26 replies to this topic

[lnr123bsr]

I thought my problems were solved, but I'm stilling having problems. I tried to reinstall MBAM but I'm getting Access Denied. I tried Roguekiller but I the program stops working even after renaming it. Here are my most recent Attach and DDS files. Thanks.

Attach:

S SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Acrobat 9 Standard - English, Français, Deutsch
Adobe Acrobat 9.1.2 - CPSID_49166
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1.2
AIO_Scan
Aleks 3.15
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BufferChm
C7200
C7200_Help
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PowerShot SX120 IS Camera User Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC 8
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Copy
Dell Backup and Recovery Manager
Dell Edoc Viewer
Destinations
DeviceDiscovery
DocProc
Dropbox
Fax
GPBaseService2
HP Imaging Device Functions 13.0
HP Photosmart All-In-One Driver Software 13.0 Rel. 2
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Intel® Matrix Storage Manager
iTunes
Java™ 6 Update 17
Junk Mail filter update
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.60.1.1000
MFCLOC
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual Studio 2005 Tools for Office Runtime
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Network
OCR Software by I.R.I.S. 13.0
PowerDVD DX
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
QuickBooks
QuickBooks Pro 2010
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
SolutionCenter
Status
Symantec pcAnywhere
Toolbox
TrayApp
UnloadSupport
ViewChoice
WebReg
Where in the World Is Carmen Sandiego? Treasures of Knowledge
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Leslie at 11:00:26 on 2012-03-30
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6CE5E210-CC52-41B7-AF91-12C5C703AB63} : DhcpNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: PCANotify - PCANotify.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\leslie\appdata\roaming\mozilla\firefox\profiles\bgknw8eh.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-03-30 14:39:03 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-03-30 05:47:40 -------- d-----w- c:\program files\Testing
2012-03-30 04:04:03 99328 ---ha-w- c:\programdata\o7t15sWM.exe_
2012-03-30 03:30:53 981504 ------w- c:\windows\system32\wininet.dll
2012-03-29 02:13:01 158720 ---ha-w- c:\programdata\microsoft\windows\drm\AFFE.tmp
.
==================== Find3M ====================
.
.
============= FINISH: 11:00:56.72 ===============

[Maniac]

Hello lnr123bsr! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Quote

I tried to reinstall MBAM but I'm getting Access Denied.

Why do you want to re-install Malwarebytes' Anti-Malware?

Please generate a new fresh DDS log files from Normal mode, not from Safe Mode.

[lnr123bsr]

When I'm not in safe mode, it looks like svchost.exe is using more and more memory. Here is Attach and DDS when not in safe mode. Thanks.

Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/16/2010 4:24:46 PM
System Uptime: 3/31/2012 12:42:24 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0CKCXH
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2928/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 386.121 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP141: 2/2/2012 5:09:57 PM - Scheduled Checkpoint
RP142: 2/10/2012 12:00:02 AM - Scheduled Checkpoint
RP143: 2/26/2012 12:28:25 PM - Scheduled Checkpoint
RP144: 3/5/2012 8:16:16 AM - Scheduled Checkpoint
RP145: 3/13/2012 8:43:01 AM - Scheduled Checkpoint
RP146: 3/21/2012 7:36:08 PM - Scheduled Checkpoint
RP147: 3/29/2012 2:24:18 PM - Scheduled Checkpoint
RP148: 3/29/2012 11:29:56 PM - Windows Update
RP150: 3/30/2012 10:20:46 AM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Acrobat 9 Standard - English, Français, Deutsch
Adobe Acrobat 9.1.2 - CPSID_49166
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1.2
AIO_Scan
Aleks 3.15
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BufferChm
C7200
C7200_Help
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PowerShot SX120 IS Camera User Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC 8
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Copy
Dell Backup and Recovery Manager
Dell Edoc Viewer
Destinations
DeviceDiscovery
DocProc
Dropbox
Fax
GPBaseService2
HP Imaging Device Functions 13.0
HP Photosmart All-In-One Driver Software 13.0 Rel. 2
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPProductAssistant
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Intel® Matrix Storage Manager
iTunes
Java™ 6 Update 17
Junk Mail filter update
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.60.1.1000
MFCLOC
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual Studio 2005 Tools for Office Runtime
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Network
OCR Software by I.R.I.S. 13.0
PowerDVD DX
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
QuickBooks
QuickBooks Pro 2010
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
SolutionCenter
Status
Symantec pcAnywhere
Toolbox
TrayApp
UnloadSupport
ViewChoice
WebReg
Where in the World Is Carmen Sandiego? Treasures of Knowledge
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
3/31/2012 12:41:13 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
3/31/2012 12:32:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/31/2012 11:45:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/30/2012 9:54:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
3/30/2012 9:54:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/30/2012 9:07:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/30/2012 12:30:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/30/2012 12:30:05 AM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The service has not been started.
3/30/2012 12:29:58 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x00000004, 0x00000002, 0x00000000, 0x831317ff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 033012-55848-01.
3/30/2012 12:29:57 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Plug and Play service to connect.
3/30/2012 12:29:57 AM, Error: Service Control Manager [7001] - The Windows Driver Foundation - User-mode Driver Framework service depends on the Plug and Play service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2012 12:29:57 AM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 12:29:57 AM, Error: Service Control Manager [7001] - The Windows Audio Endpoint Builder service depends on the Plug and Play service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2012 12:29:57 AM, Error: Service Control Manager [7000] - The Plug and Play service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2012 12:19:30 AM, Error: Service Control Manager [7000] - The 5762 service failed to start due to the following error: The system cannot find the file specified.
3/30/2012 12:18:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/30/2012 12:18:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
3/30/2012 12:00:17 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
3/30/2012 11:45:15 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 11:45:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/30/2012 11:45:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/30/2012 11:44:22 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: awlegacy ctxusbm discache spldr Wanarpv6
3/30/2012 11:40:38 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
3/30/2012 11:40:38 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2012 11:39:08 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: A thread could not be created for the service.
3/30/2012 11:36:11 AM, Error: Service Control Manager [7023] - The Multimedia Class Scheduler service terminated with the following error: Not enough storage is available to process this command.
3/30/2012 10:21:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004005: Realtek - Network - Realtek PCIe GBE Family Controller.
3/30/2012 10:21:05 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB2639308).
3/30/2012 10:21:05 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80004005: Intel Corporation - Display - Intel® G45/G43 Express Chipset.
3/30/2012 1:39:45 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TCP/IP NetBIOS Helper service to connect.
3/30/2012 1:39:45 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Network Store Interface Service service to connect.
3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Server service depends on the Security Accounts Manager service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Print Spooler service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Intel® Matrix Storage Event Monitor service depends on the Windows Management Instrumentation service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The HP CUE DeviceDiscovery Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Distributed Link Tracking Client service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Cryptographic Services service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:39:45 AM, Error: Service Control Manager [7001] - The Base Filtering Engine service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:39:45 AM, Error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2012 1:39:45 AM, Error: Service Control Manager [7000] - The Network Store Interface Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2012 1:39:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Event Log service to connect.
3/30/2012 1:39:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Driver Foundation - User-mode Driver Framework service to connect.
3/30/2012 1:39:44 AM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:39:44 AM, Error: Service Control Manager [7001] - The User Profile Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:39:44 AM, Error: Service Control Manager [7001] - The System Event Notification Service service depends on the COM+ Event System service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:39:44 AM, Error: Service Control Manager [7001] - The Security Accounts Manager service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:39:44 AM, Error: Service Control Manager [7001] - The Group Policy Client service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:39:44 AM, Error: Service Control Manager [7001] - The COM+ Event System service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:39:44 AM, Error: Service Control Manager [7000] - The Windows Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2012 1:39:44 AM, Error: Service Control Manager [7000] - The Windows Driver Foundation - User-mode Driver Framework service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/30/2012 1:39:43 AM, Error: Service Control Manager [7001] - The Remote Procedure Call (RPC) service depends on the DCOM Server Process Launcher service which failed to start because of the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/30/2012 1:39:42 AM, Error: Service Control Manager [7000] - The DCOM Server Process Launcher service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/30/2012 1:29:30 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/30/2012 1:27:30 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/30/2012 1:27:30 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/30/2012 1:19:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
3/29/2012 9:59:03 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR8.
3/29/2012 9:58:53 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR7.
3/29/2012 9:58:29 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR6.
3/29/2012 9:57:21 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR5.
3/29/2012 9:57:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
3/29/2012 9:54:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
3/29/2012 9:51:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
3/29/2012 9:05:45 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR4.
3/29/2012 8:33:30 PM, Error: AeLookupSvc [1] - The Application Experience Lookup service failed to initialize.
3/29/2012 8:33:01 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
3/29/2012 6:31:13 PM, Error: Service Control Manager [7023] - The Problem Reports and Solutions Control Panel Support service terminated with the following error: Not enough storage is available to process this command.
3/29/2012 5:47:16 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A thread could not be created for the service.
3/29/2012 5:25:24 PM, Error: Service Control Manager [7023] - The Application Experience service terminated with the following error: Not enough storage is available to process this command.
3/29/2012 4:47:35 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
3/29/2012 4:47:35 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
3/29/2012 11:52:46 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
3/29/2012 10:44:03 PM, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: The system cannot find the file specified.
3/29/2012 10:42:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr
3/29/2012 10:41:56 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
3/29/2012 10:41:56 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
3/29/2012 10:24:16 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/29/2012 10:23:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/29/2012 10:23:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/29/2012 10:23:44 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/29/2012 10:23:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD awlegacy ctxusbm DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The Intel® Matrix Storage Event Monitor service depends on the Windows Management Instrumentation service which failed to start because of the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/29/2012 10:23:44 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/29/2012 10:15:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Multimedia Class Scheduler service to connect.
3/29/2012 10:15:59 PM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Multimedia Class Scheduler service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
3/29/2012 10:15:59 PM, Error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/29/2012 10:15:59 PM, Error: Service Control Manager [7000] - The Desktop Window Manager Session Manager service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/29/2012 10:10:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gpsvc service.
3/29/2012 10:09:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
3/29/2012 1:17:28 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Leslie-PC\Leslie SID (S-1-5-21-4099890314-3804951730-309443565-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/28/2012 7:25:58 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
3/28/2012 10:42:46 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/27/2012 1:10:08 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
.
==== End Of File ===========================

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Leslie at 12:47:47 on 2012-03-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.1695 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6CE5E210-CC52-41B7-AF91-12C5C703AB63} : DhcpNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
Notify: PCANotify - PCANotify.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\leslie\appdata\roaming\mozilla\firefox\profiles\bgknw8eh.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-12-3 81920]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-3 167936]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-13 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-13 1343400]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [2010-10-4 486176]
.
=============== Created Last 30 ================
.
2012-03-30 17:24:43 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-03-30 05:47:40 -------- d-----w- c:\program files\Testing
2012-03-30 04:04:03 99328 ---ha-w- c:\programdata\o7t15sWM.exe_
2012-03-30 03:30:53 981504 ------w- c:\windows\system32\wininet.dll
2012-03-29 02:13:01 158720 ---ha-w- c:\programdata\microsoft\windows\drm\AFFE.tmp
.
==================== Find3M ====================
.
.
============= FINISH: 12:49:53.95 ===============

[lnr123bsr]

Now when I search in google using quotes I get a completely blank page.

[Maniac]

Please follow the instructions here to run Malwarebytes' Anti-Malware in Normal mode:
http://forums.malwar...ndpost&p=434002


In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• a new fresh DDS log file

[lnr123bsr]

I can't get into Normal mode any more. It says it can't load the desktop. Before I sent you the last DDS and Attach screens I was able to successfully run Malwarebytes and nothing was found.

[Maniac]

Quote

Before I sent you the last DDS and Attach screens I was able to successfully run Malwarebytes and nothing was found.

With the latest updates?

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

[lnr123bsr]

I have tried combofix twice. It crashed both times. One message I did get said that it was rootkit zero access.

[Maniac]

Thanks for your information!

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
  
  
• Click the Start Scan button.
  
  
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
  
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
  
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

[lnr123bsr]

I ran TDSSKiller in Safe Mode. When I ran it, some threats were marked as Cure and some as Skip. I did not change anything. Here are the results:

09:17:47.0319 1596 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
09:17:47.0684 1596 ============================================================
09:17:47.0684 1596 Current date / time: 2012/04/01 09:17:47.0684
09:17:47.0684 1596 SystemInfo:
09:17:47.0684 1596
09:17:47.0684 1596 OS Version: 6.1.7601 ServicePack: 1.0
09:17:47.0684 1596 Product type: Workstation
09:17:47.0684 1596 ComputerName: LESLIE-PC
09:17:47.0685 1596 UserName: Leslie
09:17:47.0685 1596 Windows directory: C:\Windows
09:17:47.0685 1596 System windows directory: C:\Windows
09:17:47.0685 1596 Processor architecture: Intel x86
09:17:47.0685 1596 Number of processors: 2
09:17:47.0685 1596 Page size: 0x1000
09:17:47.0685 1596 Boot type: Safe boot with network
09:17:47.0685 1596 ============================================================
09:17:47.0975 1596 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:17:47.0976 1596 \Device\Harddisk0\DR0:
09:17:47.0976 1596 MBR used
09:17:47.0976 1596 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
09:17:47.0976 1596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
09:17:48.0066 1596 Initialize success
09:17:48.0066 1596 ============================================================
09:18:04.0073 1868 ============================================================
09:18:04.0073 1868 Scan started
09:18:04.0073 1868 Mode: Manual; SigCheck; TDLFS;
09:18:04.0073 1868 ============================================================
09:18:05.0423 1868 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
09:18:05.0541 1868 1394ohci - ok
09:18:05.0590 1868 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
09:18:05.0601 1868 ACPI - ok
09:18:05.0754 1868 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
09:18:05.0815 1868 AcpiPmi - ok
09:18:05.0970 1868 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
09:18:05.0983 1868 adp94xx - ok
09:18:06.0076 1868 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
09:18:06.0086 1868 adpahci - ok
09:18:06.0105 1868 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
09:18:06.0114 1868 adpu320 - ok
09:18:06.0154 1868 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
09:18:06.0194 1868 AeLookupSvc - ok
09:18:06.0283 1868 AERTFilters (7a841462ad4749f8a07b27ae8e8947b8) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
09:18:06.0351 1868 AERTFilters - ok
09:18:06.0474 1868 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
09:18:06.0605 1868 AFD - ok
09:18:06.0642 1868 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
09:18:06.0649 1868 agp440 - ok
09:18:06.0718 1868 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
09:18:06.0726 1868 aic78xx - ok
09:18:06.0842 1868 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
09:18:06.0891 1868 ALG - ok
09:18:06.0970 1868 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
09:18:06.0976 1868 aliide - ok
09:18:07.0056 1868 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
09:18:07.0063 1868 amdagp - ok
09:18:07.0125 1868 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
09:18:07.0132 1868 amdide - ok
09:18:07.0188 1868 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
09:18:07.0227 1868 AmdK8 - ok
09:18:07.0302 1868 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:18:07.0326 1868 AmdPPM - ok
09:18:07.0386 1868 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
09:18:07.0394 1868 amdsata - ok
09:18:07.0477 1868 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
09:18:07.0486 1868 amdsbs - ok
09:18:07.0547 1868 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
09:18:07.0555 1868 amdxata - ok
09:18:07.0619 1868 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
09:18:07.0725 1868 AppID - ok
09:18:07.0872 1868 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
09:18:07.0910 1868 AppIDSvc - ok
09:18:07.0974 1868 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
09:18:08.0012 1868 Appinfo - ok
09:18:08.0179 1868 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:18:08.0187 1868 Apple Mobile Device - ok
09:18:08.0322 1868 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
09:18:08.0330 1868 arc - ok
09:18:08.0350 1868 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
09:18:08.0388 1868 arcsas - ok
09:18:08.0414 1868 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:18:08.0505 1868 AsyncMac - ok
09:18:08.0634 1868 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
09:18:08.0641 1868 atapi - ok
09:18:08.0708 1868 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
09:18:08.0732 1868 AudioEndpointBuilder - ok
09:18:08.0739 1868 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
09:18:08.0760 1868 Audiosrv - ok
09:18:08.0872 1868 awhost32 (958038b812e2b6ab998e115194b8d2b7) C:\Program Files\Symantec\pcAnywhere\awhost32.exe
09:18:08.0895 1868 awhost32 ( UnsignedFile.Multi.Generic ) - warning
09:18:08.0895 1868 awhost32 - detected UnsignedFile.Multi.Generic (1)
09:18:08.0973 1868 awlegacy (abfe3ab22767eeb5e7d91b1b3bb2901c) C:\Windows\System32\Drivers\awlegacy.sys
09:18:08.0991 1868 awlegacy ( UnsignedFile.Multi.Generic ) - warning
09:18:08.0991 1868 awlegacy - detected UnsignedFile.Multi.Generic (1)
09:18:09.0041 1868 AW_HOST (852d995a4b283c341a2baefaa8067671) C:\Windows\system32\drivers\aw_host5.sys
09:18:09.0054 1868 AW_HOST ( UnsignedFile.Multi.Generic ) - warning
09:18:09.0054 1868 AW_HOST - detected UnsignedFile.Multi.Generic (1)
09:18:09.0110 1868 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
09:18:09.0155 1868 AxInstSV - ok
09:18:09.0408 1868 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
09:18:09.0456 1868 b06bdrv - ok
09:18:09.0518 1868 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:18:09.0537 1868 b57nd60x - ok
09:18:09.0627 1868 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
09:18:09.0664 1868 BDESVC - ok
09:18:09.0774 1868 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:18:09.0812 1868 Beep - ok
09:18:09.0948 1868 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
09:18:09.0996 1868 BFE - ok
09:18:10.0051 1868 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
09:18:10.0111 1868 BITS - ok
09:18:10.0184 1868 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
09:18:10.0208 1868 blbdrive - ok
09:18:10.0309 1868 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
09:18:10.0319 1868 Bonjour Service - ok
09:18:10.0409 1868 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
09:18:10.0426 1868 bowser - ok
09:18:10.0450 1868 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:18:10.0488 1868 BrFiltLo - ok
09:18:10.0505 1868 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:18:10.0529 1868 BrFiltUp - ok
09:18:10.0679 1868 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
09:18:10.0717 1868 BridgeMP - ok
09:18:10.0785 1868 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
09:18:10.0819 1868 Browser - ok
09:18:10.0846 1868 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:18:10.0872 1868 Brserid - ok
09:18:10.0939 1868 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:18:10.0963 1868 BrSerWdm - ok
09:18:10.0969 1868 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:18:10.0997 1868 BrUsbMdm - ok
09:18:11.0017 1868 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:18:11.0058 1868 BrUsbSer - ok
09:18:11.0115 1868 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
09:18:11.0138 1868 BTHMODEM - ok
09:18:11.0192 1868 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
09:18:11.0221 1868 bthserv - ok
09:18:11.0265 1868 BVRPMPR5 (6598d078d5446197aed6b46c6a2a3431) C:\Windows\system32\drivers\BVRPMPR5.SYS
09:18:11.0284 1868 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
09:18:11.0284 1868 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
09:18:11.0436 1868 catchme - ok
09:18:11.0548 1868 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:18:11.0583 1868 cdfs - ok
09:18:11.0716 1868 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
09:18:11.0731 1868 cdrom - ok
09:18:11.0872 1868 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
09:18:11.0902 1868 CertPropSvc - ok
09:18:11.0967 1868 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
09:18:12.0012 1868 circlass - ok
09:18:12.0168 1868 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:18:12.0178 1868 CLFS - ok
09:18:12.0295 1868 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:18:12.0309 1868 clr_optimization_v2.0.50727_32 - ok
09:18:12.0372 1868 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:18:12.0395 1868 CmBatt - ok
09:18:12.0503 1868 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
09:18:12.0511 1868 cmdide - ok
09:18:12.0553 1868 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
09:18:12.0573 1868 CNG - ok
09:18:12.0625 1868 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:18:12.0632 1868 Compbatt - ok
09:18:12.0742 1868 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
09:18:12.0767 1868 CompositeBus - ok
09:18:12.0819 1868 COMSysApp - ok
09:18:12.0859 1868 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
09:18:12.0876 1868 crcdisk - ok
09:18:12.0966 1868 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
09:18:13.0002 1868 CryptSvc - ok
09:18:13.0096 1868 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
09:18:13.0109 1868 ctxusbm - ok
09:18:13.0212 1868 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
09:18:13.0249 1868 DcomLaunch - ok
09:18:13.0295 1868 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
09:18:13.0326 1868 defragsvc - ok
09:18:13.0442 1868 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
09:18:13.0490 1868 DfsC - ok
09:18:13.0578 1868 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
09:18:13.0624 1868 Dhcp - ok
09:18:13.0704 1868 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:18:13.0739 1868 discache - ok
09:18:13.0800 1868 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
09:18:13.0807 1868 Disk - ok
09:18:13.0852 1868 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
09:18:13.0890 1868 Dnscache - ok
09:18:13.0978 1868 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
09:18:14.0025 1868 dot3svc - ok
09:18:14.0114 1868 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
09:18:14.0183 1868 Dot4 - ok
09:18:14.0302 1868 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:18:14.0323 1868 Dot4Print - ok
09:18:14.0354 1868 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
09:18:14.0404 1868 dot4usb - ok
09:18:14.0434 1868 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
09:18:14.0464 1868 DPS - ok
09:18:14.0704 1868 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:18:14.0725 1868 drmkaud - ok
09:18:14.0755 1868 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
09:18:14.0773 1868 DXGKrnl - ok
09:18:14.0815 1868 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
09:18:14.0845 1868 EapHost - ok
09:18:15.0075 1868 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
09:18:15.0125 1868 ebdrv - ok
09:18:15.0176 1868 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
09:18:15.0210 1868 EFS - ok
09:18:15.0312 1868 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
09:18:15.0340 1868 ehRecvr - ok
09:18:15.0386 1868 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
09:18:15.0442 1868 ehSched - ok
09:18:15.0609 1868 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
09:18:15.0623 1868 elxstor - ok
09:18:15.0692 1868 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
09:18:15.0719 1868 ErrDev - ok
09:18:15.0818 1868 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
09:18:15.0865 1868 EventSystem - ok
09:18:15.0934 1868 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:18:15.0970 1868 exfat - ok
09:18:16.0109 1868 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:18:16.0147 1868 fastfat - ok
09:18:16.0228 1868 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
09:18:16.0276 1868 Fax - ok
09:18:16.0338 1868 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
09:18:16.0373 1868 fdc - ok
09:18:16.0434 1868 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
09:18:16.0471 1868 fdPHost - ok
09:18:16.0526 1868 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
09:18:16.0554 1868 FDResPub - ok
09:18:16.0606 1868 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:18:16.0627 1868 FileInfo - ok
09:18:16.0691 1868 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:18:16.0730 1868 Filetrace - ok
09:18:16.0953 1868 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:18:16.0984 1868 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
09:18:16.0985 1868 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
09:18:17.0072 1868 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
09:18:17.0103 1868 flpydisk - ok
09:18:17.0193 1868 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:18:17.0203 1868 FltMgr - ok
09:18:17.0264 1868 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
09:18:17.0310 1868 FontCache - ok
09:18:17.0609 1868 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:18:17.0616 1868 FontCache3.0.0.0 - ok
09:18:17.0686 1868 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:18:17.0694 1868 FsDepends - ok
09:18:17.0758 1868 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
09:18:17.0765 1868 Fs_Rec - ok
09:18:17.0880 1868 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
09:18:17.0906 1868 fvevol - ok
09:18:17.0994 1868 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:18:18.0001 1868 gagp30kx - ok
09:18:18.0075 1868 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:18:18.0091 1868 GEARAspiWDM - ok
09:18:18.0117 1868 Gernuwa (fd25177ced6751c14de170d8282ced90) C:\Windows\system32\drivers\Gernuwa.sys
09:18:18.0129 1868 Gernuwa ( UnsignedFile.Multi.Generic ) - warning
09:18:18.0129 1868 Gernuwa - detected UnsignedFile.Multi.Generic (1)
09:18:18.0179 1868 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
09:18:18.0223 1868 gpsvc - ok
09:18:18.0314 1868 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:18:18.0365 1868 hcw85cir - ok
09:18:18.0427 1868 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
09:18:18.0446 1868 HDAudBus - ok
09:18:18.0523 1868 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
09:18:18.0549 1868 HidBatt - ok
09:18:18.0568 1868 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
09:18:18.0591 1868 HidBth - ok
09:18:18.0729 1868 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
09:18:18.0780 1868 HidIr - ok
09:18:18.0826 1868 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
09:18:18.0873 1868 hidserv - ok
09:18:19.0076 1868 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
09:18:19.0107 1868 HidUsb - ok
09:18:19.0201 1868 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
09:18:19.0216 1868 hkmsvc - ok
09:18:19.0248 1868 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
09:18:19.0279 1868 HomeGroupListener - ok
09:18:19.0310 1868 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
09:18:19.0357 1868 HomeGroupProvider - ok
09:18:19.0497 1868 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
09:18:19.0528 1868 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
09:18:19.0528 1868 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
09:18:19.0528 1868 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
09:18:19.0544 1868 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
09:18:19.0544 1868 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
09:18:19.0684 1868 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
09:18:19.0700 1868 HpSAMD - ok
09:18:19.0918 1868 HPSLPSVC (79737e0f7d25de8405cb34d4c9882253) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
09:18:20.0043 1868 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
09:18:20.0043 1868 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
09:18:20.0184 1868 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
09:18:20.0199 1868 HTTP - ok
09:18:20.0246 1868 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
09:18:20.0262 1868 hwpolicy - ok
09:18:20.0371 1868 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
09:18:20.0386 1868 i8042prt - ok
09:18:20.0511 1868 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
09:18:20.0511 1868 IAANTMON - ok
09:18:20.0620 1868 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
09:18:20.0620 1868 iaStor - ok
09:18:20.0714 1868 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
09:18:20.0714 1868 iaStorV - ok
09:18:20.0792 1868 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:18:20.0823 1868 idsvc - ok
09:18:21.0166 1868 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:18:21.0432 1868 igfx - ok
09:18:21.0572 1868 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
09:18:21.0588 1868 iirsp - ok
09:18:21.0775 1868 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
09:18:21.0822 1868 IKEEXT - ok
09:18:21.0902 1868 IntcAzAudAddService (8b27c21412ae4404eb0acfe1d98579ec) C:\Windows\system32\drivers\RTKVHDA.sys
09:18:21.0953 1868 IntcAzAudAddService - ok
09:18:22.0056 1868 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
09:18:22.0063 1868 intelide - ok
09:18:22.0126 1868 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
09:18:22.0151 1868 intelppm - ok
09:18:22.0194 1868 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
09:18:22.0227 1868 IPBusEnum - ok
09:18:22.0303 1868 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:18:22.0347 1868 IpFilterDriver - ok
09:18:22.0400 1868 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
09:18:22.0437 1868 iphlpsvc - ok
09:18:22.0461 1868 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
09:18:22.0486 1868 IPMIDRV - ok
09:18:22.0646 1868 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:18:22.0677 1868 IPNAT - ok
09:18:22.0884 1868 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
09:18:22.0901 1868 iPod Service - ok
09:18:23.0003 1868 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:18:23.0027 1868 IRENUM - ok
09:18:23.0054 1868 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
09:18:23.0068 1868 isapnp - ok
09:18:23.0088 1868 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
09:18:23.0098 1868 iScsiPrt - ok
09:18:23.0127 1868 JRAID (d7b5b5c5130b775ec7e32edd780d737f) C:\Windows\system32\DRIVERS\jraid.sys
09:18:23.0164 1868 JRAID - ok
09:18:23.0280 1868 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
09:18:23.0287 1868 kbdclass - ok
09:18:23.0343 1868 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
09:18:23.0361 1868 kbdhid - ok
09:18:23.0391 1868 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:18:23.0400 1868 KeyIso - ok
09:18:23.0432 1868 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
09:18:23.0453 1868 KSecDD - ok
09:18:23.0524 1868 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
09:18:23.0533 1868 KSecPkg - ok
09:18:23.0560 1868 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
09:18:23.0598 1868 KtmRm - ok
09:18:23.0633 1868 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
09:18:23.0672 1868 LanmanServer - ok
09:18:23.0791 1868 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
09:18:23.0810 1868 LanmanWorkstation - ok
09:18:23.0956 1868 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:18:23.0984 1868 lltdio - ok
09:18:24.0011 1868 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
09:18:24.0043 1868 lltdsvc - ok
09:18:24.0102 1868 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
09:18:24.0121 1868 lmhosts - ok
09:18:24.0196 1868 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:18:24.0204 1868 LSI_FC - ok
09:18:24.0222 1868 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:18:24.0230 1868 LSI_SAS - ok
09:18:24.0239 1868 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:18:24.0255 1868 LSI_SAS2 - ok
09:18:24.0295 1868 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:18:24.0303 1868 LSI_SCSI - ok
09:18:24.0344 1868 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:18:24.0380 1868 luafv - ok
09:18:24.0406 1868 MaxBackServiceInt - ok
09:18:24.0483 1868 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
09:18:24.0493 1868 Mcx2Svc - ok
09:18:24.0532 1868 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
09:18:24.0539 1868 megasas - ok
09:18:24.0584 1868 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
09:18:24.0600 1868 MegaSR - ok
09:18:24.0625 1868 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:18:24.0669 1868 MMCSS - ok
09:18:24.0750 1868 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:18:24.0768 1868 Modem - ok
09:18:24.0807 1868 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:18:24.0826 1868 monitor - ok
09:18:24.0887 1868 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
09:18:24.0894 1868 mouclass - ok
09:18:25.0022 1868 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:18:25.0031 1868 mouhid - ok
09:18:25.0069 1868 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
09:18:25.0077 1868 mountmgr - ok
09:18:25.0124 1868 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
09:18:25.0133 1868 mpio - ok
09:18:25.0151 1868 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:18:25.0184 1868 mpsdrv - ok
09:18:25.0264 1868 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
09:18:25.0299 1868 MpsSvc - ok
09:18:25.0398 1868 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
09:18:25.0426 1868 MRxDAV - ok
09:18:25.0559 1868 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:18:25.0574 1868 mrxsmb - ok
09:18:25.0597 1868 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:18:25.0607 1868 mrxsmb10 - ok
09:18:25.0635 1868 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:18:25.0660 1868 mrxsmb20 - ok
09:18:25.0692 1868 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
09:18:25.0699 1868 msahci - ok
09:18:25.0773 1868 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
09:18:25.0781 1868 msdsm - ok
09:18:25.0815 1868 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
09:18:25.0835 1868 MSDTC - ok
09:18:25.0932 1868 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:18:25.0951 1868 Msfs - ok
09:18:26.0011 1868 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:18:26.0045 1868 mshidkmdf - ok
09:18:26.0076 1868 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
09:18:26.0083 1868 msisadrv - ok
09:18:26.0159 1868 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
09:18:26.0178 1868 MSiSCSI - ok
09:18:26.0184 1868 msiserver - ok
09:18:26.0290 1868 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:18:26.0325 1868 MSKSSRV - ok
09:18:26.0346 1868 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:18:26.0378 1868 MSPCLOCK - ok
09:18:26.0427 1868 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:18:26.0460 1868 MSPQM - ok
09:18:26.0541 1868 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:18:26.0550 1868 MsRPC - ok
09:18:26.0585 1868 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
09:18:26.0602 1868 mssmbios - ok
09:18:26.0645 1868 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:18:26.0664 1868 MSTEE - ok
09:18:26.0683 1868 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
09:18:26.0706 1868 MTConfig - ok
09:18:26.0778 1868 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:18:26.0785 1868 Mup - ok
09:18:26.0813 1868 MXOPSWD (c29f284ff7ab4ed38ce419a9424e52a2) C:\Windows\system32\DRIVERS\mxopswd.sys
09:18:26.0848 1868 MXOPSWD - ok
09:18:26.0885 1868 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
09:18:26.0922 1868 napagent - ok
09:18:27.0036 1868 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:18:27.0049 1868 NativeWifiP - ok
09:18:27.0085 1868 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
09:18:27.0104 1868 NDIS - ok
09:18:27.0139 1868 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:18:27.0159 1868 NdisCap - ok
09:18:27.0266 1868 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:18:27.0298 1868 NdisTapi - ok
09:18:27.0326 1868 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
09:18:27.0358 1868 Ndisuio - ok
09:18:27.0494 1868 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
09:18:27.0512 1868 NdisWan - ok
09:18:27.0571 1868 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
09:18:27.0603 1868 NDProxy - ok
09:18:27.0674 1868 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
09:18:27.0677 1868 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:18:27.0677 1868 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:18:27.0753 1868 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:18:27.0789 1868 NetBIOS - ok
09:18:27.0823 1868 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
09:18:27.0856 1868 NetBT - ok
09:18:27.0898 1868 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:18:27.0908 1868 Netlogon - ok
09:18:27.0984 1868 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
09:18:28.0032 1868 Netman - ok
09:18:28.0184 1868 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
09:18:28.0230 1868 netprofm - ok
09:18:28.0304 1868 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:18:28.0311 1868 NetTcpPortSharing - ok
09:18:28.0424 1868 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
09:18:28.0431 1868 nfrd960 - ok
09:18:28.0468 1868 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
09:18:28.0506 1868 NlaSvc - ok
09:18:28.0551 1868 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:18:28.0584 1868 Npfs - ok
09:18:28.0691 1868 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
09:18:28.0710 1868 nsi - ok
09:18:28.0767 1868 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:18:28.0798 1868 nsiproxy - ok
09:18:28.0898 1868 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
09:18:28.0923 1868 Ntfs - ok
09:18:29.0007 1868 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:18:29.0041 1868 Null - ok
09:18:29.0071 1868 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
09:18:29.0080 1868 nvraid - ok
09:18:29.0098 1868 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
09:18:29.0107 1868 nvstor - ok
09:18:29.0121 1868 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
09:18:29.0129 1868 nv_agp - ok
09:18:29.0260 1868 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:18:29.0271 1868 odserv - ok
09:18:29.0348 1868 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
09:18:29.0369 1868 ohci1394 - ok
09:18:29.0482 1868 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:18:29.0489 1868 ose - ok
09:18:29.0605 1868 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:18:29.0647 1868 p2pimsvc - ok
09:18:29.0704 1868 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
09:18:29.0733 1868 p2psvc - ok
09:18:29.0789 1868 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
09:18:29.0798 1868 Parport - ok
09:18:29.0853 1868 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
09:18:29.0861 1868 partmgr - ok
09:18:29.0878 1868 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
09:18:29.0904 1868 Parvdm - ok
09:18:29.0957 1868 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
09:18:29.0970 1868 PcaSvc - ok
09:18:30.0018 1868 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
09:18:30.0027 1868 pci - ok
09:18:30.0093 1868 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
09:18:30.0101 1868 pciide - ok
09:18:30.0129 1868 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
09:18:30.0138 1868 pcmcia - ok
09:18:30.0162 1868 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:18:30.0169 1868 pcw - ok
09:18:30.0238 1868 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:18:30.0283 1868 PEAUTH - ok
09:18:30.0469 1868 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix2\pev.3XE
09:18:30.0502 1868 PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning
09:18:30.0502 1868 PEVSystemStart - detected UnsignedFile.Multi.Generic (1)
09:18:30.0595 1868 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
09:18:30.0645 1868 pla - ok
09:18:30.0676 1868 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
09:18:30.0719 1868 PlugPlay - ok
09:18:30.0924 1868 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
09:18:30.0944 1868 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:18:30.0944 1868 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:18:30.0971 1868 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
09:18:30.0991 1868 PNRPAutoReg - ok
09:18:31.0013 1868 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:18:31.0025 1868 PNRPsvc - ok
09:18:31.0062 1868 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
09:18:31.0096 1868 PolicyAgent - ok
09:18:31.0159 1868 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
09:18:31.0194 1868 Power - ok
09:18:31.0259 1868 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:18:31.0288 1868 PptpMiniport - ok
09:18:31.0311 1868 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
09:18:31.0320 1868 Processor - ok
09:18:31.0428 1868 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
09:18:31.0448 1868 ProfSvc - ok
09:18:31.0481 1868 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:18:31.0490 1868 ProtectedStorage - ok
09:18:31.0561 1868 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:18:31.0592 1868 Psched - ok
09:18:31.0696 1868 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
09:18:31.0701 1868 PxHelp20 - ok
09:18:31.0797 1868 QBCFMonitorService (d2c73b0f27d0750887a3da3bd28f930c) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
09:18:31.0806 1868 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning
09:18:31.0806 1868 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)
09:18:31.0847 1868 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
09:18:31.0857 1868 QBFCService ( UnsignedFile.Multi.Generic ) - warning
09:18:31.0857 1868 QBFCService - detected UnsignedFile.Multi.Generic (1)
09:18:31.0963 1868 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
09:18:31.0991 1868 ql2300 - ok
09:18:32.0005 1868 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
09:18:32.0013 1868 ql40xx - ok
09:18:32.0046 1868 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
09:18:32.0073 1868 QWAVE - ok
09:18:32.0163 1868 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:18:32.0174 1868 QWAVEdrv - ok
09:18:32.0190 1868 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:18:32.0219 1868 RasAcd - ok
09:18:32.0278 1868 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:18:32.0308 1868 RasAgileVpn - ok
09:18:32.0380 1868 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
09:18:32.0413 1868 RasAuto - ok
09:18:32.0438 1868 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:18:32.0469 1868 Rasl2tp - ok
09:18:32.0531 1868 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
09:18:32.0565 1868 RasMan - ok
09:18:32.0673 1868 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:18:32.0693 1868 RasPppoe - ok
09:18:32.0709 1868 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:18:32.0743 1868 RasSstp - ok
09:18:32.0774 1868 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
09:18:32.0808 1868 rdbss - ok
09:18:32.0897 1868 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
09:18:32.0917 1868 rdpbus - ok
09:18:32.0950 1868 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:18:32.0978 1868 RDPCDD - ok
09:18:33.0022 1868 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:18:33.0039 1868 RDPENCDD - ok
09:18:33.0110 1868 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:18:33.0137 1868 RDPREFMP - ok
09:18:33.0178 1868 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
09:18:33.0213 1868 RDPWD - ok
09:18:33.0305 1868 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
09:18:33.0314 1868 rdyboost - ok
09:18:33.0385 1868 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
09:18:33.0431 1868 RemoteAccess - ok
09:18:33.0466 1868 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
09:18:33.0486 1868 RemoteRegistry - ok
09:18:33.0575 1868 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
09:18:33.0605 1868 RpcEptMapper - ok
09:18:33.0638 1868 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
09:18:33.0659 1868 RpcLocator - ok
09:18:33.0691 1868 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
09:18:33.0712 1868 RpcSs - ok
09:18:33.0784 1868 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:18:33.0820 1868 rspndr - ok
09:18:33.0921 1868 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys
09:18:33.0964 1868 RTL8167 - ok
09:18:34.0005 1868 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:18:34.0016 1868 SamSs - ok
09:18:34.0124 1868 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
09:18:34.0133 1868 sbp2port - ok
09:18:34.0212 1868 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
09:18:34.0232 1868 SCardSvr - ok
09:18:34.0271 1868 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
09:18:34.0308 1868 scfilter - ok
09:18:34.0350 1868 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
09:18:34.0394 1868 Schedule - ok
09:18:34.0577 1868 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
09:18:34.0594 1868 SCPolicySvc - ok
09:18:34.0620 1868 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
09:18:34.0660 1868 SDRSVC - ok
09:18:34.0764 1868 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
09:18:34.0774 1868 SeaPort - ok
09:18:34.0867 1868 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:18:34.0905 1868 secdrv - ok
09:18:34.0929 1868 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
09:18:34.0964 1868 seclogon - ok
09:18:35.0036 1868 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
09:18:35.0069 1868 SENS - ok
09:18:35.0112 1868 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
09:18:35.0153 1868 SensrSvc - ok
09:18:35.0188 1868 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
09:18:35.0205 1868 Serenum - ok
09:18:35.0354 1868 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
09:18:35.0363 1868 Serial - ok
09:18:35.0406 1868 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
09:18:35.0432 1868 sermouse - ok
09:18:35.0475 1868 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
09:18:35.0509 1868 SessionEnv - ok
09:18:35.0606 1868 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
09:18:35.0625 1868 sffdisk - ok
09:18:35.0653 1868 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
09:18:35.0663 1868 sffp_mmc - ok
09:18:35.0681 1868 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
09:18:35.0718 1868 sffp_sd - ok
09:18:35.0747 1868 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
09:18:35.0756 1868 sfloppy - ok
09:18:35.0853 1868 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
09:18:35.0896 1868 SharedAccess - ok
09:18:35.0933 1868 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
09:18:35.0964 1868 ShellHWDetection - ok
09:18:36.0027 1868 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
09:18:36.0042 1868 sisagp - ok
09:18:36.0144 1868 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:18:36.0152 1868 SiSRaid2 - ok
09:18:36.0196 1868 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
09:18:36.0204 1868 SiSRaid4 - ok
09:18:36.0248 1868 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:18:36.0276 1868 Smb - ok
09:18:36.0357 1868 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
09:18:36.0385 1868 SNMPTRAP - ok
09:18:36.0468 1868 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:18:36.0475 1868 spldr - ok
09:18:36.0590 1868 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
09:18:36.0674 1868 Spooler - ok
09:18:36.0798 1868 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
09:18:36.0899 1868 sppsvc - ok
09:18:36.0930 1868 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
09:18:36.0949 1868 sppuinotify - ok
09:18:37.0029 1868 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
09:18:37.0067 1868 srv - ok
09:18:37.0145 1868 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
09:18:37.0156 1868 srv2 - ok
09:18:37.0183 1868 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
09:18:37.0192 1868 srvnet - ok
09:18:37.0281 1868 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
09:18:37.0303 1868 SSDPSRV - ok
09:18:37.0336 1868 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
09:18:37.0373 1868 SstpSvc - ok
09:18:37.0553 1868 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
09:18:37.0560 1868 stexstor - ok
09:18:37.0641 1868 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
09:18:37.0676 1868 StiSvc - ok
09:18:37.0772 1868 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
09:18:37.0778 1868 stllssvr - ok
09:18:37.0841 1868 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
09:18:37.0848 1868 swenum - ok
09:18:37.0978 1868 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
09:18:38.0003 1868 swprv - ok
09:18:38.0121 1868 SymEvent (083fe6483dc16a02af2434d04b7d7aea) C:\Program Files\Symantec\SYMEVENT.SYS
09:18:38.0127 1868 SymEvent - ok
09:18:38.0223 1868 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
09:18:38.0249 1868 SysMain - ok
09:18:38.0282 1868 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
09:18:38.0321 1868 TabletInputService - ok
09:18:38.0382 1868 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
09:18:38.0427 1868 TapiSrv - ok
09:18:38.0503 1868 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
09:18:38.0523 1868 TBS - ok
09:18:38.0621 1868 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
09:18:38.0648 1868 Tcpip - ok
09:18:38.0736 1868 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
09:18:38.0760 1868 TCPIP6 - ok
09:18:38.0844 1868 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
09:18:38.0873 1868 tcpipreg - ok
09:18:38.0921 1868 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
09:18:38.0947 1868 TDPIPE - ok
09:18:38.0977 1868 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
09:18:39.0005 1868 TDTCP - ok
09:18:39.0094 1868 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
09:18:39.0122 1868 tdx - ok
09:18:39.0152 1868 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
09:18:39.0159 1868 TermDD - ok
09:18:39.0198 1868 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
09:18:39.0222 1868 TermService - ok
09:18:39.0295 1868 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
09:18:39.0321 1868 Themes - ok
09:18:39.0339 1868 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:18:39.0359 1868 THREADORDER - ok
09:18:39.0434 1868 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
09:18:39.0467 1868 TrkWks - ok
09:18:39.0603 1868 TrueSight (1512d11c1e1e37a4ae2e2b62794f0d2e) c:\windows\system32\drivers\TrueSight.sys
09:18:39.0606 1868 TrueSight ( UnsignedFile.Multi.Generic ) - warning
09:18:39.0606 1868 TrueSight - detected UnsignedFile.Multi.Generic (1)
09:18:39.0662 1868 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
09:18:39.0698 1868 TrustedInstaller - ok
09:18:39.0714 1868 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:18:39.0749 1868 tssecsrv - ok
09:18:39.0845 1868 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
09:18:39.0878 1868 TsUsbFlt - ok
09:18:39.0936 1868 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
09:18:39.0972 1868 tunnel - ok
09:18:40.0006 1868 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
09:18:40.0013 1868 uagp35 - ok
09:18:40.0088 1868 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
09:18:40.0117 1868 udfs - ok
09:18:40.0154 1868 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
09:18:40.0180 1868 UI0Detect - ok
09:18:40.0225 1868 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
09:18:40.0232 1868 uliagpkx - ok
09:18:40.0334 1868 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
09:18:40.0352 1868 umbus - ok
09:18:40.0380 1868 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
09:18:40.0388 1868 UmPass - ok
09:18:40.0430 1868 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
09:18:40.0464 1868 upnphost - ok
09:18:40.0556 1868 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
09:18:40.0572 1868 USBAAPL - ok
09:18:40.0600 1868 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
09:18:40.0622 1868 usbccgp - ok
09:18:40.0646 1868 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
09:18:40.0656 1868 usbcir - ok
09:18:40.0675 1868 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
09:18:40.0697 1868 usbehci - ok
09:18:40.0780 1868 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
09:18:40.0792 1868 usbhub - ok
09:18:40.0808 1868 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
09:18:40.0817 1868 usbohci - ok
09:18:40.0832 1868 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:18:40.0841 1868 usbprint - ok
09:18:40.0875 1868 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
09:18:40.0900 1868 usbscan - ok
09:18:40.0923 1868 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:18:40.0932 1868 USBSTOR - ok
09:18:41.0018 1868 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
09:18:41.0026 1868 usbuhci - ok
09:18:41.0098 1868 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
09:18:41.0137 1868 UxSms - ok
09:18:41.0163 1868 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
09:18:41.0172 1868 VaultSvc - ok
09:18:41.0278 1868 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
09:18:41.0285 1868 vdrvroot - ok
09:18:41.0322 1868 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
09:18:41.0346 1868 vds - ok
09:18:41.0380 1868 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:18:41.0406 1868 vga - ok
09:18:41.0477 1868 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:18:41.0496 1868 VgaSave - ok
09:18:41.0533 1868 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
09:18:41.0542 1868 vhdmp - ok
09:18:41.0596 1868 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
09:18:41.0603 1868 viaagp - ok
09:18:41.0639 1868 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
09:18:41.0664 1868 ViaC7 - ok
09:18:41.0735 1868 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
09:18:41.0741 1868 viaide - ok
09:18:41.0793 1868 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
09:18:41.0800 1868 volmgr - ok
09:18:41.0843 1868 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:18:41.0886 1868 volmgrx - ok
09:18:41.0967 1868 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
09:18:41.0977 1868 volsnap - ok
09:18:42.0041 1868 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
09:18:42.0050 1868 vsmraid - ok
09:18:42.0099 1868 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
09:18:42.0147 1868 VSS - ok
09:18:42.0232 1868 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
09:18:42.0251 1868 vwifibus - ok
09:18:42.0307 1868 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
09:18:42.0351 1868 W32Time - ok
09:18:42.0439 1868 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
09:18:42.0467 1868 WacomPen - ok
09:18:42.0572 1868 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:18:42.0606 1868 WANARP - ok
09:18:42.0609 1868 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
09:18:42.0629 1868 Wanarpv6 - ok
09:18:42.0737 1868 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
09:18:42.0765 1868 WatAdminSvc - ok
09:18:42.0812 1868 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
09:18:42.0840 1868 wbengine - ok
09:18:42.0880 1868 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
09:18:42.0893 1868 WbioSrvc - ok
09:18:43.0065 1868 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
09:18:43.0079 1868 wcncsvc - ok
09:18:43.0089 1868 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
09:18:43.0125 1868 WcsPlugInService - ok
09:18:43.0185 1868 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
09:18:43.0192 1868 Wd - ok
09:18:43.0227 1868 Wdf01000 (73c5809c82828e34232f9811cb51490e) C:\Windows\system32\drivers\Wdf01000.sys
09:18:43.0230 1868 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: 73c5809c82828e34232f9811cb51490e, Fake md5: 9950e3d0f08141c7e89e64456ae7dc73
09:18:43.0231 1868 Wdf01000 ( Virus.Win32.Rloader.a ) - infected
09:18:43.0231 1868 Wdf01000 - detected Virus.Win32.Rloader.a (0)
09:18:43.0261 1868 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:18:43.0286 1868 WdiServiceHost - ok
09:18:43.0290 1868 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:18:43.0301 1868 WdiSystemHost - ok
09:18:43.0354 1868 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
09:18:43.0384 1868 WebClient - ok
09:18:43.0424 1868 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
09:18:43.0446 1868 Wecsvc - ok
09:18:43.0486 1868 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
09:18:43.0505 1868 wercplsupport - ok
09:18:43.0577 1868 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
09:18:43.0628 1868 WerSvc - ok
09:18:43.0716 1868 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:18:43.0783 1868 WfpLwf - ok
09:18:43.0797 1868 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:18:43.0811 1868 WIMMount - ok
09:18:44.0003 1868 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
09:18:44.0038 1868 WinDefend - ok
09:18:44.0044 1868 WinHttpAutoProxySvc - ok
09:18:44.0148 1868 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
09:18:44.0168 1868 Winmgmt - ok
09:18:44.0218 1868 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
09:18:44.0255 1868 WinRM - ok
09:18:44.0376 1868 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
09:18:44.0398 1868 WinUsb - ok
09:18:44.0438 1868 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
09:18:44.0473 1868 Wlansvc - ok
09:18:44.0491 1868 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
09:18:44.0500 1868 WmiAcpi - ok
09:18:44.0637 1868 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
09:18:44.0647 1868 wmiApSrv - ok
09:18:44.0752 1868 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:18:44.0819 1868 WMPNetworkSvc - ok
09:18:44.0883 1868 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
09:18:44.0896 1868 WPCSvc - ok
09:18:44.0928 1868 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
09:18:44.0968 1868 WPDBusEnum - ok
09:18:45.0008 1868 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:18:45.0043 1868 ws2ifsl - ok
09:18:45.0210 1868 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
09:18:45.0222 1868 wscsvc - ok
09:18:45.0228 1868 WSearch - ok
09:18:45.0286 1868 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
09:18:45.0333 1868 wuauserv - ok
09:18:45.0381 1868 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
09:18:45.0412 1868 WudfPf - ok
09:18:45.0550 1868 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:18:45.0570 1868 WUDFRd - ok
09:18:45.0636 1868 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
09:18:45.0664 1868 wudfsvc - ok
09:18:45.0701 1868 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
09:18:45.0715 1868 WwanSvc - ok
09:18:45.0830 1868 XIRLINK (246095d4fbb90fdfac8e50e37f0bbd26) C:\Windows\system32\DRIVERS\C-itnt.sys
09:18:45.0855 1868 XIRLINK ( UnsignedFile.Multi.Generic ) - warning
09:18:45.0855 1868 XIRLINK - detected UnsignedFile.Multi.Generic (1)
09:18:45.0899 1868 MBR (0x1B8) (faf3db026c90f586e5993588661e2612) \Device\Harddisk0\DR0
09:18:45.0932 1868 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
09:18:45.0932 1868 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
09:18:45.0960 1868 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:18:45.0960 1868 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:18:45.0988 1868 Boot (0x1200) (9d19430d8b7aa3a7c4b810714bed685f) \Device\Harddisk0\DR0\Partition0
09:18:45.0989 1868 \Device\Harddisk0\DR0\Partition0 - ok
09:18:46.0005 1868 Boot (0x1200) (1bd29860322acba25c85b6fe4f0117d3) \Device\Harddisk0\DR0\Partition1
09:18:46.0006 1868 \Device\Harddisk0\DR0\Partition1 - ok
09:18:46.0007 1868 ============================================================
09:18:46.0007 1868 Scan finished
09:18:46.0007 1868 ============================================================
09:18:46.0014 2908 Detected object count: 19
09:18:46.0014 2908 Actual detected object count: 19
09:19:41.0042 2908 awhost32 ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:41.0042 2908 awhost32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:41.0042 2908 awlegacy ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:41.0042 2908 awlegacy ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:41.0043 2908 AW_HOST ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:41.0044 2908 AW_HOST ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:41.0045 2908 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:41.0045 2908 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:41.0046 2908 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:41.0046 2908 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:41.0047 2908 Gernuwa ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:41.0047 2908 Gernuwa ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:41.0049 2908 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:41.0049 2908 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:41.0050 2908 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:41.0050 2908 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:41.0052 2908 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:41.0052 2908 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:41.0053 2908 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:41.0053 2908 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:41.0054 2908 PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:41.0054 2908 PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:41.0058 2908 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:41.0058 2908 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:41.0058 2908 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:41.0058 2908 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:41.0060 2908 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:41.0060 2908 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:41.0062 2908 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:41.0062 2908 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:41.0162 2908 C:\Windows\system32\drivers\Wdf01000.sys - copied to quarantine
09:19:41.0200 2908 Backup copy found, using it..
09:19:41.0211 2908 C:\Windows\system32\drivers\Wdf01000.sys - will be cured on reboot
09:19:41.0211 2908 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure
09:19:41.0213 2908 XIRLINK ( UnsignedFile.Multi.Generic ) - skipped by user
09:19:41.0213 2908 XIRLINK ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:19:41.0333 2908 \Device\Harddisk0\DR0\# - copied to quarantine
09:19:41.0333 2908 \Device\Harddisk0\DR0 - copied to quarantine
09:19:41.0360 2908 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
09:19:41.0366 2908 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
09:19:41.0368 2908 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
09:19:41.0372 2908 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
09:19:41.0380 2908 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
09:19:41.0401 2908 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
09:19:41.0408 2908 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
09:19:41.0409 2908 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
09:19:41.0410 2908 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
09:19:41.0412 2908 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
09:19:41.0413 2908 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
09:19:41.0416 2908 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
09:19:41.0448 2908 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
09:19:41.0448 2908 \Device\Harddisk0\DR0 - ok
09:19:41.0450 2908 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
09:19:41.0450 2908 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:19:41.0450 2908 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:20:04.0224 1256 Deinitialize success

[Maniac]

Please use Normal mode, don't use Safe Mode without my instructions.

Please delete your ComboFix copy, download a new fresh one and try to run it again.

[lnr123bsr]

I can't uninstall Combofix. When it crashed the first time yesterday, I reinstalled it as ComboFix2 and ran that and it crashed too. Now I've tried
ComboFix /uninstall
and I get a message saying Windows cannot find 'ComboFix2.exe'
When I try
ComboFix2 /uninstall
I get 0 items in the search results.
Now when I try to download ComboFix a third time it asks me if I want to replace my existing copy or save it as a new name. What should I do? Thanks.

[Maniac]

Whatever is the name, CF should be in on your Desktop.

[lnr123bsr]

Okay, I just successfully ran ComboFix in normal mode. (Now I have 3 copies of ComboFix on my desktop.) Here is the log file:

ComboFix 12-03-31.03 - Leslie 04/01/2012 10:14:55.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.2464 [GMT -4:00]
Running from: c:\users\Leslie\Desktop\ComboFix3.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\o7t15sWM.exe_
c:\users\Leslie\AppData\Local\{FB03B9CF-CCCB-4896-AD87-37B25AFDD03C}
c:\users\Leslie\AppData\Local\{FB03B9CF-CCCB-4896-AD87-37B25AFDD03C}\chrome.manifest
c:\users\Leslie\AppData\Local\{FB03B9CF-CCCB-4896-AD87-37B25AFDD03C}\chrome\content\_cfg.js
c:\users\Leslie\AppData\Local\{FB03B9CF-CCCB-4896-AD87-37B25AFDD03C}\chrome\content\overlay.xul
c:\users\Leslie\AppData\Local\{FB03B9CF-CCCB-4896-AD87-37B25AFDD03C}\install.rdf
c:\users\Leslie\AppData\Roaming\Adobe\plugs
c:\windows\$NtUninstallKB42325$
c:\windows\system32\config\systemprofile\efc1f03e-5762.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 )))))))))))))))))))))))))))))))
.
.
2012-04-01 14:21 . 2012-04-01 14:22 -------- d-----w- c:\users\Leslie\AppData\Local\temp
2012-04-01 14:21 . 2012-04-01 14:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-01 13:19 . 2012-04-01 13:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-01 03:18 . 2012-04-01 05:02 -------- d-----w- C:\ComboFix
2012-04-01 03:11 . 2012-04-01 03:14 -------- d-----w- C:\Leslie
2012-03-30 17:24 . 2012-03-30 17:30 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-03-30 05:47 . 2012-03-30 05:47 -------- d-----w- c:\program files\Testing
2012-03-30 03:31 . 2012-03-30 03:31 -------- d-----w- c:\windows\Sun
2012-03-30 03:30 . 2011-12-16 07:54 981504 ------w- c:\windows\system32\wininet.dll
2012-03-29 02:13 . 2012-03-29 02:13 158720 ---ha-w- c:\programdata\Microsoft\Windows\DRM\AFFE.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 13:20 . 2009-07-13 23:11 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2011-11-21 04:04 . 2011-12-02 16:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-12-16 . BDB7450CC556F238FD973C9DA300FEB8 . 981504 . . [8.00.7600.16385] . . c:\windows\System32\wininet.dll
[7] 2011-11-05 . E49448ACD38A375E4FBCCB87056E1467 . 982016 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21085_none_1d030f43934664a3\wininet.dll
[7] 2011-11-05 . 7F5B51FACA193430346970283C50769F . 981504 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16912_none_1cc24ad279f27f22\wininet.dll
[7] 2011-11-05 . 19714FA7D7204D9BEE1EE12791DA9010 . 981504 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17720_none_1e9bd7587722d451\wininet.dll
[7] 2011-11-05 . 1903228FE0C7D402B26A217F8D7713FD . 982016 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21855_none_1f0a05d1905446a1\wininet.dll
[7] 2011-08-20 . 7570FA3FC82E08FB637E32D2D95DB41D . 981504 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21795_none_1edec43b9074b93e\wininet.dll
[7] 2011-08-20 . 1DBC7303366C0C9B80E51C4B4BECB7ED . 981504 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16869_none_1c933b567a14bf11\wininet.dll
[7] 2011-08-20 . 79FFA6C81F9F5B2244C5668D08387EA6 . 982016 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.21033_none_1d371e4b931fa640\wininet.dll
[7] 2011-08-20 . DBF24E87CB605A4F6E7424DD86F7A62C . 981504 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17671_none_1e66c620774a7c36\wininet.dll
[7] 2010-12-18 . F019FCA21F609E34B79AE130681D08F7 . 981504 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16722_none_1cb7771a79faa0c5\wininet.dll
[7] 2010-12-18 . 025031C16D3A486F6AFE1C9B2FB1ADE0 . 981504 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20861_none_1d14d3eb933996fc\wininet.dll
[7] 2010-11-20 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
[7] 2009-07-14 . 0D874F3BC751CC2198AF2E6783FB8B35 . 977920 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16385_none_1c7990d87a289fd4\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\users\Leslie\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2003-05-29 16:00 8704 ----a-w- c:\windows\System32\PCANotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2009-02-27 18:14 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-02-27 22:54 38768 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 23:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2010-10-12 21:24 304568 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-08-25 23:45 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 22:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-05 01:03 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-08-25 23:45 136216 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2011-02-22 07:28 1497352 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 05:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-01-13 18:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-01-13 18:53 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-06-25 02:19 140520 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-08-25 23:45 170520 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-05-23 08:22 7514656 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-13 1343400]
R3 XIRLINK;IBM PC Camera;c:\windows\system32\DRIVERS\C-itnt.sys [2000-09-26 486176]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 65584]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2009-03-31 81920]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\bgknw8eh.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-42492281.sys
MSConfigStartUp-MaxtorOneTouch - c:\program files\Maxtor\OneTouch\utils\OneTouch.exe
MSConfigStartUp-mxomssmenu - c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-01 10:24:06
ComboFix-quarantined-files.txt 2012-04-01 14:24
.
Pre-Run: 414,448,537,600 bytes free
Post-Run: 414,391,406,592 bytes free
.
- - End Of File - - 11EA22BF5B5B008D935E12264E4FAE68

[Maniac]

Please visit www.virustotal.com and upload this file:
c:\windows\System32\wininet.dll

Wait until scan finished and then copy/paste the link here.

[lnr123bsr]

<h3>
<strong><span style="font-size: 12px">Here are the results.  Did I do it right?</span></strong></h3>
<p>File already analysed</p>
<div class="modal-body">
<p>This file was already analysed by VirusTotal on <strong><span id="last-analysis-date">2012-02-19 00:04:33</span></strong>.</p>
<p>Detection ratio: <strong><span id="detection-ratio">0/41</span></strong></p>
<p>You can take a look at the last analysis or analyse it again now.</p>
</div>
<div class="modal-footer"> </div>

[Maniac]

It is enough.

Open Start and type:

ComboFix /uninstall

This should uninstall it and about the other copies, just manually delete them.

[lnr123bsr]

When I type
ComboFix /uninstall
I get a message saying Windows cannot find 'ComboFix3.exe'
ComboFix3 is what I named my third copy of ComboFix.

If I try
ComboFix3 /uninstall
I get 0 items in the search results.

[Maniac]

Type this one:

"%userprofile%\desktop\Combofix.exe" /uninstall

[lnr123bsr]

^{I think that worked. My first copy is gone. Now should I just delete the desktop icons for the other two copies?}