Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gimmeanswers Redirect


  • This topic is locked This topic is locked
16 replies to this topic

#1 Poplock

Poplock

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 26 March 2012 - 03:35 PM

Hi, I've been having trouble with redirects on my Google search results. Yesterday it was redirecting me to happili.com and today it is redirecting me to gimmeanswers.com. MalwareBytes, SUPERAntiSpyware, Kaspersky Internet Suite (trial), and the ESET online scan have found nothing. The redirect has been affecting Chrome consistently since yesterday and has affected Firefox off and on. I can still get to the websites if I just reclick the link once or twice but would like to be safe. I'd greatly appreciate any help.

Here is my DDS Log:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Saunak Desai at 16:23:39 on 2012-03-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4040.1938 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\windows\system32\conhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://lenovo.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: UseDefaultTile = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: lenovo.com\consumersupport
Trusted Zone: lenovo.com.cn\edrivers
Trusted Zone: lenovo.com.cn\support4
Trusted Zone: lenovo.com.cn\think
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} - hxxp://consumersupport.lenovo.com/ot/en/SmartDownloading/cab/npdueng.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 128.59.62.10 128.59.59.70
TCP: Interfaces\{34131B7B-A305-4E41-A792-28AD04762939} : DhcpNameServer = 128.59.62.10 128.59.59.70
TCP: Interfaces\{34131B7B-A305-4E41-A792-28AD04762939}\1467F636160234F6666656560264275656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{34131B7B-A305-4E41-A792-28AD04762939}\351696E647560234C616962756 : DhcpNameServer = 192.168.10.1 4.2.2.2 4.2.2.4 75.75.75.75 4.2.2.1 8.8.8.8 8.8.4.4
TCP: Interfaces\{34131B7B-A305-4E41-A792-28AD04762939}\36566796368656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{34131B7B-A305-4E41-A792-28AD04762939}\94E636F676E69647F6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{34131B7B-A305-4E41-A792-28AD04762939}\C696E6B6379737 : DhcpNameServer = 10.20.2.14 10.20.2.15
TCP: Interfaces\{34131B7B-A305-4E41-A792-28AD04762939}\E4564774561627445637 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Saunak Desai\AppData\Roaming\Mozilla\Firefox\Profiles\6zskaj9n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z131&install_date=20111020
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z131&form=ZGAADF&install_date=20111020&q=
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?]
R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]
R0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys --> C:\windows\system32\DRIVERS\nvpciflt.sys [?]
R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R1 winioex;winioex;C:\windows\system32\drivers\winioex.sys --> C:\windows\system32\drivers\winioex.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 cpuz135;cpuz135;\??\C:\windows\system32\drivers\cpuz135_x64.sys --> C:\windows\system32\drivers\cpuz135_x64.sys [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-11 13336]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-11 2009704]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-11 2656280]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?]
R3 BTWDPAN;Bluetooth Personal Area Network;C:\windows\system32\DRIVERS\btwdpan.sys --> C:\windows\system32\DRIVERS\btwdpan.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 DelayMan;ACPI DelayMan Filter Service;C:\windows\system32\DRIVERS\delayman.sys --> C:\windows\system32\DRIVERS\delayman.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 rtsuvc;Lenovo EasyCamera;C:\windows\system32\DRIVERS\rtsuvc.sys --> C:\windows\system32\DRIVERS\rtsuvc.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-11 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-11 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-26 20:15:07 -------- d-----w- C:\Program Files (x86)\ESET
2012-03-26 19:58:32 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-26 16:31:15 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-26 16:31:15 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-26 16:31:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-26 15:11:00 -------- d-----w- C:\Users\Saunak Desai\AppData\Roaming\SUPERAntiSpyware.com
2012-03-26 15:10:40 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-26 15:10:40 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-26 15:00:04 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-26 15:00:04 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-26 14:28:37 98816 ----a-w- C:\windows\sed.exe
2012-03-26 14:28:37 518144 ----a-w- C:\windows\SWREG.exe
2012-03-26 14:28:37 256000 ----a-w- C:\windows\PEV.exe
2012-03-26 14:28:37 208896 ----a-w- C:\windows\MBR.exe
2012-03-23 13:27:24 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0F02CDE3-7868-4CB3-A43C-29BFFFF72D75}\mpengine.dll
2012-03-18 08:07:32 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-18 08:07:31 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-18 08:07:31 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-16 23:53:17 101376 ----a-w- C:\windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-03-15 01:17:09 -------- d-----w- C:\Users\Saunak Desai\AppData\Local\DDMSettings
2012-03-14 15:08:07 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-03-14 15:08:06 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-03-14 15:08:06 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-03-14 15:07:17 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-03-14 15:07:17 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-03-14 15:07:17 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-03-14 15:07:16 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-03-14 15:07:16 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-03-14 15:07:16 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-03-14 15:07:16 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-03-03 21:46:00 -------- d-----w- C:\Program Files (x86)\GOG.com
2012-02-29 02:57:36 -------- d-----w- C:\Riot Games
.
==================== Find3M ====================
.
2012-03-26 20:11:09 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-02-23 13:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-02-16 05:29:58 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44:20 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
2012-01-04 00:48:42 354176 ----a-w- C:\windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-30 06:26:08 515584 ----a-w- C:\windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\windows\System32\drivers\afd.sys
.
============= FINISH: 16:24:07.86 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 PM

Posted 26 March 2012 - 11:27 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Poplock

Poplock
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 27 March 2012 - 08:46 AM

Here's the log from ComboFix. The problem is still occurring though it seems to be less common than before.


ComboFix 12-03-27.02 - Saunak Desai 03/27/2012 9:33.6.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4040.2466 [GMT -4:00]
Running from: c:\users\Saunak Desai\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-27 13:38 . 2012-03-27 13:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-27 13:38 . 2012-03-27 13:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-27 13:21 . 2012-03-27 13:21 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-03-27 12:52 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5142BB2C-6850-45E4-BACD-326213F4718F}\mpengine.dll
2012-03-26 20:15 . 2012-03-26 20:15 -------- d-----w- c:\program files (x86)\ESET
2012-03-26 20:11 . 2012-03-26 20:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-26 16:31 . 2012-03-26 16:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-26 16:31 . 2012-03-26 16:31 -------- d-----w- c:\programdata\Malwarebytes
2012-03-26 16:31 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 15:11 . 2012-03-26 15:11 -------- d-----w- c:\users\Saunak Desai\AppData\Roaming\SUPERAntiSpyware.com
2012-03-26 15:10 . 2012-03-26 15:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-26 15:10 . 2012-03-26 15:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-26 15:00 . 2012-03-26 15:00 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-26 15:00 . 2012-03-26 15:00 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-18 08:07 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-18 08:07 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-18 08:07 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-16 23:53 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-03-15 01:17 . 2012-03-15 01:17 -------- d-----w- c:\users\Saunak Desai\AppData\Local\DDMSettings
2012-03-14 15:08 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 15:08 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 15:08 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 15:07 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 15:07 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 15:07 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 15:07 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 15:07 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 15:07 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 15:07 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-03 21:46 . 2012-03-03 21:46 -------- d-----w- c:\program files (x86)\GOG.com
2012-02-29 02:57 . 2012-02-29 02:57 -------- d-----w- C:\Riot Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-26 20:11 . 2011-10-14 21:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 13:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 05:29 . 2011-10-18 03:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44 . 2012-02-16 19:56 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 19:56 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-30 06:26 . 2012-02-16 19:56 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-16 19:56 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-26_14.35.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-03-27 13:10 42076 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-27 13:10 38204 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-15 15:50 . 2012-03-27 13:10 10830 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1240979818-1635448028-1674700271-1001_UserData.bin
+ 2011-10-14 20:58 . 2012-03-26 19:21 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-14 20:58 . 2012-03-25 22:51 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-14 20:58 . 2012-03-26 19:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-14 20:58 . 2012-03-25 22:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-26 19:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-25 22:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-03-26 19:43 99680 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-03-27 12:52 . 2012-03-27 12:53 1922 c:\windows\SoftwareDistribution\EventCache\{318E3B51-376A-4B61-8C7E-D116676EE1D8}.bin
- 2012-03-26 14:19 . 2012-03-26 14:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-27 12:48 . 2012-03-27 12:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-26 14:19 . 2012-03-26 14:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-27 12:48 . 2012-03-27 12:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-26 20:11 . 2012-03-26 20:11 157472 c:\windows\SysWOW64\javaws.exe
- 2012-01-23 16:04 . 2011-11-10 10:54 157472 c:\windows\SysWOW64\javaws.exe
- 2012-01-23 16:04 . 2011-11-10 10:54 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-03-26 20:11 . 2012-03-26 20:11 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-03-26 20:11 . 2012-03-26 20:11 149280 c:\windows\SysWOW64\java.exe
- 2012-01-23 16:04 . 2011-11-10 10:54 149280 c:\windows\SysWOW64\java.exe
- 2009-07-14 02:36 . 2012-03-26 14:24 663260 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-27 13:26 663260 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-27 13:26 122096 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-26 14:24 122096 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-26 14:19 399876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-27 03:34 399876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-26 20:11 . 2012-03-26 20:11 207360 c:\windows\Installer\bac8d.msi
+ 2011-10-15 15:37 . 2012-03-27 03:34 30845088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1240979818-1635448028-1674700271-1001-12288.dat
+ 2012-03-26 20:10 . 2012-03-26 20:10 12938752 c:\windows\Installer\bac7d.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Saunak Desai\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Saunak Desai\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Saunak Desai\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S1 winioex;winioex;c:\windows\system32\drivers\winioex.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-10 2009704]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 DelayMan;ACPI DelayMan Filter Service;c:\windows\system32\DRIVERS\delayman.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 10:47]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 10:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Saunak Desai\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Saunak Desai\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Saunak Desai\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Saunak Desai\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-08-11 10:54 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-08-11 789920]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-08-11 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-08-11 5908928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
Trusted Zone: lenovo.com\consumersupport
Trusted Zone: lenovo.com.cn\edrivers
Trusted Zone: lenovo.com.cn\support4
Trusted Zone: lenovo.com.cn\think
TCP: DhcpNameServer = 128.59.62.10 128.59.59.70
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} - hxxp://consumersupport.lenovo.com/ot/en/SmartDownloading/cab/npdueng.cab
FF - ProfilePath - c:\users\Saunak Desai\AppData\Roaming\Mozilla\Firefox\Profiles\6zskaj9n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z131&install_date=20111020
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z131&form=ZGAADF&install_date=20111020&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-27 09:40:13
ComboFix-quarantined-files.txt 2012-03-27 13:40
ComboFix2.txt 2012-03-26 19:55
ComboFix3.txt 2012-03-26 19:35
ComboFix4.txt 2012-03-26 18:48
ComboFix5.txt 2012-03-27 13:32
.
Pre-Run: 528,737,734,656 bytes free
Post-Run: 528,324,308,992 bytes free
.
- - End Of File - - CD3F0AC5B46C2E6EB49B7268C6439BED

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 PM

Posted 27 March 2012 - 08:52 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Poplock

Poplock
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 27 March 2012 - 09:12 AM

Nothing found by TDSSKiller. aswMBR found 2 infections. Both logs are below:



09:56:57.0452 3652 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
09:56:57.0683 3652 ============================================================
09:56:57.0683 3652 Current date / time: 2012/03/27 09:56:57.0683
09:56:57.0683 3652 SystemInfo:
09:56:57.0683 3652
09:56:57.0683 3652 OS Version: 6.1.7601 ServicePack: 1.0
09:56:57.0683 3652 Product type: Workstation
09:56:57.0684 3652 ComputerName: SAUNAKDESAI-PC
09:56:57.0684 3652 UserName: Saunak Desai
09:56:57.0684 3652 Windows directory: C:\windows
09:56:57.0684 3652 System windows directory: C:\windows
09:56:57.0684 3652 Running under WOW64
09:56:57.0684 3652 Processor architecture: Intel x64
09:56:57.0684 3652 Number of processors: 4
09:56:57.0684 3652 Page size: 0x1000
09:56:57.0684 3652 Boot type: Normal boot
09:56:57.0684 3652 ============================================================
09:56:58.0052 3652 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:56:58.0064 3652 \Device\Harddisk0\DR0:
09:56:58.0064 3652 MBR used
09:56:58.0064 3652 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
09:56:58.0064 3652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x51D61000
09:56:58.0095 3652 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x51DC6000, BlocksNum 0x39FE000
09:56:58.0188 3652 Initialize success
09:56:58.0188 3652 ============================================================
09:57:06.0840 5012 ============================================================
09:57:06.0840 5012 Scan started
09:57:06.0840 5012 Mode: Manual;
09:57:06.0840 5012 ============================================================
09:57:07.0356 5012 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
09:57:07.0359 5012 !SASCORE - ok
09:57:07.0568 5012 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
09:57:07.0572 5012 1394ohci - ok
09:57:07.0715 5012 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
09:57:07.0721 5012 ACPI - ok
09:57:07.0915 5012 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
09:57:07.0916 5012 AcpiPmi - ok
09:57:08.0056 5012 ACPIVPC (5bbff8b826ec38d32c26334e079c7efc) C:\windows\system32\DRIVERS\AcpiVpc.sys
09:57:08.0056 5012 ACPIVPC - ok
09:57:08.0147 5012 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:57:08.0148 5012 AdobeARMservice - ok
09:57:08.0297 5012 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
09:57:08.0304 5012 adp94xx - ok
09:57:08.0458 5012 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
09:57:08.0463 5012 adpahci - ok
09:57:08.0603 5012 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
09:57:08.0607 5012 adpu320 - ok
09:57:08.0880 5012 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
09:57:08.0882 5012 AeLookupSvc - ok
09:57:09.0039 5012 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
09:57:09.0048 5012 AFD - ok
09:57:09.0179 5012 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
09:57:09.0181 5012 agp440 - ok
09:57:09.0298 5012 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
09:57:09.0300 5012 ALG - ok
09:57:09.0446 5012 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
09:57:09.0447 5012 aliide - ok
09:57:09.0579 5012 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
09:57:09.0580 5012 amdide - ok
09:57:09.0714 5012 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
09:57:09.0716 5012 AmdK8 - ok
09:57:09.0826 5012 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
09:57:09.0828 5012 AmdPPM - ok
09:57:09.0954 5012 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
09:57:09.0956 5012 amdsata - ok
09:57:10.0090 5012 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
09:57:10.0094 5012 amdsbs - ok
09:57:10.0207 5012 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
09:57:10.0207 5012 amdxata - ok
09:57:10.0346 5012 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
09:57:10.0347 5012 AppID - ok
09:57:10.0471 5012 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
09:57:10.0472 5012 AppIDSvc - ok
09:57:10.0585 5012 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
09:57:10.0587 5012 Appinfo - ok
09:57:10.0671 5012 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:57:10.0673 5012 Apple Mobile Device - ok
09:57:10.0825 5012 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
09:57:10.0827 5012 arc - ok
09:57:10.0960 5012 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
09:57:10.0962 5012 arcsas - ok
09:57:11.0102 5012 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:57:11.0104 5012 aspnet_state - ok
09:57:11.0184 5012 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
09:57:11.0185 5012 AsyncMac - ok
09:57:11.0330 5012 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
09:57:11.0331 5012 atapi - ok
09:57:11.0498 5012 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
09:57:11.0509 5012 AudioEndpointBuilder - ok
09:57:11.0577 5012 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
09:57:11.0587 5012 AudioSrv - ok
09:57:11.0755 5012 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
09:57:11.0758 5012 AxInstSV - ok
09:57:11.0922 5012 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
09:57:11.0930 5012 b06bdrv - ok
09:57:12.0071 5012 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
09:57:12.0074 5012 b57nd60a - ok
09:57:12.0212 5012 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
09:57:12.0214 5012 BDESVC - ok
09:57:12.0306 5012 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
09:57:12.0307 5012 Beep - ok
09:57:12.0461 5012 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
09:57:12.0472 5012 BFE - ok
09:57:12.0584 5012 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
09:57:12.0601 5012 BITS - ok
09:57:12.0699 5012 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
09:57:12.0699 5012 blbdrive - ok
09:57:12.0773 5012 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
09:57:12.0777 5012 Bonjour Service - ok
09:57:12.0912 5012 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
09:57:12.0914 5012 bowser - ok
09:57:12.0994 5012 BPntDrv (aaa4f992f879977a000fe8b8c730cd2c) C:\windows\system32\drivers\BPntDrv.sys
09:57:12.0994 5012 BPntDrv - ok
09:57:13.0138 5012 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
09:57:13.0139 5012 BrFiltLo - ok
09:57:13.0242 5012 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
09:57:13.0243 5012 BrFiltUp - ok
09:57:13.0429 5012 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
09:57:13.0431 5012 BridgeMP - ok
09:57:13.0572 5012 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
09:57:13.0575 5012 Browser - ok
09:57:13.0659 5012 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
09:57:13.0664 5012 Brserid - ok
09:57:13.0802 5012 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
09:57:13.0804 5012 BrSerWdm - ok
09:57:13.0947 5012 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
09:57:13.0948 5012 BrUsbMdm - ok
09:57:14.0091 5012 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
09:57:14.0092 5012 BrUsbSer - ok
09:57:14.0234 5012 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
09:57:14.0236 5012 BthEnum - ok
09:57:14.0308 5012 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
09:57:14.0308 5012 BTHMODEM - ok
09:57:14.0462 5012 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
09:57:14.0465 5012 BthPan - ok
09:57:14.0619 5012 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
09:57:14.0628 5012 BTHPORT - ok
09:57:14.0685 5012 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
09:57:14.0688 5012 bthserv - ok
09:57:14.0757 5012 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
09:57:14.0759 5012 BTHUSB - ok
09:57:14.0919 5012 BTWAMPFL (f8cfafbd5bf8b3ddb0d3c2943a5af8ce) C:\windows\system32\DRIVERS\btwampfl.sys
09:57:14.0926 5012 BTWAMPFL - ok
09:57:15.0078 5012 btwaudio (44770a3c07ebd5d6d7cd7dba915b49bc) C:\windows\system32\drivers\btwaudio.sys
09:57:15.0081 5012 btwaudio - ok
09:57:15.0253 5012 btwavdt (75b59923087ae6eb064d13d8f58a02b6) C:\windows\system32\DRIVERS\btwavdt.sys
09:57:15.0256 5012 btwavdt - ok
09:57:15.0360 5012 btwdins (e1c1bcc8211e3ae2b524deef071faf2a) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
09:57:15.0375 5012 btwdins - ok
09:57:15.0517 5012 BTWDPAN (e06fe51893b481a200214760c0de2621) C:\windows\system32\DRIVERS\btwdpan.sys
09:57:15.0519 5012 BTWDPAN - ok
09:57:15.0652 5012 btwl2cap (b9354f9f111c64f2495b60f1e24cb453) C:\windows\system32\DRIVERS\btwl2cap.sys
09:57:15.0653 5012 btwl2cap - ok
09:57:15.0777 5012 btwrchid (9555e15f828760341751e9183bd34e60) C:\windows\system32\DRIVERS\btwrchid.sys
09:57:15.0778 5012 btwrchid - ok
09:57:15.0808 5012 catchme - ok
09:57:15.0956 5012 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
09:57:15.0959 5012 cdfs - ok
09:57:16.0118 5012 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
09:57:16.0121 5012 cdrom - ok
09:57:16.0222 5012 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
09:57:16.0224 5012 CertPropSvc - ok
09:57:16.0287 5012 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
09:57:16.0289 5012 circlass - ok
09:57:16.0392 5012 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
09:57:16.0408 5012 CLFS - ok
09:57:16.0541 5012 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:57:16.0544 5012 clr_optimization_v2.0.50727_32 - ok
09:57:16.0592 5012 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:57:16.0595 5012 clr_optimization_v2.0.50727_64 - ok
09:57:16.0652 5012 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:57:16.0656 5012 clr_optimization_v4.0.30319_32 - ok
09:57:16.0696 5012 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:57:16.0699 5012 clr_optimization_v4.0.30319_64 - ok
09:57:16.0830 5012 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\windows\system32\DRIVERS\clwvd.sys
09:57:16.0832 5012 clwvd - ok
09:57:16.0890 5012 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
09:57:16.0891 5012 CmBatt - ok
09:57:16.0911 5012 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
09:57:16.0912 5012 cmdide - ok
09:57:17.0041 5012 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
09:57:17.0049 5012 CNG - ok
09:57:17.0196 5012 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
09:57:17.0197 5012 Compbatt - ok
09:57:17.0345 5012 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
09:57:17.0346 5012 CompositeBus - ok
09:57:17.0438 5012 COMSysApp - ok
09:57:17.0500 5012 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\windows\system32\drivers\cpuz135_x64.sys
09:57:17.0501 5012 cpuz135 - ok
09:57:17.0633 5012 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
09:57:17.0635 5012 crcdisk - ok
09:57:17.0758 5012 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
09:57:17.0762 5012 CryptSvc - ok
09:57:17.0826 5012 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
09:57:17.0837 5012 DcomLaunch - ok
09:57:17.0894 5012 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
09:57:17.0900 5012 defragsvc - ok
09:57:18.0057 5012 DelayMan (ffd82c1c4abb5b0859eb081664dbda11) C:\windows\system32\DRIVERS\delayman.sys
09:57:18.0058 5012 DelayMan - ok
09:57:18.0196 5012 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
09:57:18.0198 5012 DfsC - ok
09:57:18.0313 5012 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
09:57:18.0319 5012 Dhcp - ok
09:57:18.0366 5012 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
09:57:18.0368 5012 discache - ok
09:57:18.0507 5012 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
09:57:18.0507 5012 Disk - ok
09:57:18.0560 5012 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
09:57:18.0565 5012 Dnscache - ok
09:57:18.0683 5012 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
09:57:18.0688 5012 dot3svc - ok
09:57:18.0831 5012 dot4 (b42ed0320c6e41102fde0005154849bb) C:\windows\system32\DRIVERS\Dot4.sys
09:57:18.0834 5012 dot4 - ok
09:57:18.0978 5012 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\windows\system32\DRIVERS\Dot4Prt.sys
09:57:18.0980 5012 Dot4Print - ok
09:57:19.0015 5012 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\windows\system32\DRIVERS\dot4usb.sys
09:57:19.0017 5012 dot4usb - ok
09:57:19.0125 5012 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
09:57:19.0129 5012 DPS - ok
09:57:19.0185 5012 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
09:57:19.0186 5012 drmkaud - ok
09:57:19.0297 5012 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
09:57:19.0311 5012 DXGKrnl - ok
09:57:19.0393 5012 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
09:57:19.0396 5012 EapHost - ok
09:57:19.0605 5012 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
09:57:19.0642 5012 ebdrv - ok
09:57:19.0722 5012 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
09:57:19.0736 5012 EFS - ok
09:57:19.0822 5012 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
09:57:19.0829 5012 ehRecvr - ok
09:57:19.0871 5012 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
09:57:19.0873 5012 ehSched - ok
09:57:19.0982 5012 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
09:57:19.0991 5012 elxstor - ok
09:57:20.0019 5012 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
09:57:20.0020 5012 ErrDev - ok
09:57:20.0192 5012 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
09:57:20.0200 5012 EventSystem - ok
09:57:20.0327 5012 EvtEng (54fc81b0162478a72a93dbbeafb35671) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:57:20.0341 5012 EvtEng - ok
09:57:20.0519 5012 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
09:57:20.0522 5012 exfat - ok
09:57:20.0574 5012 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
09:57:20.0574 5012 fastfat - ok
09:57:20.0755 5012 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
09:57:20.0767 5012 Fax - ok
09:57:20.0944 5012 fbfmon (0bdd7984db7aaff6dfefd11d82d473db) C:\windows\system32\drivers\fbfmon.sys
09:57:20.0946 5012 fbfmon - ok
09:57:20.0988 5012 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
09:57:20.0990 5012 fdc - ok
09:57:21.0113 5012 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
09:57:21.0115 5012 fdPHost - ok
09:57:21.0150 5012 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
09:57:21.0152 5012 FDResPub - ok
09:57:21.0193 5012 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
09:57:21.0195 5012 FileInfo - ok
09:57:21.0296 5012 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
09:57:21.0297 5012 Filetrace - ok
09:57:21.0346 5012 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
09:57:21.0347 5012 flpydisk - ok
09:57:21.0445 5012 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
09:57:21.0450 5012 FltMgr - ok
09:57:21.0523 5012 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
09:57:21.0542 5012 FontCache - ok
09:57:21.0677 5012 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:57:21.0678 5012 FontCache3.0.0.0 - ok
09:57:21.0764 5012 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
09:57:21.0765 5012 FsDepends - ok
09:57:21.0802 5012 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
09:57:21.0803 5012 Fs_Rec - ok
09:57:21.0877 5012 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
09:57:21.0882 5012 fvevol - ok
09:57:21.0984 5012 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
09:57:21.0986 5012 gagp30kx - ok
09:57:22.0041 5012 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
09:57:22.0042 5012 GEARAspiWDM - ok
09:57:22.0154 5012 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
09:57:22.0164 5012 gpsvc - ok
09:57:22.0263 5012 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:57:22.0266 5012 gupdate - ok
09:57:22.0286 5012 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:57:22.0288 5012 gupdatem - ok
09:57:22.0414 5012 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
09:57:22.0416 5012 hcw85cir - ok
09:57:22.0483 5012 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
09:57:22.0489 5012 HdAudAddService - ok
09:57:22.0573 5012 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
09:57:22.0575 5012 HDAudBus - ok
09:57:22.0602 5012 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
09:57:22.0603 5012 HidBatt - ok
09:57:22.0619 5012 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
09:57:22.0621 5012 HidBth - ok
09:57:22.0636 5012 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
09:57:22.0638 5012 HidIr - ok
09:57:22.0690 5012 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
09:57:22.0693 5012 hidserv - ok
09:57:22.0760 5012 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
09:57:22.0762 5012 HidUsb - ok
09:57:22.0862 5012 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
09:57:22.0866 5012 hkmsvc - ok
09:57:22.0916 5012 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
09:57:22.0922 5012 HomeGroupListener - ok
09:57:22.0973 5012 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
09:57:22.0979 5012 HomeGroupProvider - ok
09:57:23.0110 5012 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
09:57:23.0112 5012 HpSAMD - ok
09:57:23.0183 5012 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
09:57:23.0195 5012 HTTP - ok
09:57:23.0267 5012 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
09:57:23.0268 5012 hwpolicy - ok
09:57:23.0419 5012 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
09:57:23.0422 5012 i8042prt - ok
09:57:23.0523 5012 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
09:57:23.0530 5012 iaStor - ok
09:57:23.0636 5012 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
09:57:23.0638 5012 IAStorDataMgrSvc - ok
09:57:23.0756 5012 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
09:57:23.0763 5012 iaStorV - ok
09:57:23.0861 5012 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:57:23.0874 5012 idsvc - ok
09:57:24.0264 5012 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\windows\system32\DRIVERS\igdkmd64.sys
09:57:24.0317 5012 igfx - ok
09:57:24.0383 5012 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
09:57:24.0385 5012 iirsp - ok
09:57:24.0440 5012 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
09:57:24.0444 5012 IKEEXT - ok
09:57:24.0652 5012 IntcAzAudAddService (1ce438b31551746ab450d8ffa403bdb5) C:\windows\system32\drivers\RTKVHD64.sys
09:57:24.0673 5012 IntcAzAudAddService - ok
09:57:24.0745 5012 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
09:57:24.0751 5012 IntcDAud - ok
09:57:24.0782 5012 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
09:57:24.0783 5012 intelide - ok
09:57:24.0874 5012 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
09:57:24.0876 5012 intelppm - ok
09:57:24.0910 5012 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
09:57:24.0914 5012 IPBusEnum - ok
09:57:24.0952 5012 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
09:57:24.0954 5012 IpFilterDriver - ok
09:57:25.0004 5012 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
09:57:25.0014 5012 iphlpsvc - ok
09:57:25.0042 5012 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
09:57:25.0044 5012 IPMIDRV - ok
09:57:25.0059 5012 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
09:57:25.0061 5012 IPNAT - ok
09:57:25.0173 5012 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
09:57:25.0187 5012 iPod Service - ok
09:57:25.0313 5012 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
09:57:25.0314 5012 IRENUM - ok
09:57:25.0334 5012 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
09:57:25.0335 5012 isapnp - ok
09:57:25.0359 5012 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
09:57:25.0364 5012 iScsiPrt - ok
09:57:25.0471 5012 JMCR (e56417c56b6a7316b6f527c890a1860d) C:\windows\system32\DRIVERS\jmcr.sys
09:57:25.0474 5012 JMCR - ok
09:57:25.0530 5012 k57nd60a (455b75c19bf3f1f2ee3ac10e1169826c) C:\windows\system32\DRIVERS\k57nd60a.sys
09:57:25.0535 5012 k57nd60a - ok
09:57:25.0581 5012 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
09:57:25.0582 5012 kbdclass - ok
09:57:25.0614 5012 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
09:57:25.0615 5012 kbdhid - ok
09:57:25.0666 5012 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
09:57:25.0669 5012 KeyIso - ok
09:57:25.0697 5012 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
09:57:25.0699 5012 KSecDD - ok
09:57:25.0728 5012 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
09:57:25.0731 5012 KSecPkg - ok
09:57:25.0757 5012 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
09:57:25.0758 5012 ksthunk - ok
09:57:25.0798 5012 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
09:57:25.0806 5012 KtmRm - ok
09:57:25.0869 5012 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
09:57:25.0876 5012 LanmanServer - ok
09:57:25.0931 5012 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
09:57:25.0938 5012 LanmanWorkstation - ok
09:57:25.0993 5012 LHDmgr (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys
09:57:25.0994 5012 LHDmgr - ok
09:57:26.0027 5012 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
09:57:26.0029 5012 lltdio - ok
09:57:26.0071 5012 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
09:57:26.0076 5012 lltdsvc - ok
09:57:26.0100 5012 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
09:57:26.0102 5012 lmhosts - ok
09:57:26.0216 5012 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:57:26.0221 5012 LMS - ok
09:57:26.0360 5012 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
09:57:26.0363 5012 LSI_FC - ok
09:57:26.0389 5012 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
09:57:26.0391 5012 LSI_SAS - ok
09:57:26.0406 5012 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
09:57:26.0408 5012 LSI_SAS2 - ok
09:57:26.0426 5012 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
09:57:26.0427 5012 LSI_SCSI - ok
09:57:26.0470 5012 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
09:57:26.0471 5012 luafv - ok
09:57:26.0501 5012 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
09:57:26.0504 5012 Mcx2Svc - ok
09:57:26.0545 5012 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
09:57:26.0546 5012 megasas - ok
09:57:26.0565 5012 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
09:57:26.0570 5012 MegaSR - ok
09:57:26.0616 5012 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
09:57:26.0617 5012 MEIx64 - ok
09:57:26.0675 5012 Microsoft SharePoint Workspace Audit Service - ok
09:57:26.0771 5012 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
09:57:26.0775 5012 MMCSS - ok
09:57:26.0818 5012 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
09:57:26.0820 5012 Modem - ok
09:57:26.0854 5012 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
09:57:26.0855 5012 monitor - ok
09:57:26.0895 5012 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
09:57:26.0896 5012 mouclass - ok
09:57:26.0925 5012 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
09:57:26.0926 5012 mouhid - ok
09:57:26.0964 5012 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
09:57:26.0966 5012 mountmgr - ok
09:57:26.0992 5012 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
09:57:26.0995 5012 mpio - ok
09:57:27.0021 5012 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
09:57:27.0022 5012 mpsdrv - ok
09:57:27.0076 5012 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
09:57:27.0088 5012 MpsSvc - ok
09:57:27.0130 5012 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
09:57:27.0132 5012 MRxDAV - ok
09:57:27.0176 5012 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
09:57:27.0178 5012 mrxsmb - ok
09:57:27.0209 5012 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
09:57:27.0213 5012 mrxsmb10 - ok
09:57:27.0237 5012 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
09:57:27.0239 5012 mrxsmb20 - ok
09:57:27.0274 5012 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
09:57:27.0276 5012 msahci - ok
09:57:27.0305 5012 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
09:57:27.0308 5012 msdsm - ok
09:57:27.0338 5012 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
09:57:27.0341 5012 MSDTC - ok
09:57:27.0393 5012 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
09:57:27.0394 5012 Msfs - ok
09:57:27.0412 5012 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
09:57:27.0413 5012 mshidkmdf - ok
09:57:27.0437 5012 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
09:57:27.0438 5012 msisadrv - ok
09:57:27.0475 5012 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
09:57:27.0479 5012 MSiSCSI - ok
09:57:27.0489 5012 msiserver - ok
09:57:27.0544 5012 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
09:57:27.0545 5012 MSKSSRV - ok
09:57:27.0558 5012 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
09:57:27.0559 5012 MSPCLOCK - ok
09:57:27.0586 5012 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
09:57:27.0587 5012 MSPQM - ok
09:57:27.0622 5012 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
09:57:27.0626 5012 MsRPC - ok
09:57:27.0652 5012 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
09:57:27.0654 5012 mssmbios - ok
09:57:27.0686 5012 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
09:57:27.0687 5012 MSTEE - ok
09:57:27.0699 5012 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
09:57:27.0699 5012 MTConfig - ok
09:57:27.0718 5012 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
09:57:27.0720 5012 Mup - ok
09:57:27.0793 5012 MyWiFiDHCPDNS (4bbb9d9c4df259fae2d172c5bb25ddd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
09:57:27.0799 5012 MyWiFiDHCPDNS - ok
09:57:27.0915 5012 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
09:57:27.0924 5012 napagent - ok
09:57:27.0988 5012 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
09:57:27.0991 5012 NativeWifiP - ok
09:57:28.0062 5012 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
09:57:28.0074 5012 NDIS - ok
09:57:28.0127 5012 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
09:57:28.0128 5012 NdisCap - ok
09:57:28.0154 5012 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
09:57:28.0155 5012 NdisTapi - ok
09:57:28.0178 5012 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
09:57:28.0179 5012 Ndisuio - ok
09:57:28.0200 5012 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
09:57:28.0202 5012 NdisWan - ok
09:57:28.0224 5012 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
09:57:28.0225 5012 NDProxy - ok
09:57:28.0258 5012 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
09:57:28.0260 5012 NetBIOS - ok
09:57:28.0288 5012 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
09:57:28.0292 5012 NetBT - ok
09:57:28.0344 5012 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
09:57:28.0346 5012 Netlogon - ok
09:57:28.0403 5012 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
09:57:28.0410 5012 Netman - ok
09:57:28.0495 5012 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:57:28.0498 5012 NetMsmqActivator - ok
09:57:28.0507 5012 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:57:28.0509 5012 NetPipeActivator - ok
09:57:28.0598 5012 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
09:57:28.0607 5012 netprofm - ok
09:57:28.0673 5012 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:57:28.0676 5012 NetTcpActivator - ok
09:57:28.0684 5012 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:57:28.0687 5012 NetTcpPortSharing - ok
09:57:28.0937 5012 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\windows\system32\DRIVERS\NETwNs64.sys
09:57:28.0974 5012 NETwNs64 - ok
09:57:29.0058 5012 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
09:57:29.0060 5012 nfrd960 - ok
09:57:29.0120 5012 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
09:57:29.0128 5012 NlaSvc - ok
09:57:29.0167 5012 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
09:57:29.0169 5012 Npfs - ok
09:57:29.0189 5012 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
09:57:29.0193 5012 nsi - ok
09:57:29.0216 5012 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
09:57:29.0217 5012 nsiproxy - ok
09:57:29.0279 5012 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
09:57:29.0293 5012 Ntfs - ok
09:57:29.0319 5012 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
09:57:29.0319 5012 Null - ok
09:57:29.0368 5012 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\windows\system32\DRIVERS\nusb3hub.sys
09:57:29.0370 5012 nusb3hub - ok
09:57:29.0396 5012 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\windows\system32\DRIVERS\nusb3xhc.sys
09:57:29.0398 5012 nusb3xhc - ok
09:57:29.0736 5012 nvlddmkm (e56852a3743c2fbc46c9af4b687522ca) C:\windows\system32\DRIVERS\nvlddmkm.sys
09:57:29.0793 5012 nvlddmkm - ok
09:57:29.0855 5012 nvpciflt (d38952a15d728eb5ac9c6618a65fdfde) C:\windows\system32\DRIVERS\nvpciflt.sys
09:57:29.0855 5012 nvpciflt - ok
09:57:29.0913 5012 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
09:57:29.0916 5012 nvraid - ok
09:57:29.0944 5012 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
09:57:29.0947 5012 nvstor - ok
09:57:30.0021 5012 NVSvc (dd9ac38bd31d8adbc3138bd868b52289) C:\windows\system32\nvvsvc.exe
09:57:30.0035 5012 NVSvc - ok
09:57:30.0147 5012 nvUpdatusService (7c804b02415a58b0c01e79da44be2e32) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
09:57:30.0170 5012 nvUpdatusService - ok
09:57:30.0291 5012 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
09:57:30.0294 5012 nv_agp - ok
09:57:30.0330 5012 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
09:57:30.0332 5012 ohci1394 - ok
09:57:30.0416 5012 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:57:30.0419 5012 ose64 - ok
09:57:30.0598 5012 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:57:30.0627 5012 osppsvc - ok
09:57:30.0757 5012 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
09:57:30.0765 5012 p2pimsvc - ok
09:57:30.0811 5012 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
09:57:30.0817 5012 p2psvc - ok
09:57:30.0855 5012 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
09:57:30.0856 5012 Parport - ok
09:57:30.0883 5012 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
09:57:30.0884 5012 partmgr - ok
09:57:30.0916 5012 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
09:57:30.0919 5012 PcaSvc - ok
09:57:30.0961 5012 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
09:57:30.0963 5012 pci - ok
09:57:30.0981 5012 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
09:57:30.0982 5012 pciide - ok
09:57:30.0997 5012 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
09:57:30.0999 5012 pcmcia - ok
09:57:31.0022 5012 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
09:57:31.0023 5012 pcw - ok
09:57:31.0053 5012 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
09:57:31.0059 5012 PEAUTH - ok
09:57:31.0131 5012 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
09:57:31.0134 5012 PerfHost - ok
09:57:31.0249 5012 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
09:57:31.0273 5012 pla - ok
09:57:31.0329 5012 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
09:57:31.0339 5012 PlugPlay - ok
09:57:31.0370 5012 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
09:57:31.0373 5012 PNRPAutoReg - ok
09:57:31.0399 5012 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
09:57:31.0404 5012 PNRPsvc - ok
09:57:31.0453 5012 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
09:57:31.0459 5012 PolicyAgent - ok
09:57:31.0486 5012 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
09:57:31.0490 5012 Power - ok
09:57:31.0537 5012 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
09:57:31.0540 5012 PptpMiniport - ok
09:57:31.0566 5012 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
09:57:31.0568 5012 Processor - ok
09:57:31.0614 5012 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
09:57:31.0620 5012 ProfSvc - ok
09:57:31.0654 5012 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
09:57:31.0657 5012 ProtectedStorage - ok
09:57:31.0706 5012 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
09:57:31.0707 5012 Psched - ok
09:57:31.0781 5012 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
09:57:31.0794 5012 ql2300 - ok
09:57:31.0806 5012 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
09:57:31.0807 5012 ql40xx - ok
09:57:31.0847 5012 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
09:57:31.0849 5012 QWAVE - ok
09:57:31.0885 5012 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
09:57:31.0885 5012 QWAVEdrv - ok
09:57:31.0917 5012 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
09:57:31.0932 5012 RasAcd - ok
09:57:32.0072 5012 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
09:57:32.0073 5012 RasAgileVpn - ok
09:57:32.0142 5012 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
09:57:32.0147 5012 RasAuto - ok
09:57:32.0261 5012 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
09:57:32.0264 5012 Rasl2tp - ok
09:57:32.0305 5012 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
09:57:32.0314 5012 RasMan - ok
09:57:32.0408 5012 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
09:57:32.0410 5012 RasPppoe - ok
09:57:32.0498 5012 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
09:57:32.0500 5012 RasSstp - ok
09:57:32.0561 5012 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
09:57:32.0566 5012 rdbss - ok
09:57:32.0644 5012 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
09:57:32.0646 5012 rdpbus - ok
09:57:32.0668 5012 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
09:57:32.0669 5012 RDPCDD - ok
09:57:32.0794 5012 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
09:57:32.0795 5012 RDPENCDD - ok
09:57:32.0832 5012 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
09:57:32.0833 5012 RDPREFMP - ok
09:57:32.0906 5012 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
09:57:32.0922 5012 RDPWD - ok
09:57:33.0027 5012 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
09:57:33.0031 5012 rdyboost - ok
09:57:33.0141 5012 RegSrvc (a436f5e7d80bbdbb0826d0f176d5bea8) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:57:33.0154 5012 RegSrvc - ok
09:57:33.0307 5012 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
09:57:33.0312 5012 RemoteAccess - ok
09:57:33.0396 5012 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
09:57:33.0398 5012 RemoteRegistry - ok
09:57:33.0546 5012 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
09:57:33.0549 5012 RFCOMM - ok
09:57:33.0724 5012 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
09:57:33.0729 5012 RpcEptMapper - ok
09:57:33.0891 5012 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
09:57:33.0895 5012 RpcLocator - ok
09:57:34.0025 5012 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
09:57:34.0037 5012 RpcSs - ok
09:57:34.0177 5012 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
09:57:34.0179 5012 rspndr - ok
09:57:34.0262 5012 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys
09:57:34.0265 5012 RTL8167 - ok
09:57:34.0643 5012 rtsuvc (558b39be7c496ac49e27dedcfab13a54) C:\windows\system32\DRIVERS\rtsuvc.sys
09:57:34.0678 5012 rtsuvc - ok
09:57:34.0843 5012 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
09:57:34.0847 5012 SamSs - ok
09:57:34.0940 5012 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
09:57:34.0941 5012 SASDIFSV - ok
09:57:34.0957 5012 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
09:57:34.0958 5012 SASKUTIL - ok
09:57:35.0106 5012 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
09:57:35.0109 5012 sbp2port - ok
09:57:35.0193 5012 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
09:57:35.0200 5012 SCardSvr - ok
09:57:35.0344 5012 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
09:57:35.0346 5012 scfilter - ok
09:57:35.0466 5012 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
09:57:35.0487 5012 Schedule - ok
09:57:35.0542 5012 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
09:57:35.0545 5012 SCPolicySvc - ok
09:57:35.0618 5012 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\DRIVERS\sdbus.sys
09:57:35.0620 5012 sdbus - ok
09:57:35.0763 5012 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
09:57:35.0769 5012 SDRSVC - ok
09:57:35.0892 5012 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
09:57:35.0894 5012 secdrv - ok
09:57:35.0969 5012 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
09:57:35.0973 5012 seclogon - ok
09:57:36.0136 5012 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
09:57:36.0141 5012 SENS - ok
09:57:36.0271 5012 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
09:57:36.0276 5012 SensrSvc - ok
09:57:36.0322 5012 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
09:57:36.0323 5012 Serenum - ok
09:57:36.0402 5012 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
09:57:36.0404 5012 Serial - ok
09:57:36.0419 5012 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
09:57:36.0421 5012 sermouse - ok
09:57:36.0476 5012 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
09:57:36.0479 5012 SessionEnv - ok
09:57:36.0513 5012 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
09:57:36.0514 5012 sffdisk - ok
09:57:36.0550 5012 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
09:57:36.0551 5012 sffp_mmc - ok
09:57:36.0564 5012 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
09:57:36.0564 5012 sffp_sd - ok
09:57:36.0576 5012 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
09:57:36.0576 5012 sfloppy - ok
09:57:36.0636 5012 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
09:57:36.0643 5012 SharedAccess - ok
09:57:36.0696 5012 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
09:57:36.0702 5012 ShellHWDetection - ok
09:57:36.0849 5012 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
09:57:36.0850 5012 SiSRaid2 - ok
09:57:36.0884 5012 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
09:57:36.0886 5012 SiSRaid4 - ok
09:57:36.0908 5012 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
09:57:36.0909 5012 Smb - ok
09:57:37.0067 5012 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
09:57:37.0071 5012 SNMPTRAP - ok
09:57:37.0136 5012 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
09:57:37.0137 5012 spldr - ok
09:57:37.0222 5012 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
09:57:37.0231 5012 Spooler - ok
09:57:37.0326 5012 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
09:57:37.0356 5012 sppsvc - ok
09:57:37.0384 5012 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
09:57:37.0385 5012 sppuinotify - ok
09:57:37.0441 5012 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
09:57:37.0449 5012 srv - ok
09:57:37.0536 5012 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
09:57:37.0543 5012 srv2 - ok
09:57:37.0570 5012 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
09:57:37.0573 5012 srvnet - ok
09:57:37.0625 5012 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
09:57:37.0631 5012 SSDPSRV - ok
09:57:37.0653 5012 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
09:57:37.0658 5012 SstpSvc - ok
09:57:37.0721 5012 Steam Client Service - ok
09:57:37.0870 5012 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
09:57:37.0872 5012 stexstor - ok
09:57:37.0940 5012 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
09:57:37.0951 5012 stisvc - ok
09:57:38.0004 5012 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
09:57:38.0005 5012 swenum - ok
09:57:38.0058 5012 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
09:57:38.0068 5012 swprv - ok
09:57:38.0269 5012 SynTP (0cf653915ef33c2b6a98c7ef2f231d56) C:\windows\system32\DRIVERS\SynTP.sys
09:57:38.0290 5012 SynTP - ok
09:57:38.0384 5012 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
09:57:38.0398 5012 SysMain - ok
09:57:38.0415 5012 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
09:57:38.0417 5012 TabletInputService - ok
09:57:38.0444 5012 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
09:57:38.0447 5012 TapiSrv - ok
09:57:38.0469 5012 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
09:57:38.0470 5012 TBS - ok
09:57:38.0552 5012 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
09:57:38.0572 5012 Tcpip - ok
09:57:38.0746 5012 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
09:57:38.0763 5012 TCPIP6 - ok
09:57:38.0824 5012 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
09:57:38.0826 5012 tcpipreg - ok
09:57:38.0855 5012 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
09:57:38.0856 5012 TDPIPE - ok
09:57:38.0902 5012 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
09:57:38.0904 5012 TDTCP - ok
09:57:38.0966 5012 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
09:57:38.0968 5012 tdx - ok
09:57:38.0994 5012 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
09:57:38.0995 5012 TermDD - ok
09:57:39.0047 5012 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
09:57:39.0058 5012 TermService - ok
09:57:39.0095 5012 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
09:57:39.0099 5012 Themes - ok
09:57:39.0136 5012 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
09:57:39.0139 5012 THREADORDER - ok
09:57:39.0179 5012 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
09:57:39.0184 5012 TrkWks - ok
09:57:39.0242 5012 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
09:57:39.0245 5012 TrustedInstaller - ok
09:57:39.0338 5012 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
09:57:39.0340 5012 tssecsrv - ok
09:57:39.0482 5012 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
09:57:39.0484 5012 TsUsbFlt - ok
09:57:39.0548 5012 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
09:57:39.0550 5012 TsUsbGD - ok
09:57:39.0745 5012 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
09:57:39.0748 5012 tunnel - ok
09:57:39.0920 5012 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
09:57:39.0922 5012 uagp35 - ok
09:57:40.0055 5012 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
09:57:40.0061 5012 udfs - ok
09:57:40.0148 5012 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
09:57:40.0153 5012 UI0Detect - ok
09:57:40.0294 5012 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
09:57:40.0296 5012 uliagpkx - ok
09:57:40.0378 5012 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
09:57:40.0380 5012 umbus - ok
09:57:40.0416 5012 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
09:57:40.0418 5012 UmPass - ok
09:57:40.0581 5012 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
09:57:40.0595 5012 UNS - ok
09:57:40.0746 5012 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
09:57:40.0753 5012 upnphost - ok
09:57:40.0838 5012 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
09:57:40.0840 5012 USBAAPL64 - ok
09:57:40.0905 5012 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
09:57:40.0908 5012 usbccgp - ok
09:57:40.0989 5012 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
09:57:40.0992 5012 usbcir - ok
09:57:41.0045 5012 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
09:57:41.0046 5012 usbehci - ok
09:57:41.0223 5012 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
09:57:41.0229 5012 usbhub - ok
09:57:41.0386 5012 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
09:57:41.0387 5012 usbohci - ok
09:57:41.0506 5012 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
09:57:41.0507 5012 usbprint - ok
09:57:41.0587 5012 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
09:57:41.0590 5012 USBSTOR - ok
09:57:41.0631 5012 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
09:57:41.0632 5012 usbuhci - ok
09:57:41.0770 5012 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
09:57:41.0774 5012 usbvideo - ok
09:57:41.0851 5012 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
09:57:41.0856 5012 UxSms - ok
09:57:41.0998 5012 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
09:57:42.0001 5012 VaultSvc - ok
09:57:42.0156 5012 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
09:57:42.0157 5012 vdrvroot - ok
09:57:42.0257 5012 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
09:57:42.0259 5012 vds - ok
09:57:42.0381 5012 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
09:57:42.0383 5012 vga - ok
09:57:42.0439 5012 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
09:57:42.0440 5012 VgaSave - ok
09:57:42.0500 5012 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
09:57:42.0504 5012 vhdmp - ok
09:57:42.0596 5012 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
09:57:42.0597 5012 viaide - ok
09:57:42.0628 5012 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
09:57:42.0630 5012 volmgr - ok
09:57:42.0751 5012 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
09:57:42.0754 5012 volmgrx - ok
09:57:42.0801 5012 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
09:57:42.0806 5012 volsnap - ok
09:57:42.0929 5012 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
09:57:42.0932 5012 vsmraid - ok
09:57:43.0026 5012 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
09:57:43.0046 5012 VSS - ok
09:57:43.0166 5012 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
09:57:43.0168 5012 vwifibus - ok
09:57:43.0208 5012 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
09:57:43.0210 5012 vwififlt - ok
09:57:43.0234 5012 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
09:57:43.0235 5012 vwifimp - ok
09:57:43.0388 5012 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
09:57:43.0398 5012 W32Time - ok
09:57:43.0473 5012 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
09:57:43.0475 5012 WacomPen - ok
09:57:43.0536 5012 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
09:57:43.0538 5012 WANARP - ok
09:57:43.0547 5012 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
09:57:43.0549 5012 Wanarpv6 - ok
09:57:43.0642 5012 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
09:57:43.0661 5012 WatAdminSvc - ok
09:57:43.0748 5012 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
09:57:43.0765 5012 wbengine - ok
09:57:43.0827 5012 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
09:57:43.0834 5012 WbioSrvc - ok
09:57:43.0869 5012 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
09:57:43.0878 5012 wcncsvc - ok
09:57:43.0986 5012 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
09:57:43.0992 5012 WcsPlugInService - ok
09:57:44.0040 5012 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
09:57:44.0042 5012 Wd - ok
09:57:44.0155 5012 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
09:57:44.0165 5012 Wdf01000 - ok
09:57:44.0205 5012 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
09:57:44.0211 5012 WdiServiceHost - ok
09:57:44.0217 5012 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
09:57:44.0221 5012 WdiSystemHost - ok
09:57:44.0274 5012 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\windows\system32\DRIVERS\WDKMD.sys
09:57:44.0275 5012 wdkmd - ok
09:57:44.0322 5012 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
09:57:44.0329 5012 WebClient - ok
09:57:44.0364 5012 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
09:57:44.0370 5012 Wecsvc - ok
09:57:44.0487 5012 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
09:57:44.0493 5012 wercplsupport - ok
09:57:44.0552 5012 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
09:57:44.0557 5012 WerSvc - ok
09:57:44.0629 5012 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
09:57:44.0630 5012 WfpLwf - ok
09:57:44.0672 5012 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
09:57:44.0673 5012 WIMMount - ok
09:57:44.0710 5012 WinDefend - ok
09:57:44.0726 5012 WinHttpAutoProxySvc - ok
09:57:44.0887 5012 winioex (fef576b25641012fa927b0a2703c51f9) C:\windows\system32\drivers\winioex.sys
09:57:44.0889 5012 winioex - ok
09:57:44.0993 5012 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
09:57:44.0997 5012 Winmgmt - ok
09:57:45.0135 5012 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
09:57:45.0156 5012 WinRM - ok
09:57:45.0333 5012 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
09:57:45.0350 5012 Wlansvc - ok
09:57:45.0439 5012 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:57:45.0441 5012 wlcrasvc - ok
09:57:45.0544 5012 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:57:45.0570 5012 wlidsvc - ok
09:57:45.0723 5012 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
09:57:45.0724 5012 WmiAcpi - ok
09:57:45.0798 5012 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
09:57:45.0801 5012 wmiApSrv - ok
09:57:45.0836 5012 WMPNetworkSvc - ok
09:57:45.0988 5012 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
09:57:45.0993 5012 WPCSvc - ok
09:57:46.0020 5012 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
09:57:46.0026 5012 WPDBusEnum - ok
09:57:46.0056 5012 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
09:57:46.0058 5012 ws2ifsl - ok
09:57:46.0099 5012 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
09:57:46.0105 5012 wscsvc - ok
09:57:46.0116 5012 WSearch - ok
09:57:46.0163 5012 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
09:57:46.0166 5012 wsvd - ok
09:57:46.0262 5012 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
09:57:46.0285 5012 wuauserv - ok
09:57:46.0399 5012 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
09:57:46.0402 5012 WudfPf - ok
09:57:46.0445 5012 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
09:57:46.0448 5012 WUDFRd - ok
09:57:46.0478 5012 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
09:57:46.0484 5012 wudfsvc - ok
09:57:46.0511 5012 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
09:57:46.0520 5012 WwanSvc - ok
09:57:46.0582 5012 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:57:46.0590 5012 \Device\Harddisk0\DR0 - ok
09:57:46.0594 5012 Boot (0x1200) (417d77fe09160dff6ee1b0a5b1429653) \Device\Harddisk0\DR0\Partition0
09:57:46.0596 5012 \Device\Harddisk0\DR0\Partition0 - ok
09:57:46.0610 5012 Boot (0x1200) (a067864476d2df8d90a87a1b59248d24) \Device\Harddisk0\DR0\Partition1
09:57:46.0612 5012 \Device\Harddisk0\DR0\Partition1 - ok
09:57:46.0645 5012 Boot (0x1200) (3e73e2371926462997f803cb41a07d14) \Device\Harddisk0\DR0\Partition2
09:57:46.0647 5012 \Device\Harddisk0\DR0\Partition2 - ok
09:57:46.0649 5012 ============================================================
09:57:46.0649 5012 Scan finished
09:57:46.0649 5012 ============================================================
09:57:46.0667 3412 Detected object count: 0
09:57:46.0667 3412 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-27 09:58:41
-----------------------------
09:58:41.349 OS Version: Windows x64 6.1.7601 Service Pack 1
09:58:41.350 Number of processors: 4 586 0x2A07
09:58:41.351 ComputerName: SAUNAKDESAI-PC UserName: Saunak Desai
09:58:42.777 Initialize success
09:58:58.303 AVAST engine defs: 12032701
09:59:10.615 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:59:10.620 Disk 0 Vendor: WDC_WD75 02.0 Size: 715404MB BusType: 3
09:59:10.630 Disk 0 MBR read successfully
09:59:10.636 Disk 0 MBR scan
09:59:10.642 Disk 0 Windows 7 default MBR code
09:59:10.645 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
09:59:10.658 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 670402 MB offset 411648
09:59:10.663 Disk 0 Partition - 00 0F Extended LBA 29693 MB offset 1373394944
09:59:10.695 Disk 0 Partition 3 00 12 Compaq diag NTFS 15108 MB offset 1434206208
09:59:10.726 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29692 MB offset 1373396992
09:59:10.793 Disk 0 scanning C:\windows\system32\drivers
09:59:21.744 Service scanning
09:59:56.120 Modules scanning
09:59:56.151 Disk 0 trace - called modules:
09:59:56.170 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:59:56.175 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004df7060]
09:59:56.179 3 CLASSPNP.SYS[fffff88001b7e43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b7c050]
09:59:58.226 AVAST engine scan C:\windows
10:00:02.393 AVAST engine scan C:\windows\system32
10:02:40.446 AVAST engine scan C:\windows\system32\drivers
10:02:49.876 AVAST engine scan C:\Users\Saunak Desai
10:05:55.246 File: C:\Users\Saunak Desai\AppData\Local\Temp\_av4_\data\aswar0.dll **INFECTED** Win32:Malware-gen
10:05:55.464 File: C:\Users\Saunak Desai\AppData\Local\Temp\_av4_\data\updldr0.bin **INFECTED** Win32:Malware-gen
10:08:13.773 AVAST engine scan C:\ProgramData
10:08:50.923 Scan finished successfully
10:10:48.495 Disk 0 MBR has been saved successfully to "C:\Users\Saunak Desai\Documents\MBR.dat"
10:10:48.495 The log file has been saved successfully to "C:\Users\Saunak Desai\Documents\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 PM

Posted 27 March 2012 - 09:38 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
File::
C:\Users\Saunak Desai\AppData\Local\Temp\_av4_\data\aswar0.dll
C:\Users\Saunak Desai\AppData\Local\Temp\_av4_\data\updldr0.bin

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Poplock

Poplock
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 27 March 2012 - 09:56 AM

I ran the script and there were no errors. However, the problem is still occurring. Here is the log:


ComboFix 12-03-27.02 - Saunak Desai 03/27/2012 10:43:40.7.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4040.1322 [GMT -4:00]
Running from: c:\users\Saunak Desai\Desktop\ComboFix.exe
Command switches used :: c:\users\Saunak Desai\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Saunak Desai\AppData\Local\Temp\_av4_\data\aswar0.dll"
"c:\users\Saunak Desai\AppData\Local\Temp\_av4_\data\updldr0.bin"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Saunak Desai\AppData\Local\Temp\_av4_\data\aswar0.dll
c:\users\Saunak Desai\AppData\Local\Temp\_av4_\data\updldr0.bin
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-27 14:47 . 2012-03-27 14:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-27 14:47 . 2012-03-27 14:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-27 13:21 . 2012-03-27 13:21 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-03-27 12:52 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5142BB2C-6850-45E4-BACD-326213F4718F}\mpengine.dll
2012-03-26 20:15 . 2012-03-26 20:15 -------- d-----w- c:\program files (x86)\ESET
2012-03-26 20:11 . 2012-03-26 20:11 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-26 16:31 . 2012-03-26 16:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-26 16:31 . 2012-03-26 16:31 -------- d-----w- c:\programdata\Malwarebytes
2012-03-26 16:31 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 15:11 . 2012-03-26 15:11 -------- d-----w- c:\users\Saunak Desai\AppData\Roaming\SUPERAntiSpyware.com
2012-03-26 15:10 . 2012-03-26 15:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-26 15:10 . 2012-03-26 15:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-26 15:00 . 2012-03-26 15:00 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-26 15:00 . 2012-03-26 15:00 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-18 08:07 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-18 08:07 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-18 08:07 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-16 23:53 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-03-15 01:17 . 2012-03-15 01:17 -------- d-----w- c:\users\Saunak Desai\AppData\Local\DDMSettings
2012-03-14 15:08 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 15:08 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 15:08 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 15:07 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 15:07 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 15:07 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 15:07 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 15:07 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 15:07 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 15:07 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-03 21:46 . 2012-03-03 21:46 -------- d-----w- c:\program files (x86)\GOG.com
2012-02-29 02:57 . 2012-02-29 02:57 -------- d-----w- C:\Riot Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-26 20:11 . 2011-10-14 21:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-23 13:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 05:29 . 2011-10-18 03:37 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44 . 2012-02-16 19:56 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 19:56 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-30 06:26 . 2012-02-16 19:56 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-16 19:56 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-26_14.35.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-03-27 13:10 42076 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-27 13:10 38204 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-15 15:50 . 2012-03-27 13:10 10830 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1240979818-1635448028-1674700271-1001_UserData.bin
- 2011-10-14 20:58 . 2012-03-25 22:51 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-14 20:58 . 2012-03-26 19:21 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-14 20:58 . 2012-03-25 22:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-14 20:58 . 2012-03-26 19:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-26 19:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-25 22:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-03-26 19:43 99680 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-03-27 12:52 . 2012-03-27 12:53 1922 c:\windows\SoftwareDistribution\EventCache\{318E3B51-376A-4B61-8C7E-D116676EE1D8}.bin
- 2012-03-26 14:19 . 2012-03-26 14:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-27 14:48 . 2012-03-27 14:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-27 14:48 . 2012-03-27 14:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-26 14:19 . 2012-03-26 14:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-26 20:11 . 2012-03-26 20:11 157472 c:\windows\SysWOW64\javaws.exe
- 2012-01-23 16:04 . 2011-11-10 10:54 157472 c:\windows\SysWOW64\javaws.exe
- 2012-01-23 16:04 . 2011-11-10 10:54 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-03-26 20:11 . 2012-03-26 20:11 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-03-26 20:11 . 2012-03-26 20:11 149280 c:\windows\SysWOW64\java.exe
- 2012-01-23 16:04 . 2011-11-10 10:54 149280 c:\windows\SysWOW64\java.exe
- 2009-07-14 02:36 . 2012-03-26 14:24 663260 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-27 13:26 663260 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-27 13:26 122096 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-26 14:24 122096 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-26 14:19 399876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-27 14:47 399876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-26 20:11 . 2012-03-26 20:11 207360 c:\windows\Installer\bac8d.msi
+ 2011-10-15 15:37 . 2012-03-27 14:47 30845088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1240979818-1635448028-1674700271-1001-12288.dat
+ 2012-03-26 20:10 . 2012-03-26 20:10 12938752 c:\windows\Installer\bac7d.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Saunak Desai\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Saunak Desai\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Saunak Desai\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S1 winioex;winioex;c:\windows\system32\drivers\winioex.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-10 2009704]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 DelayMan;ACPI DelayMan Filter Service;c:\windows\system32\DRIVERS\delayman.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 10:47]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 10:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Saunak Desai\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Saunak Desai\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Saunak Desai\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Saunak Desai\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-08-11 10:54 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-08-11 789920]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-08-11 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-08-11 5908928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
Trusted Zone: lenovo.com\consumersupport
Trusted Zone: lenovo.com.cn\edrivers
Trusted Zone: lenovo.com.cn\support4
Trusted Zone: lenovo.com.cn\think
TCP: DhcpNameServer = 128.59.62.10 128.59.59.70
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} - hxxp://consumersupport.lenovo.com/ot/en/SmartDownloading/cab/npdueng.cab
FF - ProfilePath - c:\users\Saunak Desai\AppData\Roaming\Mozilla\Firefox\Profiles\6zskaj9n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z131&install_date=20111020
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z131&form=ZGAADF&install_date=20111020&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-03-27 10:52:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-27 14:52
ComboFix2.txt 2012-03-27 13:40
ComboFix3.txt 2012-03-26 19:55
ComboFix4.txt 2012-03-26 19:35
ComboFix5.txt 2012-03-27 14:42
.
Pre-Run: 528,216,662,016 bytes free
Post-Run: 528,272,912,384 bytes free
.
- - End Of File - - 62780554DAEEAE1FB3419037E031D588

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 PM

Posted 27 March 2012 - 10:31 AM

I want you to uninstall chrome and firefox if asked about user data I want that removed also

reinstall both and make sure to use the latest version


Let me know if this worked for you


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Poplock

Poplock
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 27 March 2012 - 11:23 AM

Uninstalling and re-installing the browsers seems to have fixed the problem. Thank you, I appreciate the help. Is there anything else I should do?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 PM

Posted 27 March 2012 - 04:35 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Poplock

Poplock
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 27 March 2012 - 08:09 PM

Here's that log:


Adobe AIR
Adobe Reader X (10.1.1)
Apple Application Support
Apple Software Update
BioShock
D3DX10
Deus Ex: Human Revolution
DivX Setup
Dolphin Futures XPS Viewer version 1.1.0
Dropbox
Energy Management
ESET Online Scanner v3
Evernote v. 4.5.4
Fallout: New Vegas
Google Chrome
Google Update Helper
HiJackThis
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® Wireless Display
Java Auto Updater
Java™ 6 Update 31
JDownloader 0.9
JMicron Flash Media Controller Driver
Junk Mail filter update
League of Legends
Lenovo EasyCamera
Lenovo Games Console
Lenovo OneKey Recovery
Lenovo YouCam
Malwarebytes Anti-Malware version 1.60.1.1000
Mass Effect 2
Mesh Runtime
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
Myst Masterpiece Edition
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
Onekey Theater
ooVoo
Pando Media Booster
PCSX2 - Playstation 2 Emulator
Portal
Portal 2
Power2Go
QuickTime
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Revo Uninstaller 1.93
Secure Download Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sid Meier's Civilization V - Demo
SofTest
Spotify
Steam
System Requirements Lab
System Requirements Lab CYRI
The Elder Scrolls V: Skyrim
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
UserGuide
VC80CRTRedist - 8.0.50727.6195
VeriFace
VLC media player 1.1.11
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 PM

Posted 27 March 2012 - 08:39 PM

Hello

that report looks good - everything still running good?


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Poplock

Poplock
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 27 March 2012 - 08:53 PM

No problems running the applications you listed. I haven't had any redirect issues since either. Here are the logs and thanks again for the help:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.26.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Saunak Desai :: SAUNAKDESAI-PC [administrator]

3/27/2012 9:49:07 PM
mbam-log-2012-03-27 (21-49-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212643
Time elapsed: 2 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:52:45 PM, on 3/27/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Saunak Desai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\Saunak Desai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Saunak Desai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Saunak Desai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Users\Saunak Desai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Saunak Desai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Saunak Desai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Saunak Desai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Saunak Desai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Saunak Desai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Saunak Desai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-21-1240979818-1635448028-1674700271-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1240979818-1635448028-1674700271-1000\..\Run: [FactoryTest] C:\Windows\Test.bat (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1240979818-1635448028-1674700271-1000\..\Run: [Power2GoExpress] NA (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1240979818-1635448028-1674700271-1000\..\Run: [Update] rundll32.exe "C:\Users\Saunak Desai\AppData\Roaming\Intel Corporation\Intel Corporation\uuuqi.dll",DllRegisterServer (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1240979818-1635448028-1674700271-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://consumersupport.lenovo.com
O15 - Trusted Zone: http://edrivers.lenovo.com.cn
O15 - Trusted Zone: http://support4.lenovo.com.cn
O15 - Trusted Zone: http://think.lenovo.com.cn
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) - http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
O16 - DPF: {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} (ElevatedCreater Class) - http://consumersupport.lenovo.com/ot/en/SmartDownloading/cab/npdueng.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13332 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 PM

Posted 27 March 2012 - 09:19 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKUS\S-1-5-21-1240979818-1635448028-1674700271-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-1240979818-1635448028-1674700271-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Poplock

Poplock
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 27 March 2012 - 10:18 PM

The ESET scan didn't find anything and maybe I missed it but didn't create a log for me to post.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users