live security platinum removal and redirect virus

Hello,

I was recently working on my computer and I walked away for 5 min - when I came back I had a full blown live security platinum virus running on my computer. I followed a few of the online guides to remove it. I am back to running fairly normal (internet and programs work), but I was not sure if I got rid of all of it.

I then noticed if I try to go to any of the anti-malware program sites like malwarebytes or superantispyware I'm immediately redirected to google.com or given a weird 404 error in google. This is very strange. Also facebook is now asking for a credit card to unblock it which is clearly a virus of some sort too. In addition to the regular logs requested, I also attached the logs from my full system malwarebytes scan (when I removed live platinum) and the rkillog. I'm running Windows 7 32-bit on a thinkpad laptop.

I also tried to install a new version of superantispyware and I'm getting a "file copy error." I tried their uninstall, rebooting, etc - nothing worked.

Thanks as always!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Jared at 13:26:43 on 2012-09-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1944.579 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe
C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\System32\rpcnet.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ABBYY Lingvo x3\LvAgent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ABBYY Lingvo x3\Tutor.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Users\Jared\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Random House\WUD-WG\WGRU.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Ykzikau] c:\users\jared\appdata\roaming\osgoom\qefou.exe
uRun: [Tutor.exe] "c:\program files\abbyy lingvo x3\Tutor.exe" /AS
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CreateLMBCShortCut] "c:\program files\lenovo\mobile broadband connect\UserShortcutCreator.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
mRun: [lxdqmon.exe] "c:\program files\lexmark z2400 series\lxdqmon.exe"
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [Lingvo Launcher] "c:\program files\abbyy lingvo x3\LvAgent.exe" /STARTUP
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [Absolute Notifier] "c:\program files\absolute software\absolute notifier\AbsoluteNotifier.exe"
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [TpShocks] TpShocks.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [mrfsi] "c:\windows\system32\rundll32.exe" "c:\users\jared\appdata\roaming\mrfsi.dll",ImportModule
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\jared\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jared\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\jared\appdata\roaming\micros~1\windows\startm~1\programs\startup\random~1.lnk - c:\program files\random house\wud-wg\WGRU.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Translate with ABBYY Lingvo x&3 - c:\program files\abbyy lingvo x3\Lingvo.exe/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{69A83257-2A31-4569-BA02-724FF2074429} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{69A83257-2A31-4569-BA02-724FF2074429}\4595149513 : DhcpNameServer = 192.168.1.1 71.250.0.12
TCP: Interfaces\{69A83257-2A31-4569-BA02-724FF2074429}\946514E4E414D20534F5E4564777F627B6D25374 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{69A83257-2A31-4569-BA02-724FF2074429}\C4C65384E465E4D274 : DhcpNameServer = 66.208.1.2 66.208.2.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AutorunsDisabled - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\windows\System32
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jared\appdata\roaming\mozilla\firefox\profiles\uxec0yck.jared\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=mpes
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin10171.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\users\jared\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\jared\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\jared\appdata\roaming\mozilla\firefox\profiles\uxec0yck.jared\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-10-28 25416]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2010-6-16 20592]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-5-10 13680]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 ABBYY.Licensing.Lingvo.Desktop.14.0;ABBYY Lingvo x3 Licencing Service;c:\program files\common files\abbyy\lingvo\14.0\licensing\NetworkLicenseServer.exe [2010-5-7 816392]
R2 AbsoluteNotifier;Absolute Notifier;c:\program files\absolute software\absolute notifier\AbsoluteNotifierService.exe [2011-5-10 10920]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 172032]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\intel\bluetoothhs\BTHSAmpPalService.exe [2011-8-8 948736]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\intel\bluetoothhs\BTHSSecurityMgr.exe [2011-6-3 102672]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\intel\wimax\bin\DMAgent.exe [2009-7-2 348160]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2012-9-7 105832]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2011-5-10 41320]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2011-5-10 65896]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2010-10-29 93032]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-7-25 1326176]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-7-25 681056]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-8-4 130920]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-8-4 64952]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-8-27 2058776]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\intel\wimax\bin\AppSrv.exe [2009-7-2 815104]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2009-8-24 5073920]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-8-24 106496]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\drivers\AmpPal.sys [2011-8-8 243712]
R3 bpenum;Intel® WiMAX Link Enumerator;c:\windows\system32\drivers\bpenum.sys [2009-6-10 56320]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2012-4-30 223960]
R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2009-9-22 5946368]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-8-3 7517696]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-7-2 38336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-27 133104]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2012-4-30 101736]
S2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdqserv.exe [2009-4-27 94208]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2010-11-23 17984]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 250568]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\drivers\AmpPal.sys [2011-8-8 243712]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-10-28 280640]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-10-27 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-27 133104]
S3 hitmanpro36;HitmanPro 3.6 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-9-7 27424]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 114144]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-3-31 22640]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-10-28 1662528]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2011-8-4 165440]
S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2010-1-18 3200]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-24 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-29 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
.
=============== Created Last 30 ================
.
2012-09-07 15:23:10 -------- d-----w- C:\MGtools
2012-09-07 14:06:25 -------- d-----w- c:\program files\iTunes
2012-09-07 14:06:25 -------- d-----w- c:\program files\iPod
2012-09-07 13:59:02 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-07 13:51:04 -------- d-----w- c:\users\jared\appdata\local\Secunia PSI
2012-09-07 13:50:53 -------- d-----w- c:\program files\Secunia
2012-09-07 13:27:36 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-09-07 13:27:35 -------- d-----w- c:\program files\HitmanPro
2012-09-07 13:26:31 -------- d-----w- c:\programdata\HitmanPro
2012-09-07 03:21:04 -------- d-----w- c:\users\jared\appdata\local\{06EDCAA9-F89B-11E1-8270-B8AC6F996F26}
2012-09-07 03:20:58 -------- d-----w- c:\programdata\036DFF85004DCAF6177966A6F875EF7E
2012-09-07 03:20:56 1611264 ----a-w- c:\users\jared\appdata\roaming\mrfsi.dll
2012-09-07 03:19:35 -------- d-----w- c:\users\jared\appdata\roaming\Ysat
2012-09-07 03:19:35 -------- d-----w- c:\users\jared\appdata\roaming\Osgoom
2012-09-07 03:19:35 -------- d-----w- c:\users\jared\appdata\roaming\Ocpig
2012-08-30 02:35:31 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-30 02:01:41 72960 ----a-w- c:\windows\system32\drivers\12ddb0736d3dc27b.sys
2012-08-29 15:16:19 7022536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{00d6911f-c99b-4304-a9a1-0d1498c47dd3}\mpengine.dll
2012-08-23 15:00:32 -------- d-----w- c:\users\jared\appdata\roaming\Zotero
2012-08-23 15:00:32 -------- d-----w- c:\users\jared\appdata\local\Zotero
2012-08-23 14:55:20 -------- d-----w- c:\program files\Zotero Standalone
2012-08-17 22:27:58 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-08-17 14:07:19 112096 ----a-w- c:\windows\system32\acaptuser32.dll
2012-08-16 12:50:29 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-16 12:50:25 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-16 12:50:25 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-16 12:50:25 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-16 12:50:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-16 12:50:13 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-16 12:49:51 769024 ----a-w- c:\windows\system32\localspl.dll
.
==================== Find3M ====================
.
2012-09-07 14:59:43 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-09-07 14:59:41 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-09-07 13:58:53 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-07 13:58:53 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 13:56:44 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 13:56:44 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-07 13:10:23 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2012-07-27 20:51:40 47512 ----a-w- c:\windows\system32\AdobePDF.dll
2012-07-27 20:51:38 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-25 17:35:41 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
.
============= FINISH: 13:28:55.32 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-07 17:28:04
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Services - GMER 1.0.15 ----

Service C:\Windows\System32\Drivers\12ddb0736d3dc27b.sys (*** hidden *** ) [BOOT] 12ddb0736d3dc27b <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\12ddb0736d3dc27b@ImagePath \SystemRoot\System32\Drivers\12ddb0736d3dc27b.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\12ddb0736d3dc27b@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\services\12ddb0736d3dc27b@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\services\12ddb0736d3dc27b@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\12ddb0736d3dc27b@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\12ddb0736d3dc27b@Tag 1
Reg HKLM\SYSTEM\CurrentControlSet\services\12ddb0736d3dc27b@DisplayName syshost.exe
Reg HKLM\SYSTEM\ControlSet002\services\12ddb0736d3dc27b@ImagePath \SystemRoot\System32\Drivers\12ddb0736d3dc27b.sys
Reg HKLM\SYSTEM\ControlSet002\services\12ddb0736d3dc27b@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\services\12ddb0736d3dc27b@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\services\12ddb0736d3dc27b@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\12ddb0736d3dc27b@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\12ddb0736d3dc27b@Tag 1
Reg HKLM\SYSTEM\ControlSet002\services\12ddb0736d3dc27b@DisplayName syshost.exe

---- Files - GMER 1.0.15 ----

File C:\Users\Jared\AppData\Roaming\Thunderbird\Profiles\31rvsotv.default\session.json 794 bytes
File C:\Recycler\S-1-5-21-842925246-2025429265-682008880-1013\com4\hidefiles\WinMend-Folder-Hidden\HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH\HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH\... 0 bytes
File C:\Recycler\S-1-5-21-842925246-2025429265-682008880-1013\com4\hidefiles\WinMend-Folder-Hidden\HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH\HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH\...\Folder_842925246 0 bytes
File C:\Recycler\S-1-5-21-842925246-2025429265-682008880-1013\com4\hidefiles\WinMend-Folder-Hidden\HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH\HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH\...\Folder_842925246\842925246-2025429265-HidePassword.ini 50 bytes
File C:\Recycler\S-1-5-21-842925246-2025429265-682008880-1013\com4\hidefiles\WinMend-Folder-Hidden\HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH\HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH\...\Folder_842925246\Folder_Hidden.ini 2 bytes
File C:\Recycler\S-1-5-21-842925246-2025429265-682008880-1013\com4\hidefiles\WinMend-Folder-Hidden\HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH\HHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH\...\Folder_842925246\Show_Hidden.ini 252 bytes

---- EOF - GMER 1.0.15 ----

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

Hi,

Thanks for the help! Here are the two logs. During the final stage of combofix after reboot, windows asked if I should let dropbox and skype though the firewall. First time I've seen this notification in awhile - I said yes, assuming that was correct.

I can get onto facebook and the anti-virus sites now with no problems. I have not tried to install superanti-spyware program yet. Should I do so? Everything else appears to be working ok.

Thanks!

Results of screen317's Security Check version 0.99.50
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
MVPS Hosts File
Secunia PSI (3.0.0.3001)
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
JavaFX 2.1.1
Java 7 Update 7
Adobe Flash Player 11.4.402.265
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


ComboFix 12-09-09.02 - Jared 09/09/2012 11:43:51.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1944.797 [GMT -4:00]
Running from: c:\users\Jared\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jared\AppData\Roaming\Acoxab
c:\users\Jared\AppData\Roaming\Acoxab\loeft.zas
c:\users\Jared\AppData\Roaming\mrfsi.dll
c:\users\Jared\AppData\Roaming\Olucn
c:\users\Jared\AppData\Roaming\Olucn\zomu.exe
c:\windows\system32\drivers\12ddb0736d3dc27b.sys
c:\windows\system32\drivers\iKeyLFT2.dll
.
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_12ddb0736d3dc27b
-------\Service_12ddb0736d3dc27b
.
.
((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
.
.
2012-09-09 16:08 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4979C0B6-1203-460A-9A53-5656172BCADB}\mpengine.dll
2012-09-09 16:05 . 2012-09-09 16:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-09 16:05 . 2012-09-09 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-09 15:20 . 2012-09-09 15:20 -------- d-----w- c:\users\Jared\AppData\Roaming\Ylpyeb
2012-09-07 15:23 . 2012-09-07 17:14 -------- d-----w- C:\MGtools
2012-09-07 14:06 . 2012-09-07 14:08 -------- d-----w- c:\program files\iTunes
2012-09-07 14:06 . 2012-09-07 14:06 -------- d-----w- c:\program files\iPod
2012-09-07 13:59 . 2012-09-07 13:59 -------- d-----w- c:\program files\Common Files\Java
2012-09-07 13:58 . 2012-09-07 13:58 -------- d-----w- c:\program files\Java
2012-09-07 13:51 . 2012-09-07 13:51 -------- d-----w- c:\users\Jared\AppData\Local\Secunia PSI
2012-09-07 13:50 . 2012-09-07 13:50 -------- d-----w- c:\program files\Secunia
2012-09-07 13:27 . 2012-09-09 15:30 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-09-07 13:27 . 2012-09-07 13:27 -------- d-----w- c:\program files\HitmanPro
2012-09-07 13:26 . 2012-09-09 15:25 -------- d-----w- c:\programdata\HitmanPro
2012-09-07 03:21 . 2012-09-07 03:21 -------- d-----w- c:\users\Jared\AppData\Local\{06EDCAA9-F89B-11E1-8270-B8AC6F996F26}
2012-09-07 03:20 . 2012-09-07 03:22 -------- d-----w- c:\programdata\036DFF85004DCAF6177966A6F875EF7E
2012-09-07 03:19 . 2012-09-08 03:04 -------- d-----w- c:\users\Jared\AppData\Roaming\Ysat
2012-09-07 03:19 . 2012-09-07 03:19 -------- d-----w- c:\users\Jared\AppData\Roaming\Ocpig
2012-08-30 02:35 . 2012-08-30 02:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-29 15:16 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00D6911F-C99B-4304-A9A1-0D1498C47DD3}\mpengine.dll
2012-08-23 15:00 . 2012-08-23 15:00 -------- d-----w- c:\users\Jared\AppData\Roaming\Zotero
2012-08-23 15:00 . 2012-08-23 15:00 -------- d-----w- c:\users\Jared\AppData\Local\Zotero
2012-08-23 14:55 . 2012-08-23 14:55 -------- d-----w- c:\program files\Zotero Standalone
2012-08-17 22:27 . 2012-08-17 22:28 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-08-17 14:07 . 2012-07-30 19:53 112096 ----a-w- c:\windows\system32\acaptuser32.dll
2012-08-16 12:50 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-16 12:50 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-16 12:49 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-09 16:07 . 2010-10-28 22:13 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-09-09 16:07 . 2009-10-26 21:55 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-09-07 17:14 . 2012-09-07 15:23 398455 ----a-w- C:\MGlogs.zip
2012-09-07 13:58 . 2012-09-07 13:59 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-07 13:58 . 2012-07-03 01:18 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-07 13:58 . 2010-04-28 20:53 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 13:56 . 2012-04-12 19:08 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-07 13:56 . 2011-05-19 16:58 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 13:10 . 2010-10-28 22:15 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2012-07-27 20:51 . 2012-07-27 20:51 47512 ----a-w- c:\windows\system32\AdobePDF.dll
2012-07-27 20:51 . 2012-07-27 20:51 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
2012-07-18 17:47 . 2012-08-16 12:50 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 17:46 . 2009-10-28 23:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 00:09 . 2012-08-16 12:51 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:00 . 2012-08-16 12:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-25 17:35 . 2011-12-13 15:21 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-09-07 21:31 . 2012-09-07 21:31 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-26 16:26 . 2012-09-07 21:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jared\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jared\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jared\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 19:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 19:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 19:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 19:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-15 399224]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17345200]
"Tutor.exe"="c:\program files\ABBYY Lingvo x3\Tutor.exe" [2010-09-07 1324296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-07-16 40960]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-26 30192]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2006-12-22 244512]
"lxdqmon.exe"="c:\program files\Lexmark Z2400 Series\lxdqmon.exe" [2010-02-04 672424]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-28 124248]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-28 185688]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"Lingvo Launcher"="c:\program files\ABBYY Lingvo x3\LvAgent.exe" [2010-09-07 1774856]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-03-15 4392512]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-18 31592]
"Absolute Notifier"="c:\program files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2011-05-10 85672]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-12-23 2321680]
"TpShocks"="TpShocks.exe" [2010-07-01 337256]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jared\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Random House Webster's Unabridged Dictionary WordGenius Activate.LNK - c:\program files\Random House\WUD-WG\WGRU.exe [2009-10-27 128592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-8-27 50688]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-11-5 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^Users^Jared^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 14:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 01:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2010-02-04 01:17 107176 ----a-w- c:\program files\Lexmark Z2400 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2012-07-20 19:17 12218904 ----a-w- c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 10:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PSI
*Deregistered* - SASENUM
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 13:56]
.
2012-09-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-27 11:15]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 11:44]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 11:44]
.
2012-08-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2012-09-09 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Translate with ABBYY Lingvo x&3 - c:\program files\ABBYY Lingvo x3\Lingvo.exe/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jared\AppData\Roaming\Mozilla\Firefox\Profiles\uxec0yck.Jared\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=mpes
FF - prefs.js: network.proxy.type - 2
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-mrfsi - c:\users\Jared\AppData\Roaming\mrfsi.dll
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2886773906-1503155382-1841928733-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*õg€j¢
*€²
]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2886773906-1503155382-1841928733-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*õg€j¢
*€²
\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3644)
c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll
c:\program files\Unlocker\UnlockerHook.dll
c:\users\Jared\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\ABBYY Lingvo x3\LvHook.dll
c:\program files\Lenovo\Access Connections\ACDeskBand.dll
c:\program files\Lenovo\Access Connections\AcLocSettings.dll
c:\program files\Lenovo\Access Connections\AcCryptHlpr.dll
c:\program files\Lenovo\Access Connections\ACHelper.dll
c:\program files\Lenovo\Access Connections\AcSvcStub.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\program files\HitmanPro\hmpsched.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe
c:\program files\LENOVO\HOTKEY\TPHKSVC.exe
c:\program files\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe
c:\program files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Lenovo\Communications Utility\CAMMUTE.exe
c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe
c:\program files\LENOVO\VIRTSCRL\lvvsst.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\programdata\Rpcnet\Bin\rpcld.exe
c:\windows\System32\rpcnet.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Secunia\PSI\PSIA.exe
c:\program files\Intel\WiMAX\Bin\AppSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Intel\WiMAX\Bin\DMAgent.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Access Connections\SvcGuiHlpr.exe
c:\windows\system32\conhost.exe
c:\program files\ThinkVantage\PrdCtr\LPMLCHK.EXE
c:\program files\ThinkVantage\PrdCtr\LPMGR.EXE
c:\windows\System32\rundll32.exe
c:\windows\System32\TpShocks.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\DllHost.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
.
**************************************************************************
.
Completion time: 2012-09-09 12:28:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-09 16:28
ComboFix2.txt 2012-07-21 15:21
ComboFix3.txt 2012-07-20 15:33
ComboFix4.txt 2012-02-10 17:51
.
Pre-Run: 26,898,911,232 bytes free
Post-Run: 27,000,156,160 bytes free
.
- - End Of File - - ACD5C5144F8BE463EB7CF52C4FCB8232

And I just saw in the report that windows security service wasn't disable during the run. Sorry I missed that - if I need to run again let me know and I'll do so immediately.

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
• it will ask to download extra definitions - ALLOW IT
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Here are the logs. The asw appears to have frozen when scanning the mp3enc.exe file - it didn't move for an hour. I grabbed the log anyway. No other internet changes positive or negative to report right now.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-09 13:44:04
-----------------------------
13:44:04.151 OS Version: Windows 6.1.7601 Service Pack 1
13:44:04.151 Number of processors: 2 586 0x170A
13:44:04.151 ComputerName: JARED-PC UserName: Jared
13:44:41.591 Initialize success
14:03:32.168 AVAST engine defs: 12090900
14:04:41.983 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:04:41.983 Disk 0 Vendor: HITACHI_ PB2Z Size: 238475MB BusType: 3
14:04:42.030 Disk 0 MBR read successfully
14:04:42.030 Disk 0 MBR scan
14:04:42.124 Disk 0 unknown MBR code
14:04:42.155 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048
14:04:42.217 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 226972 MB offset 3074048
14:04:42.248 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 467914752
14:04:42.280 Disk 0 scanning sectors +488394752
14:04:42.404 Disk 0 scanning C:\Windows\system32\drivers
14:05:29.099 Service scanning
14:07:53.290 Modules scanning
14:09:08.030 Disk 0 trace - called modules:
14:09:08.576 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
14:09:08.576 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d33030]
14:09:08.592 3 CLASSPNP.SYS[893cd59e] -> nt!IofCallDriver -> [0x863066b0]
14:09:08.592 5 ACPI.sys[83c9a3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f01028]
14:09:23.210 AVAST engine scan C:\Windows
14:10:01.932 AVAST engine scan C:\Windows\system32
14:17:58.403 File: C:\Windows\system32\WinFLdrv.sys **HIDDEN**
14:20:29.648 AVAST engine scan C:\Windows\system32\drivers
14:21:14.856 AVAST engine scan C:\Users\Jared
15:06:31.960 Disk 0 MBR has been saved successfully to "C:\Users\Jared\Desktop\MBR.dat"
15:06:31.976 The log file has been saved successfully to "C:\Users\Jared\Desktop\aswMBR.txt"

13:40:09.0361 7824 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
13:40:09.0767 7824 ============================================================
13:40:09.0767 7824 Current date / time: 2012/09/09 13:40:09.0767
13:40:09.0767 7824 SystemInfo:
13:40:09.0767 7824
13:40:09.0767 7824 OS Version: 6.1.7601 ServicePack: 1.0
13:40:09.0767 7824 Product type: Workstation
13:40:09.0767 7824 ComputerName: JARED-PC
13:40:09.0767 7824 UserName: Jared
13:40:09.0767 7824 Windows directory: C:\Windows
13:40:09.0767 7824 System windows directory: C:\Windows
13:40:09.0767 7824 Processor architecture: Intel x86
13:40:09.0767 7824 Number of processors: 2
13:40:09.0767 7824 Page size: 0x1000
13:40:09.0767 7824 Boot type: Normal boot
13:40:09.0767 7824 ============================================================
13:40:11.0841 7824 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
13:40:11.0904 7824 ============================================================
13:40:11.0904 7824 \Device\Harddisk0\DR0:
13:40:11.0904 7824 MBR partitions:
13:40:11.0904 7824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
13:40:11.0904 7824 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BB4E7F8
13:40:11.0904 7824 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1BE3D000, BlocksNum 0x1388000
13:40:11.0904 7824 ============================================================
13:40:12.0060 7824 C: <-> \Device\Harddisk0\DR0\Partition2
13:40:12.0107 7824 S: <-> \Device\Harddisk0\DR0\Partition1
13:40:12.0278 7824 Q: <-> \Device\Harddisk0\DR0\Partition3
13:40:12.0840 7824 ============================================================
13:40:12.0840 7824 Initialize success
13:40:12.0840 7824 ============================================================
13:40:18.0206 7744 ============================================================
13:40:18.0206 7744 Scan started
13:40:18.0206 7744 Mode: Manual;
13:40:18.0206 7744 ============================================================
13:40:22.0777 7744 ================ Scan system memory ========================
13:40:22.0777 7744 System memory - ok
13:40:22.0777 7744 ================ Scan services =============================
13:40:23.0791 7744 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:40:23.0807 7744 1394ohci - ok
13:40:23.0900 7744 [ BEB5E6A8C17C3C7485563281E0F9E77E ] 61883 C:\Windows\system32\DRIVERS\61883.sys
13:40:23.0900 7744 61883 - ok
13:40:24.0197 7744 [ F87AB6AD0921EFDB051D83D9B7224BBB ] ABBYY.Licensing.Lingvo.Desktop.14.0 C:\Program Files\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe
13:40:24.0197 7744 ABBYY.Licensing.Lingvo.Desktop.14.0 - ok
13:40:24.0368 7744 [ 28D79AAA4E1C15577A86F930E8DA5E50 ] AbsoluteNotifier C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
13:40:24.0384 7744 AbsoluteNotifier - ok
13:40:24.0509 7744 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:40:24.0524 7744 ACPI - ok
13:40:24.0634 7744 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:40:24.0634 7744 AcpiPmi - ok
13:40:24.0868 7744 [ 40C186D35C0E307240D6BCA399332B24 ] AcPrfMgrSvc C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
13:40:24.0883 7744 AcPrfMgrSvc - ok
13:40:24.0914 7744 [ 51E12E36BDEB10C0D9DBDB1FA4914800 ] AcSvc C:\Program Files\Lenovo\Access Connections\AcSvc.exe
13:40:24.0946 7744 AcSvc - ok
13:40:25.0133 7744 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:40:25.0148 7744 AdobeARMservice - ok
13:40:25.0367 7744 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:40:25.0398 7744 AdobeFlashPlayerUpdateSvc - ok
13:40:25.0507 7744 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:40:25.0538 7744 adp94xx - ok
13:40:25.0570 7744 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:40:25.0601 7744 adpahci - ok
13:40:25.0616 7744 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:40:25.0648 7744 adpu320 - ok
13:40:25.0710 7744 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:40:25.0710 7744 AeLookupSvc - ok
13:40:25.0850 7744 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
13:40:25.0882 7744 AFD - ok
13:40:25.0944 7744 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
13:40:25.0944 7744 agp440 - ok
13:40:26.0038 7744 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
13:40:26.0084 7744 aic78xx - ok
13:40:26.0194 7744 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
13:40:26.0194 7744 ALG - ok
13:40:26.0318 7744 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
13:40:26.0334 7744 aliide - ok
13:40:26.0428 7744 [ D4713285C6F84272635DFE73BD9ED389 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:40:26.0428 7744 AMD External Events Utility - ok
13:40:26.0474 7744 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:40:26.0490 7744 amdagp - ok
13:40:26.0537 7744 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
13:40:26.0537 7744 amdide - ok
13:40:26.0630 7744 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:40:26.0630 7744 AmdK8 - ok
13:40:27.0052 7744 [ 3A894B97304C06FF46B5E7B6D1936BC3 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
13:40:27.0332 7744 amdkmdag - ok
13:40:27.0379 7744 [ 8E1023B042F6502CC83308FB1EBF5AA2 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:40:27.0379 7744 amdkmdap - ok
13:40:27.0457 7744 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:40:27.0457 7744 AmdPPM - ok
13:40:27.0551 7744 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:40:27.0551 7744 amdsata - ok
13:40:27.0613 7744 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:40:27.0644 7744 amdsbs - ok
13:40:27.0691 7744 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:40:27.0691 7744 amdxata - ok
13:40:27.0785 7744 [ 99BBEF4A68BF398ED647F4EEB8FF66D4 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
13:40:27.0816 7744 AMPPAL - ok
13:40:27.0878 7744 [ 99BBEF4A68BF398ED647F4EEB8FF66D4 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
13:40:27.0878 7744 AMPPALP - ok
13:40:28.0019 7744 [ EF4022E9C59B20438C1304424D9441F4 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
13:40:28.0050 7744 AMPPALR3 - ok
13:40:28.0128 7744 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
13:40:28.0175 7744 AppID - ok
13:40:28.0237 7744 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:40:28.0237 7744 AppIDSvc - ok
13:40:28.0378 7744 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
13:40:28.0378 7744 Appinfo - ok
13:40:28.0705 7744 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:40:28.0736 7744 Apple Mobile Device - ok
13:40:28.0830 7744 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
13:40:28.0861 7744 AppMgmt - ok
13:40:28.0939 7744 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
13:40:28.0939 7744 arc - ok
13:40:28.0986 7744 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:40:28.0986 7744 arcsas - ok
13:40:29.0064 7744 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:40:29.0095 7744 AsyncMac - ok
13:40:29.0158 7744 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
13:40:29.0189 7744 atapi - ok
13:40:29.0610 7744 [ 3A894B97304C06FF46B5E7B6D1936BC3 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:40:29.0860 7744 atikmdag - ok
13:40:29.0953 7744 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:40:29.0969 7744 AudioEndpointBuilder - ok
13:40:29.0984 7744 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:40:29.0984 7744 Audiosrv - ok
13:40:30.0062 7744 [ C44BDD77E06053CF5AFE046F3A47C16B ] Avc C:\Windows\system32\DRIVERS\avc.sys
13:40:30.0062 7744 Avc - ok
13:40:30.0187 7744 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:40:30.0203 7744 AxInstSV - ok
13:40:30.0328 7744 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
13:40:30.0390 7744 b06bdrv - ok
13:40:30.0452 7744 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
13:40:30.0484 7744 b57nd60x - ok
13:40:30.0562 7744 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
13:40:30.0577 7744 BDESVC - ok
13:40:30.0640 7744 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
13:40:30.0640 7744 Beep - ok
13:40:30.0764 7744 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
13:40:30.0796 7744 BFE - ok
13:40:30.0889 7744 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
13:40:30.0920 7744 BITS - ok
13:40:30.0967 7744 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:40:30.0967 7744 blbdrive - ok
13:40:31.0123 7744 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:40:31.0123 7744 Bonjour Service - ok
13:40:31.0217 7744 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:40:31.0232 7744 bowser - ok
13:40:31.0279 7744 [ 416B334CE8F5FF6B3A761DC09C284452 ] bpenum C:\Windows\system32\DRIVERS\bpenum.sys
13:40:31.0310 7744 bpenum - ok
13:40:31.0404 7744 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:40:31.0404 7744 BrFiltLo - ok
13:40:31.0451 7744 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:40:31.0451 7744 BrFiltUp - ok
13:40:31.0529 7744 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:40:31.0544 7744 BridgeMP - ok
13:40:31.0607 7744 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
13:40:31.0622 7744 Browser - ok
13:40:31.0685 7744 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:40:31.0685 7744 Brserid - ok
13:40:31.0747 7744 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:40:31.0747 7744 BrSerWdm - ok
13:40:31.0810 7744 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:40:31.0810 7744 BrUsbMdm - ok
13:40:31.0856 7744 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:40:31.0872 7744 BrUsbSer - ok
13:40:31.0903 7744 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:40:31.0903 7744 BTHMODEM - ok
13:40:31.0997 7744 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
13:40:32.0012 7744 bthserv - ok
13:40:32.0106 7744 [ 8893814133AFDD17431E2682EDE2DCE9 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
13:40:32.0122 7744 BTHSSecurityMgr - ok
13:40:32.0246 7744 catchme - ok
13:40:32.0293 7744 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:40:32.0293 7744 cdfs - ok
13:40:32.0402 7744 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:40:32.0402 7744 cdrom - ok
13:40:32.0496 7744 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
13:40:32.0512 7744 CertPropSvc - ok
13:40:32.0558 7744 CFcatchme - ok
13:40:32.0605 7744 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:40:32.0621 7744 circlass - ok
13:40:32.0699 7744 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
13:40:32.0714 7744 CLFS - ok
13:40:32.0870 7744 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:40:32.0902 7744 clr_optimization_v2.0.50727_32 - ok
13:40:33.0011 7744 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:40:33.0120 7744 clr_optimization_v4.0.30319_32 - ok
13:40:33.0198 7744 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:40:33.0198 7744 CmBatt - ok
13:40:33.0229 7744 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:40:33.0307 7744 cmdide - ok
13:40:33.0448 7744 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
13:40:33.0479 7744 CNG - ok
13:40:33.0619 7744 [ 726803D911045D283509D3CDD91D8E52 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
13:40:33.0650 7744 CnxtHdAudService - ok
13:40:33.0744 7744 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:40:33.0791 7744 Compbatt - ok
13:40:33.0884 7744 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:40:33.0884 7744 CompositeBus - ok
13:40:33.0916 7744 COMSysApp - ok
13:40:33.0947 7744 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:40:33.0962 7744 crcdisk - ok
13:40:34.0040 7744 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:40:34.0040 7744 CryptSvc - ok
13:40:34.0118 7744 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
13:40:34.0134 7744 CSC - ok
13:40:34.0274 7744 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
13:40:34.0274 7744 CscService - ok
13:40:34.0384 7744 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
13:40:34.0399 7744 CVirtA - ok
13:40:34.0540 7744 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
13:40:34.0555 7744 CVPND - ok
13:40:34.0836 7744 [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
13:40:34.0867 7744 CVPNDRVA - ok
13:40:34.0930 7744 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
13:40:34.0961 7744 DcomLaunch - ok
13:40:35.0008 7744 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
13:40:35.0070 7744 defragsvc - ok
13:40:35.0132 7744 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:40:35.0132 7744 DfsC - ok
13:40:35.0242 7744 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
13:40:35.0257 7744 Dhcp - ok
13:40:35.0320 7744 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
13:40:35.0366 7744 discache - ok
13:40:35.0507 7744 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:40:35.0538 7744 Disk - ok
13:40:35.0678 7744 [ 5B149CCFE275F4DE0B4B8EC6B9F6821E ] DLABMFSM C:\Windows\system32\DLA\DLABMFSM.SYS
13:40:35.0788 7744 DLABMFSM - ok
13:40:35.0850 7744 [ AD4CB3D783634C90A9D0CE360933A63C ] DLABOIOM C:\Windows\system32\DLA\DLABOIOM.SYS
13:40:35.0866 7744 DLABOIOM - ok
13:40:35.0928 7744 [ 5230CDB7E715F3A3B4A882E254CDD35D ] DLACDBHM C:\Windows\system32\Drivers\DLACDBHM.SYS
13:40:35.0928 7744 DLACDBHM - ok
13:40:35.0975 7744 [ 93D03238CC3F0EE3C0B3985D110EC575 ] DLADResM C:\Windows\system32\DLA\DLADResM.SYS
13:40:35.0990 7744 DLADResM - ok
13:40:36.0053 7744 [ 6A82F77C4A6F5235BF352F0028E2EF52 ] DLAIFS_M C:\Windows\system32\DLA\DLAIFS_M.SYS
13:40:36.0084 7744 DLAIFS_M - ok
13:40:36.0115 7744 [ 0E6052C0ADA37504896A847231A3907D ] DLAOPIOM C:\Windows\system32\DLA\DLAOPIOM.SYS
13:40:36.0115 7744 DLAOPIOM - ok
13:40:36.0209 7744 [ 29670BB4E2B973C5B55A76107D4910B2 ] DLAPoolM C:\Windows\system32\DLA\DLAPoolM.SYS
13:40:36.0240 7744 DLAPoolM - ok
13:40:36.0256 7744 [ 77FE51F0F8D86804CB81F6EF6BFB86DD ] DLARTL_M C:\Windows\system32\Drivers\DLARTL_M.SYS
13:40:36.0271 7744 DLARTL_M - ok
13:40:36.0334 7744 [ 6B087732B86C1D866D69DBBE463EA90A ] DLAUDFAM C:\Windows\system32\DLA\DLAUDFAM.SYS
13:40:36.0334 7744 DLAUDFAM - ok
13:40:36.0396 7744 [ BBEECB95F2841AE4A3E3690D46D7153D ] DLAUDF_M C:\Windows\system32\DLA\DLAUDF_M.SYS
13:40:36.0396 7744 DLAUDF_M - ok
13:40:36.0630 7744 [ 1A599ED18FD1277C77C613CF6BFD395B ] DMAgent C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
13:40:36.0646 7744 DMAgent - ok
13:40:36.0817 7744 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
13:40:36.0895 7744 DNE - ok
13:40:37.0036 7744 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:40:37.0098 7744 Dnscache - ok
13:40:37.0254 7744 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
13:40:37.0270 7744 dot3svc - ok
13:40:37.0519 7744 [ 3C2FEC38D9D825C69C29FE5EB7339CB5 ] DozeHDD C:\Windows\system32\DRIVERS\DozeHDD.sys
13:40:37.0550 7744 DozeHDD - ok
13:40:37.0925 7744 [ A318DF063DF2BC2C5F81644997068631 ] DozeSvc C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
13:40:37.0956 7744 DozeSvc - ok
13:40:38.0018 7744 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
13:40:38.0034 7744 DPS - ok
13:40:38.0128 7744 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:40:38.0128 7744 drmkaud - ok
13:40:38.0159 7744 [ 83106585494D5EB96F59187200C144BD ] DRVMCDB C:\Windows\system32\Drivers\DRVMCDB.SYS
13:40:38.0159 7744 DRVMCDB - ok
13:40:38.0252 7744 [ FFC371525AA55D1BAE18715EBCB8797C ] DRVNDDM C:\Windows\system32\Drivers\DRVNDDM.SYS
13:40:38.0284 7744 DRVNDDM - ok
13:40:38.0424 7744 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:40:38.0455 7744 DXGKrnl - ok
13:40:38.0564 7744 [ F8261752AB473E3B24376AAB280AD15A ] e1yexpress C:\Windows\system32\DRIVERS\e1y6232.sys
13:40:38.0596 7744 e1yexpress - ok
13:40:38.0689 7744 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
13:40:38.0689 7744 EapHost - ok
13:40:39.0313 7744 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
13:40:39.0485 7744 ebdrv - ok
13:40:39.0563 7744 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
13:40:39.0594 7744 EFS - ok
13:40:39.0781 7744 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:40:39.0859 7744 ehRecvr - ok
13:40:39.0922 7744 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
13:40:39.0953 7744 ehSched - ok
13:40:40.0062 7744 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:40:40.0078 7744 elxstor - ok
13:40:40.0124 7744 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:40:40.0140 7744 ErrDev - ok
13:40:40.0249 7744 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
13:40:40.0265 7744 EventSystem - ok
13:40:40.0608 7744 [ B6C691D8CAE275ED9B2782E62626F36A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:40:40.0639 7744 EvtEng - ok
13:40:40.0748 7744 ewusbnet - ok
13:40:40.0780 7744 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
13:40:40.0795 7744 exfat - ok
13:40:40.0826 7744 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:40:40.0826 7744 fastfat - ok
13:40:41.0029 7744 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
13:40:41.0045 7744 Fax - ok
13:40:41.0123 7744 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:40:41.0154 7744 fdc - ok
13:40:41.0216 7744 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
13:40:41.0216 7744 fdPHost - ok
13:40:41.0279 7744 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
13:40:41.0294 7744 FDResPub - ok
13:40:41.0326 7744 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:40:41.0326 7744 FileInfo - ok
13:40:41.0357 7744 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:40:41.0404 7744 Filetrace - ok
13:40:41.0544 7744 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:40:41.0591 7744 FLEXnet Licensing Service - ok
13:40:41.0653 7744 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:40:41.0653 7744 flpydisk - ok
13:40:41.0731 7744 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:40:41.0762 7744 FltMgr - ok
13:40:42.0012 7744 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
13:40:42.0028 7744 FontCache - ok
13:40:42.0152 7744 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:40:42.0152 7744 FontCache3.0.0.0 - ok
13:40:42.0184 7744 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:40:42.0199 7744 FsDepends - ok
13:40:42.0262 7744 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:40:42.0324 7744 Fs_Rec - ok
13:40:42.0433 7744 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:40:42.0449 7744 fvevol - ok
13:40:42.0542 7744 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:40:42.0558 7744 gagp30kx - ok
13:40:42.0574 7744 GdmWmPrt - ok
13:40:42.0652 7744 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:40:42.0667 7744 GEARAspiWDM - ok
13:40:42.0808 7744 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
13:40:42.0823 7744 GoogleDesktopManager-051210-111108 - ok
13:40:42.0886 7744 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
13:40:42.0917 7744 gpsvc - ok
13:40:43.0010 7744 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
13:40:43.0042 7744 gupdate - ok
13:40:43.0681 7744 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:40:43.0681 7744 gupdatem - ok
13:40:43.0775 7744 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:40:43.0790 7744 gusvc - ok
13:40:43.0853 7744 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:40:43.0900 7744 hcw85cir - ok
13:40:44.0024 7744 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:40:44.0040 7744 HDAudBus - ok
13:40:44.0149 7744 [ 2DF64415A28CE036AC6ACEC7645A996F ] HECI C:\Windows\system32\DRIVERS\HECI.sys
13:40:44.0212 7744 HECI - ok
13:40:44.0274 7744 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:40:44.0321 7744 HidBatt - ok
13:40:44.0368 7744 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:40:44.0383 7744 HidBth - ok
13:40:44.0477 7744 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:40:44.0508 7744 HidIr - ok
13:40:44.0602 7744 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
13:40:44.0633 7744 hidserv - ok
13:40:44.0742 7744 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:40:44.0789 7744 HidUsb - ok
13:40:44.0929 7744 [ 47EECE68857817F39C8C6F33A7E5E76C ] hitmanpro36 C:\Windows\system32\drivers\hitmanpro36.sys
13:40:44.0960 7744 hitmanpro36 - ok
13:40:45.0101 7744 [ 54D9E71DD3F6DF476B99543F88650EDF ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
13:40:45.0132 7744 HitmanProScheduler - ok
13:40:45.0210 7744 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:40:45.0241 7744 hkmsvc - ok
13:40:45.0335 7744 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:40:45.0366 7744 HomeGroupListener - ok
13:40:45.0522 7744 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:40:45.0553 7744 HomeGroupProvider - ok
13:40:45.0662 7744 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:40:45.0678 7744 HpSAMD - ok
13:40:46.0006 7744 [ FADD7095163CB3CB4073793EBB50FE75 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
13:40:46.0037 7744 HSF_DPV - ok
13:40:46.0099 7744 [ 058783BEDD17615D1FECE09F77960436 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
13:40:46.0099 7744 HSXHWAZL - ok
13:40:46.0240 7744 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:40:46.0271 7744 HTTP - ok
13:40:46.0458 7744 hwdatacard - ok
13:40:46.0567 7744 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:40:46.0676 7744 hwpolicy - ok
13:40:46.0864 7744 hwusbdev - ok
13:40:47.0051 7744 hwusbfake - ok
13:40:47.0300 7744 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:40:47.0363 7744 i8042prt - ok
13:40:47.0768 7744 [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
13:40:47.0815 7744 IAANTMON - ok
13:40:47.0956 7744 [ 01446278D4563B3013C92830AE6CBB26 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
13:40:47.0956 7744 iaStor - ok
13:40:48.0096 7744 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:40:48.0158 7744 iaStorV - ok
13:40:48.0268 7744 [ FA3D0A6DA7BB7968EFE5C5BC267F0E55 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
13:40:48.0268 7744 IBMPMDRV - ok
13:40:48.0361 7744 [ 495F184A29B80B51735BCEE91D84FE8F ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
13:40:48.0392 7744 IBMPMSVC - ok
13:40:48.0658 7744 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:40:48.0736 7744 IDriverT - ok
13:40:49.0110 7744 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:40:49.0188 7744 idsvc - ok
13:40:51.0247 7744 [ 36CC40B02AE593D6152AC8BD657720AF ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
13:40:51.0793 7744 igfx - ok
13:40:52.0105 7744 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:40:52.0183 7744 iirsp - ok
13:40:52.0792 7744 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
13:40:52.0885 7744 IKEEXT - ok
13:40:52.0994 7744 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
13:40:53.0150 7744 intelide - ok
13:40:55.0381 7744 [ 36CC40B02AE593D6152AC8BD657720AF ] intelkmd C:\Windows\system32\DRIVERS\igdpmd32.sys
13:40:55.0849 7744 intelkmd - ok
13:40:56.0068 7744 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:40:56.0130 7744 intelppm - ok
13:40:56.0224 7744 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:40:56.0239 7744 IPBusEnum - ok
13:40:56.0333 7744 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:40:56.0380 7744 IpFilterDriver - ok
13:40:56.0863 7744 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:40:56.0910 7744 iphlpsvc - ok
13:40:57.0004 7744 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:40:57.0050 7744 IPMIDRV - ok
13:40:57.0097 7744 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:40:57.0113 7744 IPNAT - ok
13:40:57.0487 7744 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:40:57.0550 7744 iPod Service - ok
13:40:57.0706 7744 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:40:57.0768 7744 IRENUM - ok
13:40:57.0862 7744 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:40:57.0924 7744 isapnp - ok
13:40:58.0189 7744 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:40:58.0673 7744 iScsiPrt - ok
13:40:58.0876 7744 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
13:40:58.0969 7744 IviRegMgr - ok
13:40:59.0266 7744 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
13:40:59.0359 7744 kbdclass - ok
13:40:59.0453 7744 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:40:59.0515 7744 kbdhid - ok
13:40:59.0562 7744 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
13:40:59.0578 7744 KeyIso - ok
13:40:59.0749 7744 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:40:59.0827 7744 KSecDD - ok
13:40:59.0905 7744 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:40:59.0936 7744 KSecPkg - ok
13:41:00.0155 7744 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
13:41:00.0248 7744 KtmRm - ok
13:41:00.0404 7744 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
13:41:00.0451 7744 LanmanServer - ok
13:41:00.0498 7744 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:41:00.0545 7744 LanmanWorkstation - ok
13:41:00.0950 7744 Lavasoft Kernexplorer - ok
13:41:01.0028 7744 Lbd - ok
13:41:01.0808 7744 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
13:41:01.0824 7744 LBTServ - ok
13:41:02.0136 7744 [ 8B5EB24FCE3926128138B769D50CEE1B ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
13:41:02.0167 7744 LENOVO.CAMMUTE - ok
13:41:02.0479 7744 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
13:41:02.0651 7744 LENOVO.MICMUTE - ok
13:41:03.0103 7744 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
13:41:03.0509 7744 lenovo.smi - ok
13:41:03.0618 7744 [ F1A055E1381528E947CDB959117B67D0 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
13:41:03.0665 7744 LENOVO.TPKNRSVC - ok
13:41:03.0774 7744 [ 6F2CC57EB5836D2AC9BD37F3554D55F8 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
13:41:03.0774 7744 Lenovo.VIRTSCRLSVC - ok
13:41:04.0008 7744 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:41:04.0070 7744 LHidFilt - ok
13:41:04.0445 7744 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:41:04.0648 7744 lltdio - ok
13:41:04.0757 7744 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:41:04.0850 7744 lltdsvc - ok
13:41:04.0975 7744 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
13:41:05.0006 7744 lmhosts - ok
13:41:05.0178 7744 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:41:05.0178 7744 LMouFilt - ok
13:41:05.0318 7744 [ 6A38BF67BBA38E8087F2A0F05FAB6DE7 ] LMS C:\Program Files\Intel\AMT\LMS.exe
13:41:05.0396 7744 LMS - ok
13:41:05.0521 7744 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:41:05.0537 7744 LSI_FC - ok
13:41:05.0568 7744 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:41:05.0584 7744 LSI_SAS - ok
13:41:05.0646 7744 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:41:05.0677 7744 LSI_SAS2 - ok
13:41:05.0708 7744 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:41:05.0724 7744 LSI_SCSI - ok
13:41:05.0786 7744 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
13:41:05.0802 7744 luafv - ok
13:41:06.0176 7744 [ 3EB293211B3ADFA50C5BD84660C6EF33 ] LVcKap C:\Windows\system32\DRIVERS\LVcKap.sys
13:41:06.0270 7744 LVcKap - ok
13:41:06.0676 7744 [ F323BA024DA94EC7524755A3B3625097 ] LVMVDrv C:\Windows\system32\DRIVERS\LVMVDrv.sys
13:41:06.0785 7744 LVMVDrv - ok
13:41:07.0128 7744 [ B0456B8A332135C1216FF2374B584161 ] lvpopflt C:\Windows\system32\DRIVERS\lvpopflt.sys
13:41:07.0159 7744 lvpopflt - ok
13:41:07.0222 7744 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
13:41:07.0268 7744 LVPr2Mon - ok
13:41:07.0440 7744 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
13:41:07.0502 7744 LVPrcSrv - ok
13:41:07.0565 7744 [ CF670E0917DA4FC4E0AA1068A635B673 ] LVSrvLauncher C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
13:41:07.0596 7744 LVSrvLauncher - ok
13:41:07.0658 7744 [ F7E15F2FE7790733DF86E95A76556389 ] LVUSBSta C:\Windows\system32\DRIVERS\LVUSBSta.sys
13:41:07.0690 7744 LVUSBSta - ok
13:41:08.0033 7744 [ 92D03DC19EAE9D0A86735705E374FDAD ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
13:41:08.0158 7744 LVUVC - ok
13:41:08.0423 7744 [ 4A0B6533F035D74729942EE1D19C35C5 ] lxdqCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdqserv.exe
13:41:08.0704 7744 lxdqCATSCustConnectService - ok
13:41:08.0750 7744 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:41:08.0766 7744 Mcx2Svc - ok
13:41:08.0813 7744 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:41:08.0828 7744 mdmxsdk - ok
13:41:08.0875 7744 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:41:08.0906 7744 megasas - ok
13:41:09.0031 7744 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:41:09.0047 7744 MegaSR - ok
13:41:09.0094 7744 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
13:41:09.0109 7744 MMCSS - ok
13:41:09.0140 7744 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
13:41:09.0140 7744 Modem - ok
13:41:09.0203 7744 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:41:09.0203 7744 monitor - ok
13:41:09.0312 7744 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:41:09.0359 7744 mouclass - ok
13:41:09.0390 7744 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:41:09.0437 7744 mouhid - ok
13:41:09.0515 7744 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:41:09.0515 7744 mountmgr - ok
13:41:09.0952 7744 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:41:09.0967 7744 MozillaMaintenance - ok
13:41:10.0045 7744 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
13:41:10.0061 7744 mpio - ok
13:41:10.0092 7744 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:41:10.0108 7744 mpsdrv - ok
13:41:10.0342 7744 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:41:10.0373 7744 MpsSvc - ok
13:41:10.0435 7744 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:41:10.0451 7744 MRxDAV - ok
13:41:10.0544 7744 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:41:10.0560 7744 mrxsmb - ok
13:41:10.0654 7744 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:41:10.0669 7744 mrxsmb10 - ok
13:41:10.0732 7744 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:41:10.0763 7744 mrxsmb20 - ok
13:41:10.0856 7744 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
13:41:10.0872 7744 msahci - ok
13:41:10.0888 7744 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:41:10.0903 7744 msdsm - ok
13:41:10.0934 7744 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
13:41:10.0966 7744 MSDTC - ok
13:41:11.0106 7744 [ 114B67C324D64C8195FD3BF93B4DF02A ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
13:41:11.0122 7744 MSDV - ok
13:41:11.0200 7744 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:41:11.0215 7744 Msfs - ok
13:41:11.0278 7744 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:41:11.0324 7744 mshidkmdf - ok
13:41:11.0371 7744 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:41:11.0402 7744 msisadrv - ok
13:41:11.0480 7744 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:41:11.0512 7744 MSiSCSI - ok
13:41:11.0512 7744 msiserver - ok
13:41:11.0605 7744 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:41:11.0636 7744 MSKSSRV - ok
13:41:11.0668 7744 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:41:11.0699 7744 MSPCLOCK - ok
13:41:11.0746 7744 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:41:11.0746 7744 MSPQM - ok
13:41:11.0824 7744 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:41:11.0870 7744 MsRPC - ok
13:41:11.0933 7744 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:41:11.0964 7744 mssmbios - ok
13:41:11.0995 7744 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:41:12.0011 7744 MSTEE - ok
13:41:12.0042 7744 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:41:12.0073 7744 MTConfig - ok
13:41:12.0120 7744 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
13:41:12.0151 7744 Mup - ok
13:41:12.0198 7744 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
13:41:12.0214 7744 napagent - ok
13:41:12.0354 7744 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:41:12.0401 7744 NativeWifiP - ok
13:41:12.0604 7744 [ 87A00FAEDD703D8D2BDCB29CE5EEEA6B ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
13:41:12.0619 7744 NBService - ok
13:41:12.0884 7744 [ 3723262737D90F58059CEDA7373B0387 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:41:12.0900 7744 NDIS - ok
13:41:13.0025 7744 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:41:13.0056 7744 NdisCap - ok
13:41:13.0103 7744 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:41:13.0118 7744 NdisTapi - ok
13:41:13.0228 7744 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:41:13.0243 7744 Ndisuio - ok
13:41:13.0321 7744 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:41:13.0352 7744 NdisWan - ok
13:41:13.0415 7744 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:41:13.0430 7744 NDProxy - ok
13:41:13.0508 7744 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:41:13.0649 7744 NetBIOS - ok
13:41:13.0820 7744 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:41:13.0852 7744 NetBT - ok
13:41:13.0898 7744 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
13:41:13.0914 7744 Netlogon - ok
13:41:14.0070 7744 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
13:41:14.0101 7744 Netman - ok
13:41:14.0132 7744 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
13:41:14.0148 7744 netprofm - ok
13:41:14.0195 7744 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:41:14.0226 7744 NetTcpPortSharing - ok
13:41:14.0616 7744 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
13:41:15.0006 7744 netw5v32 - ok
13:41:16.0020 7744 [ 5C979C481981E04919ECBB3B88D54B34 ] NETwNs32 C:\Windows\system32\DRIVERS\NETwNs32.sys
13:41:16.0379 7744 NETwNs32 - ok
13:41:16.0457 7744 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:41:16.0488 7744 nfrd960 - ok
13:41:16.0566 7744 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:41:16.0597 7744 NlaSvc - ok
13:41:16.0628 7744 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:41:16.0660 7744 Npfs - ok
13:41:16.0691 7744 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
13:41:16.0722 7744 nsi - ok
13:41:16.0753 7744 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:41:16.0769 7744 nsiproxy - ok
13:41:16.0862 7744 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:41:16.0894 7744 Ntfs - ok
13:41:16.0940 7744 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
13:41:16.0956 7744 Null - ok
13:41:17.0081 7744 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:41:17.0112 7744 nvraid - ok
13:41:17.0159 7744 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:41:17.0159 7744 nvstor - ok
13:41:17.0237 7744 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:41:17.0237 7744 nv_agp - ok
13:41:17.0299 7744 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:41:17.0315 7744 ohci1394 - ok
13:41:17.0455 7744 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:41:17.0455 7744 ose - ok
13:41:17.0564 7744 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:41:17.0596 7744 p2pimsvc - ok
13:41:17.0674 7744 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
13:41:17.0705 7744 p2psvc - ok
13:41:17.0783 7744 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:41:17.0798 7744 Parport - ok
13:41:17.0861 7744 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:41:17.0892 7744 partmgr - ok
13:41:17.0908 7744 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
13:41:17.0923 7744 Parvdm - ok
13:41:17.0986 7744 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:41:18.0001 7744 PcaSvc - ok
13:41:18.0407 7744 [ 2DD9D5A9150C7015AC7F215EFA59E44F ] PCDSRVC{3037D694-FD904ACA-06020200}_0 c:\program files\pc-doctor\pcdsrvc.pkms
13:41:18.0797 7744 PCDSRVC{3037D694-FD904ACA-06020200}_0 - ok
13:41:18.0859 7744 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
13:41:18.0890 7744 pci - ok
13:41:18.0922 7744 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
13:41:18.0953 7744 pciide - ok
13:41:19.0015 7744 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:41:19.0031 7744 pcmcia - ok
13:41:19.0046 7744 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
13:41:19.0046 7744 pcw - ok
13:41:19.0109 7744 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:41:19.0124 7744 PEAUTH - ok
13:41:19.0280 7744 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:41:19.0296 7744 PeerDistSvc - ok
13:41:19.0530 7744 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
13:41:19.0561 7744 pla - ok
13:41:19.0717 7744 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:41:19.0748 7744 PlugPlay - ok
13:41:19.0951 7744 [ 379F7A0EC9FBE07629FD3F244D3E3E44 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:41:19.0951 7744 Pml Driver HPZ12 - ok
13:41:20.0014 7744 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:41:20.0029 7744 PNRPAutoReg - ok
13:41:20.0107 7744 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:41:20.0123 7744 PNRPsvc - ok
13:41:20.0170 7744 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:41:20.0185 7744 PolicyAgent - ok
13:41:20.0279 7744 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
13:41:20.0294 7744 Power - ok
13:41:20.0731 7744 [ 75FC38862DB8B5897CD96753ACA133ED ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
13:41:20.0762 7744 Power Manager DBC Service - ok
13:41:20.0887 7744 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:41:20.0903 7744 PptpMiniport - ok
13:41:20.0950 7744 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:41:20.0965 7744 Processor - ok
13:41:21.0090 7744 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
13:41:21.0106 7744 ProfSvc - ok
13:41:21.0152 7744 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:41:21.0168 7744 ProtectedStorage - ok
13:41:21.0277 7744 [ 80DDC44934305224AEBFC37A264803C2 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
13:41:21.0308 7744 psadd - ok
13:41:21.0386 7744 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:41:21.0386 7744 Psched - ok
13:41:21.0464 7744 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
13:41:21.0496 7744 PSI - ok
13:41:21.0574 7744 [ DD080F6BF9DE8E8DFBE3A7A4D90D3755 ] PwmEWSvc C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
13:41:21.0589 7744 PwmEWSvc - ok
13:41:21.0667 7744 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
13:41:21.0698 7744 PxHelp20 - ok
13:41:21.0886 7744 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:41:21.0901 7744 ql2300 - ok
13:41:21.0979 7744 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:41:22.0010 7744 ql40xx - ok
13:41:22.0088 7744 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
13:41:22.0104 7744 QWAVE - ok
13:41:22.0135 7744 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:41:22.0182 7744 QWAVEdrv - ok
13:41:22.0213 7744 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:41:22.0213 7744 RasAcd - ok
13:41:22.0338 7744 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:41:22.0338 7744 RasAgileVpn - ok
13:41:22.0432 7744 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
13:41:22.0447 7744 RasAuto - ok
13:41:22.0541 7744 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:41:22.0603 7744 Rasl2tp - ok
13:41:22.0790 7744 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
13:41:22.0822 7744 RasMan - ok
13:41:22.0900 7744 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:41:22.0915 7744 RasPppoe - ok
13:41:22.0931 7744 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:41:22.0931 7744 RasSstp - ok
13:41:23.0040 7744 [ A7BAD9853A70E2E7808BE027EFE0522A ] rcmirror C:\Windows\system32\DRIVERS\rcmirror.sys
13:41:23.0056 7744 rcmirror - ok
13:41:23.0165 7744 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:41:23.0196 7744 rdbss - ok
13:41:23.0274 7744 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:41:23.0290 7744 rdpbus - ok
13:41:23.0336 7744 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:41:23.0336 7744 RDPCDD - ok
13:41:23.0383 7744 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:41:23.0477 7744 RDPDR - ok
13:41:23.0539 7744 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:41:23.0586 7744 RDPENCDD - ok
13:41:23.0633 7744 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:41:23.0633 7744 RDPREFMP - ok
13:41:23.0742 7744 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:41:23.0758 7744 RDPWD - ok
13:41:23.0929 7744 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:41:23.0960 7744 rdyboost - ok
13:41:24.0038 7744 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
13:41:24.0054 7744 regi - ok
13:41:24.0319 7744 [ 6C47AC711F5FB55C5387A85D50AB4703 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:41:24.0335 7744 RegSrvc - ok
13:41:24.0397 7744 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
13:41:24.0428 7744 RemoteAccess - ok
13:41:24.0475 7744 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:41:24.0491 7744 RemoteRegistry - ok
13:41:24.0584 7744 [ C2EF513BBE069F0D4EE0938A76F975D3 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
13:41:24.0631 7744 rimmptsk - ok
13:41:24.0678 7744 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
13:41:24.0678 7744 rimsptsk - ok
13:41:24.0740 7744 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
13:41:24.0756 7744 rismxdp - ok
13:41:24.0943 7744 [ EB9EEB379848F356797EB9EF31114CA5 ] RoxMediaDB10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
13:41:25.0037 7744 RoxMediaDB10 - ok
13:41:25.0162 7744 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:41:25.0177 7744 RpcEptMapper - ok
13:41:25.0552 7744 [ B1574DCB4AE3EFACC24AA87B4AE6FC55 ] rpcld C:\ProgramData\Rpcnet\Bin\rpcld.exe
13:41:25.0552 7744 Suspicious file (NoAccess): C:\ProgramData\Rpcnet\Bin\rpcld.exe. md5: B1574DCB4AE3EFACC24AA87B4AE6FC55
13:41:25.0661 7744 rpcld ( LockedFile.Multi.Generic ) - warning
13:41:25.0661 7744 rpcld - detected LockedFile.Multi.Generic (1)
13:41:25.0754 7744 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
13:41:25.0770 7744 RpcLocator - ok
13:41:25.0864 7744 [ 6684437F3628EF237C354F77D33426D1 ] rpcnet C:\Windows\System32\rpcnet.exe
13:41:25.0879 7744 rpcnet - ok
13:41:25.0973 7744 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
13:41:25.0988 7744 RpcSs - ok
13:41:26.0066 7744 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:41:26.0098 7744 rspndr - ok
13:41:26.0144 7744 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:41:26.0222 7744 s3cap - ok
13:41:26.0269 7744 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
13:41:26.0285 7744 SamSs - ok
13:41:26.0332 7744 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:41:26.0347 7744 sbp2port - ok
13:41:26.0425 7744 SBRE - ok
13:41:26.0534 7744 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:41:26.0581 7744 SCardSvr - ok
13:41:26.0612 7744 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:41:26.0628 7744 scfilter - ok
13:41:26.0737 7744 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
13:41:26.0784 7744 Schedule - ok
13:41:26.0815 7744 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:41:26.0815 7744 SCPolicySvc - ok
13:41:26.0878 7744 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
13:41:26.0893 7744 sdbus - ok
13:41:26.0940 7744 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:41:26.0956 7744 SDRSVC - ok
13:41:27.0143 7744 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
13:41:27.0143 7744 SeaPort - ok
13:41:27.0283 7744 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:41:27.0330 7744 secdrv - ok
13:41:27.0392 7744 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
13:41:27.0424 7744 seclogon - ok
13:41:27.0954 7744 [ 9044795E9D1A912D5F1B8DF6211850FD ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
13:41:28.0094 7744 Secunia PSI Agent - ok
13:41:28.0453 7744 [ 8B1A72E4FB63A9C068B08E1F9B70482A ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
13:41:28.0469 7744 Secunia Update Agent - ok
13:41:28.0578 7744 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
13:41:28.0594 7744 SENS - ok
13:41:28.0687 7744 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:41:28.0703 7744 SensrSvc - ok
13:41:28.0796 7744 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:41:28.0812 7744 Serenum - ok
13:41:28.0828 7744 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:41:28.0843 7744 Serial - ok
13:41:28.0937 7744 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:41:28.0968 7744 sermouse - ok
13:41:29.0030 7744 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
13:41:29.0062 7744 SessionEnv - ok
13:41:29.0140 7744 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:41:29.0155 7744 sffdisk - ok
13:41:29.0202 7744 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:41:29.0233 7744 sffp_mmc - ok
13:41:29.0296 7744 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:41:29.0327 7744 sffp_sd - ok
13:41:29.0389 7744 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:41:29.0483 7744 sfloppy - ok
13:41:29.0592 7744 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:41:29.0608 7744 SharedAccess - ok
13:41:29.0717 7744 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:41:29.0748 7744 ShellHWDetection - ok
13:41:29.0904 7744 [ BC31655A03D9E9ED6F7116BAFB9B38C7 ] Shockprf C:\Windows\system32\DRIVERS\Apsx86.sys
13:41:29.0920 7744 Shockprf - ok
13:41:29.0966 7744 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:41:29.0982 7744 sisagp - ok
13:41:30.0076 7744 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:41:30.0091 7744 SiSRaid2 - ok
13:41:30.0122 7744 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:41:30.0122 7744 SiSRaid4 - ok
13:41:30.0341 7744 [ A36827CCB692B30A4E02767E4CD55FDB ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
13:41:30.0356 7744 SkypeUpdate - ok
13:41:30.0388 7744 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:41:30.0419 7744 Smb - ok
13:41:30.0544 7744 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:41:30.0559 7744 SNMPTRAP - ok
13:41:31.0417 7744 [ A10C0F1F8D394E7D392FAD72B7A01C1B ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
13:41:31.0511 7744 SNP2UVC - ok
13:41:31.0573 7744 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
13:41:31.0604 7744 spldr - ok
13:41:31.0651 7744 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
13:41:31.0667 7744 Spooler - ok
13:41:32.0010 7744 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
13:41:32.0104 7744 sppsvc - ok
13:41:32.0135 7744 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:41:32.0150 7744 sppuinotify - ok
13:41:32.0338 7744 [ D2F4F32B59440011174B4F8137AF4E0C ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:41:32.0416 7744 SQLWriter - ok
13:41:32.0478 7744 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:41:32.0494 7744 srv - ok
13:41:32.0556 7744 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:41:32.0572 7744 srv2 - ok
13:41:32.0618 7744 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:41:32.0618 7744 srvnet - ok
13:41:32.0696 7744 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:41:32.0712 7744 SSDPSRV - ok
13:41:32.0759 7744 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:41:32.0806 7744 SstpSvc - ok
13:41:32.0899 7744 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:41:32.0962 7744 stexstor - ok
13:41:33.0102 7744 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
13:41:33.0149 7744 StiSvc - ok
13:41:33.0289 7744 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
13:41:33.0320 7744 stllssvr - ok
13:41:33.0445 7744 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:41:33.0476 7744 storflt - ok
13:41:33.0539 7744 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
13:41:33.0570 7744 StorSvc - ok
13:41:33.0632 7744 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:41:33.0664 7744 storvsc - ok
13:41:34.0116 7744 [ 59B5A060A31BD4BAB030C4FCD1048292 ] SUService C:\Program Files\Lenovo\System Update\SUService.exe
13:41:34.0147 7744 SUService - ok
13:41:34.0210 7744 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
13:41:34.0241 7744 swenum - ok
13:41:34.0366 7744 [ 88E439D6C3DA5CD8F015A8545E5B142A ] SWI32 C:\Program Files\Lenovo\System Update\tvsuhd32.sys
13:41:34.0459 7744 SWI32 - ok
13:41:34.0584 7744 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
13:41:34.0615 7744 swprv - ok
13:41:34.0849 7744 [ B53AA89920BBA67857C899389186FB56 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:41:34.0896 7744 SynTP - ok
13:41:35.0146 7744 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
13:41:35.0192 7744 SysMain - ok
13:41:35.0239 7744 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:41:35.0302 7744 TabletInputService - ok
13:41:35.0395 7744 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
13:41:35.0489 7744 TapiSrv - ok
13:41:35.0536 7744 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
13:41:35.0567 7744 TBS - ok
13:41:36.0019 7744 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:41:36.0082 7744 Tcpip - ok
13:41:36.0331 7744 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:41:36.0347 7744 TCPIP6 - ok
13:41:36.0409 7744 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:41:36.0425 7744 tcpipreg - ok
13:41:36.0472 7744 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:41:36.0503 7744 TDPIPE - ok
13:41:36.0565 7744 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:41:36.0581 7744 TDTCP - ok
13:41:36.0674 7744 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:41:36.0690 7744 tdx - ok
13:41:36.0737 7744 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:41:36.0799 7744 TermDD - ok
13:41:36.0971 7744 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
13:41:37.0002 7744 TermService - ok
13:41:37.0080 7744 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
13:41:37.0142 7744 Themes - ok
13:41:37.0408 7744 [ 94F77B2B3BB01B23398B6F1D3A3CE7FF ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
13:41:37.0439 7744 ThinkVantage Registry Monitor Service - ok
13:41:37.0501 7744 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
13:41:37.0517 7744 THREADORDER - ok
13:41:37.0610 7744 [ C5DC9E462407B274B504DE2AA3220C2E ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM86.sys
13:41:37.0642 7744 TPDIGIMN - ok
13:41:37.0735 7744 [ 4B2F57221E4CA268967EED0C4F2B7726 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG.exe
13:41:37.0766 7744 TPHDEXLGSVC - ok
13:41:37.0938 7744 [ 1DBF0267CEBF80F0BD24DFE895367DB5 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
13:41:37.0969 7744 TPHKLOAD - ok
13:41:38.0016 7744 [ CB0625C2F5B7C72C50C5AE34F8E8F7D0 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
13:41:38.0032 7744 TPHKSVC - ok
13:41:38.0156 7744 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
13:41:38.0188 7744 TPM - ok
13:41:38.0234 7744 [ C9DA1FEF94EF44D7BD0CA0CBDAD5C44C ] TPPWRIF C:\Windows\system32\drivers\Tppwr32v.sys
13:41:38.0234 7744 TPPWRIF - ok
13:41:38.0328 7744 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
13:41:38.0359 7744 TrkWks - ok
13:41:38.0484 7744 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:41:38.0500 7744 TrustedInstaller - ok
13:41:38.0546 7744 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:41:38.0562 7744 tssecsrv - ok
13:41:38.0624 7744 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:41:38.0640 7744 TsUsbFlt - ok
13:41:38.0749 7744 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:41:38.0765 7744 tunnel - ok
13:41:39.0108 7744 [ 9E55E6CEC91433CEFC63CC0382E0EF04 ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
13:41:39.0124 7744 TVT Backup Service - ok
13:41:39.0202 7744 [ CAC5D5979850C9AD41A88033013BC806 ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
13:41:39.0202 7744 TVTI2C - ok
13:41:39.0280 7744 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:41:39.0311 7744 uagp35 - ok
13:41:39.0358 7744 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:41:39.0373 7744 udfs - ok
13:41:39.0436 7744 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:41:39.0451 7744 UI0Detect - ok
13:41:39.0545 7744 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:41:39.0576 7744 uliagpkx - ok
13:41:39.0638 7744 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:41:39.0638 7744 umbus - ok
13:41:39.0701 7744 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:41:39.0701 7744 UmPass - ok
13:41:39.0763 7744 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
13:41:39.0794 7744 UmRdpService - ok
13:41:40.0278 7744 [ FA84735377D00E12597D2A1D8D2C320E ] UNS C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
13:41:40.0372 7744 UNS - ok
13:41:40.0434 7744 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
13:41:40.0450 7744 upnphost - ok
13:41:40.0528 7744 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
13:41:40.0543 7744 USBAAPL - ok
13:41:40.0637 7744 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:41:40.0668 7744 usbaudio - ok
13:41:40.0715 7744 [ 399D1015FCCC3FCB438A59CB9567E266 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:41:40.0746 7744 usbccgp - ok
13:41:40.0793 7744 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:41:40.0808 7744 usbcir - ok
13:41:40.0855 7744 [ 600B15106C0AE72D8583C5B710315AC6 ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:41:40.0855 7744 usbehci - ok
13:41:40.0902 7744 [ E5110252BE0B1D03CCCDF41ED31D02C1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:41:40.0933 7744 usbhub - ok
13:41:40.0996 7744 [ E82967C733660A90F0248100D157BE67 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:41:40.0996 7744 usbohci - ok
13:41:41.0089 7744 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:41:41.0105 7744 usbprint - ok
13:41:41.0152 7744 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:41:41.0167 7744 USBSTOR - ok
13:41:41.0214 7744 [ BC5421344CE62C0394D93157D5FE5EF3 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:41:41.0214 7744 usbuhci - ok
13:41:41.0308 7744 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
13:41:41.0339 7744 UxSms - ok
13:41:41.0354 7744 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
13:41:41.0370 7744 VaultSvc - ok
13:41:41.0448 7744 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:41:41.0464 7744 vdrvroot - ok
13:41:41.0557 7744 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
13:41:41.0588 7744 vds - ok
13:41:41.0666 7744 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:41:41.0666 7744 vga - ok
13:41:41.0698 7744 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:41:41.0729 7744 VgaSave - ok
13:41:41.0807 7744 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:41:41.0838 7744 vhdmp - ok
13:41:41.0885 7744 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:41:41.0900 7744 viaagp - ok
13:41:41.0963 7744 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
13:41:42.0010 7744 ViaC7 - ok
13:41:42.0088 7744 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
13:41:42.0103 7744 viaide - ok
13:41:42.0181 7744 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:41:42.0181 7744 vmbus - ok
13:41:42.0244 7744 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:41:42.0275 7744 VMBusHID - ok
13:41:42.0353 7744 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:41:42.0384 7744 volmgr - ok
13:41:42.0462 7744 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:41:42.0478 7744 volmgrx - ok
13:41:42.0540 7744 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:41:42.0571 7744 volsnap - ok
13:41:42.0665 7744 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:41:42.0696 7744 vsmraid - ok
13:41:42.0836 7744 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
13:41:42.0868 7744 VSS - ok
13:41:42.0914 7744 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:41:42.0930 7744 vwifibus - ok
13:41:42.0961 7744 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:41:42.0977 7744 vwififlt - ok
13:41:43.0070 7744 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:41:43.0086 7744 vwifimp - ok
13:41:43.0211 7744 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
13:41:43.0226 7744 W32Time - ok
13:41:43.0273 7744 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:41:43.0320 7744 WacomPen - ok
13:41:43.0351 7744 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:41:43.0351 7744 WANARP - ok
13:41:43.0367 7744 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:41:43.0367 7744 Wanarpv6 - ok
13:41:43.0570 7744 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:41:43.0616 7744 WatAdminSvc - ok
13:41:43.0694 7744 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
13:41:43.0741 7744 wbengine - ok
13:41:43.0788 7744 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:41:43.0819 7744 WbioSrvc - ok
13:41:43.0866 7744 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:41:43.0882 7744 wcncsvc - ok
13:41:43.0913 7744 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:41:43.0928 7744 WcsPlugInService - ok
13:41:43.0991 7744 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:41:44.0006 7744 Wd - ok
13:41:44.0100 7744 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
13:41:44.0116 7744 WDC_SAM - ok
13:41:44.0209 7744 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:41:44.0256 7744 Wdf01000 - ok
13:41:44.0303 7744 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:41:44.0350 7744 WdiServiceHost - ok
13:41:44.0365 7744 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:41:44.0381 7744 WdiSystemHost - ok
13:41:44.0459 7744 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
13:41:44.0474 7744 WebClient - ok
13:41:44.0521 7744 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:41:44.0552 7744 Wecsvc - ok
13:41:44.0630 7744 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:41:44.0646 7744 wercplsupport - ok
13:41:44.0740 7744 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
13:41:44.0755 7744 WerSvc - ok
13:41:44.0833 7744 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:41:44.0864 7744 WfpLwf - ok
13:41:45.0083 7744 [ 6CC8BE5F41C29A5DD8500BDF2D720042 ] WiMAXAppSrv C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
13:41:45.0098 7744 WiMAXAppSrv - ok
13:41:45.0161 7744 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
13:41:45.0192 7744 WimFltr - ok
13:41:45.0223 7744 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:41:45.0223 7744 WIMMount - ok
13:41:45.0410 7744 [ BB9CBAF6AC20452B245C324F1F50EE81 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:41:45.0426 7744 winachsf - ok
13:41:45.0722 7744 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:41:45.0754 7744 WinDefend - ok
13:41:45.0847 7744 [ 7ACC77E135A709AE0F7E1DF428A2F908 ] WinFLdrv C:\Windows\system32\WinFLdrv.sys
13:41:45.0863 7744 Suspicious file (Hidden): C:\Windows\system32\WinFLdrv.sys. md5: 7ACC77E135A709AE0F7E1DF428A2F908
13:41:45.0878 7744 WinFLdrv ( HiddenFile.Multi.Generic ) - warning
13:41:45.0878 7744 WinFLdrv - detected HiddenFile.Multi.Generic (1)
13:41:45.0878 7744 WinHttpAutoProxySvc - ok
13:41:46.0019 7744 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:41:46.0066 7744 Winmgmt - ok
13:41:46.0222 7744 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
13:41:46.0253 7744 WinRM - ok
13:41:46.0424 7744 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:41:46.0440 7744 WinUsb - ok
13:41:46.0549 7744 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:41:46.0580 7744 Wlansvc - ok
13:41:46.0799 7744 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:41:46.0814 7744 wlidsvc - ok
13:41:46.0908 7744 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:41:46.0924 7744 WmiAcpi - ok
13:41:46.0970 7744 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:41:46.0986 7744 wmiApSrv - ok
13:41:47.0267 7744 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:41:47.0298 7744 WMPNetworkSvc - ok
13:41:47.0392 7744 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:41:47.0407 7744 WPCSvc - ok
13:41:47.0470 7744 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:41:47.0501 7744 WPDBusEnum - ok
13:41:47.0579 7744 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:41:47.0594 7744 ws2ifsl - ok
13:41:47.0672 7744 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
13:41:47.0704 7744 wscsvc - ok
13:41:47.0797 7744 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
13:41:47.0813 7744 WSDPrintDevice - ok
13:41:47.0813 7744 WSearch - ok
13:41:48.0203 7744 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
13:41:48.0250 7744 wuauserv - ok
13:41:48.0328 7744 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:41:48.0343 7744 WudfPf - ok
13:41:48.0437 7744 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:41:48.0452 7744 WUDFRd - ok
13:41:48.0577 7744 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:41:48.0608 7744 wudfsvc - ok
13:41:48.0671 7744 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
13:41:48.0702 7744 WwanSvc - ok
13:41:48.0780 7744 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
13:41:48.0796 7744 XAudio - ok
13:41:48.0874 7744 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
13:41:48.0889 7744 XAudioService - ok
13:41:48.0952 7744 ================ Scan global ===============================
13:41:49.0061 7744 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
13:41:49.0170 7744 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
13:41:49.0217 7744 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
13:41:49.0279 7744 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
13:41:49.0388 7744 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
13:41:49.0482 7744 [Global] - ok
13:41:49.0482 7744 ================ Scan MBR ==================================
13:41:49.0529 7744 [ 1A4A2B7F82580F855FB8B95FE98557C3 ] \Device\Harddisk0\DR0
13:41:51.0354 7744 \Device\Harddisk0\DR0 - ok
13:41:51.0354 7744 ================ Scan VBR ==================================
13:41:51.0385 7744 [ 8D88B08712D37E3E2DA6DADAFF23DC67 ] \Device\Harddisk0\DR0\Partition1
13:41:51.0401 7744 \Device\Harddisk0\DR0\Partition1 - ok
13:41:51.0479 7744 [ 1EAB163C4BBDADC29497F281E8642A84 ] \Device\Harddisk0\DR0\Partition2
13:41:51.0479 7744 \Device\Harddisk0\DR0\Partition2 - ok
13:41:51.0510 7744 [ 44632C8F3598A855F0E77D6210CCF283 ] \Device\Harddisk0\DR0\Partition3
13:41:51.0510 7744 \Device\Harddisk0\DR0\Partition3 - ok
13:41:51.0526 7744 ============================================================
13:41:51.0526 7744 Scan finished
13:41:51.0526 7744 ============================================================
13:41:51.0526 3296 Detected object count: 2
13:41:51.0526 3296 Actual detected object count: 2
13:42:21.0493 3296 rpcld ( LockedFile.Multi.Generic ) - skipped by user
13:42:21.0493 3296 rpcld ( LockedFile.Multi.Generic ) - User select action: Skip
13:42:21.0493 3296 WinFLdrv ( HiddenFile.Multi.Generic ) - skipped by user
13:42:21.0493 3296 WinFLdrv ( HiddenFile.Multi.Generic ) - User select action: Skip
13:43:40.0862 4980 Deinitialize success

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Jared\AppData\Roaming\Ylpyeb
c:\users\Jared\AppData\Local\{06EDCAA9-F89B-11E1-8270-B8AC6F996F26}
c:\users\Jared\AppData\Roaming\Ysat
c:\users\Jared\AppData\Roaming\Ocpig

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
  
• report from Combofix
• let me know of any problems you may have had
• How is the computer doing now after running the script?

Gringo

Here is the log. I didn't try superanti-spyware install yet. Should I try that? And if I was going to pay for one full version anti-malware program which would it be. I've seen malwarebytes full version endorsed on this forum.

ComboFix 12-09-09.02 - Jared 09/09/2012 16:19:02.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1944.702 [GMT -4:00]
Running from: c:\users\Jared\Desktop\ComboFix.exe
Command switches used :: c:\users\Jared\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jared\AppData\Local\{06EDCAA9-F89B-11E1-8270-B8AC6F996F26}
c:\users\Jared\AppData\Local\{06EDCAA9-F89B-11E1-8270-B8AC6F996F26}\chrome.manifest
c:\users\Jared\AppData\Local\{06EDCAA9-F89B-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul
c:\users\Jared\AppData\Local\{06EDCAA9-F89B-11E1-8270-B8AC6F996F26}\install.rdf
c:\users\Jared\AppData\Roaming\Ocpig
c:\users\Jared\AppData\Roaming\Ocpig\eqdoa.oby
c:\users\Jared\AppData\Roaming\Ylpyeb
c:\users\Jared\AppData\Roaming\Ylpyeb\kyxu.ats
c:\users\Jared\AppData\Roaming\Ysat
.
.
((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
.
.
2012-09-09 20:44 . 2012-09-09 20:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-09 20:44 . 2012-09-09 20:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-09 16:30 . 2012-09-09 16:30 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00D6911F-C99B-4304-A9A1-0D1498C47DD3}\offreg.dll
2012-09-07 15:23 . 2012-09-07 17:14 -------- d-----w- C:\MGtools
2012-09-07 14:06 . 2012-09-07 14:08 -------- d-----w- c:\program files\iTunes
2012-09-07 14:06 . 2012-09-07 14:06 -------- d-----w- c:\program files\iPod
2012-09-07 13:59 . 2012-09-07 13:59 -------- d-----w- c:\program files\Common Files\Java
2012-09-07 13:59 . 2012-09-07 13:58 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-07 13:58 . 2012-09-07 13:58 -------- d-----w- c:\program files\Java
2012-09-07 13:51 . 2012-09-07 13:51 -------- d-----w- c:\users\Jared\AppData\Local\Secunia PSI
2012-09-07 13:50 . 2012-09-07 13:50 -------- d-----w- c:\program files\Secunia
2012-09-07 13:27 . 2012-09-09 15:30 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-09-07 13:27 . 2012-09-07 13:27 -------- d-----w- c:\program files\HitmanPro
2012-09-07 13:26 . 2012-09-09 15:25 -------- d-----w- c:\programdata\HitmanPro
2012-09-07 03:20 . 2012-09-07 03:22 -------- d-----w- c:\programdata\036DFF85004DCAF6177966A6F875EF7E
2012-08-30 02:35 . 2012-08-30 02:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-29 15:16 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00D6911F-C99B-4304-A9A1-0D1498C47DD3}\mpengine.dll
2012-08-23 15:00 . 2012-08-23 15:00 -------- d-----w- c:\users\Jared\AppData\Roaming\Zotero
2012-08-23 15:00 . 2012-08-23 15:00 -------- d-----w- c:\users\Jared\AppData\Local\Zotero
2012-08-23 14:55 . 2012-08-23 14:55 -------- d-----w- c:\program files\Zotero Standalone
2012-08-17 22:27 . 2012-08-17 22:28 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-08-17 14:07 . 2012-07-30 19:53 112096 ----a-w- c:\windows\system32\acaptuser32.dll
2012-08-16 12:50 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-16 12:50 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-16 12:50 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-16 12:50 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-16 12:50 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-16 12:50 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-16 12:49 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-09 16:07 . 2010-10-28 22:13 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-09-09 16:07 . 2009-10-26 21:55 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-09-07 17:14 . 2012-09-07 15:23 398455 ----a-w- C:\MGlogs.zip
2012-09-07 13:58 . 2012-07-03 01:18 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-07 13:58 . 2010-04-28 20:53 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 13:56 . 2012-04-12 19:08 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-07 13:56 . 2011-05-19 16:58 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 13:10 . 2010-10-28 22:15 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2012-07-27 20:51 . 2012-07-27 20:51 47512 ----a-w- c:\windows\system32\AdobePDF.dll
2012-07-27 20:51 . 2012-07-27 20:51 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
2012-07-03 17:46 . 2009-10-28 23:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 17:35 . 2011-12-13 15:21 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-09-07 21:31 . 2012-09-07 21:31 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-26 16:26 . 2012-09-07 21:31 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jared\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jared\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jared\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 19:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 19:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 19:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 19:17 556376 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-02-15 399224]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17345200]
"Tutor.exe"="c:\program files\ABBYY Lingvo x3\Tutor.exe" [2010-09-07 1324296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"CreateLMBCShortCut"="c:\program files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-07-16 40960]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-26 30192]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2006-12-22 244512]
"lxdqmon.exe"="c:\program files\Lexmark Z2400 Series\lxdqmon.exe" [2010-02-04 672424]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-28 124248]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-28 185688]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"Lingvo Launcher"="c:\program files\ABBYY Lingvo x3\LvAgent.exe" [2010-09-07 1774856]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-03-15 4392512]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-18 31592]
"Absolute Notifier"="c:\program files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2011-05-10 85672]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-12-23 2321680]
"TpShocks"="TpShocks.exe" [2010-07-01 337256]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jared\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Random House Webster's Unabridged Dictionary WordGenius Activate.LNK - c:\program files\Random House\WUD-WG\WGRU.exe [2009-10-27 128592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-8-27 50688]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-11-5 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^Users^Jared^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Jared\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 14:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 01:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2010-02-04 01:17 107176 ----a-w- c:\program files\Lexmark Z2400 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2012-07-20 19:17 12218904 ----a-w- c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 10:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 56497186
*NewlyCreated* - PSI
*Deregistered* - 56497186
*Deregistered* - aswMBR
*Deregistered* - SASENUM
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 13:56]
.
2012-09-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-27 11:15]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 11:44]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 11:44]
.
2012-08-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2012-09-09 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Translate with ABBYY Lingvo x&3 - c:\program files\ABBYY Lingvo x3\Lingvo.exe/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jared\AppData\Roaming\Mozilla\Firefox\Profiles\uxec0yck.Jared\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=mpes
FF - prefs.js: network.proxy.type - 2
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2886773906-1503155382-1841928733-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*õg€j¢
*€²
]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2886773906-1503155382-1841928733-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*õg€j¢
*€²
\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-09 16:48:40
ComboFix-quarantined-files.txt 2012-09-09 20:48
ComboFix2.txt 2012-09-09 16:28
ComboFix3.txt 2012-07-21 15:21
ComboFix4.txt 2012-07-20 15:33
ComboFix5.txt 2012-09-09 20:14
.
Pre-Run: 26,590,175,232 bytes free
Post-Run: 26,539,212,800 bytes free
.
- - End Of File - - 4BFD2B302843B426FE876D67A4BB5C46

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent [/list]

• Please download and install Revo Uninstaller Free
• Double click Revo Uninstaller to run it.
• From the list of programs double click on The Program to remove
• When prompted if you want to uninstall click Yes.
• Be sure the Moderate option is selected then click Next.
• The program will run, If prompted again click Yes
• when the built-in uninstaller is finished click on Next.
• Once the program has searched for leftovers click Next.
• Check/tick the bolded items only on the list then click Delete
• when prompted click on Yes and then on next.
• put a check on any folders that are found and select delete
• when prompted select yes then on next
• Once done click Finish.

.




Clean Out Temp Files

• This small application you may want to keep and use once a week to keep the computer clean.
  
  Download CCleaner from here http://www.ccleaner.com/
  
  
• Run the installer to install the application.
• When it gives you the option to install Yahoo toolbar uncheck the box next to it.
• Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
• Click Run Cleaner.
• Close CCleaner.

: Malwarebytes' Anti-Malware :

• I would like you to rerun MBAM
  
• Double-click mbam icon
• go to the update tab at the top
• click on check for updates
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
• If you accidentally close it, the log file is saved here and will be named like this:
• C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

• Go Here to download HijackThis Installer
• Save HijackThis Installer to your desktop.
• Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed it will launch Hijackthis.
• Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
• Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

• In your next post I need the following
  
  
• Log From MBAM
• report from Hijackthis
• let me know of any problems you may have had
• How is the computer doing now?

Gringo

Here are the two logs. Still no problems on the internet or anywhere else at the moment.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:44:46 PM, on 9/9/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ABBYY Lingvo x3\Tutor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Random House\WUD-WG\WGRU.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\explorer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Users\Jared\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CreateLMBCShortCut] "C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [lxdqmon.exe] "C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe"
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo x3\LvAgent.exe" /STARTUP
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe
O4 - HKLM\..\Run: [Absolute Notifier] "C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Tutor.exe] "C:\Program Files\ABBYY Lingvo x3\Tutor.exe" /AS
O4 - Startup: Dropbox.lnk = Jared\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Random House Webster's Unabridged Dictionary WordGenius Activate.LNK = C:\Program Files\Random House\WUD-WG\WGRU.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with ABBYY Lingvo x&3 - res://C:\Program Files\ABBYY Lingvo x3\Lingvo.exe/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: AutorunsDisabled - Invalid registry found
O23 - Service: ABBYY Lingvo x3 Licencing Service (ABBYY.Licensing.Lingvo.Desktop.14.0) - ABBYY - C:\Program Files\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe
O23 - Service: Absolute Notifier (AbsoluteNotifier) - Absolute Software - C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
O23 - Service: AcSvc - Lenovo - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxdqCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdqserv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Remote Procedure Call (RPC) LD (rpcld) - Unknown owner - C:\ProgramData\Rpcnet\Bin\rpcld.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel® Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14832 bytes

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.07.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jared :: JARED-PC [administrator]

9/9/2012 11:29:59 PM
mbam-log-2012-09-09 (23-29-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209907
Time elapsed: 12 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

• Run HijackThis
• Click on the Scan button
• Put a check beside all of the items listed below (if present):
  
  
  • O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [CreateLMBCShortCut] "C:\Program Files\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo x3\LvAgent.exe" /STARTUP
    O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [Absolute Notifier] "C:\Program Files\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
    O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Tutor.exe] "C:\Program Files\ABBYY Lingvo x3\Tutor.exe" /AS
    O4 - Startup: Dropbox.lnk = Jared\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: Random House Webster's Unabridged Dictionary WordGenius Activate.LNK = C:\Program Files\Random House\WUD-WG\WGRU.exe
    O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
    
• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.
  
  NOTE**You can research each of those lines >here< and see if you want to keep them or not
  just copy the name between the brackets and paste into the search space
  O4 - HKLM\..\Run: [IntelliPoint]

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• click on the Run ESET Online Scanner button
• Tick the box next to YES, I accept the Terms of Use.
  
  • Click Start
• When asked, allow the add/on to be installed
  
  • Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings, ensure the options
  Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• wait for the virus definitions to be downloaded
• Wait for the scan to finish

When the scan is complete

• If no threats were found
  
• put a checkmark in "Uninstall application on close"
• close program
• report to me that nothing was found

• If threats were found
  
• click on "list of threats found"
• click on "export to text file" and save it as ESET SCAN and save to the desktop
• Click on back
• put a checkmark in "Uninstall application on close"
• click on finish
• close program
• copy and paste the report here

Gringo

Took 8 hrs to run but here are the results:
C:\MGtools\Process.exe Win32/PrcView application
C:\Qoobox\Quarantine\C\Users\Jared\AppData\Local\{06EDCAA9-F89B-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul.vir JS/Redirector.NIQ trojan
C:\Qoobox\Quarantine\C\Users\Jared\AppData\Roaming\mrfsi.dll.vir a variant of Win32/Medfos.DH trojan
C:\Qoobox\Quarantine\C\Users\Jared\AppData\Roaming\Olucn\zomu.exe.vir Win32/Spy.Zbot.AAO trojan
C:\Qoobox\Quarantine\C\Windows\System32\drivers\12ddb0736d3dc27b.sys.vir a variant of Win32/Rootkit.Kryptik.OH trojan

Hello

The Online scan looks very good!! It is only reporting backups created during the course of this fix!!


C:\Qoobox\Quarantine\<-- combofix


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

• To re-enable your Emulation drivers, double click DeFogger to run the tool.
  
• The application window will appear
• Click the Re-enable button to re-enable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger will now ask to reboot the machine - click OK.

Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:

• turn off all active protection software
• push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
• please copy and past the following into the box ComboFix /Uninstall and click OK.
• Note the space between the X and the /Uninstall, it needs to be there.
• 

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

• Double-click OTCleanIt.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.
• If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

• Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  
• WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  
• Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
  totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)
  
  Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Gringo

All the uninstall stuff worked. Many thanks for all the help!!!

you are more than welcome



gringo