] - The previous system shutdown at 8:57:19 PM on 3/22/2012 was unexpected.
3/22/2012 5:49:37 AM, Error: EventLog [6008] - The previous system shutdown at 5:47:49 AM on 3/22/2012 was unexpected.
3/22/2012 2:17:35 PM, Error: EventLog [6008] - The previous system shutdown at 2:00:00 PM on 3/22/2012 was unexpected.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC eeCtrl NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SYMTDI Tcpip tdx Wanarpv6 ws2ifsl
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/21/2012 9:13:17 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/21/2012 9:12:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/21/2012 9:12:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/21/2012 9:12:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/21/2012 9:12:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/21/2012 9:12:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/21/2012 8:27:26 PM, Error: EventLog [6008] - The previous system shutdown at 8:24:52 PM on 3/21/2012 was unexpected.
3/21/2012 6:52:53 PM, Error: EventLog [6008] - The previous system shutdown at 6:49:36 PM on 3/21/2012 was unexpected.
3/21/2012 6:43:25 AM, Error: EventLog [6008] - The previous system shutdown at 6:41:40 AM on 3/21/2012 was unexpected.
3/21/2012 5:52:24 PM, Error: EventLog [6008] - The previous system shutdown at 5:49:24 PM on 3/21/2012 was unexpected.
3/21/2012 4:44:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Comcast AntiSpyware service to connect.
3/21/2012 4:44:40 PM, Error: Service Control Manager [7000] - The Comcast AntiSpyware service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/21/2012 4:42:54 PM, Error: EventLog [6008] - The previous system shutdown at 4:41:34 PM on 3/21/2012 was unexpected.
3/21/2012 3:59:35 PM, Error: EventLog [6008] - The previous system shutdown at 3:57:12 PM on 3/21/2012 was unexpected.
3/20/2012 6:05:11 PM, Error: EventLog [6008] - The previous system shutdown at 6:02:44 PM on 3/20/2012 was unexpected.
3/20/2012 4:58:15 PM, Error: EventLog [6008] - The previous system shutdown at 4:56:54 PM on 3/20/2012 was unexpected.
3/19/2012 9:02:12 PM, Error: EventLog [6008] - The previous system shutdown at 5:25:07 PM on 3/19/2012 was unexpected.
3/19/2012 6:26:32 AM, Error: EventLog [6008] - The previous system shutdown at 6:16:49 AM on 3/19/2012 was unexpected.
3/18/2012 9:15:21 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/18/2012 9:14:08 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
3/18/2012 9:04:30 AM, Error: EventLog [6008] - The previous system shutdown at 9:01:54 AM on 3/18/2012 was unexpected.
3/18/2012 8:17:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqcxs08 service.
3/18/2012 8:17:10 AM, Error: Service Control Manager [7000] - The hpqcxs08 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/18/2012 8:17:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
3/18/2012 7:14:35 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
3/18/2012 7:11:09 AM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
3/18/2012 7:11:03 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 6, function 0. Please contact your system vendor for technical assistance.
3/18/2012 7:11:03 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 5, function 0. Please contact your system vendor for technical assistance.
3/18/2012 7:11:03 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 4, function 0. Please contact your system vendor for technical assistance.
3/18/2012 3:08:04 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: The 2007 Microsoft Office Suite Service Pack 3 (SP3).
3/18/2012 11:21:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Automatic LiveUpdate Scheduler service to connect.
3/18/2012 11:21:05 PM, Error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/18/2012 10:44:38 AM, Error: EventLog [6008] - The previous system shutdown at 10:39:54 AM on 3/18/2012 was unexpected.
.
==== End Of File ===========================


----------



## kevinf80 (Mar 21, 2006)

Your logs show that as well as Avast there is also Norton Internet Security installed, is that correct, Run this please:

Download Security Check by screen317 from *HERE* or *HERE*.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Regarding Avast and your Browser, is IE running from Avasts Sandbox? if you selected that option after installing Avast it will run from there each time, that may effect the connection....


----------



## Zello (Mar 22, 2012)

Okay, here are the results pasted below. As to Avast, I've had it for two years now and had a friend (a sorta IT type) install it, so I don't know if IE is running out its sandbox (I actually don't even know what that means), but these problems with google searches have only happened recently. Thanks for the help, and the results are below:

Results of screen317's Security Check version 0.99.32 
Windows Vista x86 *(UAC is disabled!)* 
*Out of date service pack!!* 
Internet Explorer 7 *Out of date!* 
*`````````````````````````````` 
Antivirus/Firewall Check:* 
Windows Firewall Enabled! 
avast! Free Antivirus 
Norton AntiVirus 
Norton Internet Security (Symantec Corporation) 
Norton Internet Security 
WMI entry may not exist for antivirus; attempting automatic update. 
*``````````````````````````````` 
Anti-malware/Other Utilities Check:* 
Java(TM) SE Runtime Environment 6 
Adobe Reader 8 *Adobe Reader out of date!* 
Adobe Reader X KB403742.. *Adobe Reader out of Date!* 
*```````````````````````````````` 
Process Check: 
objlist.exe by Laurent* 
Norton ccSvcHst.exe 
Alwil Software Avast5 AvastSvc.exe 
*``````````End of Log````````````*


----------



## Zello (Mar 22, 2012)

Oh, and one other thing, I note that the scan says I have several things out of date--I imagine that you'll want me to update, but I won't do it as yet until I get word from you (I wouldn't want to inadvertantly make matters worse). What I do notice is that video sites like hulu and youtube play much better now, but still on occasion have slowed down moments with choppy audio, could there be a problem with Flash?


----------



## kevinf80 (Mar 21, 2006)

I dont see any malware in the recent logs, as you`ve already noted there are several issues with out of date apps that will need to be addressed. Also you have no Service Packs installed, SP1 and SP2 will need to be installed, without those packs your system will be unprdictable and very prone to infection; regardless of security.

Before we do anything we do need to sort out your security set up. Having multiple AV programs is counterproductive. I`d like you to UNinstall all references to Norton from your system as follows:

Click Start, type *programs and features* in the Search box, and then press ENTER.

Click to select the product to be uninstalled from the list.

*Norton AV
Norton IS*

Whilst using that feature also remove the following outdated and possibly exploited utility apps:

*Java(TM) SE Runtime Environment 6
Adobe Reader 8 Adobe Reader out of date!
Adobe Reader X KB403742.. Adobe Reader out of Date! *

Re-run Security Checks and post the new log.

Kevin


----------



## Zello (Mar 22, 2012)

Kevin,

I've removed Java and Adobe Reader 8, but I can't remove Norton IS. When I try, I get a message saying that I don't have access to the registry key HKEY_CLASSES_ROOT or one of its subkeys. I've seen on symantec's site that I have to go into the registry and change it, but their site also says that if the permissions are not set to administrator nor groups (and they're not, apparently they aren't set to anything), that I should have that corrected by someone with some computer knowledge. Any advice on how to get rid of Norton? Thanks for the help.


----------



## kevinf80 (Mar 21, 2006)

Try nortons removal tool:

Norton removal tool

Download and install the Norton removal tool from *Here*

*Alternative link*

Install and run the tool, follow any prompts that are given.

If that does not work use AppRemover, read the instructions fully befor attempting any removal pocess:

Download AppRemover from *Here* and save it to your Desktop.
Instructions for running the tool are available *Here* Please read them before running the tool.

Kevin


----------



## Zello (Mar 22, 2012)

Well, the removal tool appears to have worked. Thanks! I've rerun Security Check and the log is below:

Results of screen317's Security Check version 0.99.32 
Windows Vista x86 *(UAC is disabled!)* 
*Out of date service pack!!* 
Internet Explorer 7 *Out of date!* 
*`````````````````````````````` 
Antivirus/Firewall Check:* 
Windows Firewall Enabled! 
avast! Free Antivirus 
WMI entry may not exist for antivirus; attempting automatic update. 
*``````````````````````````````` 
Anti-malware/Other Utilities Check:* 
*```````````````````````````````` 
Process Check: 
objlist.exe by Laurent* 
Alwil Software Avast5 AvastSvc.exe 
*``````````End of Log````````````*


----------



## kevinf80 (Mar 21, 2006)

Leave the tools we have used inplace for now, you need to update to the latest service packs SP1 then SP2, go to the following site http://support.microsoft.com/kb/935791 and update to SP1, then SP2.... Post back when that is complete....

Kevin


----------



## Zello (Mar 22, 2012)

Okay, there's a problem here. Everytime I try to download the Service Packs (I've tried four times with SP1, incliding an attempt to a flash drive and once with SP2), I get a blue screen and the computer shuts off, then restarts. Is there a way around this? Thanks in advance for your help.


----------



## kevinf80 (Mar 21, 2006)

Go here http://windows.microsoft.com/en-GB/windows/downloads/service-packs this is the Service Pack download center, make sure you get the correct versions.

Vista 32 bit, SP1 first, then SP2. thre is also a help facility if you have issues with the d/l orinstallation.....


----------



## Zello (Mar 22, 2012)

Ahhh....and things were going so well so far. Here's the situation now. I keep getting blue screens when I try to download from any of the links you've given me so far. After the last one the computer rebooted with this message:

*Problem signature:*
 Problem Event Name: BlueScreen
 OS Version: 6.0.6000.2.0.0.256.6
 Locale ID: 1033

*Additional information about the problem:*
 BCCode: 1000000a
 BCP1: 00000000
 BCP2: 00000002
 BCP3: 00000001
 BCP4: 828836B3
 OS Version: 6_0_6000
 Service Pack: 0_0
 Product: 256_1

*Files that help describe the problem:*
 C:\Windows\Minidump\Mini033012-02.dmp
 C:\Users\HO\AppData\Local\temp\WER-298000-0.sysdata.xml

So today I go to an internet cafe and download the service packs to flash drives in order to run them from there, but Windows is telling me I don't have enough space on the hard drive. I ran disk cleanup but even with that I only have 139MB of space freed up. I have a few pictures and charts that I'll go through and delete, but when it comes to just getting rid of old programs and things of that sort, I'm without a clue as to what to get rid of. I use this laptop to wirte papers, read pdfs and watch videos (hulu/youtube) and surf the web. I don't make movies or music or any of those things on here, so wondering what would be safe to remove. Would appreciate any advice here. Thanks for your help.


----------



## kevinf80 (Mar 21, 2006)

I `ve just seen that the HD is only 30 gb max... Windows need 15% free space to work efficiently, There is not a lot of room for manouvre...

I think your best option is to invest in a bigger HD and image across from the old one... To try and make savings in the intrim have a look at the main folders, Right click on each in turn and select "Properties" that will show what Data each contains. Then decide where the savings can be made.

Do this first:

Remove Combofix now that we're done with it

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")









 Please follow the prompts to uninstall Combofix.
 You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
The above procedure will delete the following:

 ComboFix and its associated files and folders.
 VundoFix backups, if present
 The C:_OtMoveIt folder, if present
 Reset the clock settings.
 Hide file extensions, if required.
 Hide System/Hidden files, if required.
 Reset System Restore.
*It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.*

Next,


Download *OTC* by OldTimer and save it to your *desktop.* *Alternative mirror*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose run as administrator
Then Click the big







button.
You will get a prompt saying "_Begining Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
This will remove tools we have used and itself. *Any tools/logs remaining on the Desktop can be deleted.*

Next,

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select Run as Administartor
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, *including your Desktop*. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Kevin


----------



## Zello (Mar 22, 2012)

Kevin, 

I've done the above. As of right now, my computer is running so much better, thank you! There are a couple of kinks that I believe are related to the low memory of this computer and my inability, therefore, to download the service packs. I'll get an external harddrive, but it will have to wait until the beginning of May (between last month's anniversary and this month's research trip coming up, I'm going to have to wait for even such a small investment like the harddrive--go, grad school pay scales!). If the thread is still open then, I'll repost once I've acquired it and downloaded the service packs. Thanks for all your help!


----------



## kevinf80 (Mar 21, 2006)

OK, good to hear all is OK for you. Download and install Macrium free version from here:

http://www.macrium.com/reflectfree.aspx

It is a very simple utility to use, when able buy a compatible HD for ypour system and a caddie. Plug it into a USB port on your PC.

Open Macrium and hit the "Clone this Disk" icon, follow the prompts. Avery simple task. Your 30 GB HD will be imaged across to the new drive.
Remove the 30 GB drive from your PC, replace it with the new HD from the caddie. Re-boot and thats it.....

Kevin


----------



## Zello (Mar 22, 2012)

I'm back, Kevin! As promised, I've gone and gotten an external hard drive (only 320 Gb) and am ready to go--except that Avast says Win-32 is back. Now, I don't know if that is just some weird artifact of having it on the computer before or if it is actually back. My computer is acting normal (well, as normal as can be expected for a computer without the service pack updates). Should I run another scan? Combofix? Or should I proceed with the Macrium download? Thanks for your help.


----------



## kevinf80 (Mar 21, 2006)

What are you intending doing, do plan on imaging from old drive to new, then install new drive into PC? If so it would be a good idea to run a couple of scans to make sure all is OK...


----------



## Zello (Mar 22, 2012)

I can image, but how would I install the drive into my laptop? Is it done via electronic transfer, or are you referring to a manual installation of the drive? If so, can I do that (I'm not a total klutz with tools), or should I have someone else do it (I have a friend who is somewhat computer savvy--he works in IT)? 

If it helps, I have a Lacie Rikiki external hard drive.


----------



## kevinf80 (Mar 21, 2006)

You will have to find out if the the external HD is compatible with your laptop, if it is then it really is a simple task.
Laptops have 2.5" HD, next you need to know if it is SATA or IDE interface.

To image from the laptop to the external HD is really simple, first you will have to d/l and install the free version of Macrium Reflect. you can get that here http://www.macrium.com/reflectfree.aspx d/l and install that application.

Once installed run the program. Open your Browser. Go back to Macrium, from the main interface select "Help" from the tool bar. from the options select "Help" again. You will be taken to the help facility through your browser.
In the main window with the contents tab selected, expand "Video tutorials" open "Cloning a disk" watch the video, you`ll see how simple it is to clone your HD and image to the extenal. 
If the external HD is compatible it is then a simple matter of removing it from the caddie and swapping with the old HD in the laptop..

Kevin


----------



## Zello (Mar 22, 2012)

Well, it is a 2.5" hard drive (inside the case), but I don't know how to find out if it is compatible with my laptop (besides the fact that it is meant to work with Vista), nor do I know how to determine if it is SATA or IDE. Any advice on how I do that (I suppose I could call the company, check their online forum), would be helpful. Thanks again for the help.


----------



## kevinf80 (Mar 21, 2006)

Get Speccy from FileHippo, install and run, should tell you everything you need to know. Make sure the external HD is plugged into the laptop when you run it...

http://www.filehippo.com/download_speccy/

Kevin


----------



## Zello (Mar 22, 2012)

I ran the program and got the following summary that I will post below. I now know that the laptop has a SATA interface, though I still don't know if the hard drive has that. It was plugged in when I ran speccy, but it doesn't appear in the summary (at least not to my untrained eyes). Do I need to rerun it or perhaps get some sort of adaptor?


----------



## kevinf80 (Mar 21, 2006)

When you run Speccy select "Hard Drives" from the left hand pane of the main GUI, you should get all info on you Laptop HD.
Select "Peripherals" from same place, scroll to your external HD, it will appear under "Disk drive" it will give the Vendors name and next to "Comment" it should give the model no. etc.
You can go to the Manf. web site, check the model no. and it should give the interface, ide or sata....


----------



## Zello (Mar 22, 2012)

Okay, I've found it. Thanks, Kevin! It says the drive is a Toshiba MK3275GSX. I went to Toshiba's site to look it up but couldn't find anything on it. A general search on Google brings up sites where it has the designate SATA. If that is the case then it would seem that it is compatible. I do want to make sure, though, so I will call Toshiba in the morning. Thanks again.


----------



## kevinf80 (Mar 21, 2006)

The majority of newer HD are Sata interface so you should be OK. Follow the instructions for Macrium Reflect and clone your Laptop HD to your new external HD.
It is then a simple task to swap the HD`s over, don`t worry it really is an easy task to do. 

Let me know how you get on,

Kevin


----------



## Zello (Mar 22, 2012)

Okay, will do. The one other issue is that Avast on the most recent scan said that R-loader-B is back. Do I need to go through the combofix and other related scans from earlier in this thread before putting in the new hard drive?


----------



## kevinf80 (Mar 21, 2006)

We need to make sure your system is clean before you clone the HD, ok do the following:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

*Link 1*
*Link 2*


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available *Here* if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available *Here* if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read *Here* why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 *If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal*
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin


----------



## Zello (Mar 22, 2012)

The log is pasted below. Thanks for your help.

ComboFix 12-05-08.01 - HO 05/08/2012 8:54.7.2 - x86
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.1407.643 [GMT -5:00]
Running from: c:\users\HO\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))
.
.
2012-05-08 14:05 . 2012-05-08 14:05 -------- d-----w- c:\users\Recent\AppData\Local\temp
2012-05-08 14:05 . 2012-05-08 14:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-08 14:05 . 2012-05-08 14:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-08 14:05 . 2012-05-08 14:05 -------- d-----w- c:\users\Cookies\AppData\Local\temp
2012-05-08 14:05 . 2012-05-08 14:05 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-05-06 02:06 . 2012-05-06 02:06 -------- d-----w- c:\program files\Speccy
2012-04-18 17:32 . 2012-04-18 17:32 0 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-11 13:09 . 2012-04-11 13:09 -------- d-----w- c:\users\HO\AppData\Local\Mozilla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 00:05 . 2012-03-09 00:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-06 23:15 . 2010-07-02 19:24 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2010-02-15 22:49 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-06-29 08:36 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2010-02-15 22:49 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2010-02-15 22:50 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2010-02-15 22:49 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2010-02-15 22:49 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2010-02-15 22:49 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-13 04:39 . 2012-04-11 13:09 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-22 1183744]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-23 17920]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:1027643972
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
*Deregistered* - comHost
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2010-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 11:30]
.
2012-05-08 c:\windows\Tasks\User_Feed_Synchronization-{C0A5A614-1576-473C-A611-ABA1301A013C}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
mStart Page = hxxp://www.hp.com
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\HO\AppData\Roaming\Mozilla\Firefox\Profiles\4j6f4usb.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-08 09:08
Windows 6.0.6000 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-05-08 09:13:36
ComboFix-quarantined-files.txt 2012-05-08 14:13
ComboFix2.txt 2012-03-25 04:45
.
Pre-Run: 936,034,304 bytes free
Post-Run: 2,130,112,512 bytes free
.
- - End Of File - - C0845B7DBB500EA9A45E6786063CAA2D


----------



## kevinf80 (Mar 21, 2006)

That log is clean, no problems there:

Remove Combofix now that we're done with it,


Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")










 Please follow the prompts to uninstall Combofix.
 You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

One problem I did note was Comcast antispyware program, that will clash with Avast and should be UNinstalled....

Kevin


----------



## Zello (Mar 22, 2012)

Okay, Combofix is removed. Do I just delete the comcast icon from the startup menu and desktop, because I don't see comcast security in my list of programs on under 'my computer'. Its current location is on my desktop (well, in the recycle bin, as I deleted the icon). Thanks for your help.


----------



## kevinf80 (Mar 21, 2006)

It shows in the CF log *c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe*


Click Start, type *programs and features* in the Search box, and then press ENTER.
Click to select the product to be uninstalled from the listing of installed products *(comcasttb)*, and then click Uninstall/Change from the bar that displays the available tasks to remove *comcasttb*. 

re-boot if prompted


----------



## Zello (Mar 22, 2012)

Okay, the strange thing is is that it doesn't show up in programs and features: only comcast's desktop does (they are my internet provider). When I type comcast security into the start menu it comes up as a file and not a program--would this have anything to do with why it won't show on programs and features?


----------



## Zello (Mar 22, 2012)

Zello said:


> Okay, the strange thing is is that it doesn't show up in programs and features: only comcast's desktop does (they are my internet provider). When I type comcast security into the start menu it comes up as a file and not a program--would this have anything to do with why it won't show on programs and features?


Okay, I need to make an addendum to this. I went into the local disk files and found it under program files, along with an uninstall wizard from comcast. I used the uninstall wizard and now the comcasttb folder is empty--though the folder itself is still there. Should I delete the folder as well?


----------



## kevinf80 (Mar 21, 2006)

Yep you can delete the folder if its empty...


----------



## Zello (Mar 22, 2012)

The folder has been deleted. I ran another scan with Avast and it is still showing Rloader as being there. Is this some sort of program error or artifact of having been infected? I do accept that this laptop is no longer trustworthy after having been infected, but would like to know though if I should do some more of the steps as before to get rid of it before putting in the new memory drive. Here is a screen capture of what I'm seeing at the end of the scan...


----------



## Zello (Mar 22, 2012)

Oh, I neglected to mention that I chose delete as the course of action for the virus and will be running a boot time scan.


----------



## kevinf80 (Mar 21, 2006)

That is not a good sign, do the following:

*Please read carefully and follow these steps.*

Download *TDSSKiller* and save it to your Desktop.

Doubleclick on







to run the application.

The "Ready to scan" window will open, Click on* "Change parameters"*










Place a checkmark next to Verify *Driver Digital Signature* and *Detect TDLFS file system*, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.










Select "Start Scan"










If an infected file is detected, the default action will be *Cure*, click on *Continue.*










If a suspicious file is detected, the default action will be *Skip*, click on *Continue.*










It may ask you to reboot the computer to complete the process. Click on *Reboot Now*.










If no reboot is require, click on *Report*. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.

Post that log in next reply....


----------



## Zello (Mar 22, 2012)

Okay, here is the log...

15:50:53.0144 1644 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
15:50:53.0675 1644 ============================================================
15:50:53.0675 1644 Current date / time: 2012/05/11 15:50:53.0675
15:50:53.0675 1644 SystemInfo:
15:50:53.0675 1644 
15:50:53.0675 1644 OS Version: 6.0.6000 ServicePack: 0.0
15:50:53.0675 1644 Product type: Workstation
15:50:53.0675 1644 ComputerName: QUILOMBO-PC
15:50:53.0675 1644 UserName: HO
15:50:53.0675 1644 Windows directory: C:\Windows
15:50:53.0675 1644 System windows directory: C:\Windows
15:50:53.0675 1644 Processor architecture: Intel x86
15:50:53.0675 1644 Number of processors: 2
15:50:53.0675 1644 Page size: 0x1000
15:50:53.0675 1644 Boot type: Normal boot
15:50:53.0675 1644 ============================================================
15:50:56.0769 1644 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
15:50:56.0910 1644 ============================================================
15:50:56.0910 1644 \Device\Harddisk0\DR0:
15:50:56.0910 1644 MBR partitions:
15:50:56.0910 1644 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3AB47C1
15:50:56.0910 1644 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3AB4800, BlocksNum 0xCB8800
15:50:56.0910 1644 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x476F000, BlocksNum 0x31B800
15:50:56.0910 1644 ============================================================
15:50:56.0925 1644 C: <-> \Device\Harddisk0\DR0\Partition0
15:50:56.0956 1644 E: <-> \Device\Harddisk0\DR0\Partition2
15:50:57.0003 1644 F: <-> \Device\Harddisk0\DR0\Partition1
15:50:57.0144 1644 ============================================================
15:50:57.0144 1644 Initialize success
15:50:57.0144 1644 ============================================================
15:52:33.0300 2108 ============================================================
15:52:33.0300 2108 Scan started
15:52:33.0300 2108 Mode: Manual; SigCheck; TDLFS; 
15:52:33.0300 2108 ============================================================
15:52:39.0191 2108 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
15:52:39.0581 2108 ACPI - ok
15:52:40.0113 2108 ADIHdAudAddService (fb9ece3f7b8a03e474e611031ad4cd23) C:\Windows\system32\drivers\ADIHdAud.sys
15:52:40.0785 2108 ADIHdAudAddService - ok
15:52:41.0644 2108 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
15:52:41.0691 2108 adp94xx - ok
15:52:41.0816 2108 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
15:52:41.0847 2108 adpahci - ok
15:52:42.0441 2108 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
15:52:42.0488 2108 adpu160m - ok
15:52:42.0566 2108 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
15:52:42.0581 2108 adpu320 - ok
15:52:42.0660 2108 AEADIFilters (12d23758621b00b8d3134095ec3325fd) C:\Windows\system32\AEADISRV.EXE
15:52:42.0706 2108 AEADIFilters - ok
15:52:42.0816 2108 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:52:43.0097 2108 AeLookupSvc - ok
15:52:43.0175 2108 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
15:52:43.0503 2108 AFD - ok
15:52:43.0581 2108 agp440 - ok
15:52:43.0613 2108 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:52:43.0628 2108 aic78xx - ok
15:52:43.0660 2108 ALG (e69fb0e3112c40fdc0ef7d21a52dc951) C:\Windows\System32\alg.exe
15:52:43.0738 2108 ALG - ok
15:52:43.0878 2108 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
15:52:44.0003 2108 aliide - ok
15:52:44.0050 2108 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
15:52:44.0066 2108 amdagp - ok
15:52:44.0128 2108 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
15:52:44.0144 2108 amdide - ok
15:52:44.0206 2108 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
15:52:44.0285 2108 AmdK7 - ok
15:52:44.0456 2108 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
15:52:44.0597 2108 AmdK8 - ok
15:52:44.0660 2108 Appinfo (cfa455816879f06f1c4e5bbf9e8aef7d) C:\Windows\System32\appinfo.dll
15:52:44.0738 2108 Appinfo - ok
15:52:44.0816 2108 AppMgmt (051e86735b71e8402aebc1d662f26ba2) C:\Windows\System32\appmgmts.dll
15:52:44.0925 2108 AppMgmt - ok
15:52:44.0956 2108 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
15:52:44.0988 2108 arc - ok
15:52:45.0816 2108 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
15:52:45.0941 2108 arcsas - ok
15:52:46.0644 2108 ASBroker (e4bc0cb0a57423bd11d8fe06366224e4) c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
15:52:46.0675 2108 ASBroker ( UnsignedFile.Multi.Generic ) - warning
15:52:46.0675 2108 ASBroker - detected UnsignedFile.Multi.Generic (1)
15:52:46.0831 2108 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
15:52:46.0925 2108 aswFsBlk - ok
15:52:46.0972 2108 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
15:52:46.0988 2108 aswMonFlt - ok
15:52:47.0003 2108 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\Windows\system32\drivers\aswRdr.sys
15:52:47.0003 2108 aswRdr - ok
15:52:47.0097 2108 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
15:52:47.0160 2108 aswSnx - ok
15:52:47.0331 2108 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
15:52:47.0456 2108 aswSP - ok
15:52:47.0847 2108 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
15:52:47.0894 2108 aswTdi - ok
15:52:48.0144 2108 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
15:52:48.0363 2108 AsyncMac - ok
15:52:48.0519 2108 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
15:52:48.0535 2108 atapi - ok
15:52:49.0550 2108 Ati External Event Utility (b488fc27338b83c9fc91d684467eeb7e) C:\Windows\system32\Ati2evxx.exe
15:52:49.0722 2108 Ati External Event Utility ( UnsignedFile.Multi.Generic ) - warning
15:52:49.0722 2108 Ati External Event Utility - detected UnsignedFile.Multi.Generic (1)
15:52:49.0800 2108 ATSWPDRV (3ee6c0dc85872ad65447aa9b8dfeff30) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
15:52:49.0831 2108 ATSWPDRV - ok
15:52:51.0660 2108 AudioEndpointBuilder (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
15:52:51.0831 2108 AudioEndpointBuilder - ok
15:52:51.0847 2108 Audiosrv (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
15:52:51.0910 2108 Audiosrv - ok
15:52:52.0425 2108 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
15:52:52.0425 2108 avast! Antivirus - ok
15:52:52.0535 2108 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:52:52.0613 2108 b57nd60x - ok
15:52:53.0394 2108 BCM43XV (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:52:53.0535 2108 BCM43XV - ok
15:52:53.0581 2108 BCM43XX (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:52:53.0613 2108 BCM43XX - ok
15:52:53.0691 2108 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
15:52:53.0769 2108 bcm4sbxp - ok
15:52:53.0847 2108 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
15:52:53.0910 2108 Beep - ok
15:52:53.0988 2108 BFE (98ebdffb824a7c265337d68dd480e45c) C:\Windows\System32\bfe.dll
15:52:54.0097 2108 BFE - ok
15:52:54.0816 2108 BITS (da551697e34d2b9943c8b1c8eaffe89a) C:\Windows\system32\qmgr.dll
15:52:55.0003 2108 BITS - ok
15:52:55.0019 2108 blbdrive - ok
15:52:55.0050 2108 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
15:52:55.0144 2108 bowser - ok
15:52:55.0253 2108 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:52:55.0300 2108 BrFiltLo - ok
15:52:55.0316 2108 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:52:55.0378 2108 BrFiltUp - ok
15:52:55.0410 2108 Browser (beb6470532b7461d7bb426e3facb424f) C:\Windows\System32\browser.dll
15:52:55.0488 2108 Browser - ok
15:52:55.0550 2108 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:52:55.0644 2108 Brserid - ok
15:52:55.0706 2108 BrSerIf (56f59a4011f503149ae4de826982ca4f) C:\Windows\system32\Drivers\BrSerIf.sys
15:52:55.0769 2108 BrSerIf - ok
15:52:55.0800 2108 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:52:55.0863 2108 BrSerWdm - ok
15:52:55.0925 2108 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:52:56.0003 2108 BrUsbMdm - ok
15:52:56.0035 2108 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\Drivers\BrUsbSer.sys
15:52:56.0128 2108 BrUsbSer - ok
15:52:56.0222 2108 BthEnum (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys
15:52:56.0253 2108 BthEnum - ok
15:52:56.0300 2108 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:52:56.0394 2108 BTHMODEM - ok
15:52:56.0425 2108 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
15:52:56.0503 2108 BthPan - ok
15:52:56.0581 2108 BTHPORT (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
15:52:56.0628 2108 BTHPORT - ok
15:52:56.0675 2108 BthServ (58ee7f5e68310bc8d4e7cebd8358c12e) C:\Windows\System32\bthserv.dll
15:52:56.0738 2108 BthServ - ok
15:52:56.0800 2108 BTHUSB (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
15:52:56.0831 2108 BTHUSB - ok
15:52:56.0925 2108 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
15:52:56.0925 2108 btwaudio - ok
15:52:56.0956 2108 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
15:52:56.0972 2108 btwavdt - ok
15:52:57.0003 2108 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
15:52:57.0019 2108 btwrchid - ok
15:52:59.0425 2108 catchme - ok
15:52:59.0519 2108 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
15:52:59.0675 2108 cdfs - ok
15:52:59.0722 2108 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
15:52:59.0816 2108 cdrom - ok
15:52:59.0910 2108 CertPropSvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
15:53:00.0035 2108 CertPropSvc - ok
15:53:00.0081 2108 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
15:53:00.0144 2108 circlass - ok
15:53:00.0581 2108 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
15:53:00.0613 2108 CLFS - ok
15:53:00.0925 2108 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:53:00.0988 2108 clr_optimization_v2.0.50727_32 - ok
15:53:01.0097 2108 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
15:53:01.0175 2108 CmBatt - ok
15:53:01.0206 2108 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
15:53:01.0238 2108 cmdide - ok
15:53:01.0316 2108 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
15:53:01.0331 2108 Compbatt - ok
15:53:01.0331 2108 COMSysApp - ok
15:53:01.0347 2108 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
15:53:01.0363 2108 crcdisk - ok
15:53:01.0394 2108 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
15:53:01.0456 2108 Crusoe - ok
15:53:01.0550 2108 CryptSvc (1c26fb097170a2a91066d1e3a24366e3) C:\Windows\system32\cryptsvc.dll
15:53:01.0691 2108 CryptSvc - ok
15:53:01.0831 2108 CSC (ee95a5f89766f199557e5900ce6b2d7d) C:\Windows\system32\drivers\csc.sys
15:53:01.0894 2108 CSC - ok
15:53:01.0941 2108 CscService (68131a9a8e3f0ab5136bf386f02a3fc7) C:\Windows\System32\cscsvc.dll
15:53:02.0081 2108 CscService - ok
15:53:02.0347 2108 DcomLaunch (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
15:53:02.0566 2108 DcomLaunch - ok
15:53:02.0753 2108 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
15:53:02.0894 2108 DfsC - ok
15:53:04.0863 2108 DFSR (e0d584aa76c7d845ba9f3a788260528f) C:\Windows\system32\DFSR.exe
15:53:05.0128 2108 DFSR - ok
15:53:06.0706 2108 Dhcp (dc45739bc22d528d2b3e50d3f6761750) C:\Windows\System32\dhcpcsvc.dll
15:53:06.0785 2108 Dhcp - ok
15:53:06.0863 2108 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
15:53:06.0894 2108 disk - ok
15:53:07.0066 2108 Dnscache (eecba1dd142bf8693c476be8f32fe253) C:\Windows\System32\dnsrslvr.dll
15:53:07.0144 2108 Dnscache - ok
15:53:07.0222 2108 dot3svc (1f795d214820e496bf1124434a6db546) C:\Windows\System32\dot3svc.dll
15:53:07.0285 2108 dot3svc - ok
15:53:07.0472 2108 Dot4 (57b2d433a08b95e4f1b53a919937f3e5) C:\Windows\system32\DRIVERS\Dot4.sys
15:53:07.0613 2108 Dot4 - ok
15:53:07.0644 2108 Dot4Print (d93fa484bb62fbe7e5ef335c5415d3cf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:53:07.0722 2108 Dot4Print - ok
15:53:07.0800 2108 dot4usb (599742c4260fb3e8edb3be148b8ce856) C:\Windows\system32\DRIVERS\dot4usb.sys
15:53:07.0878 2108 dot4usb - ok
15:53:08.0019 2108 DPS (032c90ad677bf7b7a8013d6087c7a921) C:\Windows\system32\dps.dll
15:53:08.0097 2108 DPS - ok
15:53:08.0175 2108 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
15:53:08.0285 2108 drmkaud - ok
15:53:08.0363 2108 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
15:53:08.0456 2108 DXGKrnl - ok
15:53:08.0535 2108 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:53:08.0613 2108 E1G60 - ok
15:53:08.0706 2108 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
15:53:08.0785 2108 eabfiltr - ok
15:53:08.0894 2108 EapHost (90a0a875642e18618010645311b4e89e) C:\Windows\System32\eapsvc.dll
15:53:09.0066 2108 EapHost - ok
15:53:09.0113 2108 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
15:53:09.0144 2108 Ecache - ok
15:53:09.0316 2108 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
15:53:09.0347 2108 elxstor - ok
15:53:10.0113 2108 EMDMgmt (3226fda08988526e819e364e8cce4cee) C:\Windows\system32\emdmgmt.dll
15:53:10.0300 2108 EMDMgmt - ok
15:53:10.0425 2108 EventSystem (7b4971c3d43525175a4ea0d143e0412e) C:\Windows\system32\es.dll
15:53:10.0550 2108 EventSystem - ok
15:53:10.0785 2108 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
15:53:10.0925 2108 fastfat - ok
15:53:12.0394 2108 Fax (93f75490b02033df8edf4d7089c7e1d8) C:\Windows\system32\fxssvc.exe
15:53:12.0550 2108 Fax - ok
15:53:12.0628 2108 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
15:53:12.0753 2108 fdc - ok
15:53:12.0816 2108 fdPHost (e43bce1a77d6fd4ed5f8e0482b9e7df1) C:\Windows\system32\fdPHost.dll
15:53:12.0894 2108 fdPHost - ok
15:53:12.0925 2108 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:53:13.0019 2108 FDResPub - ok
15:53:13.0050 2108 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
15:53:13.0066 2108 FileInfo - ok
15:53:13.0081 2108 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
15:53:13.0144 2108 Filetrace - ok
15:53:13.0206 2108 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
15:53:13.0269 2108 flpydisk - ok
15:53:13.0878 2108 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
15:53:13.0956 2108 FltMgr - ok
15:53:14.0128 2108 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:53:14.0144 2108 FontCache3.0.0.0 - ok
15:53:14.0206 2108 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
15:53:14.0269 2108 Fs_Rec - ok
15:53:14.0550 2108 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
15:53:14.0597 2108 gagp30kx - ok
15:53:15.0378 2108 gpsvc (bcf6589c42d8f6a20f33ef133ffe0524) C:\Windows\System32\gpsvc.dll
15:53:15.0535 2108 gpsvc - ok
15:53:15.0925 2108 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:53:15.0941 2108 gusvc - ok
15:53:15.0972 2108 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
15:53:16.0019 2108 HBtnKey - ok
15:53:16.0378 2108 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:53:16.0535 2108 HdAudAddService - ok
15:53:16.0597 2108 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:53:16.0660 2108 HDAudBus - ok
15:53:16.0769 2108 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:53:16.0863 2108 HidBth - ok
15:53:16.0910 2108 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:53:16.0972 2108 HidIr - ok
15:53:17.0066 2108 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
15:53:17.0222 2108 hidserv - ok
15:53:17.0285 2108 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
15:53:17.0378 2108 HidUsb - ok
15:53:17.0425 2108 hkmsvc (d40aa05e29bf6ed29b139f044b461e9b) C:\Windows\system32\kmsvc.dll
15:53:17.0488 2108 hkmsvc - ok
15:53:17.0550 2108 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
15:53:17.0550 2108 HpCISSs - ok
15:53:17.0660 2108 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:53:17.0722 2108 HSFHWAZL - ok
15:53:17.0785 2108 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
15:53:17.0956 2108 HSF_DPV - ok
15:53:18.0035 2108 HSXHWAZL (885b21b2fc5b5685d44b713d90012b92) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:53:18.0113 2108 HSXHWAZL - ok
15:53:19.0113 2108 HSX_DPV (defe798aec5377ca64ccfa6efa1ccf0e) C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:53:19.0253 2108 HSX_DPV - ok
15:53:19.0363 2108 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
15:53:19.0441 2108 HTTP - ok
15:53:19.0581 2108 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
15:53:19.0628 2108 i2omp - ok
15:53:19.0722 2108 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
15:53:19.0800 2108 i8042prt - ok
15:53:20.0331 2108 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
15:53:20.0425 2108 iaStorV - ok
15:53:22.0144 2108 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:53:22.0285 2108 idsvc - ok
15:53:22.0394 2108 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:53:22.0425 2108 iirsp - ok
15:53:22.0972 2108 IKEEXT (35662fe4d8622f667aa5a5568f7f1b40) C:\Windows\System32\ikeext.dll
15:53:23.0144 2108 IKEEXT - ok
15:53:23.0191 2108 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
15:53:23.0191 2108 intelide - ok
15:53:23.0238 2108 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
15:53:23.0300 2108 intelppm - ok
15:53:23.0425 2108 IPBusEnum (88cf5281ed9880d74dc9011cf8b5262d) C:\Windows\system32\ipbusenum.dll
15:53:23.0566 2108 IPBusEnum - ok
15:53:23.0613 2108 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:53:23.0691 2108 IpFilterDriver - ok
15:53:23.0894 2108 iphlpsvc (ecc9ad72cfc4ab41cf6a9bcc11f9fef6) C:\Windows\System32\iphlpsvc.dll
15:53:23.0988 2108 iphlpsvc - ok
15:53:24.0003 2108 IpInIp - ok
15:53:24.0128 2108 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
15:53:24.0285 2108 IPMIDRV - ok
15:53:24.0441 2108 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
15:53:24.0550 2108 IPNAT - ok
15:53:24.0613 2108 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
15:53:24.0675 2108 IRENUM - ok
15:53:24.0816 2108 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
15:53:24.0831 2108 isapnp - ok
15:53:24.0878 2108 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
15:53:24.0894 2108 iScsiPrt - ok
15:53:24.0956 2108 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:53:24.0972 2108 iteatapi - ok
15:53:25.0035 2108 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:53:25.0050 2108 iteraid - ok
15:53:25.0097 2108 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
15:53:25.0113 2108 kbdclass - ok
15:53:25.0128 2108 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
15:53:25.0144 2108 kbdhid - ok
15:53:25.0175 2108 KeyIso (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
15:53:25.0253 2108 KeyIso - ok
15:53:25.0597 2108 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
15:53:25.0660 2108 KSecDD - ok
15:53:25.0722 2108 KtmRm (45c537fe5dde9a0146aeff76e615737d) C:\Windows\system32\msdtckrm.dll
15:53:25.0863 2108 KtmRm - ok
15:53:25.0925 2108 LanmanServer (53d1482fc1aa36ac015a85e6cf2146bd) C:\Windows\System32\srvsvc.dll
15:53:25.0988 2108 LanmanServer - ok
15:53:26.0050 2108 LanmanWorkstation (435f0f6dc87a4b5da78f1fa309884189) C:\Windows\System32\wkssvc.dll
15:53:26.0097 2108 LanmanWorkstation - ok
15:53:26.0191 2108 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:53:26.0191 2108 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:53:26.0191 2108 LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:53:26.0222 2108 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
15:53:26.0285 2108 lltdio - ok
15:53:26.0519 2108 lltdsvc (7450dbcf754391dd6363fffd5ef0e789) C:\Windows\System32\lltdsvc.dll
15:53:26.0628 2108 lltdsvc - ok
15:53:26.0675 2108 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:53:26.0753 2108 lmhosts - ok
15:53:26.0831 2108 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
15:53:26.0847 2108 LSI_FC - ok
15:53:27.0019 2108 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
15:53:27.0050 2108 LSI_SAS - ok
15:53:27.0097 2108 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
15:53:27.0113 2108 LSI_SCSI - ok
15:53:27.0238 2108 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
15:53:27.0316 2108 luafv - ok
15:53:27.0410 2108 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:53:27.0410 2108 mdmxsdk - ok
15:53:27.0566 2108 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
15:53:27.0597 2108 megasas - ok
15:53:27.0613 2108 MMCSS (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
15:53:27.0722 2108 MMCSS - ok
15:53:27.0800 2108 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
15:53:27.0847 2108 Modem - ok
15:53:28.0003 2108 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
15:53:28.0035 2108 monitor - ok
15:53:28.0066 2108 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
15:53:28.0081 2108 mouclass - ok
15:53:28.0113 2108 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
15:53:28.0128 2108 mouhid - ok
15:53:28.0160 2108 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
15:53:28.0175 2108 MountMgr - ok
15:53:28.0222 2108 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
15:53:28.0238 2108 mpio - ok
15:53:28.0488 2108 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
15:53:28.0550 2108 mpsdrv - ok
15:53:29.0128 2108 MpsSvc (563ed845885c6a7c09a7715d8bd0585c) C:\Windows\system32\mpssvc.dll
15:53:29.0206 2108 MpsSvc - ok
15:53:29.0316 2108 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:53:29.0363 2108 Mraid35x - ok
15:53:29.0566 2108 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
15:53:29.0597 2108 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
15:53:29.0597 2108 MREMP50 - detected UnsignedFile.Multi.Generic (1)
15:53:29.0613 2108 MREMP50a64 - ok
15:53:29.0660 2108 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
15:53:29.0675 2108 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
15:53:29.0675 2108 MRESP50 - detected UnsignedFile.Multi.Generic (1)
15:53:29.0691 2108 MRESP50a64 - ok
15:53:29.0753 2108 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
15:53:29.0785 2108 MRxDAV - ok
15:53:29.0831 2108 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:53:29.0863 2108 mrxsmb - ok
15:53:29.0878 2108 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:53:29.0910 2108 mrxsmb10 - ok
15:53:29.0925 2108 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:53:29.0941 2108 mrxsmb20 - ok
15:53:29.0956 2108 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
15:53:29.0972 2108 msahci - ok
15:53:30.0003 2108 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
15:53:30.0019 2108 msdsm - ok
15:53:30.0191 2108 MSDTC (bc64a92d821efea8bab8e8caf1b668bc) C:\Windows\System32\msdtc.exe
15:53:30.0238 2108 MSDTC - ok
15:53:30.0253 2108 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
15:53:30.0363 2108 Msfs - ok
15:53:30.0394 2108 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
15:53:30.0394 2108 msisadrv - ok
15:53:30.0660 2108 MSiSCSI (8acf956d9154e893e789881430c12632) C:\Windows\system32\iscsiexe.dll
15:53:30.0753 2108 MSiSCSI - ok
15:53:30.0753 2108 msiserver - ok
15:53:30.0816 2108 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
15:53:30.0878 2108 MSKSSRV - ok
15:53:30.0925 2108 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
15:53:30.0988 2108 MSPCLOCK - ok
15:53:31.0003 2108 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
15:53:31.0066 2108 MSPQM - ok
15:53:31.0472 2108 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
15:53:31.0550 2108 MsRPC - ok
15:53:31.0581 2108 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
15:53:31.0597 2108 mssmbios - ok
15:53:31.0722 2108 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
15:53:31.0847 2108 MSTEE - ok
15:53:31.0941 2108 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
15:53:31.0956 2108 Mup - ok
15:53:32.0128 2108 napagent (1cdbb5d002fe2bc5300aa20550d8a52e) C:\Windows\system32\qagentRT.dll
15:53:32.0206 2108 napagent - ok
15:53:32.0285 2108 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
15:53:32.0331 2108 NativeWifiP - ok
15:53:32.0394 2108 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
15:53:32.0425 2108 NDIS - ok
15:53:32.0566 2108 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
15:53:32.0613 2108 NdisTapi - ok
15:53:32.0660 2108 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
15:53:32.0769 2108 Ndisuio - ok
15:53:32.0910 2108 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
15:53:32.0972 2108 NdisWan - ok
15:53:33.0003 2108 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
15:53:33.0019 2108 NDProxy - ok
15:53:33.0113 2108 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll
15:53:33.0128 2108 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:53:33.0128 2108 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:53:33.0144 2108 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
15:53:33.0206 2108 NetBIOS - ok
15:53:33.0425 2108 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
15:53:33.0535 2108 netbt - ok
15:53:33.0597 2108 Netlogon (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
15:53:33.0613 2108 Netlogon - ok
15:53:33.0691 2108 Netman (90a4dae28b94497f83bea0f2a3b77092) C:\Windows\System32\netman.dll
15:53:33.0785 2108 Netman - ok
15:53:33.0816 2108 netprofm (7c5c3d9ceee838856b828ab6f98a2857) C:\Windows\System32\netprofm.dll
15:53:33.0878 2108 netprofm - ok
15:53:34.0222 2108 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:53:34.0253 2108 NetTcpPortSharing - ok
15:53:34.0378 2108 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:53:34.0425 2108 nfrd960 - ok
15:53:34.0503 2108 NlaSvc (c424117a562f2de37a42266894c79aeb) C:\Windows\System32\nlasvc.dll
15:53:34.0628 2108 NlaSvc - ok
15:53:34.0722 2108 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
15:53:34.0800 2108 Npfs - ok
15:53:34.0878 2108 nsi (23b8201a363de0e649fc75ee9874dee2) C:\Windows\system32\nsisvc.dll
15:53:34.0956 2108 nsi - ok
15:53:35.0003 2108 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
15:53:35.0066 2108 nsiproxy - ok
15:53:36.0081 2108 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
15:53:36.0206 2108 Ntfs - ok
15:53:36.0253 2108 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:53:36.0316 2108 ntrigdigi - ok
15:53:36.0347 2108 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
15:53:36.0410 2108 Null - ok
15:53:36.0441 2108 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
15:53:36.0456 2108 nvraid - ok
15:53:36.0472 2108 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
15:53:36.0488 2108 nvstor - ok
15:53:36.0535 2108 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
15:53:36.0550 2108 nv_agp - ok
15:53:36.0566 2108 NwlnkFlt - ok
15:53:36.0566 2108 NwlnkFwd - ok
15:53:37.0191 2108 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:53:37.0238 2108 odserv - ok
15:53:37.0300 2108 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
15:53:37.0425 2108 ohci1394 - ok
15:53:37.0675 2108 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:53:37.0691 2108 ose - ok
15:53:37.0769 2108 p2pimsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
15:53:37.0878 2108 p2pimsvc - ok
15:53:37.0894 2108 p2psvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
15:53:37.0972 2108 p2psvc - ok
15:53:38.0050 2108 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
15:53:38.0144 2108 Parport - ok
15:53:38.0191 2108 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
15:53:38.0206 2108 partmgr - ok
15:53:38.0222 2108 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
15:53:38.0285 2108 Parvdm - ok
15:53:38.0316 2108 PcaSvc (d8c5c215c932233a4f1d7f368f4e4e65) C:\Windows\System32\pcasvc.dll
15:53:38.0347 2108 PcaSvc - ok
15:53:38.0363 2108 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
15:53:38.0378 2108 pci - ok
15:53:38.0425 2108 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
15:53:38.0441 2108 pciide - ok
15:53:38.0488 2108 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
15:53:38.0503 2108 pcmcia - ok
15:53:38.0613 2108 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:53:38.0722 2108 PEAUTH - ok
15:53:38.0785 2108 PersonalSecureDrive (e5de9f28c583c93339dd628447693468) C:\Windows\System32\drivers\psd.sys
15:53:38.0785 2108 PersonalSecureDrive ( UnsignedFile.Multi.Generic ) - warning
15:53:38.0785 2108 PersonalSecureDrive - detected UnsignedFile.Multi.Generic (1)
15:53:39.0519 2108 pla (cd05a38d166beade18030bafc0c0a939) C:\Windows\system32\pla.dll
15:53:39.0769 2108 pla - ok
15:53:41.0003 2108 PlugPlay (747bb4c31f3b6e8d1b5ed0ad61518cb5) C:\Windows\system32\umpnpmgr.dll
15:53:41.0066 2108 PlugPlay - ok
15:53:41.0128 2108 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll
15:53:41.0144 2108 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:53:41.0144 2108 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:53:41.0222 2108 PNRPAutoReg (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
15:53:41.0285 2108 PNRPAutoReg - ok
15:53:41.0300 2108 PNRPsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
15:53:41.0347 2108 PNRPsvc - ok
15:53:41.0456 2108 PolicyAgent (5ebdec613bd377ce9a85382be5c6b83b) C:\Windows\System32\ipsecsvc.dll
15:53:41.0535 2108 PolicyAgent - ok
15:53:41.0597 2108 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
15:53:41.0660 2108 PptpMiniport - ok
15:53:41.0691 2108 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
15:53:41.0753 2108 Processor - ok
15:53:41.0800 2108 ProfSvc (213112e152e68f0e4705e36f052a2880) C:\Windows\system32\profsvc.dll
15:53:41.0878 2108 ProfSvc - ok
15:53:41.0894 2108 ProtectedStorage (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
15:53:41.0910 2108 ProtectedStorage - ok
15:53:42.0035 2108 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
15:53:42.0050 2108 PSched - ok
15:53:42.0144 2108 PxHelp20 (5491e4e7d93804f43abe8ce3c39f5a86) C:\Windows\system32\Drivers\PxHelp20.sys
15:53:42.0160 2108 PxHelp20 - ok
15:53:42.0253 2108 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
15:53:42.0378 2108 ql2300 - ok
15:53:42.0410 2108 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:53:42.0425 2108 ql40xx - ok
15:53:42.0519 2108 QWAVE (ca61bdfd3713a7ce75f2812afc431594) C:\Windows\system32\qwave.dll
15:53:42.0550 2108 QWAVE - ok
15:53:42.0581 2108 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
15:53:42.0597 2108 QWAVEdrv - ok
15:53:44.0910 2108 R300 (e52b7a5010011c29063684cac1a6bbf0) C:\Windows\system32\DRIVERS\atikmdag.sys
15:53:45.0144 2108 R300 ( UnsignedFile.Multi.Generic ) - warning
15:53:45.0144 2108 R300 - detected UnsignedFile.Multi.Generic (1)
15:53:46.0097 2108 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
15:53:46.0206 2108 RasAcd - ok
15:53:46.0285 2108 RasAuto (f14f4aab9f54d099fe99192bdb100ac9) C:\Windows\System32\rasauto.dll
15:53:46.0347 2108 RasAuto - ok
15:53:46.0410 2108 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:53:46.0456 2108 Rasl2tp - ok
15:53:46.0488 2108 RasMan (11d65e29bc9d1e4114d18fe68194394c) C:\Windows\System32\rasmans.dll
15:53:46.0566 2108 RasMan - ok
15:53:46.0581 2108 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
15:53:46.0644 2108 RasPppoe - ok
15:53:46.0753 2108 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
15:53:46.0878 2108 rdbss - ok
15:53:46.0910 2108 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:53:46.0988 2108 RDPCDD - ok
15:53:47.0597 2108 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\DRIVERS\rdpdr.sys
15:53:47.0800 2108 rdpdr - ok
15:53:47.0878 2108 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
15:53:47.0956 2108 RDPENCDD - ok
15:53:48.0316 2108 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
15:53:48.0394 2108 RDPWD - ok
15:53:48.0456 2108 RemoteAccess (6c1a43c589ee8011a1ebfd51c01b77ce) C:\Windows\System32\mprdim.dll
15:53:48.0519 2108 RemoteAccess - ok
15:53:48.0566 2108 RemoteRegistry (9a043808667c8c1893da7275af373f0e) C:\Windows\system32\regsvc.dll
15:53:48.0628 2108 RemoteRegistry - ok
15:53:48.0753 2108 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
15:53:48.0894 2108 RFCOMM - ok
15:53:49.0160 2108 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:53:49.0253 2108 RpcLocator - ok
15:53:50.0128 2108 RpcSs (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
15:53:50.0191 2108 RpcSs - ok
15:53:50.0363 2108 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
15:53:50.0425 2108 rspndr - ok
15:53:50.0503 2108 SamSs (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
15:53:50.0519 2108 SamSs - ok
15:53:50.0691 2108 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:53:50.0722 2108 sbp2port - ok
15:53:50.0831 2108 SCardSvr (565b4b9e5ad2f2f18a4f8aafa6c06bbb) C:\Windows\System32\SCardSvr.dll
15:53:50.0925 2108 SCardSvr - ok
15:53:51.0628 2108 Schedule (886cec884b5be29ab9828b8ab46b11f7) C:\Windows\system32\schedsvc.dll
15:53:51.0738 2108 Schedule - ok
15:53:51.0863 2108 SCPolicySvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
15:53:51.0972 2108 SCPolicySvc - ok
15:53:52.0035 2108 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
15:53:52.0066 2108 sdbus - ok
15:53:52.0097 2108 SDRSVC  (f7b6bf02240d0a764adf8c8966735552) C:\Windows\System32\SDRSVC.dll
15:53:52.0128 2108 SDRSVC - ok
15:53:52.0144 2108 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:53:52.0206 2108 secdrv - ok
15:53:52.0300 2108 seclogon (8388c4133ddbe62ad7bc3ec9f14271ed) C:\Windows\system32\seclogon.dll
15:53:52.0363 2108 seclogon - ok
15:53:52.0410 2108 SENS (34350ae2c1d33d21c7305f861bd8dad8) C:\Windows\system32\sens.dll
15:53:52.0503 2108 SENS - ok
15:53:52.0581 2108 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
15:53:52.0660 2108 Serenum - ok
15:53:52.0878 2108 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
15:53:52.0988 2108 Serial - ok
15:53:53.0050 2108 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
15:53:53.0066 2108 sermouse - ok
15:53:53.0347 2108 SessionEnv (78878235da4df0d116e86837a0a21df8) C:\Windows\system32\sessenv.dll
15:53:53.0410 2108 SessionEnv - ok
15:53:53.0488 2108 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
15:53:53.0550 2108 sffdisk - ok
15:53:53.0581 2108 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
15:53:53.0644 2108 sffp_mmc - ok
15:53:53.0706 2108 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
15:53:53.0769 2108 sffp_sd - ok
15:53:53.0831 2108 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:53:53.0910 2108 sfloppy - ok
15:53:54.0660 2108 SharedAccess (9a82bf4c90b00a63150a606a1e2fd82b) C:\Windows\System32\ipnathlp.dll
15:53:54.0738 2108 SharedAccess - ok
15:53:54.0847 2108 ShellHWDetection (b264dfa21677728613267fe63802b332) C:\Windows\System32\shsvcs.dll
15:53:54.0910 2108 ShellHWDetection - ok
15:53:54.0941 2108 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
15:53:54.0956 2108 sisagp - ok
15:53:55.0081 2108 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
15:53:55.0097 2108 SiSRaid2 - ok
15:53:55.0128 2108 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
15:53:55.0144 2108 SiSRaid4 - ok
15:53:58.0831 2108 slsvc (a1dcd30534835cb67733ad00175125a6) C:\Windows\system32\SLsvc.exe
15:53:59.0175 2108 slsvc - ok
15:53:59.0910 2108 SLUINotify (56da296e7b376a727e7bdc5ac7fbee02) C:\Windows\system32\SLUINotify.dll
15:53:59.0956 2108 SLUINotify - ok
15:54:00.0191 2108 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
15:54:00.0316 2108 Smb - ok
15:54:00.0363 2108 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:54:00.0394 2108 SNMPTRAP - ok
15:54:00.0410 2108 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
15:54:00.0410 2108 spldr - ok
15:54:00.0472 2108 Spooler (da612ef2556776df2630b68bf2d48935) C:\Windows\System32\spoolsv.exe
15:54:00.0503 2108 Spooler - ok
15:54:00.0550 2108 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
15:54:00.0597 2108 srv - ok
15:54:00.0691 2108 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
15:54:00.0738 2108 srv2 - ok
15:54:00.0753 2108 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
15:54:00.0785 2108 srvnet - ok
15:54:00.0800 2108 SSDPSRV (8d3e4baff8b3997138c38eb1b600519a) C:\Windows\System32\ssdpsrv.dll
15:54:00.0878 2108 SSDPSRV - ok
15:54:01.0394 2108 stisvc (a941e099ef46e3cc12f898cbe1c39910) C:\Windows\System32\wiaservc.dll
15:54:01.0488 2108 stisvc - ok
15:54:01.0566 2108 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
15:54:01.0566 2108 swenum - ok
15:54:01.0628 2108 swprv (749ada8d6c18a08adfede69cbf5db2e0) C:\Windows\System32\swprv.dll
15:54:01.0722 2108 swprv - ok
15:54:01.0800 2108 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:54:01.0816 2108 Symc8xx - ok
15:54:01.0831 2108 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:54:01.0847 2108 Sym_hi - ok
15:54:01.0878 2108 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:54:01.0878 2108 Sym_u3 - ok
15:54:01.0941 2108 SynTP (81cf7aa63bb3cca31e1d1944c0a45fc7) C:\Windows\system32\DRIVERS\SynTP.sys
15:54:01.0956 2108 SynTP - ok
15:54:02.0910 2108 SysMain (8f2b5fede18bd3c4c926cbf88e6f1264) C:\Windows\system32\sysmain.dll
15:54:03.0097 2108 SysMain - ok
15:54:03.0238 2108 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:54:03.0300 2108 TabletInputService - ok
15:54:03.0363 2108 TapiSrv (ef3dd33c740fc2f82e7e4622f1c49289) C:\Windows\System32\tapisrv.dll
15:54:03.0488 2108 TapiSrv - ok
15:54:03.0644 2108 TBS (68fa52794ae9acc61bde16fe0956b414) C:\Windows\System32\tbssvc.dll
15:54:03.0706 2108 TBS - ok
15:54:04.0441 2108 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
15:54:04.0519 2108 Tcpip - ok
15:54:04.0550 2108 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
15:54:04.0613 2108 Tcpip6 - ok
15:54:04.0722 2108 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
15:54:04.0800 2108 tcpipreg - ok
15:54:04.0894 2108 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
15:54:04.0956 2108 TDPIPE - ok
15:54:05.0050 2108 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
15:54:05.0128 2108 TDTCP - ok
15:54:05.0269 2108 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
15:54:05.0363 2108 tdx - ok
15:54:05.0472 2108 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
15:54:05.0488 2108 TermDD - ok
15:54:05.0566 2108 TermService (fad71c1e8e4047b154e899ae31eb8caa) C:\Windows\System32\termsrv.dll
15:54:05.0644 2108 TermService - ok
15:54:05.0706 2108 THREADORDER (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
15:54:05.0785 2108 THREADORDER - ok
15:54:05.0847 2108 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\Windows\system32\drivers\tifm21.sys
15:54:05.0878 2108 tifm21 - ok
15:54:05.0910 2108 TPM (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys
15:54:05.0941 2108 TPM - ok
15:54:06.0066 2108 TrkWks (6bba0582c0025d43729a1112d3b57897) C:\Windows\System32\trkwks.dll
15:54:06.0144 2108 TrkWks - ok
15:54:06.0285 2108 TrustedInstaller (34e388a395fedba1d0511ed39bbf4074) C:\Windows\servicing\TrustedInstaller.exe
15:54:06.0316 2108 TrustedInstaller - ok
15:54:06.0378 2108 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:54:06.0472 2108 tssecsrv - ok
15:54:06.0581 2108 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
15:54:06.0597 2108 tunmp - ok
15:54:06.0613 2108 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
15:54:06.0628 2108 tunnel - ok
15:54:06.0660 2108 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
15:54:06.0660 2108 uagp35 - ok
15:54:06.0706 2108 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
15:54:06.0769 2108 udfs - ok
15:54:06.0800 2108 UI0Detect (24a333f4f14dcfb6ff6d5a1b9e5d79dd) C:\Windows\system32\UI0Detect.exe
15:54:06.0831 2108 UI0Detect - ok
15:54:06.0847 2108 UIUSys - ok
15:54:06.0878 2108 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
15:54:06.0894 2108 uliagpkx - ok
15:54:06.0925 2108 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
15:54:06.0941 2108 uliahci - ok
15:54:06.0972 2108 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:54:06.0988 2108 UlSata - ok
15:54:07.0050 2108 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:54:07.0066 2108 ulsata2 - ok
15:54:07.0081 2108 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
15:54:07.0144 2108 umbus - ok
15:54:07.0175 2108 UmRdpService (cfbb746c889b9223d2ac268cf283a93e) C:\Windows\System32\umrdp.dll
15:54:07.0206 2108 UmRdpService - ok
15:54:07.0238 2108 upnphost (8eb871a3deb6b3d5a85eb6ddfc390b59) C:\Windows\System32\upnphost.dll
15:54:07.0316 2108 upnphost - ok
15:54:07.0425 2108 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
15:54:07.0519 2108 usbaudio - ok
15:54:07.0613 2108 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
15:54:07.0660 2108 usbccgp - ok
15:54:07.0878 2108 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:54:07.0988 2108 usbcir - ok
15:54:08.0035 2108 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
15:54:08.0050 2108 usbehci - ok
15:54:08.0331 2108 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
15:54:08.0363 2108 usbhub - ok
15:54:08.0456 2108 usbohci (9333e482a173938788cbde8f81ec52fb) C:\Windows\system32\DRIVERS\usbohci.sys
15:54:08.0488 2108 usbohci - ok
15:54:08.0550 2108 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
15:54:08.0675 2108 usbprint - ok
15:54:08.0785 2108 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
15:54:08.0878 2108 usbscan - ok
15:54:08.0988 2108 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:54:09.0081 2108 USBSTOR - ok
15:54:09.0113 2108 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
15:54:09.0175 2108 usbuhci - ok
15:54:09.0253 2108 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
15:54:09.0316 2108 usbvideo - ok
15:54:09.0378 2108 UxSms (f79d0d7c9004474cb42746d9b2c30a2b) C:\Windows\System32\uxsms.dll
15:54:09.0441 2108 UxSms - ok
15:54:09.0503 2108 vds (c9d0bafee0d0a2681f048ca61bc0da96) C:\Windows\System32\vds.exe
15:54:09.0597 2108 vds - ok
15:54:09.0675 2108 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
15:54:09.0738 2108 vga - ok
15:54:09.0769 2108 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
15:54:09.0831 2108 VgaSave - ok
15:54:09.0847 2108 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
15:54:09.0847 2108 viaagp - ok
15:54:09.0863 2108 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
15:54:09.0925 2108 ViaC7 - ok
15:54:10.0066 2108 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
15:54:10.0113 2108 viaide - ok
15:54:10.0144 2108 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
15:54:10.0206 2108 volmgr - ok
15:54:10.0956 2108 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
15:54:11.0019 2108 volmgrx - ok
15:54:11.0316 2108 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
15:54:11.0347 2108 volsnap - ok
15:54:11.0425 2108 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
15:54:11.0456 2108 vsmraid - ok
15:54:12.0394 2108 VSS (e0e29d9ef2524abd11749c7c2fd7f607) C:\Windows\system32\vssvc.exe
15:54:12.0488 2108 VSS - ok
15:54:12.0550 2108 W32Time (62b0d0f6f5580d9d0dfa5e0b466ff2ed) C:\Windows\system32\w32time.dll
15:54:12.0644 2108 W32Time - ok
15:54:12.0675 2108 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:54:12.0738 2108 WacomPen - ok
15:54:12.0910 2108 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
15:54:12.0941 2108 Wanarp - ok
15:54:12.0972 2108 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
15:54:13.0003 2108 Wanarpv6 - ok
15:54:13.0160 2108 wbengine (6d2f099d4ce88777e46cb1808c87b132) C:\Windows\system32\wbengine.exe
15:54:13.0285 2108 wbengine - ok
15:54:13.0331 2108 wcncsvc (c1b19162e0509ceab4cdf664e139d956) C:\Windows\System32\wcncsvc.dll
15:54:13.0394 2108 wcncsvc - ok
15:54:13.0441 2108 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:54:13.0472 2108 WcsPlugInService - ok
15:54:13.0503 2108 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
15:54:13.0519 2108 Wd - ok
15:54:13.0863 2108 Wdf01000 (dea0bf2354eb609c33f5f1bed41fd0e4) C:\Windows\system32\drivers\Wdf01000.sys
15:54:13.0878 2108 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: dea0bf2354eb609c33f5f1bed41fd0e4, Fake md5: 7b5f66e4a2219c7d9daf9e738480e534
15:54:13.0878 2108 Wdf01000 ( Virus.Win32.Rloader.a ) - infected
15:54:13.0878 2108 Wdf01000 - detected Virus.Win32.Rloader.a (0)
15:54:13.0941 2108 WdiServiceHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
15:54:13.0972 2108 WdiServiceHost - ok
15:54:13.0972 2108 WdiSystemHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
15:54:14.0003 2108 WdiSystemHost - ok
15:54:14.0050 2108 WebClient (01e41c264eedcb827820a1909162579f) C:\Windows\System32\webclnt.dll
15:54:14.0081 2108 WebClient - ok
15:54:14.0144 2108 Wecsvc (9cf67ff7f8d34cbf115d0c278b9f74aa) C:\Windows\system32\wecsvc.dll
15:54:14.0253 2108 Wecsvc - ok
15:54:14.0394 2108 wercplsupport (b68cab45db1dab59d92acadfad6364a8) C:\Windows\System32\wercplsupport.dll
15:54:14.0519 2108 wercplsupport - ok
15:54:15.0003 2108 WerSvc (36ba0707680ef4236fd752bee982cc25) C:\Windows\System32\WerSvc.dll
15:54:15.0113 2108 WerSvc - ok
15:54:15.0410 2108 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
15:54:15.0441 2108 WimFltr - ok
15:54:16.0722 2108 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
15:54:16.0847 2108 winachsf - ok
15:54:17.0347 2108 winachsx (8ede2793441645906d1b8b7399c56140) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:54:17.0441 2108 winachsx - ok
15:54:17.0550 2108 WinDefend (0d5ad0e71ff5ddac5dd2f443b499abd0) C:\Program Files\Windows Defender\mpsvc.dll
15:54:17.0597 2108 WinDefend - ok
15:54:17.0613 2108 WinHttpAutoProxySvc - ok
15:54:17.0691 2108 Winmgmt (38a7b89de4e3417c122317949667fdd8) C:\Windows\system32\wbem\WMIsvc.dll
15:54:17.0816 2108 Winmgmt - ok
15:54:17.0878 2108 WinRM (3f6823040030c3e4da1cf11cd40b7534) C:\Windows\system32\WsmSvc.dll
15:54:17.0972 2108 WinRM - ok
15:54:18.0066 2108 Wlansvc (7640acea41348bfef34b76e245501261) C:\Windows\System32\wlansvc.dll
15:54:18.0144 2108 Wlansvc - ok
15:54:18.0347 2108 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:54:18.0378 2108 WmiAcpi - ok
15:54:18.0410 2108 wmiApSrv (a279323bee5fffafda222910bce92132) C:\Windows\system32\wbem\WmiApSrv.exe
15:54:18.0456 2108 wmiApSrv - ok
15:54:20.0503 2108 WMPNetworkSvc (acb2e63d50157e3ea7140f29d9e76a48) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:54:20.0675 2108 WMPNetworkSvc - ok
15:54:21.0331 2108 WPDBusEnum (c24844a1d0d9528b19d5bc266b8cd572) C:\Windows\system32\wpdbusenum.dll
15:54:21.0425 2108 WPDBusEnum - ok
15:54:21.0472 2108 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
15:54:21.0566 2108 ws2ifsl - ok
15:54:21.0941 2108 wscsvc (f97cbb919af6d0a6643d1a59c15014d1) C:\Windows\system32\wscsvc.dll
15:54:21.0988 2108 wscsvc - ok
15:54:22.0003 2108 WSearch - ok
15:54:23.0706 2108 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
15:54:23.0941 2108 wuauserv - ok
15:54:24.0566 2108 wudfsvc (db5bf5aab72b1b99b5331231d09ebb26) C:\Windows\System32\WUDFSvc.dll
15:54:24.0706 2108 wudfsvc - ok
15:54:24.0925 2108 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
15:54:24.0941 2108 XAudio - ok
15:54:24.0988 2108 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
15:54:25.0035 2108 XAudioService - ok
15:54:25.0097 2108 MBR (0x1B8) (264850e33aebef8d6f4410c559f395cd) \Device\Harddisk0\DR0
15:54:28.0472 2108 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:54:28.0472 2108 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:54:28.0503 2108 Boot (0x1200) (80597d6f6573afb8e5c2e18eef1e8beb) \Device\Harddisk0\DR0\Partition0
15:54:28.0503 2108 \Device\Harddisk0\DR0\Partition0 - ok
15:54:28.0535 2108 Boot (0x1200) (b02f9744e979bf3676d52a837c6815ef) \Device\Harddisk0\DR0\Partition1
15:54:28.0597 2108 \Device\Harddisk0\DR0\Partition1 - ok
15:54:28.0628 2108 Boot (0x1200) (b976f7057f3f9e56da1f2dfe29b23f6a) \Device\Harddisk0\DR0\Partition2
15:54:28.0691 2108 \Device\Harddisk0\DR0\Partition2 - ok
15:54:28.0691 2108 ============================================================
15:54:28.0691 2108 Scan finished
15:54:28.0691 2108 ============================================================
15:54:28.0738 3988 Detected object count: 11
15:54:28.0738 3988 Actual detected object count: 11
15:55:16.0066 3988 ASBroker ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:16.0066 3988 ASBroker ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:55:16.0081 3988 Ati External Event Utility ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:16.0081 3988 Ati External Event Utility ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:55:16.0081 3988 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:16.0081 3988 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:55:16.0097 3988 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:16.0097 3988 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:55:16.0097 3988 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:16.0097 3988 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:55:16.0113 3988 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:16.0113 3988 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:55:16.0113 3988 PersonalSecureDrive ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:16.0113 3988 PersonalSecureDrive ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:55:16.0113 3988 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:16.0113 3988 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:55:16.0128 3988 R300 ( UnsignedFile.Multi.Generic ) - skipped by user
15:55:16.0128 3988 R300 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:55:16.0535 3988 C:\Windows\system32\drivers\Wdf01000.sys - copied to quarantine
15:55:19.0988 3988 Backup copy not found, trying to cure infected file..
15:55:19.0988 3988 Cure success, using it..
15:55:20.0019 3988 C:\Windows\system32\drivers\Wdf01000.sys - will be cured on reboot
15:55:20.0019 3988 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure 
15:55:20.0019 3988 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:55:20.0019 3988 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
15:55:25.0097 3268 Deinitialize success


----------



## kevinf80 (Mar 21, 2006)

Do a scan with Avast and see what it returns...


----------



## Zello (Mar 22, 2012)

I've done a scan and it shows no infections, but does say that some files could not be scanned. Is there something else to be done, or shall I proceed to the refecting and replacing the hard drive? Thanks for your help.


----------



## kevinf80 (Mar 21, 2006)

Couple of things to do first,

1. Re-run TDSSKiller as before, when you see this entry *Device\Harddisk0\DR0 ( TDSS File System )* Select *Delete*
this time, not skip.

2. Run Malwarebytes quick scan, check for updates first.

Let me see those two logs, also tell me how your system is responding....

Kevin


----------



## Zello (Mar 22, 2012)

Okay, here are the TDSS and Malwarebytes logs.

22:18:29.0377 5368 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
22:18:29.0736 5368 ============================================================
22:18:29.0736 5368 Current date / time: 2012/05/12 22:18:29.0736
22:18:29.0736 5368 SystemInfo:
22:18:29.0736 5368 
22:18:29.0736 5368 OS Version: 6.0.6000 ServicePack: 0.0
22:18:29.0736 5368 Product type: Workstation
22:18:29.0736 5368 ComputerName: QUILOMBO-PC
22:18:29.0736 5368 UserName: HO
22:18:29.0736 5368 Windows directory: C:\Windows
22:18:29.0736 5368 System windows directory: C:\Windows
22:18:29.0736 5368 Processor architecture: Intel x86
22:18:29.0736 5368 Number of processors: 2
22:18:29.0736 5368 Page size: 0x1000
22:18:29.0736 5368 Boot type: Normal boot
22:18:29.0736 5368 ============================================================
22:18:32.0064 5368 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
22:18:32.0142 5368 ============================================================
22:18:32.0142 5368 \Device\Harddisk0\DR0:
22:18:32.0142 5368 MBR partitions:
22:18:32.0142 5368 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3AB47C1
22:18:32.0142 5368 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3AB4800, BlocksNum 0xCB8800
22:18:32.0142 5368 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x476F000, BlocksNum 0x31B800
22:18:32.0142 5368 ============================================================
22:18:32.0158 5368 C: <-> \Device\Harddisk0\DR0\Partition0
22:18:32.0189 5368 E: <-> \Device\Harddisk0\DR0\Partition2
22:18:32.0236 5368 F: <-> \Device\Harddisk0\DR0\Partition1
22:18:32.0283 5368 ============================================================
22:18:32.0283 5368 Initialize success
22:18:32.0283 5368 ============================================================
22:18:41.0767 5560 ============================================================
22:18:41.0767 5560 Scan started
22:18:41.0767 5560 Mode: Manual; SigCheck; TDLFS; 
22:18:41.0767 5560 ============================================================
22:18:44.0111 5560 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
22:18:44.0361 5560 ACPI - ok
22:18:44.0689 5560 ADIHdAudAddService (fb9ece3f7b8a03e474e611031ad4cd23) C:\Windows\system32\drivers\ADIHdAud.sys
22:18:44.0971 5560 ADIHdAudAddService - ok
22:18:45.0549 5560 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
22:18:45.0642 5560 adp94xx - ok
22:18:45.0705 5560 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
22:18:45.0767 5560 adpahci - ok
22:18:46.0205 5560 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
22:18:46.0236 5560 adpu160m - ok
22:18:46.0283 5560 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
22:18:46.0330 5560 adpu320 - ok
22:18:46.0377 5560 AEADIFilters (12d23758621b00b8d3134095ec3325fd) C:\Windows\system32\AEADISRV.EXE
22:18:46.0408 5560 AEADIFilters - ok
22:18:46.0486 5560 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
22:18:46.0674 5560 AeLookupSvc - ok
22:18:46.0767 5560 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
22:18:47.0064 5560 AFD - ok
22:18:47.0111 5560 agp440 - ok
22:18:47.0174 5560 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:18:47.0189 5560 aic78xx - ok
22:18:47.0205 5560 ALG (e69fb0e3112c40fdc0ef7d21a52dc951) C:\Windows\System32\alg.exe
22:18:47.0283 5560 ALG - ok
22:18:47.0299 5560 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
22:18:47.0314 5560 aliide - ok
22:18:47.0330 5560 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
22:18:47.0346 5560 amdagp - ok
22:18:47.0377 5560 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
22:18:47.0392 5560 amdide - ok
22:18:47.0424 5560 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
22:18:47.0533 5560 AmdK7 - ok
22:18:47.0627 5560 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
22:18:47.0767 5560 AmdK8 - ok
22:18:47.0830 5560 Appinfo (cfa455816879f06f1c4e5bbf9e8aef7d) C:\Windows\System32\appinfo.dll
22:18:47.0924 5560 Appinfo - ok
22:18:48.0002 5560 AppMgmt (051e86735b71e8402aebc1d662f26ba2) C:\Windows\System32\appmgmts.dll
22:18:48.0080 5560 AppMgmt - ok
22:18:48.0127 5560 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
22:18:48.0127 5560 arc - ok
22:18:48.0205 5560 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
22:18:48.0221 5560 arcsas - ok
22:18:48.0330 5560 ASBroker (e4bc0cb0a57423bd11d8fe06366224e4) c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
22:18:48.0361 5560 ASBroker ( UnsignedFile.Multi.Generic ) - warning
22:18:48.0361 5560 ASBroker - detected UnsignedFile.Multi.Generic (1)
22:18:48.0455 5560 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
22:18:48.0549 5560 aswFsBlk - ok
22:18:48.0596 5560 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
22:18:48.0611 5560 aswMonFlt - ok
22:18:48.0642 5560 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\Windows\system32\drivers\aswRdr.sys
22:18:48.0642 5560 aswRdr - ok
22:18:48.0736 5560 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
22:18:48.0799 5560 aswSnx - ok
22:18:48.0846 5560 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
22:18:48.0892 5560 aswSP - ok
22:18:49.0002 5560 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
22:18:49.0033 5560 aswTdi - ok
22:18:49.0096 5560 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
22:18:49.0252 5560 AsyncMac - ok
22:18:49.0330 5560 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
22:18:49.0346 5560 atapi - ok
22:18:49.0455 5560 Ati External Event Utility (b488fc27338b83c9fc91d684467eeb7e) C:\Windows\system32\Ati2evxx.exe
22:18:49.0564 5560 Ati External Event Utility ( UnsignedFile.Multi.Generic ) - warning
22:18:49.0564 5560 Ati External Event Utility - detected UnsignedFile.Multi.Generic (1)
22:18:49.0611 5560 ATSWPDRV (3ee6c0dc85872ad65447aa9b8dfeff30) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
22:18:49.0627 5560 ATSWPDRV - ok
22:18:50.0111 5560 AudioEndpointBuilder (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
22:18:50.0252 5560 AudioEndpointBuilder - ok
22:18:50.0267 5560 Audiosrv (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
22:18:50.0330 5560 Audiosrv - ok
22:18:50.0533 5560 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
22:18:50.0533 5560 avast! Antivirus - ok
22:18:50.0611 5560 b57nd60x (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:18:50.0705 5560 b57nd60x - ok
22:18:50.0799 5560 BCM43XV (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys
22:18:50.0892 5560 BCM43XV - ok
22:18:50.0908 5560 BCM43XX (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys
22:18:50.0939 5560 BCM43XX - ok
22:18:50.0986 5560 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
22:18:51.0064 5560 bcm4sbxp - ok
22:18:51.0142 5560 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
22:18:51.0221 5560 Beep - ok
22:18:51.0346 5560 BFE (98ebdffb824a7c265337d68dd480e45c) C:\Windows\System32\bfe.dll
22:18:51.0486 5560 BFE - ok
22:18:52.0064 5560 BITS (da551697e34d2b9943c8b1c8eaffe89a) C:\Windows\system32\qmgr.dll
22:18:52.0205 5560 BITS - ok
22:18:52.0205 5560 blbdrive - ok
22:18:52.0455 5560 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
22:18:52.0580 5560 bowser - ok
22:18:52.0627 5560 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:18:52.0674 5560 BrFiltLo - ok
22:18:52.0705 5560 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:18:52.0767 5560 BrFiltUp - ok
22:18:52.0892 5560 Browser (beb6470532b7461d7bb426e3facb424f) C:\Windows\System32\browser.dll
22:18:53.0017 5560 Browser - ok
22:18:53.0064 5560 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:18:53.0174 5560 Brserid - ok
22:18:53.0236 5560 BrSerIf (56f59a4011f503149ae4de826982ca4f) C:\Windows\system32\Drivers\BrSerIf.sys
22:18:53.0283 5560 BrSerIf - ok
22:18:53.0314 5560 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:18:53.0377 5560 BrSerWdm - ok
22:18:53.0424 5560 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:18:53.0502 5560 BrUsbMdm - ok
22:18:53.0549 5560 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\Drivers\BrUsbSer.sys
22:18:53.0580 5560 BrUsbSer - ok
22:18:53.0658 5560 BthEnum (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys
22:18:53.0705 5560 BthEnum - ok
22:18:53.0752 5560 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:18:53.0830 5560 BTHMODEM - ok
22:18:53.0877 5560 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
22:18:53.0955 5560 BthPan - ok
22:18:54.0002 5560 BTHPORT (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
22:18:54.0049 5560 BTHPORT - ok
22:18:54.0111 5560 BthServ (58ee7f5e68310bc8d4e7cebd8358c12e) C:\Windows\System32\bthserv.dll
22:18:54.0158 5560 BthServ - ok
22:18:54.0189 5560 BTHUSB (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
22:18:54.0236 5560 BTHUSB - ok
22:18:54.0299 5560 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
22:18:54.0314 5560 btwaudio - ok
22:18:54.0330 5560 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
22:18:54.0346 5560 btwavdt - ok
22:18:54.0361 5560 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
22:18:54.0377 5560 btwrchid - ok
22:18:54.0814 5560 catchme - ok
22:18:54.0877 5560 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
22:18:55.0002 5560 cdfs - ok
22:18:55.0033 5560 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
22:18:55.0142 5560 cdrom - ok
22:18:55.0252 5560 CertPropSvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
22:18:55.0377 5560 CertPropSvc - ok
22:18:55.0408 5560 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
22:18:55.0486 5560 circlass - ok
22:18:55.0533 5560 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
22:18:55.0549 5560 CLFS - ok
22:18:55.0642 5560 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:18:55.0658 5560 clr_optimization_v2.0.50727_32 - ok
22:18:55.0721 5560 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
22:18:55.0783 5560 CmBatt - ok
22:18:55.0830 5560 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
22:18:55.0846 5560 cmdide - ok
22:18:55.0892 5560 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
22:18:55.0924 5560 Compbatt - ok
22:18:55.0939 5560 COMSysApp - ok
22:18:55.0971 5560 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
22:18:55.0971 5560 crcdisk - ok
22:18:56.0002 5560 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
22:18:56.0064 5560 Crusoe - ok
22:18:56.0142 5560 CryptSvc (1c26fb097170a2a91066d1e3a24366e3) C:\Windows\system32\cryptsvc.dll
22:18:56.0236 5560 CryptSvc - ok
22:18:56.0299 5560 CSC (ee95a5f89766f199557e5900ce6b2d7d) C:\Windows\system32\drivers\csc.sys
22:18:56.0392 5560 CSC - ok
22:18:56.0439 5560 CscService (68131a9a8e3f0ab5136bf386f02a3fc7) C:\Windows\System32\cscsvc.dll
22:18:56.0549 5560 CscService - ok
22:18:56.0627 5560 DcomLaunch (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
22:18:56.0721 5560 DcomLaunch - ok
22:18:56.0767 5560 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
22:18:56.0846 5560 DfsC - ok
22:18:57.0017 5560 DFSR (e0d584aa76c7d845ba9f3a788260528f) C:\Windows\system32\DFSR.exe
22:18:57.0236 5560 DFSR - ok
22:18:58.0142 5560 Dhcp (dc45739bc22d528d2b3e50d3f6761750) C:\Windows\System32\dhcpcsvc.dll
22:18:58.0221 5560 Dhcp - ok
22:18:58.0299 5560 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
22:18:58.0314 5560 disk - ok
22:18:58.0408 5560 Dnscache (eecba1dd142bf8693c476be8f32fe253) C:\Windows\System32\dnsrslvr.dll
22:18:58.0486 5560 Dnscache - ok
22:18:58.0564 5560 dot3svc (1f795d214820e496bf1124434a6db546) C:\Windows\System32\dot3svc.dll
22:18:58.0689 5560 dot3svc - ok
22:18:58.0846 5560 Dot4 (57b2d433a08b95e4f1b53a919937f3e5) C:\Windows\system32\DRIVERS\Dot4.sys
22:18:58.0924 5560 Dot4 - ok
22:18:58.0971 5560 Dot4Print (d93fa484bb62fbe7e5ef335c5415d3cf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:18:59.0064 5560 Dot4Print - ok
22:18:59.0096 5560 dot4usb (599742c4260fb3e8edb3be148b8ce856) C:\Windows\system32\DRIVERS\dot4usb.sys
22:18:59.0174 5560 dot4usb - ok
22:18:59.0330 5560 DPS (032c90ad677bf7b7a8013d6087c7a921) C:\Windows\system32\dps.dll
22:18:59.0408 5560 DPS - ok
22:18:59.0471 5560 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
22:18:59.0580 5560 drmkaud - ok
22:19:00.0096 5560 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
22:19:00.0189 5560 DXGKrnl - ok
22:19:00.0267 5560 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:19:00.0361 5560 E1G60 - ok
22:19:00.0392 5560 eabfiltr (e88b0cfcecf745211bba87f44f85d0dd) C:\Windows\system32\DRIVERS\eabfiltr.sys
22:19:00.0455 5560 eabfiltr - ok
22:19:00.0486 5560 EapHost (90a0a875642e18618010645311b4e89e) C:\Windows\System32\eapsvc.dll
22:19:00.0564 5560 EapHost - ok
22:19:00.0596 5560 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
22:19:00.0611 5560 Ecache - ok
22:19:00.0658 5560 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
22:19:00.0689 5560 elxstor - ok
22:19:01.0408 5560 EMDMgmt (3226fda08988526e819e364e8cce4cee) C:\Windows\system32\emdmgmt.dll
22:19:01.0564 5560 EMDMgmt - ok
22:19:01.0627 5560 EventSystem (7b4971c3d43525175a4ea0d143e0412e) C:\Windows\system32\es.dll
22:19:01.0689 5560 EventSystem - ok
22:19:01.0736 5560 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
22:19:01.0814 5560 fastfat - ok
22:19:01.0908 5560 Fax (93f75490b02033df8edf4d7089c7e1d8) C:\Windows\system32\fxssvc.exe
22:19:01.0986 5560 Fax - ok
22:19:02.0033 5560 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
22:19:02.0111 5560 fdc - ok
22:19:02.0127 5560 fdPHost (e43bce1a77d6fd4ed5f8e0482b9e7df1) C:\Windows\system32\fdPHost.dll
22:19:02.0189 5560 fdPHost - ok
22:19:02.0236 5560 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
22:19:02.0299 5560 FDResPub - ok
22:19:02.0330 5560 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
22:19:02.0346 5560 FileInfo - ok
22:19:02.0377 5560 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
22:19:02.0439 5560 Filetrace - ok
22:19:02.0471 5560 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
22:19:02.0549 5560 flpydisk - ok
22:19:02.0674 5560 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
22:19:02.0721 5560 FltMgr - ok
22:19:02.0892 5560 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:19:02.0924 5560 FontCache3.0.0.0 - ok
22:19:02.0955 5560 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
22:19:03.0033 5560 Fs_Rec - ok
22:19:03.0158 5560 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
22:19:03.0189 5560 gagp30kx - ok
22:19:03.0736 5560 gpsvc (bcf6589c42d8f6a20f33ef133ffe0524) C:\Windows\System32\gpsvc.dll
22:19:03.0892 5560 gpsvc - ok
22:19:04.0111 5560 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:19:04.0142 5560 gusvc - ok
22:19:04.0174 5560 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
22:19:04.0236 5560 HBtnKey - ok
22:19:04.0314 5560 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:19:04.0455 5560 HdAudAddService - ok
22:19:04.0549 5560 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:19:04.0674 5560 HDAudBus - ok
22:19:04.0705 5560 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:19:04.0767 5560 HidBth - ok
22:19:04.0799 5560 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:19:04.0861 5560 HidIr - ok
22:19:04.0924 5560 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
22:19:05.0002 5560 hidserv - ok
22:19:05.0096 5560 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
22:19:05.0174 5560 HidUsb - ok
22:19:05.0205 5560 hkmsvc (d40aa05e29bf6ed29b139f044b461e9b) C:\Windows\system32\kmsvc.dll
22:19:05.0267 5560 hkmsvc - ok
22:19:05.0330 5560 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
22:19:05.0346 5560 HpCISSs - ok
22:19:05.0580 5560 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:19:05.0674 5560 HSFHWAZL - ok
22:19:06.0189 5560 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:19:06.0346 5560 HSF_DPV - ok
22:19:06.0439 5560 HSXHWAZL (885b21b2fc5b5685d44b713d90012b92) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:19:06.0502 5560 HSXHWAZL - ok
22:19:06.0580 5560 HSX_DPV (defe798aec5377ca64ccfa6efa1ccf0e) C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:19:06.0674 5560 HSX_DPV - ok
22:19:06.0752 5560 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
22:19:06.0846 5560 HTTP - ok
22:19:06.0939 5560 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
22:19:06.0955 5560 i2omp - ok
22:19:07.0002 5560 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
22:19:07.0096 5560 i8042prt - ok
22:19:07.0142 5560 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
22:19:07.0158 5560 iaStorV - ok
22:19:08.0486 5560 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:19:08.0596 5560 idsvc - ok
22:19:08.0642 5560 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:19:08.0658 5560 iirsp - ok
22:19:09.0049 5560 IKEEXT (35662fe4d8622f667aa5a5568f7f1b40) C:\Windows\System32\ikeext.dll
22:19:09.0267 5560 IKEEXT - ok
22:19:09.0314 5560 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
22:19:09.0330 5560 intelide - ok
22:19:09.0361 5560 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
22:19:09.0439 5560 intelppm - ok
22:19:09.0533 5560 IPBusEnum (88cf5281ed9880d74dc9011cf8b5262d) C:\Windows\system32\ipbusenum.dll
22:19:09.0611 5560 IPBusEnum - ok
22:19:09.0861 5560 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:19:10.0017 5560 IpFilterDriver - ok
22:19:10.0361 5560 iphlpsvc (ecc9ad72cfc4ab41cf6a9bcc11f9fef6) C:\Windows\System32\iphlpsvc.dll
22:19:10.0424 5560 iphlpsvc - ok
22:19:10.0439 5560 IpInIp - ok
22:19:10.0564 5560 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
22:19:10.0658 5560 IPMIDRV - ok
22:19:10.0908 5560 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
22:19:11.0017 5560 IPNAT - ok
22:19:11.0096 5560 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
22:19:11.0174 5560 IRENUM - ok
22:19:11.0205 5560 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
22:19:11.0221 5560 isapnp - ok
22:19:11.0252 5560 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
22:19:11.0267 5560 iScsiPrt - ok
22:19:11.0299 5560 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:19:11.0314 5560 iteatapi - ok
22:19:11.0471 5560 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:19:11.0502 5560 iteraid - ok
22:19:11.0596 5560 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
22:19:11.0611 5560 kbdclass - ok
22:19:11.0642 5560 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
22:19:11.0658 5560 kbdhid - ok
22:19:11.0689 5560 KeyIso (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
22:19:11.0767 5560 KeyIso - ok
22:19:12.0861 5560 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
22:19:12.0939 5560 KSecDD - ok
22:19:13.0002 5560 KtmRm (45c537fe5dde9a0146aeff76e615737d) C:\Windows\system32\msdtckrm.dll
22:19:13.0142 5560 KtmRm - ok
22:19:13.0205 5560 LanmanServer (53d1482fc1aa36ac015a85e6cf2146bd) C:\Windows\System32\srvsvc.dll
22:19:13.0299 5560 LanmanServer - ok
22:19:13.0377 5560 LanmanWorkstation (435f0f6dc87a4b5da78f1fa309884189) C:\Windows\System32\wkssvc.dll
22:19:13.0439 5560 LanmanWorkstation - ok
22:19:13.0564 5560 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:19:13.0596 5560 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:19:13.0596 5560 LightScribeService - detected UnsignedFile.Multi.Generic (1)
22:19:13.0642 5560 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
22:19:13.0783 5560 lltdio - ok
22:19:14.0002 5560 lltdsvc (7450dbcf754391dd6363fffd5ef0e789) C:\Windows\System32\lltdsvc.dll
22:19:14.0080 5560 lltdsvc - ok
22:19:14.0096 5560 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
22:19:14.0158 5560 lmhosts - ok
22:19:14.0205 5560 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
22:19:14.0221 5560 LSI_FC - ok
22:19:14.0267 5560 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
22:19:14.0283 5560 LSI_SAS - ok
22:19:14.0346 5560 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
22:19:14.0361 5560 LSI_SCSI - ok
22:19:14.0408 5560 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
22:19:14.0471 5560 luafv - ok
22:19:14.0517 5560 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:19:14.0564 5560 mdmxsdk - ok
22:19:14.0580 5560 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
22:19:14.0596 5560 megasas - ok
22:19:14.0627 5560 MMCSS (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
22:19:14.0705 5560 MMCSS - ok
22:19:14.0767 5560 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
22:19:14.0846 5560 Modem - ok
22:19:14.0955 5560 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
22:19:15.0033 5560 monitor - ok
22:19:15.0080 5560 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
22:19:15.0096 5560 mouclass - ok
22:19:15.0158 5560 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
22:19:15.0189 5560 mouhid - ok
22:19:15.0299 5560 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
22:19:15.0314 5560 MountMgr - ok
22:19:15.0377 5560 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
22:19:15.0392 5560 mpio - ok
22:19:15.0486 5560 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
22:19:15.0549 5560 mpsdrv - ok
22:19:15.0611 5560 MpsSvc (563ed845885c6a7c09a7715d8bd0585c) C:\Windows\system32\mpssvc.dll
22:19:15.0721 5560 MpsSvc - ok
22:19:15.0736 5560 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:19:15.0752 5560 Mraid35x - ok
22:19:15.0877 5560 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
22:19:15.0908 5560 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
22:19:15.0908 5560 MREMP50 - detected UnsignedFile.Multi.Generic (1)
22:19:15.0908 5560 MREMP50a64 - ok
22:19:15.0939 5560 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
22:19:15.0939 5560 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
22:19:15.0939 5560 MRESP50 - detected UnsignedFile.Multi.Generic (1)
22:19:15.0955 5560 MRESP50a64 - ok
22:19:16.0002 5560 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
22:19:16.0096 5560 MRxDAV - ok
22:19:16.0142 5560 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:19:16.0189 5560 mrxsmb - ok
22:19:16.0221 5560 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:19:16.0267 5560 mrxsmb10 - ok
22:19:16.0299 5560 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:19:16.0346 5560 mrxsmb20 - ok
22:19:16.0361 5560 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
22:19:16.0392 5560 msahci - ok
22:19:16.0408 5560 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
22:19:16.0424 5560 msdsm - ok
22:19:16.0721 5560 MSDTC (bc64a92d821efea8bab8e8caf1b668bc) C:\Windows\System32\msdtc.exe
22:19:16.0767 5560 MSDTC - ok
22:19:16.0877 5560 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
22:19:16.0986 5560 Msfs - ok
22:19:17.0017 5560 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
22:19:17.0033 5560 msisadrv - ok
22:19:17.0267 5560 MSiSCSI (8acf956d9154e893e789881430c12632) C:\Windows\system32\iscsiexe.dll
22:19:17.0408 5560 MSiSCSI - ok
22:19:17.0408 5560 msiserver - ok
22:19:17.0502 5560 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
22:19:17.0580 5560 MSKSSRV - ok
22:19:17.0642 5560 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
22:19:17.0721 5560 MSPCLOCK - ok
22:19:17.0736 5560 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
22:19:17.0814 5560 MSPQM - ok
22:19:18.0127 5560 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
22:19:18.0158 5560 MsRPC - ok
22:19:18.0252 5560 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
22:19:18.0283 5560 mssmbios - ok
22:19:18.0346 5560 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
22:19:18.0486 5560 MSTEE - ok
22:19:18.0611 5560 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
22:19:18.0611 5560 Mup - ok
22:19:18.0658 5560 napagent (1cdbb5d002fe2bc5300aa20550d8a52e) C:\Windows\system32\qagentRT.dll
22:19:18.0752 5560 napagent - ok
22:19:18.0846 5560 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
22:19:18.0892 5560 NativeWifiP - ok
22:19:18.0971 5560 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
22:19:19.0002 5560 NDIS - ok
22:19:19.0080 5560 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
22:19:19.0127 5560 NdisTapi - ok
22:19:19.0174 5560 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
22:19:19.0283 5560 Ndisuio - ok
22:19:19.0455 5560 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
22:19:19.0580 5560 NdisWan - ok
22:19:19.0674 5560 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
22:19:19.0705 5560 NDProxy - ok
22:19:19.0752 5560 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\Windows\system32\HPZinw12.dll
22:19:19.0767 5560 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:19:19.0767 5560 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:19:19.0814 5560 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
22:19:19.0892 5560 NetBIOS - ok
22:19:20.0127 5560 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
22:19:20.0221 5560 netbt - ok
22:19:20.0267 5560 Netlogon (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
22:19:20.0283 5560 Netlogon - ok
22:19:20.0361 5560 Netman (90a4dae28b94497f83bea0f2a3b77092) C:\Windows\System32\netman.dll
22:19:20.0455 5560 Netman - ok
22:19:20.0502 5560 netprofm (7c5c3d9ceee838856b828ab6f98a2857) C:\Windows\System32\netprofm.dll
22:19:20.0580 5560 netprofm - ok
22:19:20.0736 5560 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:19:20.0767 5560 NetTcpPortSharing - ok
22:19:20.0846 5560 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:19:20.0877 5560 nfrd960 - ok
22:19:20.0955 5560 NlaSvc (c424117a562f2de37a42266894c79aeb) C:\Windows\System32\nlasvc.dll
22:19:21.0096 5560 NlaSvc - ok
22:19:21.0174 5560 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
22:19:21.0252 5560 Npfs - ok
22:19:21.0283 5560 nsi (23b8201a363de0e649fc75ee9874dee2) C:\Windows\system32\nsisvc.dll
22:19:21.0361 5560 nsi - ok
22:19:21.0377 5560 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
22:19:21.0455 5560 nsiproxy - ok
22:19:22.0174 5560 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
22:19:22.0283 5560 Ntfs - ok
22:19:22.0392 5560 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:19:22.0471 5560 ntrigdigi - ok
22:19:22.0486 5560 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
22:19:22.0549 5560 Null - ok
22:19:22.0705 5560 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
22:19:22.0736 5560 nvraid - ok
22:19:22.0814 5560 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
22:19:22.0861 5560 nvstor - ok
22:19:22.0939 5560 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
22:19:22.0971 5560 nv_agp - ok
22:19:22.0986 5560 NwlnkFlt - ok
22:19:23.0002 5560 NwlnkFwd - ok
22:19:24.0189 5560 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:19:24.0252 5560 odserv - ok
22:19:24.0517 5560 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
22:19:24.0627 5560 ohci1394 - ok
22:19:24.0705 5560 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:19:24.0721 5560 ose - ok
22:19:24.0799 5560 p2pimsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
22:19:24.0924 5560 p2pimsvc - ok
22:19:24.0939 5560 p2psvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
22:19:25.0002 5560 p2psvc - ok
22:19:25.0049 5560 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
22:19:25.0111 5560 Parport - ok
22:19:25.0174 5560 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
22:19:25.0174 5560 partmgr - ok
22:19:25.0205 5560 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
22:19:25.0283 5560 Parvdm - ok
22:19:25.0346 5560 PcaSvc (d8c5c215c932233a4f1d7f368f4e4e65) C:\Windows\System32\pcasvc.dll
22:19:25.0377 5560 PcaSvc - ok
22:19:25.0392 5560 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
22:19:25.0408 5560 pci - ok
22:19:25.0455 5560 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
22:19:25.0471 5560 pciide - ok
22:19:25.0517 5560 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
22:19:25.0533 5560 pcmcia - ok
22:19:26.0049 5560 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:19:26.0252 5560 PEAUTH - ok
22:19:26.0299 5560 PersonalSecureDrive (e5de9f28c583c93339dd628447693468) C:\Windows\System32\drivers\psd.sys
22:19:26.0314 5560 PersonalSecureDrive ( UnsignedFile.Multi.Generic ) - warning
22:19:26.0314 5560 PersonalSecureDrive - detected UnsignedFile.Multi.Generic (1)
22:19:27.0267 5560 pla (cd05a38d166beade18030bafc0c0a939) C:\Windows\system32\pla.dll
22:19:27.0564 5560 pla - ok
22:19:28.0392 5560 PlugPlay (747bb4c31f3b6e8d1b5ed0ad61518cb5) C:\Windows\system32\umpnpmgr.dll
22:19:28.0471 5560 PlugPlay - ok
22:19:28.0502 5560 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\Windows\system32\HPZipm12.dll
22:19:28.0549 5560 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:19:28.0549 5560 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:19:28.0892 5560 PNRPAutoReg (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
22:19:28.0955 5560 PNRPAutoReg - ok
22:19:28.0971 5560 PNRPsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
22:19:29.0017 5560 PNRPsvc - ok
22:19:29.0096 5560 PolicyAgent (5ebdec613bd377ce9a85382be5c6b83b) C:\Windows\System32\ipsecsvc.dll
22:19:29.0174 5560 PolicyAgent - ok
22:19:29.0361 5560 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
22:19:29.0517 5560 PptpMiniport - ok
22:19:29.0611 5560 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
22:19:29.0705 5560 Processor - ok
22:19:29.0783 5560 ProfSvc (213112e152e68f0e4705e36f052a2880) C:\Windows\system32\profsvc.dll
22:19:29.0877 5560 ProfSvc - ok
22:19:29.0955 5560 ProtectedStorage (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
22:19:29.0971 5560 ProtectedStorage - ok
22:19:30.0033 5560 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
22:19:30.0064 5560 PSched - ok
22:19:30.0127 5560 PxHelp20 (5491e4e7d93804f43abe8ce3c39f5a86) C:\Windows\system32\Drivers\PxHelp20.sys
22:19:30.0127 5560 PxHelp20 - ok
22:19:30.0892 5560 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
22:19:30.0971 5560 ql2300 - ok
22:19:31.0158 5560 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:19:31.0189 5560 ql40xx - ok
22:19:31.0252 5560 QWAVE (ca61bdfd3713a7ce75f2812afc431594) C:\Windows\system32\qwave.dll
22:19:31.0330 5560 QWAVE - ok
22:19:31.0361 5560 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
22:19:31.0377 5560 QWAVEdrv - ok
22:19:33.0205 5560 R300 (e52b7a5010011c29063684cac1a6bbf0) C:\Windows\system32\DRIVERS\atikmdag.sys
22:19:33.0517 5560 R300 ( UnsignedFile.Multi.Generic ) - warning
22:19:33.0517 5560 R300 - detected UnsignedFile.Multi.Generic (1)
22:19:35.0330 5560 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
22:19:35.0439 5560 RasAcd - ok
22:19:35.0564 5560 RasAuto (f14f4aab9f54d099fe99192bdb100ac9) C:\Windows\System32\rasauto.dll
22:19:35.0642 5560 RasAuto - ok
22:19:35.0721 5560 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:19:35.0783 5560 Rasl2tp - ok
22:19:36.0017 5560 RasMan (11d65e29bc9d1e4114d18fe68194394c) C:\Windows\System32\rasmans.dll
22:19:36.0189 5560 RasMan - ok
22:19:36.0330 5560 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
22:19:36.0392 5560 RasPppoe - ok
22:19:36.0627 5560 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
22:19:36.0689 5560 rdbss - ok
22:19:36.0721 5560 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:19:36.0799 5560 RDPCDD - ok
22:19:37.0361 5560 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\DRIVERS\rdpdr.sys
22:19:37.0502 5560 rdpdr - ok
22:19:37.0564 5560 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
22:19:37.0642 5560 RDPENCDD - ok
22:19:37.0814 5560 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
22:19:37.0908 5560 RDPWD - ok
22:19:37.0939 5560 RemoteAccess (6c1a43c589ee8011a1ebfd51c01b77ce) C:\Windows\System32\mprdim.dll
22:19:38.0033 5560 RemoteAccess - ok
22:19:38.0064 5560 RemoteRegistry (9a043808667c8c1893da7275af373f0e) C:\Windows\system32\regsvc.dll
22:19:38.0142 5560 RemoteRegistry - ok
22:19:38.0189 5560 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
22:19:38.0236 5560 RFCOMM - ok
22:19:38.0267 5560 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
22:19:38.0330 5560 RpcLocator - ok
22:19:38.0767 5560 RpcSs (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
22:19:38.0830 5560 RpcSs - ok
22:19:38.0861 5560 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
22:19:38.0908 5560 rspndr - ok
22:19:38.0986 5560 SamSs (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
22:19:39.0002 5560 SamSs - ok
22:19:39.0158 5560 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:19:39.0189 5560 sbp2port - ok
22:19:39.0346 5560 SCardSvr (565b4b9e5ad2f2f18a4f8aafa6c06bbb) C:\Windows\System32\SCardSvr.dll
22:19:39.0486 5560 SCardSvr - ok
22:19:39.0721 5560 Schedule (886cec884b5be29ab9828b8ab46b11f7) C:\Windows\system32\schedsvc.dll
22:19:39.0799 5560 Schedule - ok
22:19:39.0830 5560 SCPolicySvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
22:19:39.0892 5560 SCPolicySvc - ok
22:19:40.0049 5560 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
22:19:40.0142 5560 sdbus - ok
22:19:40.0330 5560 SDRSVC (f7b6bf02240d0a764adf8c8966735552) C:\Windows\System32\SDRSVC.dll
22:19:40.0439 5560 SDRSVC - ok
22:19:40.0486 5560 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:19:40.0596 5560 secdrv - ok
22:19:40.0658 5560 seclogon (8388c4133ddbe62ad7bc3ec9f14271ed) C:\Windows\system32\seclogon.dll
22:19:40.0752 5560 seclogon - ok
22:19:40.0877 5560 SENS (34350ae2c1d33d21c7305f861bd8dad8) C:\Windows\system32\sens.dll
22:19:40.0939 5560 SENS - ok
22:19:40.0971 5560 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
22:19:41.0064 5560 Serenum - ok
22:19:41.0174 5560 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
22:19:41.0267 5560 Serial - ok
22:19:41.0346 5560 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
22:19:41.0377 5560 sermouse - ok
22:19:41.0517 5560 SessionEnv (78878235da4df0d116e86837a0a21df8) C:\Windows\system32\sessenv.dll
22:19:41.0627 5560 SessionEnv - ok
22:19:41.0721 5560 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
22:19:41.0799 5560 sffdisk - ok
22:19:41.0877 5560 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
22:19:41.0971 5560 sffp_mmc - ok
22:19:41.0986 5560 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
22:19:42.0064 5560 sffp_sd - ok
22:19:42.0096 5560 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:19:42.0205 5560 sfloppy - ok
22:19:42.0502 5560 SharedAccess (9a82bf4c90b00a63150a606a1e2fd82b) C:\Windows\System32\ipnathlp.dll
22:19:42.0564 5560 SharedAccess - ok
22:19:42.0642 5560 ShellHWDetection (b264dfa21677728613267fe63802b332) C:\Windows\System32\shsvcs.dll
22:19:42.0736 5560 ShellHWDetection - ok
22:19:42.0830 5560 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
22:19:42.0846 5560 sisagp - ok
22:19:42.0939 5560 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
22:19:42.0939 5560 SiSRaid2 - ok
22:19:42.0971 5560 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
22:19:42.0986 5560 SiSRaid4 - ok
22:19:45.0955 5560 slsvc (a1dcd30534835cb67733ad00175125a6) C:\Windows\system32\SLsvc.exe
22:19:46.0252 5560 slsvc - ok
22:19:46.0971 5560 SLUINotify (56da296e7b376a727e7bdc5ac7fbee02) C:\Windows\system32\SLUINotify.dll
22:19:47.0033 5560 SLUINotify - ok
22:19:47.0142 5560 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
22:19:47.0267 5560 Smb - ok
22:19:47.0314 5560 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
22:19:47.0346 5560 SNMPTRAP - ok
22:19:47.0361 5560 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
22:19:47.0361 5560 spldr - ok
22:19:47.0392 5560 Spooler (da612ef2556776df2630b68bf2d48935) C:\Windows\System32\spoolsv.exe
22:19:47.0424 5560 Spooler - ok
22:19:47.0486 5560 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
22:19:47.0533 5560 srv - ok
22:19:47.0580 5560 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
22:19:47.0627 5560 srv2 - ok
22:19:47.0642 5560 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
22:19:47.0689 5560 srvnet - ok
22:19:47.0736 5560 SSDPSRV (8d3e4baff8b3997138c38eb1b600519a) C:\Windows\System32\ssdpsrv.dll
22:19:47.0814 5560 SSDPSRV - ok
22:19:48.0721 5560 stisvc (a941e099ef46e3cc12f898cbe1c39910) C:\Windows\System32\wiaservc.dll
22:19:48.0814 5560 stisvc - ok
22:19:49.0033 5560 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
22:19:49.0096 5560 swenum - ok
22:19:50.0283 5560 swprv (749ada8d6c18a08adfede69cbf5db2e0) C:\Windows\System32\swprv.dll
22:19:50.0439 5560 swprv - ok
22:19:50.0767 5560 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:19:50.0830 5560 Symc8xx - ok
22:19:50.0861 5560 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:19:50.0892 5560 Sym_hi - ok
22:19:51.0080 5560 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:19:51.0127 5560 Sym_u3 - ok
22:19:52.0002 5560 SynTP (81cf7aa63bb3cca31e1d1944c0a45fc7) C:\Windows\system32\DRIVERS\SynTP.sys
22:19:52.0064 5560 SynTP - ok
22:19:53.0205 5560 SysMain (8f2b5fede18bd3c4c926cbf88e6f1264) C:\Windows\system32\sysmain.dll
22:19:53.0330 5560 SysMain - ok
22:19:53.0361 5560 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
22:19:53.0455 5560 TabletInputService - ok
22:19:53.0549 5560 TapiSrv (ef3dd33c740fc2f82e7e4622f1c49289) C:\Windows\System32\tapisrv.dll
22:19:53.0674 5560 TapiSrv - ok
22:19:53.0908 5560 TBS (68fa52794ae9acc61bde16fe0956b414) C:\Windows\System32\tbssvc.dll
22:19:53.0986 5560 TBS - ok
22:19:55.0174 5560 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
22:19:55.0299 5560 Tcpip - ok
22:19:55.0330 5560 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
22:19:55.0392 5560 Tcpip6 - ok
22:19:55.0517 5560 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
22:19:55.0580 5560 tcpipreg - ok
22:19:55.0721 5560 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
22:19:55.0861 5560 TDPIPE - ok
22:19:56.0033 5560 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
22:19:56.0174 5560 TDTCP - ok
22:19:56.0408 5560 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
22:19:56.0502 5560 tdx - ok
22:19:56.0814 5560 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
22:19:56.0877 5560 TermDD - ok
22:19:57.0142 5560 TermService (fad71c1e8e4047b154e899ae31eb8caa) C:\Windows\System32\termsrv.dll
22:19:57.0299 5560 TermService - ok
22:19:57.0908 5560 THREADORDER (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
22:19:57.0971 5560 THREADORDER - ok
22:19:59.0377 5560 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\Windows\system32\drivers\tifm21.sys
22:19:59.0486 5560 tifm21 - ok
22:19:59.0877 5560 TPM (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys
22:19:59.0986 5560 TPM - ok
22:20:00.0189 5560 TrkWks (6bba0582c0025d43729a1112d3b57897) C:\Windows\System32\trkwks.dll
22:20:00.0346 5560 TrkWks - ok
22:20:00.0549 5560 TrustedInstaller (34e388a395fedba1d0511ed39bbf4074) C:\Windows\servicing\TrustedInstaller.exe
22:20:00.0580 5560 TrustedInstaller - ok
22:20:00.0846 5560 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:20:01.0002 5560 tssecsrv - ok
22:20:01.0142 5560 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
22:20:01.0158 5560 tunmp - ok
22:20:01.0158 5560 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
22:20:01.0205 5560 tunnel - ok
22:20:01.0658 5560 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
22:20:01.0736 5560 uagp35 - ok
22:20:02.0142 5560 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
22:20:02.0252 5560 udfs - ok
22:20:02.0564 5560 UI0Detect (24a333f4f14dcfb6ff6d5a1b9e5d79dd) C:\Windows\system32\UI0Detect.exe
22:20:02.0642 5560 UI0Detect - ok
22:20:02.0642 5560 UIUSys - ok
22:20:02.0939 5560 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
22:20:02.0971 5560 uliagpkx - ok
22:20:03.0877 5560 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
22:20:03.0955 5560 uliahci - ok
22:20:04.0127 5560 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:20:04.0158 5560 UlSata - ok
22:20:04.0221 5560 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:20:04.0236 5560 ulsata2 - ok
22:20:04.0408 5560 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
22:20:04.0549 5560 umbus - ok
22:20:04.0892 5560 UmRdpService (cfbb746c889b9223d2ac268cf283a93e) C:\Windows\System32\umrdp.dll
22:20:04.0971 5560 UmRdpService - ok
22:20:05.0314 5560 upnphost (8eb871a3deb6b3d5a85eb6ddfc390b59) C:\Windows\System32\upnphost.dll
22:20:05.0439 5560 upnphost - ok
22:20:05.0517 5560 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
22:20:05.0596 5560 usbaudio - ok
22:20:05.0767 5560 usbccgp (b0ba9caffe9b0555ec0317f30cb79cd2) C:\Windows\system32\DRIVERS\usbccgp.sys
22:20:05.0846 5560 usbccgp - ok
22:20:05.0908 5560 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:20:05.0986 5560 usbcir - ok
22:20:06.0049 5560 usbehci (c9fcd05b0a80ea08c2768e5a279b14de) C:\Windows\system32\DRIVERS\usbehci.sys
22:20:06.0080 5560 usbehci - ok
22:20:06.0158 5560 usbhub (5e44f7d957f7560da06bfe6b84b58a35) C:\Windows\system32\DRIVERS\usbhub.sys
22:20:06.0174 5560 usbhub - ok
22:20:06.0221 5560 usbohci (9333e482a173938788cbde8f81ec52fb) C:\Windows\system32\DRIVERS\usbohci.sys
22:20:06.0267 5560 usbohci - ok
22:20:06.0299 5560 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
22:20:06.0377 5560 usbprint - ok
22:20:06.0424 5560 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
22:20:06.0502 5560 usbscan - ok
22:20:06.0549 5560 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:20:06.0611 5560 USBSTOR - ok
22:20:06.0627 5560 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
22:20:06.0689 5560 usbuhci - ok
22:20:06.0767 5560 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
22:20:06.0830 5560 usbvideo - ok
22:20:06.0892 5560 UxSms (f79d0d7c9004474cb42746d9b2c30a2b) C:\Windows\System32\uxsms.dll
22:20:06.0971 5560 UxSms - ok
22:20:07.0017 5560 vds (c9d0bafee0d0a2681f048ca61bc0da96) C:\Windows\System32\vds.exe
22:20:07.0096 5560 vds - ok
22:20:07.0158 5560 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
22:20:07.0221 5560 vga - ok
22:20:07.0252 5560 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
22:20:07.0299 5560 VgaSave - ok
22:20:07.0330 5560 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
22:20:07.0330 5560 viaagp - ok
22:20:07.0361 5560 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
22:20:07.0424 5560 ViaC7 - ok
22:20:07.0424 5560 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
22:20:07.0439 5560 viaide - ok
22:20:07.0471 5560 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
22:20:07.0471 5560 volmgr - ok
22:20:07.0517 5560 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
22:20:07.0533 5560 volmgrx - ok
22:20:07.0564 5560 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
22:20:07.0596 5560 volsnap - ok
22:20:07.0627 5560 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
22:20:07.0642 5560 vsmraid - ok
22:20:07.0736 5560 VSS (e0e29d9ef2524abd11749c7c2fd7f607) C:\Windows\system32\vssvc.exe
22:20:07.0846 5560 VSS - ok
22:20:07.0892 5560 W32Time (62b0d0f6f5580d9d0dfa5e0b466ff2ed) C:\Windows\system32\w32time.dll
22:20:07.0971 5560 W32Time - ok
22:20:08.0017 5560 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:20:08.0096 5560 WacomPen - ok
22:20:08.0158 5560 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
22:20:08.0174 5560 Wanarp - ok
22:20:08.0189 5560 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
22:20:08.0205 5560 Wanarpv6 - ok
22:20:08.0252 5560 wbengine (6d2f099d4ce88777e46cb1808c87b132) C:\Windows\system32\wbengine.exe
22:20:08.0408 5560 wbengine - ok
22:20:08.0439 5560 wcncsvc (c1b19162e0509ceab4cdf664e139d956) C:\Windows\System32\wcncsvc.dll
22:20:08.0471 5560 wcncsvc - ok
22:20:08.0502 5560 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
22:20:08.0549 5560 WcsPlugInService - ok
22:20:08.0564 5560 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
22:20:08.0580 5560 Wd - ok
22:20:08.0642 5560 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
22:20:08.0689 5560 Wdf01000 - ok
22:20:08.0752 5560 WdiServiceHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
22:20:08.0783 5560 WdiServiceHost - ok
22:20:08.0783 5560 WdiSystemHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
22:20:08.0799 5560 WdiSystemHost - ok
22:20:08.0861 5560 WebClient (01e41c264eedcb827820a1909162579f) C:\Windows\System32\webclnt.dll
22:20:08.0892 5560 WebClient - ok
22:20:08.0908 5560 Wecsvc (9cf67ff7f8d34cbf115d0c278b9f74aa) C:\Windows\system32\wecsvc.dll
22:20:09.0017 5560 Wecsvc - ok
22:20:09.0049 5560 wercplsupport (b68cab45db1dab59d92acadfad6364a8) C:\Windows\System32\wercplsupport.dll
22:20:09.0127 5560 wercplsupport - ok
22:20:09.0158 5560 WerSvc (36ba0707680ef4236fd752bee982cc25) C:\Windows\System32\WerSvc.dll
22:20:09.0236 5560 WerSvc - ok
22:20:09.0283 5560 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
22:20:09.0299 5560 WimFltr - ok
22:20:09.0377 5560 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:20:09.0424 5560 winachsf - ok
22:20:09.0502 5560 winachsx (8ede2793441645906d1b8b7399c56140) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:20:09.0580 5560 winachsx - ok
22:20:09.0674 5560 WinDefend (0d5ad0e71ff5ddac5dd2f443b499abd0) C:\Program Files\Windows Defender\mpsvc.dll
22:20:09.0689 5560 WinDefend - ok
22:20:09.0705 5560 WinHttpAutoProxySvc - ok
22:20:09.0767 5560 Winmgmt (38a7b89de4e3417c122317949667fdd8) C:\Windows\system32\wbem\WMIsvc.dll
22:20:09.0830 5560 Winmgmt - ok
22:20:09.0939 5560 WinRM (3f6823040030c3e4da1cf11cd40b7534) C:\Windows\system32\WsmSvc.dll
22:20:10.0064 5560 WinRM - ok
22:20:10.0142 5560 Wlansvc (7640acea41348bfef34b76e245501261) C:\Windows\System32\wlansvc.dll
22:20:10.0252 5560 Wlansvc - ok
22:20:10.0314 5560 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:20:10.0392 5560 WmiAcpi - ok
22:20:10.0439 5560 wmiApSrv (a279323bee5fffafda222910bce92132) C:\Windows\system32\wbem\WmiApSrv.exe
22:20:10.0486 5560 wmiApSrv - ok
22:20:10.0611 5560 WMPNetworkSvc (acb2e63d50157e3ea7140f29d9e76a48) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:20:10.0767 5560 WMPNetworkSvc - ok
22:20:10.0814 5560 WPDBusEnum (c24844a1d0d9528b19d5bc266b8cd572) C:\Windows\system32\wpdbusenum.dll
22:20:10.0924 5560 WPDBusEnum - ok
22:20:10.0955 5560 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
22:20:11.0033 5560 ws2ifsl - ok
22:20:11.0049 5560 wscsvc (f97cbb919af6d0a6643d1a59c15014d1) C:\Windows\system32\wscsvc.dll
22:20:11.0080 5560 wscsvc - ok
22:20:11.0080 5560 WSearch - ok
22:20:11.0267 5560 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
22:20:11.0455 5560 wuauserv - ok
22:20:11.0580 5560 wudfsvc (db5bf5aab72b1b99b5331231d09ebb26) C:\Windows\System32\WUDFSvc.dll
22:20:11.0674 5560 wudfsvc - ok
22:20:11.0721 5560 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
22:20:11.0752 5560 XAudio - ok
22:20:11.0799 5560 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
22:20:11.0830 5560 XAudioService - ok
22:20:11.0877 5560 MBR (0x1B8) (264850e33aebef8d6f4410c559f395cd) \Device\Harddisk0\DR0
22:20:12.0221 5560 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:20:12.0221 5560 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:20:12.0221 5560 Boot (0x1200) (80597d6f6573afb8e5c2e18eef1e8beb) \Device\Harddisk0\DR0\Partition0
22:20:12.0221 5560 \Device\Harddisk0\DR0\Partition0 - ok
22:20:12.0252 5560 Boot (0x1200) (b02f9744e979bf3676d52a837c6815ef) \Device\Harddisk0\DR0\Partition1
22:20:12.0252 5560 \Device\Harddisk0\DR0\Partition1 - ok
22:20:12.0283 5560 Boot (0x1200) (b976f7057f3f9e56da1f2dfe29b23f6a) \Device\Harddisk0\DR0\Partition2
22:20:12.0283 5560 \Device\Harddisk0\DR0\Partition2 - ok
22:20:12.0283 5560 ============================================================
22:20:12.0283 5560 Scan finished
22:20:12.0283 5560 ============================================================
22:20:12.0314 8884 Detected object count: 10
22:20:12.0314 8884 Actual detected object count: 10
22:21:40.0814 8884 ASBroker ( UnsignedFile.Multi.Generic ) - skipped by user
22:21:40.0814 8884 ASBroker ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:21:40.0814 8884 Ati External Event Utility ( UnsignedFile.Multi.Generic ) - skipped by user
22:21:40.0814 8884 Ati External Event Utility ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:21:40.0830 8884 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
22:21:40.0830 8884 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:21:40.0830 8884 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
22:21:40.0830 8884 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:21:40.0846 8884 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
22:21:40.0846 8884 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:21:40.0846 8884 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:21:40.0846 8884 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:21:40.0861 8884 PersonalSecureDrive ( UnsignedFile.Multi.Generic ) - skipped by user
22:21:40.0861 8884 PersonalSecureDrive ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:21:40.0877 8884 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:21:40.0877 8884 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:21:40.0877 8884 R300 ( UnsignedFile.Multi.Generic ) - skipped by user
22:21:40.0877 8884 R300 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:21:41.0252 8884 \Device\Harddisk0\DR0\TDLFS\z00clicker.dll - copied to quarantine
22:21:41.0252 8884 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
22:21:41.0252 8884 \Device\Harddisk0\DR0\TDLFS - deleted
22:21:41.0267 8884 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.13.01
Windows Vista x86 NTFS
Internet Explorer 7.0.6000.17037
HO :: QUILOMBO-PC [administrator]
5/12/2012 10:31:04 PM
mbam-log-2012-05-12 (22-31-04).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 350780
Time elapsed: 1 hour(s), 30 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


----------



## kevinf80 (Mar 21, 2006)

Thanks for the new logs, TDSSKiller has flagged several files as suspicious because they are unsigned. Whilst unsigned does not mean malicious, it is prudent to upload for analysis. We want to be 100% sure your system is clean before you image across to the new HDD.

We need to upload a file to *Jotti*

1. Click *HERE* to get to Jotti's site.

2. At the top of the Jotti window, use the *Browse* button to locate the following file on your system:

*C:\Windows\system32\Ati2evxx.exe*

3. Once you have located the file, click *SUBMIT* and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.

5. Please repeat steps 2-4 for the following files:

*C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
C:\Program files\Common files\Motive\MREMP50.SYS
C:\Program Files\Common Files\Motive\MRESP50.SYS
C:\Windows\system32\HPZinw12.dll
C:\Windows\System32\drivers\psd.sys
C:\Windows\system32\HPZipm12.dll
C:\Windows\system32\DRIVERS\atikmdag.sys*

There is no need to copy all of the analysis logs, just let me see any that are confirmed as malicious...

Kevin


----------



## Zello (Mar 22, 2012)

Jotti shows all of them as being clean. Will run Avast again in a couple hours to see what it says, too. Oh, and I never answered the question about system response--I've just realized. Everything seems to be moving along well. IE goes straightaway to the internet. I only really use Yahoo Mail, a few blogs, Youtube and Hulu at the moment. All seems to be running rather well and not so sluggish any more (I imagine things may go that much better once I'm able to update the service packs). Thanks. Will report back what Avast has or hasn't found.


----------



## kevinf80 (Mar 21, 2006)

OK, keep me updated. run the following to clean up what we`ve just used....


Download *OTC* by OldTimer and save it to your *desktop.* *Alternative mirror*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose run as administrator
Then Click the big







button.
You will get a prompt saying "_Begining Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
This will remove tools we have used and itself.

*Any tools/logs remaining on the Desktop can be deleted.*

Kevin


----------



## Zello (Mar 22, 2012)

Initial Avast scan turned up four infections: three bamital infections and one fraudo. These were deleted and the second scan came up clean, though it said some files could not be scanned. There are a number of files that Avast shows as being password protected. These are largely button and language files, I'm guessing based on some of the names I see. 

One peculiar did happen. When I attempted a boot time scan after the scan that found the four infections, the laptop would attempt the scan, go to a blue screen that had something to the effect of: systemroot/system32/Config/(something else I can't remember right here). This screen would last maybe half a second or less (making it difficult to read what was on it) and then the laptop would reboot itself, only to attempt the boot scan again and reboot yet again in some type of continuing loop. I was able to finally get startup repair to work, after several attempts, and that appeared to take care of the problem. After this, I started another Avast scan, which is the scan that came up clean. Will now run OTC.


----------



## Zello (Mar 22, 2012)

Okay. I've run OTC and removed everything. Are there any other scans needed or do I move on to copying and replacing the hard drive?


----------



## kevinf80 (Mar 21, 2006)

Re-run DDS one more time, post fresh logs. Avast finding Bamital is worrying.....


----------



## Zello (Mar 22, 2012)

Okay, here are the logs: dds.txt followed by attach.txt...

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 7.0.6000.17037
Run by HO at 14:43:59 on 2012-05-14
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.1407.1053 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hp.com
mStart Page = hxxp://www.hp.com
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{2A4E1C5B-17B1-4EA4-B235-27CBB3FECAFE} : DhcpNameServer = 129.7.224.200 129.7.235.45 172.21.0.1
TCP: Interfaces\{3F57DD94-0C8B-4683-8D1D-D1C0C00F6B36} : DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ho\appdata\roaming\mozilla\firefox\profiles\4j6f4usb.default\
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-29 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-15 337880]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2006-12-27 32000]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2006-11-2 22016]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-15 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-2-15 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-3-17 44768]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
R3 HSX_DPV;HSX_DPV;c:\windows\system32\drivers\HSX_DPV.sys [2006-12-27 987648]
.
=============== Created Last 30 ================
.
2012-05-11 20:55:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-08 14:10:28 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-06 02:06:04 -------- d-----w- c:\program files\Speccy
.
==================== Find3M ====================
.
2012-05-11 20:57:11 495160 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-09 00:05:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
.
============= FINISH: 14:46:01.82 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Business 
Boot Device: \Device\HarddiskVolume1
Install Date: 1/11/2007 6:26:50 PM
System Uptime: 5/14/2012 5:02:53 AM (9 hours ago)
.
Motherboard: Hewlett-Packard | | 30B0
Processor: AMD Engineering Sample | U10 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 29 GiB total, 0.832 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 2 GiB total, 1.242 GiB free.
F: is FIXED (NTFS) - 6 GiB total, 0.758 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
3600_Help
Adobe Flash Player 11 ActiveX
Apple Software Update
Application Installer 4.00.B10
ASL_HS_Installer32
ATI Catalyst Install Manager
avast! Free Antivirus
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
ccc-core-static
ccc-utility
CCC Help English
Citrix Presentation Server Client
Comcast Desktop Software (v1.2.1)
CRON-O-METER 0.9.6
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Voice Editor 3
DocProc
DocProcQFolder
Essential System Updates for Microsoft Windows Vista
eSupportQFolder
Fax
Google Toolbar for Internet Explorer
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Backup and Recovery Manager Installer
HP BIOS Configuration for ProtectTools
HP Credential Manager for ProtectTools
HP Customer Experience Enhancements
HP Customer Participation Program 8.0
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 8.0
HP Integrated Module with Bluetooth wireless technology 6.0.1.3100
HP MULTIPLE MODEM INSTALLER for VISTA
HP Notebook Accessories Product Tour
HP OCR Software 8.0
HP Officejet J3600 Series
HP Product Assistant
HP ProtectTools Security Manager 2.00 E4
HP Quick Launch Buttons 6.10 C1
HP Smart Web Printing
HP Solution Center 8.0
HP User Guide 0051
HP Wireless Assistant
HPProductAssistant
HPSSupply
InterVideo DVD Check
InterVideo WinDVD
J3600
LightScribe 1.4.124.1
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Easy Assist v2
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Move Networks Media Player for Internet Explorer
Mozilla Firefox 11.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
ProductContext
QuickTime
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition 
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition 
Skins
SolutionCenter
Sonic Activation Module
SoundMAX
Speccy
Status
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vista Default Settings
WebEx
WebReg
Windows Live OneCare safety scanner
.
==== Event Viewer Messages From Past Week ========
.
5/9/2012 8:29:04 AM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): '\??\C:\Users\HO\ntuser.dat'.
5/9/2012 7:25:55 PM, Error: EventLog [6008] - The previous system shutdown at 7:22:06 PM on 5/9/2012 was unexpected.
5/9/2012 6:40:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: The 2007 Microsoft Office Suite Service Pack 3 (SP3).
5/9/2012 5:30:27 PM, Error: EventLog [6008] - The previous system shutdown at 5:28:08 PM on 5/9/2012 was unexpected.
5/9/2012 2:36:09 PM, Error: EventLog [6008] - The previous system shutdown at 12:33:12 PM on 5/9/2012 was unexpected.
5/9/2012 10:17:38 PM, Error: EventLog [6008] - The previous system shutdown at 10:15:56 PM on 5/9/2012 was unexpected.
5/8/2012 9:36:09 PM, Error: EventLog [6008] - The previous system shutdown at 9:34:18 PM on 5/8/2012 was unexpected.
5/8/2012 8:57:34 PM, Error: EventLog [6008] - The previous system shutdown at 8:55:13 PM on 5/8/2012 was unexpected.
5/8/2012 8:33:40 AM, Error: EventLog [6008] - The previous system shutdown at 8:31:35 AM on 5/8/2012 was unexpected.
5/8/2012 7:22:47 PM, Error: EventLog [6008] - The previous system shutdown at 7:20:39 PM on 5/8/2012 was unexpected.
5/8/2012 6:22:01 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070070: The 2007 Microsoft Office Suite Service Pack 3 (SP3).
5/8/2012 6:05:38 AM, Error: EventLog [6008] - The previous system shutdown at 12:02:15 AM on 5/8/2012 was unexpected.
5/8/2012 5:31:39 PM, Error: EventLog [6008] - The previous system shutdown at 5:29:35 PM on 5/8/2012 was unexpected.
5/8/2012 3:59:21 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
5/8/2012 3:40:01 PM, Error: EventLog [6008] - The previous system shutdown at 3:38:12 PM on 5/8/2012 was unexpected.
5/8/2012 2:05:26 PM, Error: EventLog [6008] - The previous system shutdown at 2:00:51 PM on 5/8/2012 was unexpected.
5/7/2012 9:03:16 PM, Error: EventLog [6008] - The previous system shutdown at 9:00:13 PM on 5/7/2012 was unexpected.
5/7/2012 8:27:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
5/7/2012 8:27:41 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/7/2012 6:43:59 PM, Error: EventLog [6008] - The previous system shutdown at 6:42:16 PM on 5/7/2012 was unexpected.
5/7/2012 6:26:44 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070663: The 2007 Microsoft Office Suite Service Pack 3 (SP3).
5/7/2012 6:13:31 AM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/7/2012 5:33:28 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
5/7/2012 5:11:14 PM, Error: EventLog [6008] - The previous system shutdown at 4:49:02 PM on 5/7/2012 was unexpected.
5/7/2012 12:30:22 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 6, function 0. Please contact your system vendor for technical assistance.
5/7/2012 12:30:22 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 5, function 0. Please contact your system vendor for technical assistance.
5/7/2012 12:30:22 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 4, function 0. Please contact your system vendor for technical assistance.
5/11/2012 9:53:24 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
5/11/2012 9:47:53 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: After starting, the service hung in a start-pending state.
5/11/2012 9:47:51 AM, Error: Service Control Manager [7022] - The Network Location Awareness service hung on starting.
5/11/2012 9:45:53 AM, Error: EventLog [6008] - The previous system shutdown at 9:41:24 AM on 5/11/2012 was unexpected.
5/10/2012 7:34:51 PM, Error: EventLog [6008] - The previous system shutdown at 7:29:29 PM on 5/10/2012 was unexpected.
5/10/2012 4:04:23 PM, Error: EventLog [6008] - The previous system shutdown at 7:16:58 AM on 5/10/2012 was unexpected.
.
==== End Of File ===========================


----------



## kevinf80 (Mar 21, 2006)

Everything looks good, you`ll see a big improvement with a bigger HD and the Service Packs installed.

You can delete this folder *C:\TDSSKiller_Quarantine*

Before you use macrium to image across to the new drive run TFC and Defrag the old HD....

kEVIN


----------



## Zello (Mar 22, 2012)

I'm sorry, Kevin, what is TFC (slightly embarrassed newbie grin as I ask this)?


----------



## kevinf80 (Mar 21, 2006)

mmm did you not install and run that (TFC) in reply #23?


----------



## Zello (Mar 22, 2012)

Ahh, yes I did! I had deleted it after using it. I'll reinstall and run and then go to use macrium. Thanks!


----------



## kevinf80 (Mar 21, 2006)

I`d recommend you keep TFC, it is an excellent temp file cleaner, always remember to reboot after a run, even if not prompted....


----------



## Zello (Mar 22, 2012)

Kevin,

I've done the cloning and put the new drive in and allowed windows to install a new driver, but I'm not seeing the extra space from the new hard drive. All of the old drives are in place, I can go online and all that, but I don't have the other space on the new drive showing up. Is there a step that I missed somewhere?


----------



## kevinf80 (Mar 21, 2006)

Select start, type *disk management* into the search box, tap enter. That should open the disk management window.

Select the following three keys together:

*Ctrl - Alt - PrtSc SysRq* That will take a screen shot of the active window.

Select start > all programs > accessories > paint. Select "paste" That should paste the screen shot to the work area. Save that as a Jpeg, not bitmap and attach to next reply....


----------



## Zello (Mar 22, 2012)

Here it is...

C:\Users\HO\Pictures\diskscreenshot.jpg


----------



## kevinf80 (Mar 21, 2006)

Nothing there??


----------



## Zello (Mar 22, 2012)

Oops. Let's try that again. How's it now?


----------



## kevinf80 (Mar 21, 2006)

Apologies, Vista is different to Windows 7. Do this:

Select start > right click on "Computer" > select "Manage" > select "Continue" at UAC > select "Disk Mangement" in the new window. Then take a screen shot as descibed previously and let me see that.

It should look similar to the image i`ve attached....


----------



## Zello (Mar 22, 2012)

Okay, here it is...


----------



## Zello (Mar 22, 2012)

Oh, one new thing now, Kevin: I went to Hulu and it is not playing videos for me (though youtube does). The hulu page says 'done, but with errors on the page'. I also get the bar across the top that says that something has been blocked. I click on it to allow what whatever's been blocked, but it still doesn't allow for the video to play. Not sure what is going on as the old hard drive had no problems.


----------



## Zello (Mar 22, 2012)

Just tried to update flash and it started to initialize and then stopped, saying 'actionlist not found'.


----------



## Zello (Mar 22, 2012)

Kevin, I've got flash going now. Please ignore my request about that.


----------



## kevinf80 (Mar 21, 2006)

Open Disk management again, Right click on the (C) Partition opposite Disk 0, are you given the option to "Extend Volume" if you are follow the prompts to fully extend into the UNallocated partion...

Let me know if that works,

Don`t know what Hulu is??


----------



## Zello (Mar 22, 2012)

When I right click on C, it has the extend option greyed out so that I'm unable to select it. The only option (besides properties) available when I right click on the extra space is 'new simple volume'. Does this mean that I have to change it to some identified volume, as I notice at the top of the page that the other drives are listed as simple volumes?


----------



## kevinf80 (Mar 21, 2006)

I`ve posted into our private forum and asked for advice, I`m not really clued up on technical issues. I assume the extend feature is greyed out because the free space is not contiguous with C:
I`ll get back to you when I have an answer..

Kevin


----------



## kevinf80 (Mar 21, 2006)

I`ve found some free software that will simplify the task, i`m trying it out will get back to you shortly...


----------



## kevinf80 (Mar 21, 2006)

Download and install Aomei Partition Assistant Home Edition from *Here* say yes to the Desktop shortcut during installation.

When complete run the tool, Vista/Windows 7 users will have to accept the UAC alert.

When the main window opens Select > C: then > Merge Partitions as below:










In the new window make sure C: and Unallocated are ticked, then select OK as beow:










In the new window you will see "Pending Operations" select "Apply" if that is correct as below:










Select Proceed at the next window as below:










In the new window select Yes as below:










You will see the task progress as below:










You will see the tasks complete, select OK as below:










When that is finished re-boot your system and check C: drive for size....

Kevin


----------

