Welcome to NGINX...

Had some great help a couple of weeks ago removing some malware that infected my computer, went on vacation and had some family over so I didn't use the computer much, the other day I went online and instead of showing me the pages I'd selected I would get a website with an error 500 that read "Welcome to NGINX" - this occurred a couple of times throughout the day. I searched online and found it could be malware, so I suspect something slipped through previous removal attempts.

I booted the computer into safe mode and ran avg/malwarebytes/adaware - all came up with nothing.

Any help would be greatly appreciated!

Regards,

Tyler

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

• Please download DeFogger to your desktop.
  
  Double click DeFogger to run the tool.
  
• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.


Security Check

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Download DDS:

• Please download DDS by sUBs from one of the links below and save it to your desktop:
  
  
  Download DDS and save it to your desktop
  
  Link1
  Link2
  Link3
  
  Please disable any anti-malware program that will block scripts from running before running DDS.
  
  
  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    
  • DDS.txt
  • Attach.txt
• A window will open instructing you save & post the logs
• Save the logs to a convenient place such as your desktop
• Copy the contents of both logs & post in your next reply

information and logs:

• In your next post I need the following
  
  
• .logs from DDS
• let me know of any problems you may have had

Gringo

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.

Thank you boopme!!!

Thanks for moving the topic and for the quick reply.

Had no problems running anything, everything asked should be here.


Checkup

Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Anti-Virus Free
Lavasoft Ad-Aware
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
SpywareBlaster 4.6
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
JavaFX 2.1.0
Java™ 7 Update 4
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0)
Mozilla Thunderbird (12.0.1)
Google Chrome 13.0.782.215
Google Chrome 13.0.782.220
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes Anti-Malware mbamservice.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgemc.exe
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 39% Defragment your hard drive soon!
````````````````````End of Log``````````````````````


DDS
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by Tyler at 15:06:25 on 2012-06-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.757 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lxedcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Lexmark S600 Series\lxedmon.exe
c:\program files\lenovo\system update\suservice.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\acquia-drupal\xmail\XMail.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/welcome/thinkpad
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
uRun: [GBMLite8AgentLaCie] c:\program files\genie-soft\gbalite8lacie\GBMAgent.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_2_202_235_Plugin.exe -update plugin
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [PDService.exe] "c:\program files\lenovo\safeguard privatedisk\pdservice.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [GBMLite8AgentLaCie] c:\program files\genie-soft\gbalite8lacie\GBMAgent.exe
mRun: [lxedmon.exe] "c:\program files\lexmark s600 series\lxedmon.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
dRunOnce: [KeyScrambler] c:\program files\keyscrambler\getting_started.html
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {DA320635-F48C-4613-8325-D75A933C549E} - c:\program files\lenovo\system update\sulauncher.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C1534563-F3E1-488A-9909-2E7DFF95756A} : DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: psfus - psqlpwd.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tyler\application data\mozilla\firefox\profiles\868np364.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en&tab=ww
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\tyler\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\tyler\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\tyler\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPInfotl.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-20 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-20 27784]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2012-6-4 21240]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-6-4 335224]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2012-6-4 217976]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-5-3 1226096]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-20 297752]
R2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe -service --> c:\windows\system32\lxedcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-2 654408]
R2 OS Selector;Acronis OS Selector activator;c:\program files\acronis\diskdirector\oss\reinstall_svc.exe [2010-5-25 2139400]
R2 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-13 58368]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-6-4 77816]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
R2 smihlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2006-4-25 3456]
R2 XMail;XMail Server;c:\program files\acquia-drupal\xmail\XMail.exe [2012-1-22 397824]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-7-24 115312]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-2 22344]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-6-4 94584]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate1c9e89826ac7d22;Google Update Service (gupdate1c9e89826ac7d22);c:\program files\google\update\GoogleUpdate.exe [2009-6-8 133104]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-1-8 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-1-8 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-8 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 129976]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-6-4 94584]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-6-4 93816]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
.
=============== File Associations ===============
.
txtfile=c:\windows\notepad.exe %1
.
=============== Created Last 30 ================
.
2012-06-05 02:19:24 -------- d-----w- c:\documents and settings\tyler\local settings\application data\adaware
2012-06-05 02:19:23 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2012-06-05 02:19:15 77816 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2012-06-05 02:19:15 21240 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2012-06-05 02:19:14 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-06-05 02:19:14 217976 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-06-05 01:58:52 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-06-05 01:58:51 335224 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-06-05 01:58:47 -------- d-----w- c:\windows\system32\drivers\VDD
2012-06-05 01:58:44 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-06-05 00:19:16 -------- d-----w- c:\documents and settings\tyler\application data\Ad-Aware Antivirus
2012-06-04 21:03:37 264 ---ha-w- C:\aaw7boot.cmd
2012-05-19 21:31:13 -------- d-----w- c:\program files\uTorrent
2012-05-16 15:15:24 -------- d-----w- c:\documents and settings\tyler\local settings\application data\Sun
2012-05-16 14:16:03 -------- d-----w- c:\documents and settings\tyler\application data\ElevatedDiagnostics
2012-05-16 13:12:08 -------- d-sh--w- c:\documents and settings\tyler\PrivacIE
2012-05-15 18:47:52 388096 ----a-r- c:\documents and settings\tyler\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-05-15 18:12:06 -------- d-----w- c:\program files\CCleaner
2012-05-15 16:57:40 -------- d-----w- c:\program files\Oracle
2012-05-15 16:57:24 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-15 16:57:24 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-15 15:29:53 -------- d-----w- c:\program files\VS Revo Group
2012-05-14 18:15:06 -------- d-sh--w- c:\documents and settings\tyler\IETldCache
2012-05-14 13:05:31 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2012-05-14 13:03:23 -------- d-----w- c:\windows\ie8updates
2012-05-14 13:00:13 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-05-14 13:00:04 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-05-14 13:00:04 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-05-14 12:59:59 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-05-14 12:59:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-05-14 12:59:46 11082752 ------w- c:\windows\system32\dllcache\ieframe.dll
2012-05-14 12:59:45 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-05-14 12:56:05 -------- dc-h--w- c:\windows\ie8
2012-05-14 00:32:21 -------- d-----w- c:\documents and settings\tyler\local settings\application data\PCHealth
.
==================== Find3M ====================
.
2012-10-10 18:25:56 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-08 02:21:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 02:21:57 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 13:14:41 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ------w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 22:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 15:07:44.25 ===============

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

Hello again,

Didn't have any problems. Things seem to be running without a problem, though the issue is sporadic so it's hard to say.

Combofix log:

ComboFix 12-06-12.03 - Tyler 12/06/2012 23:02:04.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1224 [GMT -4:00]
Running from: c:\documents and settings\Tyler\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-10 23:22 . 2012-06-10 23:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-06-10 23:21 . 2012-06-10 23:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-06-10 23:20 . 2012-06-10 23:20 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-06-05 11:58 . 2012-06-05 11:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus
2012-06-05 02:19 . 2012-06-05 02:19 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\adaware
2012-06-05 02:19 . 2012-06-05 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-06-05 02:19 . 2011-11-29 10:59 77816 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2012-06-05 02:19 . 2011-11-29 10:59 21240 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2012-06-05 02:19 . 2011-12-19 16:44 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-06-05 02:19 . 2011-12-19 16:44 217976 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-06-05 01:58 . 2011-09-29 16:16 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-06-05 01:58 . 2011-12-19 16:44 335224 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-06-05 01:58 . 2012-06-05 01:58 -------- d-----w- c:\windows\system32\drivers\VDD
2012-06-05 01:58 . 2012-06-05 12:00 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-06-05 00:19 . 2012-06-05 00:19 -------- d-----w- c:\documents and settings\Tyler\Application Data\Ad-Aware Antivirus
2012-06-04 21:03 . 2012-06-04 21:03 264 ---ha-w- C:\aaw7boot.cmd
2012-05-19 21:31 . 2012-05-19 21:31 -------- d-----w- c:\program files\uTorrent
2012-05-16 18:25 . 2012-05-16 18:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun
2012-05-16 15:15 . 2012-05-16 15:15 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Sun
2012-05-16 14:16 . 2012-05-16 14:16 -------- d-----w- c:\documents and settings\Tyler\Application Data\ElevatedDiagnostics
2012-05-16 13:12 . 2012-05-16 13:12 -------- d-sh--w- c:\documents and settings\Tyler\PrivacIE
2012-05-15 18:47 . 2012-05-15 18:47 388096 ----a-r- c:\documents and settings\Tyler\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-15 18:12 . 2012-05-15 18:12 -------- d-----w- c:\program files\CCleaner
2012-05-15 16:57 . 2012-05-15 16:57 -------- d-----w- c:\program files\Oracle
2012-05-15 16:57 . 2012-05-15 16:57 -------- d-----w- c:\documents and settings\Tyler\Application Data\Oracle
2012-05-15 16:57 . 2012-04-04 22:47 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-15 16:57 . 2012-04-04 22:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-15 15:29 . 2012-05-15 15:29 -------- d-----w- c:\program files\VS Revo Group
2012-05-14 18:16 . 2012-05-14 18:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-05-14 18:15 . 2012-05-14 18:15 -------- d-sh--w- c:\documents and settings\Tyler\IETldCache
2012-05-14 13:05 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2012-05-14 13:00 . 2012-03-01 11:01 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-05-14 13:00 . 2012-03-01 11:01 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-05-14 12:59 . 2012-03-01 11:01 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-05-14 12:59 . 2012-03-01 11:01 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-05-14 12:59 . 2012-03-02 10:01 11082752 ------w- c:\windows\system32\dllcache\ieframe.dll
2012-05-14 12:59 . 2012-03-01 11:01 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-05-14 12:56 . 2012-05-14 12:59 -------- dc-h--w- c:\windows\ie8
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 18:25 . 2008-04-29 17:36 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2012-05-31 13:22 . 2006-04-30 06:55 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-08 02:21 . 2012-04-30 22:06 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-08 02:21 . 2011-11-23 19:50 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2006-04-30 06:55 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2006-04-30 06:55 1862272 ------w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 22:47 . 2010-07-24 01:25 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2010-07-02 17:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-05-03 20:02 . 2011-05-09 11:58 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"TpShocks"="TpShocks.exe" [2006-03-16 106496]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-17 2042208]
"GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056]
"lxedmon.exe"="c:\program files\Lexmark S600 Series\lxedmon.exe" [2011-01-23 770728]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KeyScrambler"="c:\program files\KeyScrambler\getting_started.html" [X]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-5-31 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-29 24576]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-10-24 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 19:17 11952 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 02:20 40448 ------w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ------w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ------w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-04-29 17:15 189952 -c----w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2006-03-15 23:07 421888 -c----w- c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\POWERPNT.EXE"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Documents and Settings\\Tyler\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/01/2009 3:03 PM 335240]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [04/06/2012 10:19 PM 21240]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [04/06/2012 9:58 PM 335224]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [26/10/2011 2:23 PM 101112]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [04/06/2012 10:19 PM 217976]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [03/05/2012 6:37 PM 1226096]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/01/2009 3:02 PM 297752]
R2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe -service --> c:\windows\system32\lxedcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [02/07/2010 1:24 PM 654408]
R2 OS Selector;Acronis OS Selector activator;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [25/05/2010 7:53 PM 2139400]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [13/03/2006 7:05 PM 58368]
R2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [19/12/2011 1:20 PM 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [04/06/2012 10:19 PM 77816]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [14/07/2006 6:55 PM 3968]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [25/04/2006 10:00 PM 3456]
R2 XMail;XMail Server;c:\program files\acquia-drupal\xmail\XMail.exe [22/01/2012 11:44 PM 397824]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [24/07/2010 4:10 PM 115312]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 8:11 AM 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 8:11 AM 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 8:11 AM 12928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [02/07/2010 1:24 PM 22344]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [04/06/2012 9:58 PM 94584]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]
S2 gupdate1c9e89826ac7d22;Google Update Service (gupdate1c9e89826ac7d22);c:\program files\Google\Update\GoogleUpdate.exe [08/06/2009 8:20 PM 133104]
S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [30/04/2006 2:56 AM 14336]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [08/01/2011 10:50 PM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [08/01/2011 10:50 PM 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [08/06/2009 8:20 PM 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [03/05/2012 4:02 PM 129976]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [04/06/2012 9:58 PM 94584]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [04/06/2012 10:19 PM 93816]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [30/04/2006 2:56 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPHLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-05 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-05-03 22:37]
.
2012-06-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-09 00:20]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-09 00:20]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-946952493-1249314289-2389365056-1005Core.job
- c:\documents and settings\Tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-19 21:03]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-946952493-1249314289-2389365056-1005UA.job
- c:\documents and settings\Tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-19 21:03]
.
2012-06-13 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-04-29 16:13]
.
2008-07-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2008-04-29 00:32]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/welcome/thinkpad
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 64.71.255.198
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\868np364.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en&tab=ww
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-12 23:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\windows\system32\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
c:\windows\system32\PROCHLP.DLL
.
- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
.
- - - - - - - > 'explorer.exe'(9252)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll
c:\windows\system32\PROCHLP.DLL
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\LEXBCES.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\lxedcoms.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
c:\progra~1\AD-AWA~1\AdAware.exe
c:\program files\Lenovo\Client Security Solution\tvtpwm_tray.exe
.
**************************************************************************
.
Completion time: 2012-06-12 23:25:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-13 03:25
.
Pre-Run: 4,310,683,648 bytes free
Post-Run: 4,322,975,744 bytes free
.
- - End Of File - - 369168F178488FAB458660DE62F92B04

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
• it will ask to download extra definitions - ALLOW IT
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Hello,

I had no problem with TDSS, but I think that aswMBR was hanging on a particular file. It would allow me to exit and save the log, but it stayed on that file for more than half an hour, so unless it just stops scanning at the last file and doesn't notify you that it's completed, I don't think it ran the full scan.

Here are the logs:

TDSS:

21:14:56.0593 3988 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:14:57.0000 3988 ============================================================
21:14:57.0000 3988 Current date / time: 2012/06/13 21:14:57.0000
21:14:57.0000 3988 SystemInfo:
21:14:57.0000 3988
21:14:57.0000 3988 OS Version: 5.1.2600 ServicePack: 3.0
21:14:57.0000 3988 Product type: Workstation
21:14:57.0000 3988 ComputerName: LENOVO-64B6E920
21:14:57.0000 3988 UserName: Tyler
21:14:57.0000 3988 Windows directory: C:\WINDOWS
21:14:57.0000 3988 System windows directory: C:\WINDOWS
21:14:57.0000 3988 Processor architecture: Intel x86
21:14:57.0000 3988 Number of processors: 2
21:14:57.0000 3988 Page size: 0x1000
21:14:57.0000 3988 Boot type: Normal boot
21:14:57.0000 3988 ============================================================
21:14:59.0265 3988 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
21:14:59.0281 3988 Drive \Device\Harddisk1\DR11 - Size: 0xEEE00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:14:59.0281 3988 ============================================================
21:14:59.0281 3988 \Device\Harddisk0\DR0:
21:14:59.0281 3988 MBR partitions:
21:14:59.0281 3988 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAA106E1
21:14:59.0281 3988 \Device\Harddisk1\DR11:
21:14:59.0281 3988 MBR partitions:
21:14:59.0281 3988 \Device\Harddisk1\DR11\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x775080
21:14:59.0281 3988 ============================================================
21:14:59.0296 3988 C: <-> \Device\Harddisk0\DR0\Partition0
21:14:59.0296 3988 ============================================================
21:14:59.0296 3988 Initialize success
21:14:59.0296 3988 ============================================================
21:15:22.0671 4016 ============================================================
21:15:22.0671 4016 Scan started
21:15:22.0671 4016 Mode: Manual;
21:15:22.0671 4016 ============================================================
21:15:23.0015 4016 Abiosdsk - ok
21:15:23.0015 4016 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:15:23.0015 4016 abp480n5 - ok
21:15:23.0046 4016 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
21:15:23.0046 4016 ac97intc - ok
21:15:23.0093 4016 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:15:23.0109 4016 ACPI - ok
21:15:23.0109 4016 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:15:23.0109 4016 ACPIEC - ok
21:15:23.0218 4016 AcPrfMgrSvc (f8c80392fe8e82a6f18a4d9af8e57f88) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
21:15:23.0218 4016 AcPrfMgrSvc - ok
21:15:23.0250 4016 AcSvc (0a5201cb7e5e65a340ee1348532aa454) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
21:15:23.0250 4016 AcSvc - ok
21:15:23.0390 4016 Ad-Aware Service (09e61047b0cef21559cfcedf4f14d216) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
21:15:23.0406 4016 Ad-Aware Service - ok
21:15:23.0546 4016 ADIHdAudAddService (66614b9fdc7e74ab736a84d89f7b06b6) C:\WINDOWS\system32\drivers\ADIHdAud.sys
21:15:23.0562 4016 ADIHdAudAddService - ok
21:15:23.0625 4016 Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
21:15:23.0625 4016 Adobe LM Service - ok
21:15:23.0656 4016 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:15:23.0656 4016 adpu160m - ok
21:15:23.0687 4016 AEAudioService (03be587e90c8b37c7ff1fe2e9c1d1c90) C:\WINDOWS\system32\drivers\AEAudio.sys
21:15:23.0687 4016 AEAudioService - ok
21:15:23.0734 4016 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:15:23.0734 4016 aec - ok
21:15:23.0781 4016 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:15:23.0781 4016 AegisP - ok
21:15:23.0828 4016 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:15:23.0843 4016 AFD - ok
21:15:23.0843 4016 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:15:23.0859 4016 agp440 - ok
21:15:23.0859 4016 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:15:23.0859 4016 agpCPQ - ok
21:15:23.0890 4016 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:15:23.0890 4016 Aha154x - ok
21:15:23.0906 4016 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:15:23.0906 4016 aic78u2 - ok
21:15:23.0937 4016 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:15:23.0937 4016 aic78xx - ok
21:15:23.0953 4016 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:15:23.0953 4016 Alerter - ok
21:15:23.0984 4016 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:15:23.0984 4016 ALG - ok
21:15:23.0984 4016 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:15:24.0000 4016 AliIde - ok
21:15:24.0015 4016 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:15:24.0015 4016 alim1541 - ok
21:15:24.0031 4016 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:15:24.0031 4016 amdagp - ok
21:15:24.0046 4016 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:15:24.0046 4016 amsint - ok
21:15:24.0078 4016 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
21:15:24.0078 4016 ANC - ok
21:15:24.0140 4016 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:15:24.0140 4016 Apple Mobile Device - ok
21:15:24.0171 4016 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:15:24.0171 4016 AppMgmt - ok
21:15:24.0187 4016 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:15:24.0187 4016 asc - ok
21:15:24.0203 4016 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:15:24.0203 4016 asc3350p - ok
21:15:24.0234 4016 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:15:24.0234 4016 asc3550 - ok
21:15:24.0359 4016 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:15:24.0359 4016 aspnet_state - ok
21:15:24.0390 4016 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:15:24.0390 4016 AsyncMac - ok
21:15:24.0437 4016 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:15:24.0437 4016 atapi - ok
21:15:24.0453 4016 Atdisk - ok
21:15:24.0515 4016 Ati HotKey Poller (eedac720ac52a12edbe1d1f9933b59e7) C:\WINDOWS\system32\Ati2evxx.exe
21:15:24.0515 4016 Ati HotKey Poller - ok
21:15:24.0671 4016 ati2mtag (e150424208c8a91deed8c45019a6cdd2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:15:24.0687 4016 ati2mtag - ok
21:15:24.0859 4016 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:15:24.0859 4016 Atmarpc - ok
21:15:24.0890 4016 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
21:15:24.0890 4016 atmeltpm - ok
21:15:24.0937 4016 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:15:24.0937 4016 AudioSrv - ok
21:15:24.0953 4016 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:15:24.0953 4016 audstub - ok
21:15:25.0046 4016 avg8wd (db338a6bd3976904eb0f8343f51e64eb) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
21:15:25.0046 4016 avg8wd - ok
21:15:25.0109 4016 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
21:15:25.0109 4016 AvgLdx86 - ok
21:15:25.0125 4016 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
21:15:25.0125 4016 AvgMfx86 - ok
21:15:25.0156 4016 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:15:25.0156 4016 Beep - ok
21:15:25.0234 4016 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:15:25.0234 4016 BITS - ok
21:15:25.0328 4016 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:15:25.0328 4016 Bonjour Service - ok
21:15:25.0375 4016 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
21:15:25.0375 4016 BridgeMP - ok
21:15:25.0421 4016 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:15:25.0421 4016 Browser - ok
21:15:25.0531 4016 BTKRNL (dbd408226b00c20158864f30a5a84451) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
21:15:25.0531 4016 BTKRNL - ok
21:15:25.0640 4016 btwdins (cb2a3bae9aad6b42f7b6473363bbc168) C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
21:15:25.0640 4016 btwdins - ok
21:15:25.0671 4016 BTWUSB (7cd8e4303fda5b11da325340778d99d9) C:\WINDOWS\system32\Drivers\btwusb.sys
21:15:25.0671 4016 BTWUSB - ok
21:15:25.0734 4016 catchme - ok
21:15:25.0765 4016 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:15:25.0765 4016 cbidf - ok
21:15:25.0781 4016 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:15:25.0781 4016 cbidf2k - ok
21:15:25.0828 4016 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:15:25.0828 4016 CCDECODE - ok
21:15:25.0843 4016 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:15:25.0843 4016 cd20xrnt - ok
21:15:25.0859 4016 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:15:25.0859 4016 Cdaudio - ok
21:15:25.0890 4016 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:15:25.0890 4016 Cdfs - ok
21:15:25.0921 4016 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:15:25.0921 4016 Cdrom - ok
21:15:25.0937 4016 Changer - ok
21:15:25.0968 4016 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:15:25.0968 4016 CiSvc - ok
21:15:25.0984 4016 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:15:26.0000 4016 ClipSrv - ok
21:15:26.0093 4016 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:15:26.0093 4016 clr_optimization_v2.0.50727_32 - ok
21:15:26.0109 4016 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:15:26.0109 4016 CmBatt - ok
21:15:26.0140 4016 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:15:26.0140 4016 CmdIde - ok
21:15:26.0156 4016 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:15:26.0156 4016 Compbatt - ok
21:15:26.0156 4016 COMSysApp - ok
21:15:26.0187 4016 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:15:26.0187 4016 Cpqarray - ok
21:15:26.0203 4016 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:15:26.0203 4016 CryptSvc - ok
21:15:26.0218 4016 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
21:15:26.0218 4016 CVirtA - ok
21:15:26.0375 4016 CVPND (08d8fa119f2ad6ac0377fb667523482e) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
21:15:26.0390 4016 CVPND - ok
21:15:26.0578 4016 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
21:15:26.0593 4016 CVPNDRVA - ok
21:15:26.0625 4016 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:15:26.0625 4016 dac2w2k - ok
21:15:26.0640 4016 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:15:26.0640 4016 dac960nt - ok
21:15:26.0718 4016 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:15:26.0718 4016 DcomLaunch - ok
21:15:26.0765 4016 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:15:26.0765 4016 Dhcp - ok
21:15:26.0796 4016 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:15:26.0796 4016 Disk - ok
21:15:26.0906 4016 Diskeeper (0711d2e0f17b31e537b2770a618da41f) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
21:15:26.0906 4016 Diskeeper - ok
21:15:26.0953 4016 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:15:26.0953 4016 DLABOIOM - ok
21:15:26.0968 4016 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:15:26.0968 4016 DLACDBHM - ok
21:15:26.0984 4016 DLADResN (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS
21:15:26.0984 4016 DLADResN - ok
21:15:27.0000 4016 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:15:27.0000 4016 DLAIFS_M - ok
21:15:27.0015 4016 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:15:27.0015 4016 DLAOPIOM - ok
21:15:27.0015 4016 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:15:27.0015 4016 DLAPoolM - ok
21:15:27.0031 4016 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
21:15:27.0031 4016 DLARTL_N - ok
21:15:27.0062 4016 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:15:27.0062 4016 DLAUDFAM - ok
21:15:27.0093 4016 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:15:27.0093 4016 DLAUDF_M - ok
21:15:27.0093 4016 dmadmin - ok
21:15:27.0187 4016 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:15:27.0203 4016 dmboot - ok
21:15:27.0234 4016 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:15:27.0250 4016 dmio - ok
21:15:27.0281 4016 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:15:27.0281 4016 dmload - ok
21:15:27.0312 4016 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:15:27.0312 4016 dmserver - ok
21:15:27.0328 4016 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:15:27.0328 4016 DMusic - ok
21:15:27.0375 4016 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
21:15:27.0375 4016 DNE - ok
21:15:27.0421 4016 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:15:27.0421 4016 Dnscache - ok
21:15:27.0468 4016 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:15:27.0468 4016 Dot3svc - ok
21:15:27.0500 4016 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:15:27.0500 4016 dpti2o - ok
21:15:27.0531 4016 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:15:27.0531 4016 drmkaud - ok
21:15:27.0562 4016 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:15:27.0578 4016 DRVMCDB - ok
21:15:27.0609 4016 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:15:27.0609 4016 DRVNDDM - ok
21:15:27.0625 4016 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:15:27.0625 4016 E100B - ok
21:15:27.0671 4016 e1express (00560c3fedf8958fcdc7c68b7906f66f) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
21:15:27.0687 4016 e1express - ok
21:15:27.0734 4016 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:15:27.0734 4016 EapHost - ok
21:15:27.0750 4016 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
21:15:27.0750 4016 EGATHDRV - ok
21:15:27.0796 4016 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
21:15:27.0796 4016 epmntdrv - ok
21:15:27.0843 4016 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:15:27.0843 4016 ERSvc - ok
21:15:27.0875 4016 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
21:15:27.0875 4016 EuGdiDrv - ok
21:15:27.0921 4016 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:15:27.0921 4016 Eventlog - ok
21:15:27.0968 4016 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:15:27.0984 4016 EventSystem - ok
21:15:28.0078 4016 EvtEng (6a197698a141ffe7651b962ae3172008) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
21:15:28.0078 4016 EvtEng - ok
21:15:28.0125 4016 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:15:28.0125 4016 Fastfat - ok
21:15:28.0187 4016 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:15:28.0187 4016 FastUserSwitchingCompatibility - ok
21:15:28.0203 4016 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:15:28.0203 4016 Fdc - ok
21:15:28.0234 4016 FilterService (50104c5f1ee1e295781caf9521ca2e56) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
21:15:28.0234 4016 FilterService - ok
21:15:28.0250 4016 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:15:28.0250 4016 Fips - ok
21:15:28.0328 4016 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:15:28.0343 4016 FLEXnet Licensing Service - ok
21:15:28.0359 4016 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:15:28.0359 4016 Flpydisk - ok
21:15:28.0406 4016 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:15:28.0406 4016 FltMgr - ok
21:15:28.0500 4016 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:15:28.0500 4016 FontCache3.0.0.0 - ok
21:15:28.0531 4016 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:15:28.0531 4016 Fs_Rec - ok
21:15:28.0546 4016 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:15:28.0562 4016 Ftdisk - ok
21:15:28.0593 4016 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:15:28.0593 4016 GEARAspiWDM - ok
21:15:28.0625 4016 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:15:28.0625 4016 Gpc - ok
21:15:28.0687 4016 gupdate1c9e89826ac7d22 - ok
21:15:28.0687 4016 gupdatem - ok
21:15:28.0765 4016 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys
21:15:28.0781 4016 Hardlock - ok
21:15:28.0812 4016 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
21:15:28.0828 4016 Haspnt - ok
21:15:28.0843 4016 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:15:28.0843 4016 HDAudBus - ok
21:15:28.0906 4016 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:15:28.0906 4016 helpsvc - ok
21:15:28.0921 4016 HidServ - ok
21:15:28.0953 4016 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:15:28.0953 4016 HidUsb - ok
21:15:28.0984 4016 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:15:29.0000 4016 hkmsvc - ok
21:15:29.0031 4016 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:15:29.0031 4016 hpn - ok
21:15:29.0125 4016 HSF_DPV (b1fc0b027df4374f9e5b796cfdf797b3) C:\WINDOWS\system32\DRIVERS\hsx_dpv.sys
21:15:29.0140 4016 HSF_DPV - ok
21:15:29.0171 4016 HSXHWAZL (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys
21:15:29.0171 4016 HSXHWAZL - ok
21:15:29.0234 4016 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:15:29.0234 4016 HTTP - ok
21:15:29.0250 4016 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:15:29.0250 4016 HTTPFilter - ok
21:15:29.0281 4016 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:15:29.0296 4016 i2omgmt - ok
21:15:29.0312 4016 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:15:29.0312 4016 i2omp - ok
21:15:29.0343 4016 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:15:29.0343 4016 i8042prt - ok
21:15:29.0437 4016 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:15:29.0453 4016 iaStor - ok
21:15:29.0484 4016 IBMPMDRV (067a88764593b1f46a6cfb00c69c11eb) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
21:15:29.0484 4016 IBMPMDRV - ok
21:15:29.0500 4016 IBMPMSVC (21abd7e16659602723f984f512c65e02) C:\WINDOWS\system32\ibmpmsvc.exe
21:15:29.0500 4016 IBMPMSVC - ok
21:15:29.0500 4016 IBMTPCHK (bfc9f3adaad74e13f9ce16c8bd336f95) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
21:15:29.0515 4016 IBMTPCHK - ok
21:15:29.0593 4016 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
21:15:29.0609 4016 IDriverT - ok
21:15:29.0828 4016 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:15:29.0843 4016 idsvc - ok
21:15:29.0875 4016 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:15:29.0875 4016 Imapi - ok
21:15:29.0921 4016 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:15:29.0937 4016 ImapiService - ok
21:15:29.0968 4016 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:15:29.0968 4016 ini910u - ok
21:15:30.0000 4016 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:15:30.0000 4016 IntelIde - ok
21:15:30.0015 4016 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:15:30.0015 4016 intelppm - ok
21:15:30.0046 4016 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:15:30.0046 4016 Ip6Fw - ok
21:15:30.0078 4016 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:15:30.0078 4016 IpFilterDriver - ok
21:15:30.0078 4016 iphlpsvc - ok
21:15:30.0093 4016 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:15:30.0093 4016 IpInIp - ok
21:15:30.0125 4016 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:15:30.0125 4016 IpNat - ok
21:15:30.0250 4016 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
21:15:30.0250 4016 iPod Service - ok
21:15:30.0281 4016 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:15:30.0281 4016 IPSec - ok
21:15:30.0312 4016 IPSSVC (4d1d3b3644737746fb98c4d272fb4a86) C:\WINDOWS\system32\IPSSVC.EXE
21:15:30.0312 4016 IPSSVC - ok
21:15:30.0359 4016 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
21:15:30.0359 4016 irda - ok
21:15:30.0375 4016 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:15:30.0375 4016 IRENUM - ok
21:15:30.0406 4016 Irmon (49cc4533ce897cb2e93c1e84a818fde5) C:\WINDOWS\System32\irmon.dll
21:15:30.0406 4016 Irmon - ok
21:15:30.0453 4016 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:15:30.0453 4016 isapnp - ok
21:15:30.0531 4016 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
21:15:30.0531 4016 JavaQuickStarterService - ok
21:15:30.0546 4016 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:15:30.0546 4016 Kbdclass - ok
21:15:30.0578 4016 KeyScrambler (83a174ac30d12186e5c2e56d362d3604) C:\WINDOWS\system32\drivers\keyscrambler.sys
21:15:30.0593 4016 KeyScrambler - ok
21:15:30.0625 4016 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:15:30.0640 4016 kmixer - ok
21:15:30.0687 4016 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:15:30.0687 4016 KSecDD - ok
21:15:30.0718 4016 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:15:30.0718 4016 lanmanserver - ok
21:15:30.0765 4016 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:15:30.0765 4016 lanmanworkstation - ok
21:15:30.0781 4016 Lavasoft Kernexplorer - ok
21:15:30.0796 4016 Lbd - ok
21:15:30.0796 4016 lbrtfdc - ok
21:15:30.0843 4016 LexBceS (a5a631c38858bfdbe7f608b4486723e2) C:\WINDOWS\system32\LEXBCES.EXE
21:15:30.0859 4016 LexBceS - ok
21:15:30.0890 4016 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) C:\WINDOWS\system32\DRIVERS\lgbtport.sys
21:15:30.0906 4016 LgBttPort - ok
21:15:30.0906 4016 lgbusenum (1d038ca6c529203087a990e5e97887b4) C:\WINDOWS\system32\DRIVERS\lgbtbus.sys
21:15:30.0906 4016 lgbusenum - ok
21:15:30.0953 4016 LGVMODEM (26f1976a330195d62a6224c76968cf0d) C:\WINDOWS\system32\DRIVERS\lgvmodem.sys
21:15:30.0953 4016 LGVMODEM - ok
21:15:30.0984 4016 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:15:30.0984 4016 LmHosts - ok
21:15:31.0000 4016 LVcKap - ok
21:15:31.0093 4016 LVCOMSer (38440fe1a65b1fe3d246c5c4cad22f53) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
21:15:31.0093 4016 LVCOMSer - ok
21:15:31.0093 4016 LVMVDrv - ok
21:15:31.0140 4016 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
21:15:31.0140 4016 LVPr2Mon - ok
21:15:31.0218 4016 LVPrcSrv (28bd0e4b6c050b591b8cb35b9ad284e6) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
21:15:31.0218 4016 LVPrcSrv - ok
21:15:31.0296 4016 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
21:15:31.0312 4016 LVRS - ok
21:15:31.0359 4016 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
21:15:31.0359 4016 LVUSBSta - ok
21:15:31.0781 4016 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
21:15:31.0828 4016 LVUVC - ok
21:15:31.0937 4016 lxed_device - ok
21:15:32.0000 4016 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\WINDOWS\system32\drivers\mbam.sys
21:15:32.0000 4016 MBAMProtector - ok
21:15:32.0156 4016 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:15:32.0171 4016 MBAMService - ok
21:15:32.0203 4016 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:15:32.0203 4016 mdmxsdk - ok
21:15:32.0328 4016 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:15:32.0328 4016 Microsoft Office Groove Audit Service - ok
21:15:32.0359 4016 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:15:32.0359 4016 mnmdd - ok
21:15:32.0406 4016 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:15:32.0406 4016 mnmsrvc - ok
21:15:32.0453 4016 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:15:32.0453 4016 Modem - ok
21:15:32.0484 4016 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:15:32.0484 4016 Mouclass - ok
21:15:32.0515 4016 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:15:32.0515 4016 mouhid - ok
21:15:32.0531 4016 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:15:32.0531 4016 MountMgr - ok
21:15:32.0578 4016 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:15:32.0578 4016 MozillaMaintenance - ok
21:15:32.0593 4016 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:15:32.0609 4016 mraid35x - ok
21:15:32.0625 4016 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:15:32.0640 4016 MRxDAV - ok
21:15:32.0718 4016 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:15:32.0718 4016 MRxSmb - ok
21:15:32.0750 4016 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:15:32.0750 4016 MSDTC - ok
21:15:32.0796 4016 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:15:32.0796 4016 Msfs - ok
21:15:32.0796 4016 MSIServer - ok
21:15:32.0812 4016 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:15:32.0812 4016 MSKSSRV - ok
21:15:32.0843 4016 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:15:32.0843 4016 MSPCLOCK - ok
21:15:32.0859 4016 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:15:32.0875 4016 MSPQM - ok
21:15:32.0875 4016 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:15:32.0890 4016 mssmbios - ok
21:15:32.0906 4016 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:15:32.0906 4016 MSTEE - ok
21:15:32.0953 4016 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:15:32.0953 4016 Mup - ok
21:15:32.0968 4016 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:15:32.0968 4016 NABTSFEC - ok
21:15:33.0031 4016 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:15:33.0031 4016 napagent - ok
21:15:33.0062 4016 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:15:33.0078 4016 NDIS - ok
21:15:33.0078 4016 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:15:33.0078 4016 NdisIP - ok
21:15:33.0125 4016 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:15:33.0125 4016 NdisTapi - ok
21:15:33.0140 4016 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:15:33.0140 4016 Ndisuio - ok
21:15:33.0156 4016 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:15:33.0156 4016 NdisWan - ok
21:15:33.0203 4016 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:15:33.0203 4016 NDProxy - ok
21:15:33.0234 4016 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:15:33.0234 4016 NetBIOS - ok
21:15:33.0250 4016 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:15:33.0265 4016 NetBT - ok
21:15:33.0296 4016 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:15:33.0296 4016 NetDDE - ok
21:15:33.0312 4016 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:15:33.0312 4016 NetDDEdsdm - ok
21:15:33.0359 4016 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:15:33.0359 4016 Netlogon - ok
21:15:33.0390 4016 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:15:33.0390 4016 Netman - ok
21:15:33.0531 4016 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:15:33.0531 4016 NetTcpPortSharing - ok
21:15:33.0734 4016 NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
21:15:33.0750 4016 NETw3x32 - ok
21:15:33.0921 4016 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:15:33.0921 4016 Nla - ok
21:15:34.0000 4016 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files\CDBurnerXP\NMSAccessU.exe
21:15:34.0000 4016 NMSAccessU - ok
21:15:34.0046 4016 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:15:34.0062 4016 Npfs - ok
21:15:34.0062 4016 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
21:15:34.0062 4016 NSCIRDA - ok
21:15:34.0140 4016 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:15:34.0140 4016 Ntfs - ok
21:15:34.0203 4016 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:15:34.0203 4016 NtLmSsp - ok
21:15:34.0265 4016 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:15:34.0281 4016 NtmsSvc - ok
21:15:34.0312 4016 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:15:34.0312 4016 Null - ok
21:15:34.0500 4016 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:15:34.0515 4016 nv - ok
21:15:34.0656 4016 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:15:34.0671 4016 NwlnkFlt - ok
21:15:34.0703 4016 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:15:34.0718 4016 NwlnkFwd - ok
21:15:34.0843 4016 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:15:34.0859 4016 odserv - ok
21:15:35.0078 4016 OS Selector (9bfd0a072459782e3638362a4473e283) C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
21:15:35.0109 4016 OS Selector - ok
21:15:35.0187 4016 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:15:35.0187 4016 ose - ok
21:15:35.0328 4016 osixrnptqfqrjikp - ok
21:15:35.0375 4016 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:15:35.0375 4016 Parport - ok
21:15:35.0406 4016 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:15:35.0406 4016 PartMgr - ok
21:15:35.0421 4016 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:15:35.0421 4016 ParVdm - ok
21:15:35.0468 4016 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:15:35.0468 4016 PCI - ok
21:15:35.0468 4016 PCIDump - ok
21:15:35.0484 4016 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:15:35.0484 4016 PCIIde - ok
21:15:35.0500 4016 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:15:35.0500 4016 Pcmcia - ok
21:15:35.0515 4016 PDCOMP - ok
21:15:35.0515 4016 PDFRAME - ok
21:15:35.0515 4016 PDRELI - ok
21:15:35.0531 4016 PDRFRAME - ok
21:15:35.0531 4016 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:15:35.0531 4016 perc2 - ok
21:15:35.0546 4016 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:15:35.0546 4016 perc2hib - ok
21:15:35.0640 4016 PID_0928 (4fd88efe733a120837d365f2cd143742) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
21:15:35.0656 4016 PID_0928 - ok
21:15:35.0718 4016 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:15:35.0718 4016 PlugPlay - ok
21:15:35.0750 4016 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
21:15:35.0750 4016 pmem - ok
21:15:35.0796 4016 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:15:35.0796 4016 PolicyAgent - ok
21:15:35.0843 4016 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:15:35.0843 4016 PptpMiniport - ok
21:15:35.0906 4016 PrivateDisk (ebe579425ccb8377bfc7c0b50c05eb56) C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
21:15:35.0921 4016 PrivateDisk - ok
21:15:35.0953 4016 PROCDD (6f9e6e874fd74ee6dd0bbecde9d3f795) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
21:15:35.0953 4016 PROCDD - ok
21:15:35.0984 4016 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
21:15:36.0000 4016 Processor - ok
21:15:36.0015 4016 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:15:36.0015 4016 ProtectedStorage - ok
21:15:36.0078 4016 psadd (fb4c54f3a168b178dabf15eebaed8276) C:\WINDOWS\system32\Drivers\psadd.sys
21:15:36.0078 4016 psadd - ok
21:15:36.0093 4016 PsaSrv (a39e2901c4a75781d1be845bd47d1131) C:\WINDOWS\system32\PsaSrv.exe
21:15:36.0109 4016 PsaSrv - ok
21:15:36.0156 4016 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:15:36.0156 4016 PSched - ok
21:15:36.0187 4016 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:15:36.0187 4016 Ptilink - ok
21:15:36.0203 4016 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:15:36.0203 4016 PxHelp20 - ok
21:15:36.0234 4016 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:15:36.0234 4016 ql1080 - ok
21:15:36.0250 4016 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:15:36.0250 4016 Ql10wnt - ok
21:15:36.0265 4016 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:15:36.0265 4016 ql12160 - ok
21:15:36.0281 4016 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:15:36.0281 4016 ql1240 - ok
21:15:36.0296 4016 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:15:36.0296 4016 ql1280 - ok
21:15:36.0312 4016 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:15:36.0312 4016 RasAcd - ok
21:15:36.0359 4016 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:15:36.0359 4016 RasAuto - ok
21:15:36.0390 4016 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
21:15:36.0390 4016 Rasirda - ok
21:15:36.0406 4016 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:15:36.0406 4016 Rasl2tp - ok
21:15:36.0453 4016 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:15:36.0453 4016 RasMan - ok
21:15:36.0468 4016 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:15:36.0468 4016 RasPppoe - ok
21:15:36.0484 4016 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:15:36.0484 4016 Raspti - ok
21:15:36.0531 4016 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:15:36.0531 4016 Rdbss - ok
21:15:36.0546 4016 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:15:36.0546 4016 RDPCDD - ok
21:15:36.0578 4016 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:15:36.0578 4016 rdpdr - ok
21:15:36.0625 4016 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
21:15:36.0625 4016 RDPWD - ok
21:15:36.0734 4016 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:15:36.0734 4016 RDSessMgr - ok
21:15:36.0765 4016 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:15:36.0765 4016 redbook - ok
21:15:36.0859 4016 RegSrvc (d8f61aaae73a1fbde6f538becc891f2f) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
21:15:36.0859 4016 RegSrvc - ok
21:15:36.0890 4016 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:15:36.0906 4016 RemoteAccess - ok
21:15:36.0937 4016 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:15:36.0937 4016 RemoteRegistry - ok
21:15:36.0968 4016 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:15:36.0984 4016 RpcLocator - ok
21:15:37.0062 4016 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
21:15:37.0062 4016 RpcSs - ok
21:15:37.0109 4016 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:15:37.0109 4016 RSVP - ok
21:15:37.0218 4016 S24EventMonitor (25f697e3afa7b337bbcaddbce38e6934) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
21:15:37.0234 4016 S24EventMonitor - ok
21:15:37.0265 4016 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
21:15:37.0281 4016 s24trans - ok
21:15:37.0312 4016 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:15:37.0312 4016 SamSs - ok
21:15:37.0859 4016 SBAMSvc (bce943896289a91ad75cc5652620b1c6) C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
21:15:37.0890 4016 SBAMSvc - ok
21:15:38.0046 4016 sbaphd (62ba65cc0b4a4bd1eaff5fed6e2b5069) C:\WINDOWS\system32\drivers\sbaphd.sys
21:15:38.0046 4016 sbaphd - ok
21:15:38.0062 4016 sbapifs (3fff8cda4d2f29ca06f1557e85163c30) C:\WINDOWS\system32\drivers\sbapifs.sys
21:15:38.0078 4016 sbapifs - ok
21:15:38.0125 4016 SbFw (dc19ff9879775ac86baa9c9282573e87) C:\WINDOWS\system32\drivers\SbFw.sys
21:15:38.0125 4016 SbFw - ok
21:15:38.0140 4016 SBFWIMCL (1dcad90cc9c0ddc7d060fd97854f8518) C:\WINDOWS\system32\DRIVERS\sbfwim.sys
21:15:38.0140 4016 SBFWIMCL - ok
21:15:38.0156 4016 SBFWIMCLMP (1dcad90cc9c0ddc7d060fd97854f8518) C:\WINDOWS\system32\DRIVERS\SBFWIM.sys
21:15:38.0156 4016 SBFWIMCLMP - ok
21:15:38.0171 4016 sbhips (1afd7178ab9c4fce2d332da7aa474fa6) C:\WINDOWS\system32\drivers\sbhips.sys
21:15:38.0171 4016 sbhips - ok
21:15:38.0218 4016 SBRE (1fd538c4feb36b793d2121f20bbdc16f) C:\WINDOWS\system32\drivers\SBREdrv.sys
21:15:38.0218 4016 SBRE - ok
21:15:38.0250 4016 sbtis (3ccb4c5686d23033fd01835bed868b4b) C:\WINDOWS\system32\drivers\sbtis.sys
21:15:38.0250 4016 sbtis - ok
21:15:38.0296 4016 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:15:38.0296 4016 SCardSvr - ok
21:15:38.0343 4016 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:15:38.0359 4016 Schedule - ok
21:15:38.0390 4016 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:15:38.0390 4016 Secdrv - ok
21:15:38.0421 4016 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:15:38.0421 4016 seclogon - ok
21:15:38.0437 4016 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:15:38.0453 4016 SENS - ok
21:15:38.0453 4016 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:15:38.0453 4016 serenum - ok
21:15:38.0484 4016 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:15:38.0484 4016 Serial - ok
21:15:38.0500 4016 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:15:38.0500 4016 Sfloppy - ok
21:15:38.0562 4016 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:15:38.0562 4016 SharedAccess - ok
21:15:38.0625 4016 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:15:38.0625 4016 ShellHWDetection - ok
21:15:38.0656 4016 ShockMgr (1a9b76c8e0d77bcaca24fdf36781b59d) C:\WINDOWS\system32\drivers\ShockMgr.sys
21:15:38.0656 4016 ShockMgr - ok
21:15:38.0671 4016 Shockprf (cb0c065af3ac9ac307408ea021cdd20e) C:\WINDOWS\system32\drivers\Shockprf.sys
21:15:38.0671 4016 Shockprf - ok
21:15:38.0687 4016 Simbad - ok
21:15:38.0734 4016 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:15:38.0734 4016 sisagp - ok
21:15:38.0750 4016 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:15:38.0750 4016 SLIP - ok
21:15:38.0781 4016 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
21:15:38.0781 4016 Smapint - ok
21:15:38.0828 4016 smi2 (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Program Files\SMI2\smi2.sys
21:15:38.0828 4016 smi2 - ok
21:15:38.0859 4016 smihlp (01a4388e45ba272082bfc35b0c8dbf8a) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
21:15:38.0859 4016 smihlp - ok
21:15:38.0890 4016 snapman (c6dafc9af23d54ca0e222b215d5e8378) C:\WINDOWS\system32\DRIVERS\snapman.sys
21:15:38.0890 4016 snapman - ok
21:15:38.0906 4016 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
21:15:38.0906 4016 SONYPVU1 - ok
21:15:38.0921 4016 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:15:38.0937 4016 Sparrow - ok
21:15:38.0953 4016 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:15:38.0953 4016 splitter - ok
21:15:38.0984 4016 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:15:38.0984 4016 Spooler - ok
21:15:39.0000 4016 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:15:39.0000 4016 sr - ok
21:15:39.0062 4016 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:15:39.0062 4016 srservice - ok
21:15:39.0140 4016 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:15:39.0140 4016 Srv - ok
21:15:39.0171 4016 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:15:39.0171 4016 SSDPSRV - ok
21:15:39.0218 4016 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
21:15:39.0218 4016 StillCam - ok
21:15:39.0281 4016 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:15:39.0281 4016 stisvc - ok
21:15:39.0312 4016 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:15:39.0312 4016 streamip - ok
21:15:39.0421 4016 SUService (1b1ee7daa523e8ca72bbdc6db155dc26) c:\program files\lenovo\system update\suservice.exe
21:15:39.0421 4016 SUService - ok
21:15:39.0437 4016 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:15:39.0437 4016 swenum - ok
21:15:39.0453 4016 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:15:39.0453 4016 swmidi - ok
21:15:39.0453 4016 SwPrv - ok
21:15:39.0484 4016 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:15:39.0500 4016 symc810 - ok
21:15:39.0500 4016 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:15:39.0500 4016 symc8xx - ok
21:15:39.0515 4016 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:15:39.0515 4016 sym_hi - ok
21:15:39.0515 4016 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:15:39.0515 4016 sym_u3 - ok
21:15:39.0578 4016 SynTP (7c02db7416d52c02b131d0e3a8d2337c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:15:39.0578 4016 SynTP - ok
21:15:39.0593 4016 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:15:39.0593 4016 sysaudio - ok
21:15:39.0625 4016 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:15:39.0640 4016 SysmonLog - ok
21:15:39.0703 4016 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:15:39.0703 4016 TapiSrv - ok
21:15:39.0765 4016 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:15:39.0765 4016 Tcpip - ok
21:15:39.0796 4016 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
21:15:39.0796 4016 TcUsb - ok
21:15:39.0828 4016 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:15:39.0828 4016 TDPIPE - ok
21:15:39.0843 4016 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
21:15:39.0843 4016 TDSMAPI - ok
21:15:39.0875 4016 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:15:39.0875 4016 TDTCP - ok
21:15:39.0875 4016 tdx - ok
21:15:39.0906 4016 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:15:39.0906 4016 TermDD - ok
21:15:39.0968 4016 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:15:39.0968 4016 TermService - ok
21:15:40.0015 4016 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:15:40.0015 4016 Themes - ok
21:15:40.0140 4016 ThinkVantage Registry Monitor Service (bec875caf94e9fd6bc95b84bd07c1e99) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
21:15:40.0140 4016 ThinkVantage Registry Monitor Service - ok
21:15:40.0187 4016 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:15:40.0187 4016 TlntSvr - ok
21:15:40.0234 4016 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:15:40.0234 4016 TosIde - ok
21:15:40.0281 4016 TPHDEXLGSVC (a3552782e8d402f3aa513765d93c852d) C:\WINDOWS\system32\TPHDEXLG.EXE
21:15:40.0281 4016 TPHDEXLGSVC - ok
21:15:40.0312 4016 TPHKDRV (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys
21:15:40.0312 4016 TPHKDRV - ok
21:15:40.0328 4016 TpKmpSVC (dfb268ff0a6dcb9280015ff527f892ff) C:\WINDOWS\system32\TpKmpSVC.exe
21:15:40.0328 4016 TpKmpSVC - ok
21:15:40.0375 4016 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
21:15:40.0375 4016 TPPWRIF - ok
21:15:40.0406 4016 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:15:40.0421 4016 TrkWks - ok
21:15:40.0437 4016 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
21:15:40.0437 4016 TSMAPIP - ok
21:15:40.0796 4016 TSSCoreService (cf3bc148a6979bcf5af8591e687c1390) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
21:15:40.0812 4016 TSSCoreService - ok
21:15:41.0468 4016 TVT Backup Service (ec38192f2f5361b48bc387c2db337264) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
21:15:41.0484 4016 TVT Backup Service - ok
21:15:41.0656 4016 TVT Scheduler (fe1d3ef5caa8ee28a8b66fa1f180681b) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
21:15:41.0671 4016 TVT Scheduler - ok
21:15:41.0859 4016 tvtfilter (dd957007df98aecffaaa2656d4b981e4) C:\WINDOWS\system32\drivers\tvtfilter.sys
21:15:41.0859 4016 tvtfilter - ok
21:15:41.0906 4016 tvtnetwk (2e72c66682e9274c97ae3f5a57c2fa33) C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
21:15:41.0906 4016 tvtnetwk - ok
21:15:41.0968 4016 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
21:15:41.0968 4016 TVTPktFilter - ok
21:15:42.0000 4016 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:15:42.0015 4016 Udfs - ok
21:15:42.0046 4016 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:15:42.0046 4016 ultra - ok
21:15:42.0109 4016 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:15:42.0109 4016 Update - ok
21:15:42.0171 4016 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:15:42.0171 4016 upnphost - ok
21:15:42.0187 4016 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:15:42.0203 4016 UPS - ok
21:15:42.0250 4016 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:15:42.0250 4016 USBAAPL - ok
21:15:42.0281 4016 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:15:42.0281 4016 usbaudio - ok
21:15:42.0328 4016 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
21:15:42.0328 4016 usbbus - ok
21:15:42.0375 4016 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:15:42.0375 4016 usbccgp - ok
21:15:42.0421 4016 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
21:15:42.0421 4016 UsbDiag - ok
21:15:42.0453 4016 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:15:42.0453 4016 usbehci - ok
21:15:42.0484 4016 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:15:42.0484 4016 usbhub - ok
21:15:42.0500 4016 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
21:15:42.0500 4016 USBModem - ok
21:15:42.0562 4016 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:15:42.0562 4016 usbprint - ok
21:15:42.0625 4016 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:15:42.0625 4016 usbscan - ok
21:15:42.0640 4016 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:15:42.0640 4016 USBSTOR - ok
21:15:42.0671 4016 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:15:42.0687 4016 usbuhci - ok
21:15:42.0718 4016 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:15:42.0734 4016 usbvideo - ok
21:15:42.0765 4016 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:15:42.0765 4016 VgaSave - ok
21:15:42.0812 4016 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:15:42.0812 4016 viaagp - ok
21:15:42.0828 4016 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:15:42.0828 4016 ViaIde - ok
21:15:42.0875 4016 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:15:42.0875 4016 VolSnap - ok
21:15:42.0921 4016 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
21:15:42.0937 4016 vsdatant - ok
21:15:43.0000 4016 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:15:43.0000 4016 VSS - ok
21:15:43.0046 4016 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:15:43.0062 4016 W32Time - ok
21:15:43.0093 4016 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:15:43.0093 4016 Wanarp - ok
21:15:43.0093 4016 WDICA - ok
21:15:43.0125 4016 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:15:43.0125 4016 wdmaud - ok
21:15:43.0140 4016 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:15:43.0156 4016 WebClient - ok
21:15:43.0234 4016 winachsf (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\hsx_cnxt.sys
21:15:43.0234 4016 winachsf - ok
21:15:43.0265 4016 WinDefend - ok
21:15:43.0281 4016 WinHttpAutoProxySvc - ok
21:15:43.0359 4016 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:15:43.0359 4016 winmgmt - ok
21:15:43.0406 4016 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:15:43.0406 4016 WmdmPmSN - ok
21:15:43.0484 4016 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:15:43.0500 4016 Wmi - ok
21:15:43.0562 4016 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:15:43.0562 4016 WmiApSrv - ok
21:15:43.0718 4016 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:15:43.0734 4016 WMPNetworkSvc - ok
21:15:43.0796 4016 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:15:43.0796 4016 WS2IFSL - ok
21:15:43.0843 4016 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:15:43.0843 4016 wscsvc - ok
21:15:43.0875 4016 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:15:43.0875 4016 WSTCODEC - ok
21:15:43.0890 4016 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:15:43.0890 4016 wuauserv - ok
21:15:43.0937 4016 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:15:43.0937 4016 WudfPf - ok
21:15:43.0968 4016 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:15:43.0968 4016 WudfRd - ok
21:15:43.0984 4016 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:15:44.0000 4016 WudfSvc - ok
21:15:44.0062 4016 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:15:44.0078 4016 WZCSVC - ok
21:15:44.0187 4016 XMail (1619a3283d9125d44116a1ee9143e035) C:\Program Files\acquia-drupal\xmail\XMail.exe
21:15:44.0203 4016 XMail - ok
21:15:44.0234 4016 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:15:44.0234 4016 xmlprov - ok
21:15:44.0265 4016 MBR (0x1B8) (47d3ade2ede4db9b8735d14229855b71) \Device\Harddisk0\DR0
21:15:44.0859 4016 \Device\Harddisk0\DR0 - ok
21:15:44.0859 4016 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR11
21:15:46.0000 4016 \Device\Harddisk1\DR11 - ok
21:15:46.0015 4016 Boot (0x1200) (81ac79a0f72ce8975bb3f4deae6c3031) \Device\Harddisk0\DR0\Partition0
21:15:46.0015 4016 \Device\Harddisk0\DR0\Partition0 - ok
21:15:46.0015 4016 Boot (0x1200) (f89d96e82216945f3c7440ce2c994c44) \Device\Harddisk1\DR11\Partition0
21:15:46.0015 4016 \Device\Harddisk1\DR11\Partition0 - ok
21:15:46.0015 4016 ============================================================
21:15:46.0015 4016 Scan finished
21:15:46.0015 4016 ============================================================
21:15:46.0031 3824 Detected object count: 0
21:15:46.0031 3824 Actual detected object count: 0

MBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-15 10:40:39
-----------------------------
10:40:39.062 OS Version: Windows 5.1.2600 Service Pack 3
10:40:39.062 Number of processors: 2 586 0xF06
10:40:39.062 ComputerName: LENOVO-64B6E920 UserName: Tyler
10:40:40.812 Initialize success
10:40:59.859 AVAST engine defs: 12061500
10:41:10.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:41:10.812 Disk 0 Vendor: HTS721010G9SA00 MCZIC14V Size: 95396MB BusType: 3
10:41:10.890 Disk 0 MBR read successfully
10:41:10.890 Disk 0 MBR scan
10:41:11.000 Disk 0 unknown MBR code
10:41:11.000 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 87072 MB offset 63
10:41:11.046 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 8320 MB offset 178325280
10:41:11.093 Disk 0 scanning sectors +195365520
10:41:11.234 Disk 0 scanning C:\WINDOWS\system32\drivers
10:41:59.765 Service scanning
10:42:38.203 Modules scanning
10:43:12.390 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
10:43:21.281 Disk 0 trace - called modules:
10:43:21.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:43:21.312 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a81bab8]
10:43:21.312 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\000000ad[0x8a8591c0]
10:43:21.328 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a7f4d98]
10:43:23.171 AVAST engine scan C:\WINDOWS
10:43:56.625 AVAST engine scan C:\WINDOWS\system32
10:52:59.218 AVAST engine scan C:\WINDOWS\system32\drivers
10:54:30.031 AVAST engine scan C:\Documents and Settings\Tyler
11:20:39.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tyler\Desktop\Post\New\MBR.dat"
11:20:39.796 The log file has been saved successfully to "C:\Documents and Settings\Tyler\Desktop\Post\New\aswMBR.txt"

Got through the whole scan.

MBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-15 11:23:50
-----------------------------
11:23:50.921 OS Version: Windows 5.1.2600 Service Pack 3
11:23:50.921 Number of processors: 2 586 0xF06
11:23:50.937 ComputerName: LENOVO-64B6E920 UserName: Tyler
11:23:52.609 Initialize success
11:24:12.546 AVAST engine defs: 12061500
11:41:31.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:41:31.375 Disk 0 Vendor: HTS721010G9SA00 MCZIC14V Size: 95396MB BusType: 3
11:41:31.468 Disk 0 MBR read successfully
11:41:31.468 Disk 0 MBR scan
11:41:31.546 Disk 0 unknown MBR code
11:41:31.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 87072 MB offset 63
11:41:31.640 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 8320 MB offset 178325280
11:41:31.734 Disk 0 scanning sectors +195365520
11:41:31.984 Disk 0 scanning C:\WINDOWS\system32\drivers
11:42:27.281 Service scanning
11:43:22.828 Modules scanning
11:44:24.625 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
11:44:40.296 Disk 0 trace - called modules:
11:44:40.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:44:40.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a81bab8]
11:44:40.343 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\000000ad[0x8a8591c0]
11:44:40.343 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a7f4d98]
11:44:41.515 AVAST engine scan C:\WINDOWS
11:45:39.328 AVAST engine scan C:\WINDOWS\system32
11:57:21.062 AVAST engine scan C:\WINDOWS\system32\drivers
11:59:02.656 AVAST engine scan C:\Documents and Settings\Tyler
14:52:34.859 AVAST engine scan C:\Documents and Settings\All Users
14:58:31.625 Scan finished successfully
14:58:44.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tyler\Desktop\Post\New\MBR.dat"
14:58:44.171 The log file has been saved successfully to "C:\Documents and Settings\Tyler\Desktop\Post\New\aswMBR.txt"

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
  
• report from Combofix
• let me know of any problems you may have had
• How is the computer doing now after running the script?

Gringo

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo

Hey,

I've been ill, attempted to run it just now but Combofix froze while updating at 30.5%, will run it again and see if it works.

Combofix log:

ComboFix 12-06-20.02 - Tyler 20/06/2012 13:07:21.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1220 [GMT -4:00]
Running from: c:\documents and settings\Tyler\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tyler\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 )))))))))))))))))))))))))))))))
.
.
2012-06-10 23:22 . 2012-06-10 23:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-06-10 23:21 . 2012-06-10 23:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-06-10 23:20 . 2012-06-10 23:20 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-06-05 11:58 . 2012-06-05 11:58 -------- d-----w- c:\documents and settings\LocalService\Application Data\Ad-Aware Antivirus
2012-06-05 02:19 . 2012-06-05 02:19 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\adaware
2012-06-05 02:19 . 2012-06-05 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-06-05 02:19 . 2011-11-29 10:59 77816 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2012-06-05 02:19 . 2011-11-29 10:59 21240 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2012-06-05 02:19 . 2011-12-19 16:44 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-06-05 02:19 . 2011-12-19 16:44 217976 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-06-05 01:58 . 2011-09-29 16:16 94584 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-06-05 01:58 . 2011-12-19 16:44 335224 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-06-05 01:58 . 2012-06-05 01:58 -------- d-----w- c:\windows\system32\drivers\VDD
2012-06-05 01:58 . 2012-06-05 12:00 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-06-05 00:19 . 2012-06-05 00:19 -------- d-----w- c:\documents and settings\Tyler\Application Data\Ad-Aware Antivirus
2012-06-04 21:03 . 2012-06-04 21:03 264 ---ha-w- C:\aaw7boot.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 18:25 . 2008-04-29 17:36 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2012-05-31 13:22 . 2006-04-30 06:55 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 18:47 . 2012-05-15 18:47 388096 ----a-r- c:\documents and settings\Tyler\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-08 02:21 . 2012-04-30 22:06 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-08 02:21 . 2011-11-23 19:50 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2006-04-30 06:55 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2006-04-30 06:55 1862272 ------w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 22:47 . 2012-05-15 16:57 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 22:47 . 2012-05-15 16:57 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-04-04 22:47 . 2010-07-24 01:25 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2010-07-02 17:24 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-05-03 20:02 . 2011-05-09 11:58 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-13_03.17.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-20 17:21 . 2012-06-20 17:21 16384 c:\windows\Temp\Perflib_Perfdata_294.dat
+ 2012-06-19 16:27 . 2012-06-19 16:27 16384 c:\windows\Temp\Perflib_Perfdata_170.dat
+ 2011-12-26 13:02 . 2011-12-26 13:02 19677184 c:\windows\Installer\6af4d.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"TpShocks"="TpShocks.exe" [2006-03-16 106496]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-17 2042208]
"GBMLite8AgentLaCie"="c:\program files\Genie-Soft\GBALite8LaCie\GBMAgent.exe" [2008-08-26 189056]
"lxedmon.exe"="c:\program files\Lexmark S600 Series\lxedmon.exe" [2011-01-23 770728]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KeyScrambler"="c:\program files\KeyScrambler\getting_started.html" [X]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-5-31 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-29 24576]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-10-24 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 19:17 11952 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 02:20 40448 ------w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ------w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ------w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-04-29 17:15 189952 -c----w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 06:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2006-03-15 23:07 421888 -c----w- c:\program files\Picasa2\PicasaMediaDetector.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\POWERPNT.EXE"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Documents and Settings\\Tyler\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/01/2009 3:03 PM 335240]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [04/06/2012 10:19 PM 21240]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [04/06/2012 9:58 PM 335224]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [26/10/2011 2:23 PM 101112]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [04/06/2012 10:19 PM 217976]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [03/05/2012 6:37 PM 1226096]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20/01/2009 3:02 PM 297752]
R2 lxed_device;lxed_device;c:\windows\system32\lxedcoms.exe -service --> c:\windows\system32\lxedcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [02/07/2010 1:24 PM 654408]
R2 OS Selector;Acronis OS Selector activator;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [25/05/2010 7:53 PM 2139400]
R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [13/03/2006 7:05 PM 58368]
R2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [19/12/2011 1:20 PM 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [04/06/2012 10:19 PM 77816]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [14/07/2006 6:55 PM 3968]
R2 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [25/04/2006 10:00 PM 3456]
R2 XMail;XMail Server;c:\program files\acquia-drupal\xmail\XMail.exe [22/01/2012 11:44 PM 397824]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [24/07/2010 4:10 PM 115312]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/09/2009 8:11 AM 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/09/2009 8:11 AM 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/09/2009 8:11 AM 12928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [02/07/2010 1:24 PM 22344]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [04/06/2012 9:58 PM 94584]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate1c9e89826ac7d22;Google Update Service (gupdate1c9e89826ac7d22);c:\program files\Google\Update\GoogleUpdate.exe [08/06/2009 8:20 PM 133104]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [08/01/2011 10:50 PM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [08/01/2011 10:50 PM 8456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [08/06/2009 8:20 PM 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [03/05/2012 4:02 PM 129976]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [04/06/2012 9:58 PM 94584]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [04/06/2012 10:19 PM 93816]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [30/04/2006 2:56 AM 14336]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-05 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-05-03 22:37]
.
2012-06-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-09 00:20]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-09 00:20]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-946952493-1249314289-2389365056-1005Core.job
- c:\documents and settings\Tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-19 21:03]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-946952493-1249314289-2389365056-1005UA.job
- c:\documents and settings\Tyler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-19 21:03]
.
2012-06-20 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-04-29 16:13]
.
2008-07-11 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2008-04-29 00:32]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/welcome/thinkpad
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\868np364.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en&tab=ww
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-20 13:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\windows\system32\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
c:\windows\system32\PROCHLP.DLL
.
- - - - - - - > 'lsass.exe'(848)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
.
- - - - - - - > 'explorer.exe'(8404)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll
c:\windows\system32\PROCHLP.DLL
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Lenovo\Client Security Solution\tvtpwm_keyboard_hook.dll
c:\program files\Lenovo\Client Security Solution\tvt_passwordmanager.dll
c:\program files\Common Files\Lenovo\tvt_banner.dll
c:\program files\ThinkPad\Bluetooth Software\btkeyind.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\LEXBCES.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\lxedcoms.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\rundll32.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\progra~1\AD-AWA~1\AdAware.exe
c:\program files\Lenovo\Client Security Solution\tvtpwm_tray.exe
c:\windows\system32\msiexec.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
c:\windows\SoftwareDistribution\Download\3fa8e04b2b2d1fc7419b63dc009391e8\update\update.exe
.
**************************************************************************
.
Completion time: 2012-06-20 13:33:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-20 17:33
ComboFix2.txt 2012-06-13 03:25
.
Pre-Run: 4,144,660,480 bytes free
Post-Run: 4,083,462,144 bytes free
.
- - End Of File - - 8BFDAFA9D7DD844E6DBB179F9CB1FBA2

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent [/list]

• Please download and install Revo Uninstaller Free
• Double click Revo Uninstaller to run it.
• From the list of programs double click on The Program to remove
• When prompted if you want to uninstall click Yes.
• Be sure the Moderate option is selected then click Next.
• The program will run, If prompted again click Yes
• when the built-in uninstaller is finished click on Next.
• Once the program has searched for leftovers click Next.
• Check/tick the bolded items only on the list then click Delete
• when prompted click on Yes and then on next.
• put a check on any folders that are found and select delete
• when prompted select yes then on next
• Once done click Finish.

.



Install Java:

Please go here to install Java

• click on the Free Java Download Button
• click on Agree and start Free download
• click on Run
• click on run again
• click on install
• when install is complete click on close

Clean Out Temp Files

• This small application you may want to keep and use once a week to keep the computer clean.
  
  Download CCleaner from here http://www.ccleaner.com/
  
  
• Run the installer to install the application.
• When it gives you the option to install Yahoo toolbar uncheck the box next to it.
• Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
• Click Run Cleaner.
• Close CCleaner.

: Malwarebytes' Anti-Malware :

• I would like you to rerun MBAM
  
• Double-click mbam icon
• go to the update tab at the top
• click on check for updates
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
• If you accidentally close it, the log file is saved here and will be named like this:
• C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

• Go Here to download HijackThis Installer
• Save HijackThis Installer to your desktop.
• Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed it will launch Hijackthis.
• Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
• Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

• In your next post I need the following
  
  
• Log From MBAM
• report from Hijackthis
• let me know of any problems you may have had
• How is the computer doing now?

Gringo