Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ebay identification verification pop up


  • This topic is locked This topic is locked
28 replies to this topic

#1 gettingitdone

gettingitdone

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 13 April 2012 - 06:39 AM

Thanks in advance to bleepingcomputer.com!

Often, but not always, when I visit the ebay website I get the identification verification pop up. The pop up request credit card and other personal information. The site also loads very slowly. Any help dealing with this would be great...thanks!

Posted Image

Please note, I cannot attach the attach.txt or ark.txt files. I don't know why I'm sorry. I select the file, but nothing happens when I click "attach this file".

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16443
Run by Jay at 20:25:36 on 2012-04-13
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.2549.1261 [GMT 10:00]
.
AV: Total Defense Anti-Virus Plus *Enabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
SP: Total Defense Anti-Virus Plus *Enabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
C:\Program Files\Telstra\Telstra Connection Manager\WaHelper.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://postoffice.tpg.com.au/advanced/postoffice/login.php?reason=logout
uDefault_Page_URL = hxxp://lenovo.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TRUUpdater] "c:\program files\sierra wireless inc\webupdater\TRUUpdater.exe" /bkground
mRun: [WatcherHelper] "c:\program files\telstra\telstra connection manager\WaHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 203.12.160.35 203.12.160.36
TCP: Interfaces\{435C3C19-7649-44E3-BD92-C62EF9ECF2CC} : DhcpNameServer = 203.12.160.35 203.12.160.36
TCP: Interfaces\{435C3C19-7649-44E3-BD92-C62EF9ECF2CC}\14D496C65637 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{435C3C19-7649-44E3-BD92-C62EF9ECF2CC}\24967605F6E64693535363 : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{435C3C19-7649-44E3-BD92-C62EF9ECF2CC}\4505D2C494E4B4F5645344646334 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{435C3C19-7649-44E3-BD92-C62EF9ECF2CC}\74F5368656374756270225D60223 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{677EF588-5615-4345-9A89-F92B2BD1377C} : NameServer = 10.4.85.138 10.4.176.234
TCP: Interfaces\{C1FBACBD-79B1-4B20-A15A-E0DF5209B1CA} : DhcpNameServer = 10.0.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
LSA: Notification Packages = scecli ACGina
.
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2011-10-27 170064]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-10 20520]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2011-10-26 83536]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-8-29 13680]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-7-25 172032]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 CAAMSvc;CAAMSvc;c:\program files\ca\ca internet security suite\ca anti-virus plus\CAAMSvc.exe [2011-2-10 206152]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2011-9-13 222544]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2012-3-2 207920]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2010-7-25 50536]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-8-29 45496]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2010-7-25 74088]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2011-8-29 93032]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\sierra wireless inc\common\SwiCardDetect.exe [2010-8-30 218480]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-8-29 130920]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-8-29 64952]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-9-30 13752]
R2 UmxEngine;TM Engine;c:\program files\ca\sharedcomponents\tmengine\UmxEngine.exe [2011-4-4 662096]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-7-25 2320920]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2010-7-25 125568]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-7-25 5281792]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-7-25 149504]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-7-25 125696]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2011-9-6 331344]
R3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-4-1 22640]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-7-25 1013280]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-7-25 45352]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-7-25 29472]
S3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2012-3-18 9728]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-7-25 75112]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-7-25 186912]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\drivers\swiwdmbus.sys [2010-6-21 78720]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2010-6-21 228352]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [2010-6-21 156544]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
S3 TurboBoost;TurboBoost;c:\program files\intel\turboboost\TurboBoost.exe [2009-9-30 99768]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-25 1343400]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\drivers\zghsmdm.sys [2011-1-13 106752]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [2012-3-18 106752]
S3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\drivers\zgwhsnmea.sys [2012-3-18 106752]
.
=============== Created Last 30 ================
.
2012-04-13 07:53:16 -------- d-----w- c:\programdata\NortonInstaller
2012-04-12 20:33:05 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 20:33:05 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 20:33:05 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 20:33:05 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 20:32:41 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 20:32:41 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 09:12:31 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bb9b0fec-5a51-4a7a-94b2-640528a002f1}\mpengine.dll
2012-04-10 11:05:26 -------- d-----w- c:\programdata\Windows
2012-03-18 00:11:29 9728 ----a-w- c:\windows\system32\drivers\massfilter_hs.sys
2012-03-18 00:11:29 106752 ----a-w- c:\windows\system32\drivers\zgwhsnmea.sys
2012-03-18 00:11:29 106752 ----a-w- c:\windows\system32\drivers\zgwhsdiag.sys
2012-03-18 00:11:29 105216 ----a-w- c:\windows\system32\drivers\zgwhsmdm.sys
2012-03-18 00:11:16 -------- d-----w- c:\program files\Join MePlay
.
==================== Find3M ====================
.
2012-03-13 08:30:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-22 23:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
============= FINISH: 20:26:15.14 ===============

Edited by gettingitdone, 13 April 2012 - 07:02 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:12 PM

Posted 13 April 2012 - 08:39 AM

We are in the process of researching and investigating your log. Please be patient as we do this and a Helper will respond shortly.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:09:12 PM

Posted 14 April 2012 - 04:00 AM

Hi Gettingitdone and welcome to BP, my name is Mark and I will be helping you.

Before doing anything further, if you have not already done so, you should back up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. If that occurs there may be no option but to reformat and reinstall the OS or perform a full system recovery. The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.



Please follow the instructions below and post the logs as instructed.

STEP 1
Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!
Be sure to print out and follow the instructions for performing a scan.
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop.
  • Alternatively, you can download TDSSKiller.exe and use that instead.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If an update is available, TDSSKiller will prompt you to update and download the most current version. Click Load Update. Close TDSSKiller and start again.
  • When the program opens, click the Change parameters.

    Posted Image

  • Under "Additional options", check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.

    Posted Image

  • Click the Start Scan button.

    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If 'Suspicious objects' are detected, the default action will be Skip. Leave the default set to Skip and click on Continue.
  • If Malicious objects are detected, they will show in the Scan results - Select action for found objects and offer three options.

    Posted Image

  • Ensure Cure is selected...then click Continue -> Reboot computer for cure completion.

    Posted Image

  • Important! -> If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it to something else before beginning the download and saving to the computer or to perform the scan in "safe mode".


STEP 2
Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

Note: A 14-day trial of Malwarebytes Anti-Malware PRO is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again requires registration and purchase of a license key that includes free lifetime upgrades and support. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner.

NOTE: Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

Please include in your next post.
Log from TDSSKiller.
Log from Malwarebytes.
Tell me if the fake ebay page has stopped appearing.
Detail any other performance issues.


#4 gettingitdone

gettingitdone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 14 April 2012 - 07:23 AM

Hi Mark. Thanks so much for your help.

TDSSKiller ran okay, only items detected were 3 "suspicious" items. Malwarebytes scan ran okay with no issues detected.

The ebay pop up issue is still present. Also, I have just found that a similar issue occurs when visiting the paypal website. Insidious little beast this one!

Log:
20:23:27.0779 3412 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
20:23:29.0027 3412 ============================================================
20:23:29.0027 3412 Current date / time: 2012/04/14 20:23:29.0027
20:23:29.0027 3412 SystemInfo:
20:23:29.0027 3412
20:23:29.0027 3412 OS Version: 6.1.7601 ServicePack: 1.0
20:23:29.0027 3412 Product type: Workstation
20:23:29.0027 3412 ComputerName: JAYSLAPTOP
20:23:29.0027 3412 UserName: Jay
20:23:29.0027 3412 Windows directory: C:\Windows
20:23:29.0027 3412 System windows directory: C:\Windows
20:23:29.0027 3412 Processor architecture: Intel x86
20:23:29.0027 3412 Number of processors: 4
20:23:29.0027 3412 Page size: 0x1000
20:23:29.0027 3412 Boot type: Normal boot
20:23:29.0027 3412 ============================================================
20:23:29.0495 3412 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:23:29.0495 3412 \Device\Harddisk0\DR0:
20:23:29.0495 3412 MBR used
20:23:29.0495 3412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
20:23:29.0495 3412 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x38DA4FF8
20:23:29.0495 3412 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38FFD800, BlocksNum 0x1388000
20:23:29.0573 3412 Initialize success
20:23:29.0573 3412 ============================================================
20:23:38.0309 3468 ============================================================
20:23:38.0309 3468 Scan started
20:23:38.0309 3468 Mode: Manual; SigCheck; TDLFS;
20:23:38.0309 3468 ============================================================
20:23:38.0762 3468 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
20:23:38.0840 3468 1394ohci - ok
20:23:38.0871 3468 5U877 (d623af0d0db0f13d32cae34d3f0dad39) C:\Windows\system32\DRIVERS\5U877.sys
20:23:38.0918 3468 5U877 - ok
20:23:39.0027 3468 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
20:23:39.0058 3468 ACPI - ok
20:23:39.0105 3468 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
20:23:39.0152 3468 AcpiPmi - ok
20:23:39.0261 3468 AcPrfMgrSvc (c8b90210aad4c319916598d0312d8fca) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
20:23:39.0277 3468 AcPrfMgrSvc - ok
20:23:39.0401 3468 AcSvc (5c17051bd808f6ff708bc9f2d0445092) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
20:23:39.0417 3468 AcSvc - ok
20:23:39.0526 3468 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:23:39.0557 3468 adp94xx - ok
20:23:39.0635 3468 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:23:39.0667 3468 adpahci - ok
20:23:39.0682 3468 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:23:39.0698 3468 adpu320 - ok
20:23:39.0745 3468 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
20:23:39.0807 3468 AeLookupSvc - ok
20:23:39.0901 3468 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
20:23:39.0947 3468 AFD - ok
20:23:40.0057 3468 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
20:23:40.0088 3468 agp440 - ok
20:23:40.0181 3468 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:23:40.0213 3468 aic78xx - ok
20:23:40.0259 3468 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
20:23:40.0306 3468 ALG - ok
20:23:40.0447 3468 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
20:23:40.0462 3468 aliide - ok
20:23:40.0525 3468 AMD External Events Utility (40b319f2fc53b18c13914fcd21572a4c) C:\Windows\system32\atiesrxx.exe
20:23:40.0540 3468 AMD External Events Utility - ok
20:23:40.0649 3468 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
20:23:40.0665 3468 amdagp - ok
20:23:40.0696 3468 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
20:23:40.0712 3468 amdide - ok
20:23:40.0805 3468 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:23:40.0852 3468 AmdK8 - ok
20:23:41.0024 3468 amdkmdag (8460488085f189a32d0c68e31069a652) C:\Windows\system32\DRIVERS\atipmdag.sys
20:23:41.0117 3468 amdkmdag - ok
20:23:41.0195 3468 amdkmdap (8357e156a6c6239c2745a95d160fe5a7) C:\Windows\system32\DRIVERS\atikmpag.sys
20:23:41.0242 3468 amdkmdap - ok
20:23:41.0320 3468 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:23:41.0351 3468 AmdPPM - ok
20:23:41.0429 3468 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
20:23:41.0461 3468 amdsata - ok
20:23:41.0554 3468 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:23:41.0585 3468 amdsbs - ok
20:23:41.0617 3468 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
20:23:41.0632 3468 amdxata - ok
20:23:41.0726 3468 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
20:23:41.0804 3468 AppID - ok
20:23:41.0882 3468 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
20:23:41.0960 3468 AppIDSvc - ok
20:23:42.0007 3468 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
20:23:42.0085 3468 Appinfo - ok
20:23:42.0194 3468 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:23:42.0209 3468 Apple Mobile Device - ok
20:23:42.0287 3468 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
20:23:42.0350 3468 AppMgmt - ok
20:23:42.0381 3468 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:23:42.0412 3468 arc - ok
20:23:42.0459 3468 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:23:42.0490 3468 arcsas - ok
20:23:42.0521 3468 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:23:42.0599 3468 AsyncMac - ok
20:23:42.0709 3468 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
20:23:42.0724 3468 atapi - ok
20:23:42.0958 3468 atikmdag (8460488085f189a32d0c68e31069a652) C:\Windows\system32\DRIVERS\atikmdag.sys
20:23:43.0021 3468 atikmdag - ok
20:23:43.0130 3468 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
20:23:43.0192 3468 AudioEndpointBuilder - ok
20:23:43.0239 3468 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
20:23:43.0286 3468 Audiosrv - ok
20:23:43.0379 3468 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
20:23:43.0411 3468 AxInstSV - ok
20:23:43.0489 3468 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:23:43.0551 3468 b06bdrv - ok
20:23:43.0629 3468 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:23:43.0676 3468 b57nd60x - ok
20:23:43.0769 3468 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
20:23:43.0785 3468 BBSvc - ok
20:23:43.0832 3468 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
20:23:43.0847 3468 BBUpdate - ok
20:23:43.0894 3468 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
20:23:43.0957 3468 BDESVC - ok
20:23:43.0988 3468 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:23:44.0050 3468 Beep - ok
20:23:44.0159 3468 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
20:23:44.0222 3468 BFE - ok
20:23:44.0331 3468 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
20:23:44.0393 3468 BITS - ok
20:23:44.0487 3468 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:23:44.0612 3468 blbdrive - ok
20:23:44.0737 3468 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
20:23:44.0768 3468 Bonjour Service - ok
20:23:44.0861 3468 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
20:23:44.0893 3468 bowser - ok
20:23:45.0392 3468 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:23:45.0439 3468 BrFiltLo - ok
20:23:45.0454 3468 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:23:45.0501 3468 BrFiltUp - ok
20:23:45.0595 3468 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
20:23:45.0673 3468 Browser - ok
20:23:45.0719 3468 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:23:45.0813 3468 Brserid - ok
20:23:45.0891 3468 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:23:45.0953 3468 BrSerWdm - ok
20:23:45.0985 3468 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:23:46.0031 3468 BrUsbMdm - ok
20:23:46.0109 3468 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:23:46.0156 3468 BrUsbSer - ok
20:23:46.0297 3468 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
20:23:46.0359 3468 BthEnum - ok
20:23:47.0326 3468 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:23:47.0389 3468 BTHMODEM - ok
20:23:47.0498 3468 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
20:23:47.0560 3468 BthPan - ok
20:23:47.0623 3468 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
20:23:47.0716 3468 BTHPORT - ok
20:23:47.0794 3468 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
20:23:47.0841 3468 bthserv - ok
20:23:47.0888 3468 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
20:23:47.0950 3468 BTHUSB - ok
20:23:48.0028 3468 btusbflt (dd5361cf05025bd61a5d0115ecc2566f) C:\Windows\system32\drivers\btusbflt.sys
20:23:48.0075 3468 btusbflt - ok
20:23:48.0091 3468 btwaudio (f8b4f60768328faa2ffe2727f66809f8) C:\Windows\system32\drivers\btwaudio.sys
20:23:48.0106 3468 btwaudio - ok
20:23:48.0153 3468 btwavdt (fa7446dd38de84d4988d1f2ebb854589) C:\Windows\system32\drivers\btwavdt.sys
20:23:48.0169 3468 btwavdt - ok
20:23:48.0231 3468 btwdins (71df2b1d8b512eae1904d2e65fab780f) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
20:23:48.0247 3468 btwdins - ok
20:23:48.0325 3468 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
20:23:48.0356 3468 btwl2cap - ok
20:23:48.0371 3468 btwrchid (d5862fbc1cbc0404614fd9d85c8d880e) C:\Windows\system32\DRIVERS\btwrchid.sys
20:23:48.0387 3468 btwrchid - ok
20:23:48.0527 3468 CAAMSvc (90e521825f74e31ffad529512e8d81e8) C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
20:23:48.0559 3468 CAAMSvc - ok
20:23:48.0621 3468 CaCCProvSP (103f57902c7a2ecdbf202b978d4546f7) C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
20:23:48.0652 3468 CaCCProvSP - ok
20:23:48.0777 3468 CAISafe (0ec6f613a36cd33fae72fd3b61450575) C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
20:23:48.0793 3468 CAISafe - ok
20:23:48.0839 3468 ccSchedulerSVC (0d69535784e075175ffa87c0d51a98f1) C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
20:23:48.0855 3468 ccSchedulerSVC - ok
20:23:48.0933 3468 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:23:49.0011 3468 cdfs - ok
20:23:49.0136 3468 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
20:23:49.0183 3468 cdrom - ok
20:23:49.0292 3468 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
20:23:49.0370 3468 CertPropSvc - ok
20:23:49.0432 3468 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:23:49.0479 3468 circlass - ok
20:23:50.0930 3468 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:23:50.0961 3468 CLFS - ok
20:23:51.0055 3468 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:23:51.0086 3468 clr_optimization_v2.0.50727_32 - ok
20:23:51.0257 3468 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:23:51.0289 3468 clr_optimization_v4.0.30319_32 - ok
20:23:51.0351 3468 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:23:51.0398 3468 CmBatt - ok
20:23:51.0460 3468 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
20:23:51.0492 3468 cmdide - ok
20:23:51.0585 3468 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
20:23:51.0616 3468 CNG - ok
20:23:51.0710 3468 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:23:51.0726 3468 Compbatt - ok
20:23:51.0804 3468 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
20:23:51.0850 3468 CompositeBus - ok
20:23:51.0913 3468 COMSysApp - ok
20:23:51.0960 3468 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:23:51.0975 3468 crcdisk - ok
20:23:52.0084 3468 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
20:23:52.0147 3468 CryptSvc - ok
20:23:52.0225 3468 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
20:23:52.0272 3468 CSC - ok
20:23:52.0381 3468 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
20:23:52.0428 3468 CscService - ok
20:23:52.0568 3468 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
20:23:52.0584 3468 ctxusbm - ok
20:23:52.0646 3468 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
20:23:52.0693 3468 DcomLaunch - ok
20:23:52.0786 3468 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
20:23:52.0833 3468 defragsvc - ok
20:23:52.0896 3468 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
20:23:52.0974 3468 DfsC - ok
20:23:53.0083 3468 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
20:23:53.0130 3468 Dhcp - ok
20:23:53.0192 3468 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:23:53.0254 3468 discache - ok
20:23:53.0348 3468 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:23:53.0379 3468 Disk - ok
20:23:53.0426 3468 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
20:23:53.0488 3468 Dnscache - ok
20:23:53.0566 3468 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
20:23:53.0644 3468 dot3svc - ok
20:23:53.0676 3468 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
20:23:53.0738 3468 DPS - ok
20:23:53.0816 3468 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:23:53.0863 3468 drmkaud - ok
20:23:53.0910 3468 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
20:23:53.0925 3468 DXGKrnl - ok
20:23:54.0003 3468 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
20:23:54.0050 3468 EapHost - ok
20:23:54.0175 3468 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:23:54.0300 3468 ebdrv - ok
20:23:54.0393 3468 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
20:23:54.0456 3468 EFS - ok
20:23:54.0518 3468 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
20:23:54.0580 3468 ehRecvr - ok
20:23:55.0126 3468 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
20:23:55.0204 3468 ehSched - ok
20:23:55.0314 3468 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:23:55.0360 3468 elxstor - ok
20:23:55.0407 3468 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
20:23:55.0470 3468 ErrDev - ok
20:23:55.0563 3468 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
20:23:55.0626 3468 EventSystem - ok
20:23:55.0704 3468 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:23:55.0766 3468 exfat - ok
20:23:55.0828 3468 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:23:55.0922 3468 fastfat - ok
20:23:56.0000 3468 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
20:23:56.0078 3468 Fax - ok
20:23:56.0172 3468 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:23:56.0218 3468 fdc - ok
20:23:56.0265 3468 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
20:23:56.0312 3468 fdPHost - ok
20:23:56.0374 3468 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
20:23:56.0437 3468 FDResPub - ok
20:23:56.0484 3468 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:23:56.0499 3468 FileInfo - ok
20:23:56.0530 3468 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:23:56.0577 3468 Filetrace - ok
20:23:56.0655 3468 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:23:56.0702 3468 flpydisk - ok
20:23:56.0749 3468 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:23:56.0780 3468 FltMgr - ok
20:23:56.0889 3468 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
20:23:56.0967 3468 FontCache - ok
20:23:57.0061 3468 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:23:57.0076 3468 FontCache3.0.0.0 - ok
20:23:57.0123 3468 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:23:57.0154 3468 FsDepends - ok
20:23:57.0217 3468 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
20:23:57.0232 3468 Fs_Rec - ok
20:23:57.0326 3468 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
20:23:57.0373 3468 fvevol - ok
20:23:57.0466 3468 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:23:57.0498 3468 gagp30kx - ok
20:23:57.0560 3468 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:23:57.0591 3468 GEARAspiWDM - ok
20:23:57.0669 3468 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
20:23:57.0747 3468 gpsvc - ok
20:23:57.0825 3468 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:23:57.0903 3468 hcw85cir - ok
20:23:58.0012 3468 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
20:23:58.0075 3468 HdAudAddService - ok
20:23:58.0184 3468 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
20:23:58.0231 3468 HDAudBus - ok
20:23:58.0278 3468 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
20:23:58.0309 3468 HECI - ok
20:23:58.0402 3468 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:23:58.0449 3468 HidBatt - ok
20:23:58.0496 3468 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:23:58.0527 3468 HidBth - ok
20:23:58.0636 3468 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:23:58.0683 3468 HidIr - ok
20:23:58.0730 3468 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
20:23:58.0792 3468 hidserv - ok
20:23:58.0917 3468 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
20:23:58.0980 3468 HidUsb - ok
20:23:59.0058 3468 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
20:23:59.0120 3468 hkmsvc - ok
20:23:59.0167 3468 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
20:23:59.0245 3468 HomeGroupListener - ok
20:23:59.0323 3468 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
20:23:59.0370 3468 HomeGroupProvider - ok
20:23:59.0448 3468 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
20:23:59.0479 3468 HpSAMD - ok
20:23:59.0572 3468 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
20:23:59.0619 3468 HTTP - ok
20:23:59.0713 3468 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
20:23:59.0728 3468 hwpolicy - ok
20:23:59.0791 3468 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
20:23:59.0838 3468 i8042prt - ok
20:23:59.0931 3468 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\Windows\system32\DRIVERS\iaStor.sys
20:23:59.0962 3468 iaStor - ok
20:24:00.0072 3468 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
20:24:00.0118 3468 iaStorV - ok
20:24:00.0150 3468 IBMPMDRV (fa3d0a6da7bb7968efe5c5bc267f0e55) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
20:24:00.0165 3468 IBMPMDRV - ok
20:24:00.0243 3468 IBMPMSVC (495f184a29b80b51735bcee91d84fe8f) C:\Windows\system32\ibmpmsvc.exe
20:24:00.0259 3468 IBMPMSVC - ok
20:24:00.0337 3468 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:24:00.0399 3468 idsvc - ok
20:24:00.0586 3468 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:24:00.0742 3468 igfx - ok
20:24:00.0836 3468 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:24:00.0867 3468 iirsp - ok
20:24:00.0914 3468 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
20:24:00.0992 3468 IKEEXT - ok
20:24:01.0086 3468 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\Windows\system32\DRIVERS\Impcd.sys
20:24:01.0132 3468 Impcd - ok
20:24:01.0257 3468 IntcAzAudAddService (4e42aa28d40c7a1e2972f9b36e650268) C:\Windows\system32\drivers\RTKVHDA.sys
20:24:01.0413 3468 IntcAzAudAddService - ok
20:24:01.0522 3468 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
20:24:01.0554 3468 intelide - ok
20:24:01.0585 3468 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:24:01.0632 3468 intelppm - ok
20:24:01.0710 3468 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
20:24:01.0819 3468 IPBusEnum - ok
20:24:01.0897 3468 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:24:01.0944 3468 IpFilterDriver - ok
20:24:02.0006 3468 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
20:24:02.0084 3468 iphlpsvc - ok
20:24:02.0178 3468 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
20:24:02.0240 3468 IPMIDRV - ok
20:24:02.0287 3468 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:24:02.0349 3468 IPNAT - ok
20:24:02.0443 3468 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
20:24:02.0474 3468 iPod Service - ok
20:24:02.0552 3468 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:24:02.0583 3468 IRENUM - ok
20:24:02.0630 3468 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
20:24:02.0661 3468 isapnp - ok
20:24:02.0770 3468 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
20:24:02.0802 3468 iScsiPrt - ok
20:24:02.0864 3468 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
20:24:02.0880 3468 IviRegMgr - ok
20:24:02.0973 3468 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
20:24:03.0004 3468 kbdclass - ok
20:24:03.0036 3468 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
20:24:03.0082 3468 kbdhid - ok
20:24:03.0176 3468 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:24:03.0207 3468 KeyIso - ok
20:24:03.0270 3468 KmxAgent (e47f14be186a4f52fcc7408e328e5d05) C:\Windows\system32\DRIVERS\kmxagent.sys
20:24:03.0285 3468 KmxAgent - ok
20:24:03.0410 3468 KmxAMRT (dbe10508574482bb52c9a75a54c9d306) C:\Windows\system32\DRIVERS\KmxAMRT.sys
20:24:03.0426 3468 KmxAMRT - ok
20:24:03.0441 3468 KmxCfg (ebbc74b243a683f7f9b71c764851c3f6) C:\Windows\system32\DRIVERS\kmxcfg.sys
20:24:03.0472 3468 KmxCfg - ok
20:24:03.0504 3468 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
20:24:03.0535 3468 KSecDD - ok
20:24:03.0597 3468 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
20:24:03.0628 3468 KSecPkg - ok
20:24:03.0660 3468 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
20:24:03.0738 3468 KtmRm - ok
20:24:03.0831 3468 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
20:24:03.0878 3468 LanmanServer - ok
20:24:03.0925 3468 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
20:24:03.0972 3468 LanmanWorkstation - ok
20:24:04.0065 3468 LENOVO.CAMMUTE (23aad440fe3a436087e066773954fa10) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
20:24:04.0096 3468 LENOVO.CAMMUTE - ok
20:24:04.0143 3468 LENOVO.MICMUTE (128158d8b1df639bf3e3fdbcbb64cdac) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
20:24:04.0159 3468 LENOVO.MICMUTE - ok
20:24:04.0237 3468 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\Windows\system32\DRIVERS\smiif32.sys
20:24:04.0268 3468 lenovo.smi - ok
20:24:04.0330 3468 LENOVO.TPKNRSVC (3488cdbce014ad1e703fcddd5bcf5aec) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
20:24:04.0346 3468 LENOVO.TPKNRSVC - ok
20:24:04.0393 3468 Lenovo.VIRTSCRLSVC (6f2cc57eb5836d2ac9bd37f3554d55f8) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
20:24:04.0408 3468 Lenovo.VIRTSCRLSVC - ok
20:24:04.0502 3468 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:24:04.0533 3468 lltdio - ok
20:24:04.0564 3468 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
20:24:04.0611 3468 lltdsvc - ok
20:24:04.0705 3468 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
20:24:04.0752 3468 lmhosts - ok
20:24:04.0830 3468 LMS (5460828f8951d310b42b442877603b8d) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:24:04.0861 3468 LMS - ok
20:24:04.0939 3468 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:24:04.0970 3468 LSI_FC - ok
20:24:05.0001 3468 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:24:05.0017 3468 LSI_SAS - ok
20:24:05.0032 3468 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:24:05.0048 3468 LSI_SAS2 - ok
20:24:05.0110 3468 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:24:05.0126 3468 LSI_SCSI - ok
20:24:05.0157 3468 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:24:05.0204 3468 luafv - ok
20:24:05.0329 3468 massfilter_hs (38bfa8fa6d838cbab58a1c2b49ebf96b) C:\Windows\system32\drivers\massfilter_hs.sys
20:24:05.0391 3468 massfilter_hs - ok
20:24:05.0438 3468 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
20:24:05.0469 3468 Mcx2Svc - ok
20:24:05.0547 3468 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:24:05.0578 3468 megasas - ok
20:24:05.0610 3468 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:24:05.0625 3468 MegaSR - ok
20:24:05.0703 3468 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:24:05.0766 3468 MMCSS - ok
20:24:05.0828 3468 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:24:05.0906 3468 Modem - ok
20:24:05.0968 3468 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:24:06.0015 3468 monitor - ok
20:24:06.0140 3468 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
20:24:06.0156 3468 mouclass - ok
20:24:06.0202 3468 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:24:06.0249 3468 mouhid - ok
20:24:06.0358 3468 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
20:24:06.0374 3468 mountmgr - ok
20:24:06.0436 3468 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
20:24:06.0468 3468 mpio - ok
20:24:06.0514 3468 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:24:06.0577 3468 mpsdrv - ok
20:24:06.0655 3468 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
20:24:06.0733 3468 MpsSvc - ok
20:24:06.0826 3468 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
20:24:06.0889 3468 MRxDAV - ok
20:24:07.0014 3468 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:24:07.0060 3468 mrxsmb - ok
20:24:07.0092 3468 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:24:07.0123 3468 mrxsmb10 - ok
20:24:07.0216 3468 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:24:07.0263 3468 mrxsmb20 - ok
20:24:07.0310 3468 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
20:24:07.0326 3468 msahci - ok
20:24:07.0435 3468 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
20:24:07.0466 3468 msdsm - ok
20:24:07.0513 3468 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
20:24:07.0560 3468 MSDTC - ok
20:24:07.0638 3468 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:24:07.0700 3468 Msfs - ok
20:24:07.0716 3468 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:24:07.0762 3468 mshidkmdf - ok
20:24:07.0809 3468 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
20:24:07.0840 3468 msisadrv - ok
20:24:07.0918 3468 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
20:24:07.0996 3468 MSiSCSI - ok
20:24:07.0996 3468 msiserver - ok
20:24:08.0090 3468 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:24:08.0168 3468 MSKSSRV - ok
20:24:08.0199 3468 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:24:08.0262 3468 MSPCLOCK - ok
20:24:08.0355 3468 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:24:08.0418 3468 MSPQM - ok
20:24:08.0449 3468 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:24:08.0449 3468 MsRPC - ok
20:24:08.0542 3468 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
20:24:08.0558 3468 mssmbios - ok
20:24:08.0605 3468 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:24:08.0636 3468 MSTEE - ok
20:24:08.0714 3468 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:24:08.0745 3468 MTConfig - ok
20:24:08.0776 3468 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:24:08.0792 3468 Mup - ok
20:24:08.0839 3468 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
20:24:08.0870 3468 napagent - ok
20:24:08.0979 3468 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:24:09.0026 3468 NativeWifiP - ok
20:24:09.0104 3468 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
20:24:09.0135 3468 NDIS - ok
20:24:09.0213 3468 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:24:09.0276 3468 NdisCap - ok
20:24:09.0322 3468 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:24:09.0369 3468 NdisTapi - ok
20:24:09.0463 3468 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
20:24:09.0510 3468 Ndisuio - ok
20:24:09.0556 3468 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
20:24:09.0634 3468 NdisWan - ok
20:24:09.0728 3468 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
20:24:09.0790 3468 NDProxy - ok
20:24:09.0884 3468 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:24:09.0962 3468 NetBIOS - ok
20:24:10.0009 3468 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
20:24:10.0056 3468 NetBT - ok
20:24:10.0149 3468 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:24:10.0165 3468 Netlogon - ok
20:24:10.0212 3468 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
20:24:10.0258 3468 Netman - ok
20:24:10.0321 3468 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
20:24:10.0368 3468 netprofm - ok
20:24:10.0461 3468 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:24:10.0492 3468 NetTcpPortSharing - ok
20:24:10.0664 3468 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
20:24:10.0851 3468 netw5v32 - ok
20:24:10.0960 3468 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:24:10.0992 3468 nfrd960 - ok
20:24:11.0038 3468 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
20:24:11.0101 3468 NlaSvc - ok
20:24:11.0194 3468 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:24:11.0272 3468 Npfs - ok
20:24:11.0319 3468 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
20:24:11.0366 3468 nsi - ok
20:24:11.0444 3468 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:24:11.0522 3468 nsiproxy - ok
20:24:11.0600 3468 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
20:24:11.0631 3468 Ntfs - ok
20:24:11.0709 3468 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:24:11.0772 3468 Null - ok
20:24:11.0834 3468 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
20:24:11.0850 3468 nvraid - ok
20:24:11.0928 3468 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
20:24:11.0959 3468 nvstor - ok
20:24:12.0006 3468 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
20:24:12.0037 3468 nv_agp - ok
20:24:12.0068 3468 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
20:24:12.0115 3468 ohci1394 - ok
20:24:12.0177 3468 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:24:12.0240 3468 p2pimsvc - ok
20:24:12.0286 3468 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
20:24:12.0333 3468 p2psvc - ok
20:24:12.0411 3468 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:24:12.0427 3468 Parport - ok
20:24:12.0458 3468 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
20:24:12.0474 3468 partmgr - ok
20:24:12.0489 3468 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:24:12.0520 3468 Parvdm - ok
20:24:12.0567 3468 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
20:24:12.0614 3468 PcaSvc - ok
20:24:12.0708 3468 PCDSRVC{3037D694-FD904ACA-06020200}_0 (2dd9d5a9150c7015ac7f215efa59e44f) c:\program files\pc-doctor\pcdsrvc.pkms
20:24:12.0723 3468 PCDSRVC{3037D694-FD904ACA-06020200}_0 - ok
20:24:12.0832 3468 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
20:24:12.0848 3468 pci - ok
20:24:12.0879 3468 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
20:24:12.0895 3468 pciide - ok
20:24:12.0988 3468 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:24:13.0020 3468 pcmcia - ok
20:24:13.0051 3468 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:24:13.0051 3468 pcw - ok
20:24:13.0082 3468 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:24:13.0144 3468 PEAUTH - ok
20:24:13.0238 3468 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
20:24:13.0316 3468 PeerDistSvc - ok
20:24:13.0441 3468 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
20:24:13.0519 3468 pla - ok
20:24:13.0628 3468 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
20:24:13.0706 3468 PlugPlay - ok
20:24:13.0753 3468 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
20:24:13.0800 3468 PNRPAutoReg - ok
20:24:13.0878 3468 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:24:13.0893 3468 PNRPsvc - ok
20:24:13.0940 3468 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
20:24:14.0018 3468 PolicyAgent - ok
20:24:14.0112 3468 Power (ac42f771cc29727bd1663f211e9ac507) C:\Windows\system32\umpo.dll
20:24:14.0190 3468 Power - ok
20:24:14.0252 3468 Power Manager DBC Service (61f79e1bc440323138c7701c761d2525) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
20:24:14.0299 3468 Power Manager DBC Service - ok
20:24:14.0408 3468 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:24:14.0455 3468 PptpMiniport - ok
20:24:14.0470 3468 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:24:14.0486 3468 Processor - ok
20:24:14.0564 3468 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
20:24:14.0611 3468 ProfSvc - ok
20:24:14.0642 3468 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:24:14.0658 3468 ProtectedStorage - ok
20:24:14.0736 3468 psadd (72de205cd4006dc45b1401859c506679) C:\Windows\system32\DRIVERS\psadd.sys
20:24:14.0751 3468 psadd - ok
20:24:14.0798 3468 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:24:14.0860 3468 Psched - ok
20:24:14.0985 3468 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:24:15.0048 3468 ql2300 - ok
20:24:15.0126 3468 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:24:15.0157 3468 ql40xx - ok
20:24:15.0188 3468 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
20:24:15.0250 3468 QWAVE - ok
20:24:15.0328 3468 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:24:15.0360 3468 QWAVEdrv - ok
20:24:15.0375 3468 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:24:15.0438 3468 RasAcd - ok
20:24:15.0531 3468 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:24:15.0609 3468 RasAgileVpn - ok
20:24:15.0640 3468 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
20:24:15.0672 3468 RasAuto - ok
20:24:15.0765 3468 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:24:15.0859 3468 Rasl2tp - ok
20:24:15.0952 3468 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
20:24:15.0999 3468 RasMan - ok
20:24:16.0046 3468 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:24:16.0093 3468 RasPppoe - ok
20:24:16.0155 3468 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:24:16.0218 3468 RasSstp - ok
20:24:16.0264 3468 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
20:24:16.0327 3468 rdbss - ok
20:24:16.0405 3468 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:24:16.0436 3468 rdpbus - ok
20:24:16.0483 3468 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:24:16.0530 3468 RDPCDD - ok
20:24:16.0639 3468 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
20:24:16.0701 3468 RDPDR - ok
20:24:16.0795 3468 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:24:16.0857 3468 RDPENCDD - ok
20:24:16.0888 3468 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:24:16.0951 3468 RDPREFMP - ok
20:24:17.0060 3468 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
20:24:17.0138 3468 RDPWD - ok
20:24:17.0232 3468 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
20:24:17.0278 3468 rdyboost - ok
20:24:17.0294 3468 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
20:24:17.0294 3468 regi - ok
20:24:17.0341 3468 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
20:24:17.0403 3468 RemoteAccess - ok
20:24:17.0497 3468 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
20:24:17.0575 3468 RemoteRegistry - ok
20:24:17.0653 3468 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
20:24:17.0684 3468 RFCOMM - ok
20:24:17.0762 3468 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
20:24:17.0809 3468 RpcEptMapper - ok
20:24:17.0856 3468 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
20:24:17.0887 3468 RpcLocator - ok
20:24:17.0980 3468 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
20:24:18.0012 3468 RpcSs - ok
20:24:18.0090 3468 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:24:18.0121 3468 rspndr - ok
20:24:18.0183 3468 RSUSBSTOR (867beb23207ba425c85293bb0d3ea971) C:\Windows\system32\Drivers\RtsUStor.sys
20:24:18.0199 3468 RSUSBSTOR - ok
20:24:18.0277 3468 RTHDMIAzAudService (2fd0636a8a3e8b2d0fef07d48cfba7a2) C:\Windows\system32\drivers\RtHDMIV.sys
20:24:18.0308 3468 RTHDMIAzAudService - ok
20:24:18.0370 3468 RTL8167 (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys
20:24:18.0402 3468 RTL8167 - ok
20:24:18.0511 3468 rtl8192se (9b0d65de3cdbe526e5d84715ae398035) C:\Windows\system32\DRIVERS\rtl8192se.sys
20:24:18.0558 3468 rtl8192se - ok
20:24:18.0651 3468 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
20:24:18.0714 3468 s3cap - ok
20:24:18.0792 3468 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:24:18.0823 3468 SamSs - ok
20:24:18.0870 3468 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
20:24:18.0901 3468 sbp2port - ok
20:24:18.0963 3468 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
20:24:18.0994 3468 SCardSvr - ok
20:24:19.0057 3468 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
20:24:19.0104 3468 scfilter - ok
20:24:19.0166 3468 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
20:24:19.0213 3468 Schedule - ok
20:24:19.0306 3468 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
20:24:19.0338 3468 SCPolicySvc - ok
20:24:19.0400 3468 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
20:24:19.0462 3468 sdbus - ok
20:24:19.0556 3468 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
20:24:19.0634 3468 SDRSVC - ok
20:24:19.0681 3468 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:24:19.0743 3468 secdrv - ok
20:24:19.0821 3468 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
20:24:19.0899 3468 seclogon - ok
20:24:19.0930 3468 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
20:24:19.0993 3468 SENS - ok
20:24:20.0071 3468 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
20:24:20.0118 3468 SensrSvc - ok
20:24:20.0164 3468 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:24:20.0211 3468 Serenum - ok
20:24:20.0320 3468 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
20:24:20.0352 3468 Serial - ok
20:24:20.0383 3468 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:24:20.0430 3468 sermouse - ok
20:24:20.0539 3468 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
20:24:20.0617 3468 SessionEnv - ok
20:24:20.0679 3468 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
20:24:20.0757 3468 sffdisk - ok
20:24:20.0835 3468 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
20:24:20.0898 3468 sffp_mmc - ok
20:24:20.0913 3468 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
20:24:20.0960 3468 sffp_sd - ok
20:24:21.0069 3468 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:24:21.0116 3468 sfloppy - ok
20:24:21.0163 3468 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
20:24:21.0272 3468 SharedAccess - ok
20:24:21.0350 3468 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
20:24:21.0397 3468 ShellHWDetection - ok
20:24:21.0459 3468 Shockprf (486a1bd22dd66d0a8542ebb0cd792bdb) C:\Windows\system32\DRIVERS\Apsx86.sys
20:24:21.0475 3468 Shockprf - ok
20:24:21.0568 3468 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
20:24:21.0600 3468 sisagp - ok
20:24:21.0662 3468 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:24:21.0693 3468 SiSRaid2 - ok
20:24:21.0756 3468 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:24:21.0787 3468 SiSRaid4 - ok
20:24:21.0802 3468 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:24:21.0849 3468 Smb - ok
20:24:21.0943 3468 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
20:24:21.0974 3468 SNMPTRAP - ok
20:24:22.0005 3468 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:24:22.0021 3468 spldr - ok
20:24:22.0052 3468 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
20:24:22.0130 3468 Spooler - ok
20:24:22.0286 3468 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
20:24:22.0348 3468 sppsvc - ok
20:24:22.0442 3468 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
20:24:22.0504 3468 sppuinotify - ok
20:24:22.0567 3468 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
20:24:22.0614 3468 srv - ok
20:24:22.0723 3468 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
20:24:22.0754 3468 srv2 - ok
20:24:22.0785 3468 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:24:22.0832 3468 SrvHsfHDA - ok
20:24:22.0926 3468 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
20:24:22.0988 3468 SrvHsfV92 - ok
20:24:23.0082 3468 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
20:24:23.0144 3468 SrvHsfWinac - ok
20:24:23.0238 3468 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
20:24:23.0269 3468 srvnet - ok
20:24:23.0300 3468 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
20:24:23.0331 3468 SSDPSRV - ok
20:24:23.0394 3468 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
20:24:23.0440 3468 SstpSvc - ok
20:24:23.0503 3468 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:24:23.0534 3468 stexstor - ok
20:24:23.0628 3468 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
20:24:23.0690 3468 StiSvc - ok
20:24:23.0784 3468 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
20:24:23.0815 3468 storflt - ok
20:24:23.0830 3468 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
20:24:23.0862 3468 StorSvc - ok
20:24:23.0955 3468 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
20:24:23.0986 3468 storvsc - ok
20:24:24.0064 3468 SUService (6ea2f517373771cac5188e82617c9c0b) C:\Program Files\Lenovo\System Update\SUService.exe
20:24:24.0064 3468 SUService ( UnsignedFile.Multi.Generic ) - warning
20:24:24.0064 3468 SUService - detected UnsignedFile.Multi.Generic (1)
20:24:24.0174 3468 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
20:24:24.0205 3468 swenum - ok
20:24:24.0298 3468 SwiCardDetectSvc (5178b789420539a7d4a293b7127a6822) C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
20:24:24.0330 3468 SwiCardDetectSvc - ok
20:24:24.0423 3468 swiwdmbus (ebeee5b1ecad1dad0babc60f82cb96cf) C:\Windows\system32\DRIVERS\swiwdmbus.sys
20:24:24.0454 3468 swiwdmbus - ok
20:24:24.0501 3468 SWNC8UA3 (467c2541ac52e6d83787a1c906f4175a) C:\Windows\system32\DRIVERS\swnc8ua3.sys
20:24:24.0579 3468 SWNC8UA3 - ok
20:24:24.0642 3468 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
20:24:24.0720 3468 swprv - ok
20:24:24.0751 3468 SWUMX20 - ok
20:24:24.0798 3468 SWUMXA3 (acc595933992488b5de0a5ae17019f75) C:\Windows\system32\DRIVERS\swumxa3.sys
20:24:24.0891 3468 SWUMXA3 - ok
20:24:24.0969 3468 SynTP (d7dc30b8b41e7a913c3fccc0631e72ec) C:\Windows\system32\DRIVERS\SynTP.sys
20:24:25.0000 3468 SynTP - ok
20:24:25.0063 3468 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
20:24:25.0125 3468 SysMain - ok
20:24:25.0203 3468 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
20:24:25.0234 3468 TabletInputService - ok
20:24:25.0281 3468 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
20:24:25.0328 3468 TapiSrv - ok
20:24:25.0390 3468 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
20:24:25.0437 3468 TBS - ok
20:24:25.0562 3468 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
20:24:25.0609 3468 Tcpip - ok
20:24:25.0749 3468 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
20:24:25.0780 3468 TCPIP6 - ok
20:24:25.0890 3468 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
20:24:25.0936 3468 tcpipreg - ok
20:24:25.0968 3468 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
20:24:26.0014 3468 TDPIPE - ok
20:24:26.0108 3468 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
20:24:26.0155 3468 TDTCP - ok
20:24:26.0202 3468 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
20:24:26.0311 3468 tdx - ok
20:24:26.0420 3468 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
20:24:26.0436 3468 TermDD - ok
20:24:26.0482 3468 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
20:24:26.0560 3468 TermService - ok
20:24:26.0623 3468 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
20:24:26.0670 3468 Themes - ok
20:24:26.0779 3468 ThinkVantage Registry Monitor Service (82c4830ab23a7ab125f38da9a46b6a6d) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
20:24:26.0810 3468 ThinkVantage Registry Monitor Service - ok
20:24:26.0888 3468 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:24:26.0935 3468 THREADORDER - ok
20:24:26.0982 3468 TPDIGIMN (20a439d6475d6fe1909159c0143d0466) C:\Windows\system32\DRIVERS\ApsHM86.sys
20:24:26.0997 3468 TPDIGIMN - ok
20:24:27.0060 3468 TPHDEXLGSVC (3775e4aa5f72264dbab7a578dd913ecf) C:\Windows\system32\TPHDEXLG.exe
20:24:27.0075 3468 TPHDEXLGSVC - ok
20:24:27.0184 3468 TPHKLOAD (1dbf0267cebf80f0bd24dfe895367db5) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
20:24:27.0216 3468 TPHKLOAD - ok
20:24:27.0247 3468 TPHKSVC (cb0625c2f5b7c72c50c5ae34f8e8f7d0) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
20:24:27.0262 3468 TPHKSVC - ok
20:24:27.0340 3468 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
20:24:27.0387 3468 TPM - ok
20:24:27.0481 3468 TPPWRIF (6412da2b8d079d821b99b3a99943284e) C:\Windows\system32\drivers\Tppwr32v.sys
20:24:27.0496 3468 TPPWRIF - ok
20:24:27.0528 3468 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
20:24:27.0590 3468 TrkWks - ok
20:24:27.0637 3468 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
20:24:27.0715 3468 TrustedInstaller - ok
20:24:27.0762 3468 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:24:27.0840 3468 tssecsrv - ok
20:24:27.0949 3468 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
20:24:28.0011 3468 TsUsbFlt - ok
20:24:28.0120 3468 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
20:24:28.0198 3468 tunnel - ok
20:24:28.0230 3468 TurboB (c0847edcccef8d4f5354e82ec9e90159) C:\Windows\system32\DRIVERS\TurboB.sys
20:24:28.0230 3468 TurboB - ok
20:24:28.0308 3468 TurboBoost (8629f69817902d9d0f00eb3247aaba51) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
20:24:28.0354 3468 TurboBoost - ok
20:24:28.0448 3468 TVT Backup Service (b56da1aa776c15043d10f82b32aa000d) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
20:24:28.0526 3468 TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
20:24:28.0526 3468 TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
20:24:28.0604 3468 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:24:28.0635 3468 uagp35 - ok
20:24:28.0682 3468 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
20:24:28.0744 3468 udfs - ok
20:24:28.0822 3468 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
20:24:28.0885 3468 UI0Detect - ok
20:24:28.0994 3468 UleadBurningHelper (be788a747457e6916586c410ec0111e7) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
20:24:29.0010 3468 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
20:24:29.0010 3468 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
20:24:29.0103 3468 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
20:24:29.0134 3468 uliagpkx - ok
20:24:29.0244 3468 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
20:24:29.0275 3468 umbus - ok
20:24:29.0290 3468 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:24:29.0337 3468 UmPass - ok
20:24:29.0431 3468 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
20:24:29.0493 3468 UmRdpService - ok
20:24:29.0634 3468 UmxEngine (a6d4800135180ebb6582768c4981a193) C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
20:24:29.0665 3468 UmxEngine - ok
20:24:29.0790 3468 UNS (9e89c2d6945389270de067ce51ff7425) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:24:29.0836 3468 UNS - ok
20:24:29.0899 3468 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
20:24:29.0961 3468 upnphost - ok
20:24:30.0070 3468 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
20:24:30.0133 3468 USBAAPL - ok
20:24:30.0180 3468 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
20:24:30.0195 3468 usbccgp - ok
20:24:30.0304 3468 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
20:24:30.0336 3468 usbcir - ok
20:24:30.0351 3468 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
20:24:30.0367 3468 usbehci - ok
20:24:30.0382 3468 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
20:24:30.0414 3468 usbhub - ok
20:24:30.0492 3468 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
20:24:30.0538 3468 usbohci - ok
20:24:30.0585 3468 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:24:30.0601 3468 usbprint - ok
20:24:30.0694 3468 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:24:30.0726 3468 USBSTOR - ok
20:24:30.0757 3468 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
20:24:30.0772 3468 usbuhci - ok
20:24:30.0897 3468 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
20:24:30.0944 3468 usbvideo - ok
20:24:30.0991 3468 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
20:24:31.0038 3468 UxSms - ok
20:24:31.0131 3468 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
20:24:31.0162 3468 VaultSvc - ok
20:24:31.0225 3468 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
20:24:31.0240 3468 vdrvroot - ok
20:24:31.0318 3468 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
20:24:31.0412 3468 vds - ok
20:24:31.0506 3468 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:24:31.0552 3468 vga - ok
20:24:31.0584 3468 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:24:31.0615 3468 VgaSave - ok
20:24:31.0708 3468 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
20:24:31.0740 3468 vhdmp - ok
20:24:31.0802 3468 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
20:24:31.0833 3468 viaagp - ok
20:24:31.0911 3468 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:24:31.0974 3468 ViaC7 - ok
20:24:32.0005 3468 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
20:24:32.0036 3468 viaide - ok
20:24:32.0130 3468 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
20:24:32.0145 3468 vmbus - ok
20:24:32.0176 3468 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
20:24:32.0223 3468 VMBusHID - ok
20:24:32.0332 3468 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
20:24:32.0348 3468 volmgr - ok
20:24:32.0379 3468 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:24:32.0410 3468 volmgrx - ok
20:24:32.0504 3468 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
20:24:32.0520 3468 volsnap - ok
20:24:32.0566 3468 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:24:32.0582 3468 vsmraid - ok
20:24:32.0691 3468 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
20:24:32.0754 3468 VSS - ok
20:24:32.0832 3468 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
20:24:32.0894 3468 vwifibus - ok
20:24:33.0003 3468 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
20:24:33.0066 3468 vwififlt - ok
20:24:33.0097 3468 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
20:24:33.0144 3468 W32Time - ok
20:24:33.0222 3468 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:24:33.0284 3468 WacomPen - ok
20:24:33.0378 3468 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:24:33.0424 3468 WANARP - ok
20:24:33.0424 3468 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
20:24:33.0440 3468 Wanarpv6 - ok
20:24:33.0518 3468 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
20:24:33.0627 3468 WatAdminSvc - ok
20:24:33.0736 3468 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
20:24:33.0799 3468 wbengine - ok
20:24:33.0861 3468 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
20:24:33.0924 3468 WbioSrvc - ok
20:24:33.0970 3468 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
20:24:34.0002 3468 wcncsvc - ok
20:24:34.0064 3468 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
20:24:34.0111 3468 WcsPlugInService - ok
20:24:34.0142 3468 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:24:34.0173 3468 Wd - ok
20:24:34.0251 3468 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:24:34.0282 3468 Wdf01000 - ok
20:24:34.0314 3468 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:24:34.0329 3468 WdiServiceHost - ok
20:24:34.0329 3468 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:24:34.0345 3468 WdiSystemHost - ok
20:24:34.0438 3468 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
20:24:34.0516 3468 WebClient - ok
20:24:34.0563 3468 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
20:24:34.0594 3468 Wecsvc - ok
20:24:34.0657 3468 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
20:24:34.0704 3468 wercplsupport - ok
20:24:34.0735 3468 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
20:24:34.0766 3468 WerSvc - ok
20:24:34.0844 3468 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:24:34.0906 3468 WfpLwf - ok
20:24:34.0922 3468 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:24:34.0938 3468 WIMMount - ok
20:24:35.0016 3468 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
20:24:35.0078 3468 WinDefend - ok
20:24:35.0094 3468 WinHttpAutoProxySvc - ok
20:24:35.0187 3468 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
20:24:35.0218 3468 Winmgmt - ok
20:24:35.0281 3468 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
20:24:35.0406 3468 WinRM - ok
20:24:35.0515 3468 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
20:24:35.0577 3468 WinUsb - ok
20:24:35.0640 3468 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
20:24:35.0702 3468 Wlansvc - ok
20:24:35.0811 3468 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
20:24:35.0827 3468 WmiAcpi - ok
20:24:35.0874 3468 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
20:24:35.0889 3468 wmiApSrv - ok
20:24:35.0998 3468 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:24:36.0045 3468 WMPNetworkSvc - ok
20:24:36.0108 3468 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
20:24:36.0154 3468 WPCSvc - ok
20:24:36.0217 3468 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
20:24:36.0248 3468 WPDBusEnum - ok
20:24:36.0342 3468 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:24:36.0404 3468 ws2ifsl - ok
20:24:36.0498 3468 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
20:24:36.0544 3468 wscsvc - ok
20:24:36.0560 3468 WSearch - ok
20:24:36.0638 3468 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
20:24:36.0700 3468 wuauserv - ok
20:24:36.0794 3468 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
20:24:36.0825 3468 WudfPf - ok
20:24:36.0856 3468 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:24:36.0888 3468 WUDFRd - ok
20:24:36.0934 3468 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
20:24:36.0966 3468 wudfsvc - ok
20:24:37.0028 3468 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
20:24:37.0075 3468 WwanSvc - ok
20:24:37.0184 3468 zghsmdm (c6031757a76bddc3e93647a177916cec) C:\Windows\system32\DRIVERS\zghsmdm.sys
20:24:37.0215 3468 zghsmdm - ok
20:24:37.0324 3468 zgwhsdiag (7580253b79fa247d8498a23531415af4) C:\Windows\system32\DRIVERS\zgwhsdiag.sys
20:24:37.0387 3468 zgwhsdiag - ok
20:24:37.0496 3468 zgwhsnmea (7580253b79fa247d8498a23531415af4) C:\Windows\system32\DRIVERS\zgwhsnmea.sys
20:24:37.0527 3468 zgwhsnmea - ok
20:24:37.0574 3468 MBR (0x1B8) (b1d904c52e22a32d9360b5ef7aec87c0) \Device\Harddisk0\DR0
20:24:37.0652 3468 \Device\Harddisk0\DR0 - ok
20:24:37.0683 3468 Boot (0x1200) (b6831b048c61a6b95e3dce5be398c61d) \Device\Harddisk0\DR0\Partition0
20:24:37.0683 3468 \Device\Harddisk0\DR0\Partition0 - ok
20:24:37.0699 3468 Boot (0x1200) (c8ed15215a914c259fe04e7e338e1e35) \Device\Harddisk0\DR0\Partition1
20:24:37.0699 3468 \Device\Harddisk0\DR0\Partition1 - ok
20:24:37.0730 3468 Boot (0x1200) (2963bdee728b8bad43415cb148ea9860) \Device\Harddisk0\DR0\Partition2
20:24:37.0730 3468 \Device\Harddisk0\DR0\Partition2 - ok
20:24:37.0730 3468 ============================================================
20:24:37.0730 3468 Scan finished
20:24:37.0730 3468 ============================================================
20:24:37.0746 6196 Detected object count: 3
20:24:37.0746 6196 Actual detected object count: 3
20:24:59.0227 6196 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
20:24:59.0227 6196 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:24:59.0242 6196 TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:24:59.0242 6196 TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:24:59.0242 6196 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
20:24:59.0242 6196 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:25:08.0914 7932 Deinitialize success


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.14.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16443
Jay :: JAYSLAPTOP [administrator]

14/04/2012 8:39:19 PM
mbam-log-2012-04-14 (20-39-19).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 316737
Time elapsed: 1 hour(s), 24 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#5 gettingitdone

gettingitdone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 14 April 2012 - 06:40 PM

Mark, not sure if it helps...but I just installed Google Chrome, and the pop issue does not seem to occur. It looks like the pop up is only occurring when using Internet Explorer.

#6 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:09:12 PM

Posted 15 April 2012 - 07:25 AM

Ok, thanks for that information, lets try this:


STEP 1
NOTE: If you have already used Combofix please delete the icon from your desktop.
  • Please download DeFogger and save it to your desktop.
  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will appear.
  • You should now click on the Disable button to disable your CD Emulation drivers.
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
STEP 2
Please download ComboFix Posted Image from one of the locations below and save it to your Desktop. <-Important!!!
Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix

Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. XP users need to install the Recovery Console first.
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
  • If ComboFix detects an older version of itself, you will be asked to update the program.
  • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
  • Follow the prompts and click on Yes to continue scanning for malware.
  • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
  • Be sure to re-enable your anti-virus and other security programs.
-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.


If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.

Do NOT use ComboFix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read ComboFix's Disclaimer.


Edited by mark1956, 15 April 2012 - 07:26 AM.


#7 gettingitdone

gettingitdone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 16 April 2012 - 04:08 AM

Hi Mark..many thanks...all done. The log's below.

ComboFix 12-04-16.01 - Jay 16/04/2012 18:42:57.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.2549.1689 [GMT 10:00]
Running from: c:\users\Jay\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Windows
c:\programdata\Windows\dumd.dat
c:\programdata\windows\wsse.dll
c:\programdata\Windows\xdor.dat
c:\windows\system32\Thumbs.db
Q:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-16 08:48 . 2012-04-16 08:48 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B964F90-8D87-4DF7-A2D2-F3DC236ED068}\offreg.dll
2012-04-15 08:04 . 2012-04-15 08:04 -------- d-----w- c:\users\Jay\Tracing
2012-04-15 07:58 . 2012-04-15 07:58 -------- d-----w- c:\windows\en
2012-04-15 07:47 . 2009-09-04 07:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-04-15 07:47 . 2009-09-04 07:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-04-15 07:47 . 2009-09-04 07:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-04-15 07:45 . 2012-04-15 07:45 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\b72dca371cd1adb03\DSETUP.dll
2012-04-15 07:45 . 2012-04-15 07:45 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\b72dca371cd1adb03\DXSETUP.exe
2012-04-15 07:45 . 2012-04-15 07:45 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\b72dca371cd1adb03\dsetup32.dll
2012-04-15 07:45 . 2012-04-15 07:45 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\aff8ffc21cd1adb02\DSETUP.dll
2012-04-15 07:45 . 2012-04-15 07:45 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\aff8ffc21cd1adb02\DXSETUP.exe
2012-04-15 07:45 . 2012-04-15 07:45 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\aff8ffc21cd1adb02\dsetup32.dll
2012-04-15 07:44 . 2012-04-15 08:05 -------- d-----w- c:\users\Jay\AppData\Local\Windows Live
2012-04-14 23:15 . 2012-04-14 23:17 -------- d-----w- c:\users\Jay\AppData\Local\Google
2012-04-14 23:14 . 2012-04-14 23:15 -------- d-----w- c:\users\Jay\AppData\Local\Deployment
2012-04-14 23:14 . 2012-04-14 23:14 -------- d-----w- c:\users\Jay\AppData\Local\Apps
2012-04-14 10:37 . 2012-04-14 10:37 -------- d-----w- c:\users\Jay\AppData\Roaming\Malwarebytes
2012-04-14 10:37 . 2012-04-14 10:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-14 10:37 . 2012-04-14 10:37 -------- d-----w- c:\programdata\Malwarebytes
2012-04-14 10:37 . 2012-04-04 05:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-14 09:36 . 2012-04-14 09:36 -------- d-----w- c:\users\Jay\AppData\Local\WinZip
2012-04-13 22:05 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B964F90-8D87-4DF7-A2D2-F3DC236ED068}\mpengine.dll
2012-04-13 11:29 . 2012-04-13 11:29 -------- d-----w- c:\program files\Common Files\Java
2012-04-13 07:53 . 2012-04-13 07:53 -------- d-----w- c:\programdata\NortonInstaller
2012-04-12 20:33 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 20:33 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 20:33 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 20:33 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 20:32 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 20:32 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-03-18 00:11 . 2010-09-26 22:59 9728 ----a-w- c:\windows\system32\drivers\massfilter_hs.sys
2012-03-18 00:11 . 2010-07-22 06:45 106752 ----a-w- c:\windows\system32\drivers\zgwhsnmea.sys
2012-03-18 00:11 . 2010-07-22 06:45 106752 ----a-w- c:\windows\system32\drivers\zgwhsdiag.sys
2012-03-18 00:11 . 2010-01-25 04:03 105216 ----a-w- c:\windows\system32\drivers\zgwhsmdm.sys
2012-03-18 00:11 . 2012-03-18 00:17 -------- d-----w- c:\program files\Join MePlay
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 07:47 . 2011-03-28 08:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-13 11:29 . 2010-12-29 22:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-13 08:30 . 2011-06-17 22:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-08 08:50 . 2012-03-08 08:50 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-08 08:37 . 2012-03-08 08:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-25 06:06 . 2012-02-25 06:06 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-22 23:18 . 2010-12-22 02:47 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-14 05:08 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 05:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 05:08 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38 . 2012-03-14 05:11 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54 . 2012-03-14 05:11 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:32 . 2012-03-14 05:08 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-14 05:08 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-14 05:08 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-20 8555040]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-05-06 886120]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-03-10 62312]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-26 3089720]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-10 300400]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"TRUUpdater"="c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2010-08-05 570736]
"WatcherHelper"="c:\program files\Telstra\Telstra Connection Manager\WaHelper.exe" [2010-06-23 103792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-2-18 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-30 45352]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2010-09-26 9728]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-06-27 22640]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-05-06 75112]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-08 186912]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\DRIVERS\swiwdmbus.sys [2010-06-21 78720]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2010-06-21 228352]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2010-06-21 156544]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 99768]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-22 1343400]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [2011-01-12 106752]
R3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\DRIVERS\zgwhsdiag.sys [2010-07-22 106752]
R3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\DRIVERS\zgwhsnmea.sys [2010-07-22 106752]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 65584]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-13 172032]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-03-10 50536]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-04-04 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-03-10 74088]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sierra Wireless Inc\Common\SwiCardDetect.exe [2010-08-30 218480]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-04-20 130920]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-03-29 64952]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-30 13752]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-06-18 125568]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-13 5281792]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-13 149504]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-09 394856]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-05-17 1013280]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-318894730-2856346820-521077763-1000Core.job
- c:\users\Jay\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-14 23:15]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-318894730-2856346820-521077763-1000UA.job
- c:\users\Jay\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-14 23:15]
.
2012-03-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2012-04-16 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page = https://postoffice.tpg.com.au/advanced/postoffice/login.php?reason=logout
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{677EF588-5615-4345-9A89-F92B2BD1377C}: NameServer = 10.4.85.138 10.4.176.234
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-318894730-2856346820-521077763-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-318894730-2856346820-521077763-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1012)
c:\program files\PC-Doctor\PcdToolbar584923.dll
c:\program files\Lenovo\Access Connections\ACDeskBand.dll
c:\program files\Lenovo\Access Connections\AcLocSettings.dll
c:\program files\Lenovo\Access Connections\AcCryptHlpr.dll
c:\program files\Lenovo\Access Connections\ACHelper.dll
c:\program files\Lenovo\Access Connections\AcSvcStub.dll
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\windows\system32\taskhost.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-04-16 18:54:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-16 08:54
.
Pre-Run: 324,303,892,480 bytes free
Post-Run: 325,334,065,152 bytes free
.
- - End Of File - - 54D56D0688CFE720B2F5A9E691DD80C8

#8 gettingitdone

gettingitdone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 16 April 2012 - 04:35 AM

Hi Mark, just letting you know that things are running much better now. I've haven't been able to induce the pop up in ebay or paypal. Hopefully we've got it sorted.

#9 gettingitdone

gettingitdone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 16 April 2012 - 06:22 PM

Hi Mark...I'm sorry to say things have deteriorated significantly...everything was running great last night, but this morning I've fired the computer up only to find IE9 won't even boot up, whilst chrome opens but never gets further than having a think about opening any websites. Furthermore, Norton Antivirus appears to have disabled itself and I can't get it enabled again.

Here's what I think might have been the problem...

Before running combofix, I thought I had fully disabled CA Antivirus...but when running combofix it asked me to unistall CA Antivirus. So I uninstalled it (keeping the computer disconnected from the internet). I then ran combofix successfully. Following this the first thing I did was install a trial version of Norton Antivirus 2009 to cover me until the clean up process was complete (I didn't have a back up of CA to reinstall it). All indications were that Norton was updated and functioning. I'm thinking this hasn't done the job though, and I've picked something up again. I realise Norton 2009 is probably pretty outdated, but I was going to seek your advice on future virus protection software before investing any $$$...I didn't think I'd run into trouble again so quickly. Ugh.

DDS log is below...I tried running gmer three times, the first time I got an error part way through, the second time it froze the computer, the third time it was successful. I've attached the DDS attach and ark txt files.

Thanks in advance Mark.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16443
Run by Jay at 8:21:00 on 2012-04-17
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.2549.1744 [GMT 10:00]
.
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
C:\Program Files\Telstra\Telstra Connection Manager\WaHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://postoffice.tpg.com.au/advanced/postoffice/login.php?reason=logout
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.0.30\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.0.30\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.0.30\coIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [TpShocks] TpShocks.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TRUUpdater] "c:\program files\sierra wireless inc\webupdater\TRUUpdater.exe" /bkground
mRun: [WatcherHelper] "c:\program files\telstra\telstra connection manager\WaHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{435C3C19-7649-44E3-BD92-C62EF9ECF2CC}\14D496C65637 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{435C3C19-7649-44E3-BD92-C62EF9ECF2CC}\24967605F6E64693535363 : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{435C3C19-7649-44E3-BD92-C62EF9ECF2CC}\4505D2C494E4B4F5645344646334 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{435C3C19-7649-44E3-BD92-C62EF9ECF2CC}\74F5368656374756270225D60223 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{677EF588-5615-4345-9A89-F92B2BD1377C} : NameServer = 10.4.85.138 10.4.176.234
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.0.30\CoIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1007000.01e\SymEFA.sys [2012-4-16 310320]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-10 20520]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1007000.01e\BHDrvx86.sys [2012-4-16 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1007000.01e\cchpx86.sys [2012-4-16 482432]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090712.001\IDSvix86.sys [2012-4-16 293424]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-8-29 13680]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-7-25 172032]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2010-7-25 50536]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-8-29 45496]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2010-7-25 74088]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2011-8-29 93032]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.0.30\ccSvcHst.exe [2012-4-16 117640]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\sierra wireless inc\common\SwiCardDetect.exe [2010-8-30 218480]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2011-8-29 130920]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-8-29 64952]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-9-30 13752]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-7-25 2320920]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2010-7-25 125568]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-7-25 5281792]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-7-25 149504]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-7-25 125696]
R3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-4-1 22640]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-7-25 1013280]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1007000.01e\symndisv.sys [2012-4-16 48688]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-7-25 45352]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-7-25 29472]
S3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2012-3-18 9728]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-7-25 75112]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-7-25 186912]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\drivers\swiwdmbus.sys [2010-6-21 78720]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2010-6-21 228352]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [2010-6-21 156544]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
S3 TurboBoost;TurboBoost;c:\program files\intel\turboboost\TurboBoost.exe [2009-9-30 99768]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-25 1343400]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\drivers\zghsmdm.sys [2011-1-13 106752]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [2012-3-18 106752]
S3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\drivers\zgwhsnmea.sys [2012-3-18 106752]
.
=============== Created Last 30 ================
.
2012-04-16 09:10:46 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-04-16 09:10:44 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-16 09:10:19 -------- d-----w- c:\program files\Symantec
2012-04-16 09:10:19 -------- d-----w- c:\program files\common files\Symantec Shared
2012-04-16 09:10:18 -------- d-----w- c:\programdata\Symantec
2012-04-16 09:08:59 -------- d-----w- c:\program files\NortonInstaller
2012-04-16 08:50:19 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-16 08:48:59 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6b964f90-8d87-4df7-a2d2-f3dc236ed068}\offreg.dll
2012-04-16 08:48:31 -------- d-----w- c:\users\jay\appdata\local\temp
2012-04-16 08:40:30 98816 ----a-w- c:\windows\sed.exe
2012-04-16 08:40:30 518144 ----a-w- c:\windows\SWREG.exe
2012-04-16 08:40:30 256000 ----a-w- c:\windows\PEV.exe
2012-04-16 08:40:30 208896 ----a-w- c:\windows\MBR.exe
2012-04-15 08:05:09 -------- d-----w- c:\users\jay\appdata\local\{D5A9F2B5-67E5-4827-941E-BCA4F348E9E8}
2012-04-15 08:04:57 -------- d-----w- c:\users\jay\appdata\local\{0323DA80-F507-4DB6-8BAB-38312E43C701}
2012-04-15 08:04:27 -------- d-----w- c:\users\jay\appdata\local\{40B2DF3C-171C-4E59-8C6B-6CE9C7066562}
2012-04-15 08:04:15 -------- d-----w- c:\users\jay\appdata\local\{EE0716A7-87CE-45A9-BDE6-59E6B915DFD2}
2012-04-15 08:04:02 -------- d-----w- c:\users\jay\Tracing
2012-04-15 07:58:51 -------- d-----w- c:\windows\en
2012-04-15 07:47:07 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-04-15 07:47:07 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-04-15 07:47:07 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-04-15 07:45:25 89944 ----a-w- c:\program files\common files\windows live\.cache\b72dca371cd1adb03\DSETUP.dll
2012-04-15 07:45:25 537432 ----a-w- c:\program files\common files\windows live\.cache\b72dca371cd1adb03\DXSETUP.exe
2012-04-15 07:45:25 1801048 ----a-w- c:\program files\common files\windows live\.cache\b72dca371cd1adb03\dsetup32.dll
2012-04-15 07:45:12 94040 ----a-w- c:\program files\common files\windows live\.cache\aff8ffc21cd1adb02\DSETUP.dll
2012-04-15 07:45:12 525656 ----a-w- c:\program files\common files\windows live\.cache\aff8ffc21cd1adb02\DXSETUP.exe
2012-04-15 07:45:12 1691480 ----a-w- c:\program files\common files\windows live\.cache\aff8ffc21cd1adb02\dsetup32.dll
2012-04-15 07:44:22 -------- d-----w- c:\users\jay\appdata\local\Windows Live
2012-04-14 23:15:24 -------- d-----w- c:\users\jay\appdata\local\Google
2012-04-14 23:14:48 -------- d-----w- c:\users\jay\appdata\local\Deployment
2012-04-14 23:14:48 -------- d-----w- c:\users\jay\appdata\local\Apps
2012-04-14 10:37:50 -------- d-----w- c:\users\jay\appdata\roaming\Malwarebytes
2012-04-14 10:37:42 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-14 10:37:42 -------- d-----w- c:\programdata\Malwarebytes
2012-04-14 10:37:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-14 09:36:09 -------- d-----w- c:\users\jay\appdata\local\WinZip
2012-04-13 22:05:39 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6b964f90-8d87-4df7-a2d2-f3dc236ed068}\mpengine.dll
2012-04-13 07:53:16 -------- d-----w- c:\programdata\NortonInstaller
2012-04-12 20:33:05 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 20:33:05 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 20:33:05 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 20:33:05 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 20:32:41 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 20:32:41 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-26 15:41:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-03-18 00:11:29 9728 ----a-w- c:\windows\system32\drivers\massfilter_hs.sys
2012-03-18 00:11:29 106752 ----a-w- c:\windows\system32\drivers\zgwhsnmea.sys
2012-03-18 00:11:29 106752 ----a-w- c:\windows\system32\drivers\zgwhsdiag.sys
2012-03-18 00:11:29 105216 ----a-w- c:\windows\system32\drivers\zgwhsmdm.sys
2012-03-18 00:11:16 -------- d-----w- c:\program files\Join MePlay
.
==================== Find3M ====================
.
2012-04-16 09:09:47 89904 ----a-w- c:\windows\system32\drivers\nis\1007000.01e\symfw.sys
2012-04-16 09:09:47 48688 ----a-w- c:\windows\system32\drivers\nis\1007000.01e\symndisv.sys
2012-04-16 09:09:47 43696 ----a-w- c:\windows\system32\drivers\nis\1007000.01e\srtspx.sys
2012-04-16 09:09:47 36400 ----a-w- c:\windows\system32\drivers\nis\1007000.01e\symndis.sys
2012-04-16 09:09:47 33072 ----a-w- c:\windows\system32\drivers\nis\1007000.01e\symids.sys
2012-04-16 09:09:47 310320 ----a-w- c:\windows\system32\drivers\nis\1007000.01e\SymEFA.sys
2012-04-16 09:09:47 308272 ----a-w- c:\windows\system32\drivers\nis\1007000.01e\srtsp.sys
2012-04-16 09:09:47 217136 ----a-w- c:\windows\system32\drivers\nis\1007000.01e\symtdi.sys
2012-04-16 09:09:46 482432 ----a-w- c:\windows\system32\drivers\nis\1007000.01e\cchpx86.sys
2012-04-16 09:09:46 259632 ----a-w- c:\windows\system32\drivers\nis\1007000.01e\BHDrvx86.sys
2012-04-13 11:29:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-13 08:30:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-08 08:50:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-08 08:37:20 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-22 23:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
============= FINISH: 8:21:31.75 ===============

Attached Files



#10 gettingitdone

gettingitdone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 16 April 2012 - 06:25 PM

Just a quick addition Mark, the Lenovo ThinkVantage Toolbox on the computer has detected the lack of antivirus software this morning, but last night it was happy that Norton was installed.

Cheers!

#11 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:09:12 PM

Posted 17 April 2012 - 02:53 AM

Ok, we need to do some cleaning up and a re-run of Combofix to remove an orphan entry. If IE9 is still not working follow the instructions to use Combofix first. I have included instructions to clean out the old Anti Virus and install Microsoft Security Essentials which is free and highly recommended.


Follow these steps.

STEP 1
Follow these instructions to make sure there are no remnants of the CA Anti Virus: CA Internet Security Uninstaller
Uninstall Norton and follow these instructions to clean out any remnants: Norton Uninstall Tool
Go to this link and install Microsoft Security Essentials

STEP 2
We are now going to run ComboFix a different way.

Open Notepad by clicking on Posted Image and in the Search box type: Notepad.exe and hit Enter.
Copy and paste everything in the code box below into it.
-- Note: Make sure Word Wrap is unchecked in Notepad by clicking on Format in the top menu.

KillAll::

DDS::
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

Reboot::
  • Save the file as CFScript.txt by choosing Save As... in the File Menu, and save it to your Desktop where the ComboFix icon is also located.
  • Close your browser and disconnect from the Internet.
  • Now use your mouse to drag, then drop the CFScript.txt file on top of ComboFix.exe as seen in the image below.

    Posted Image
  • This will start ComboFix again and launch the script.
  • ComboFix may reboot your system when it finishes. This is normal.
  • A log will be created just as before and saved to C:\ComboFix.txt. Please copy and paste the contents of ComboFix.txt in your next reply.
  • Be sure to re-enable your anti-virus and other security programs after the scan is complete.

STEP 3
Download Temporary file cleaner and save it to the desktop.
Double click on the icon to run it (it appears as a dark grey dustbin). For Windows 7 and Vista right click the icon and select Run as Administrator.
When the window opens click on Start. It will close all running programs and clear the desktop icons.
When complete you will be asked to reboot, accept the request and your PC will reboot automatically.

STEP 4
As the infection was only related to Internet Explorer please follow this to reset it.
Please go to this link Reset Internet Explorer Settings and use the automatic Posted Imagebutton in the instructions provided by Microsoft on that page to automatically reset registry keys and the browser back to the way it was when initially installed. If you check the Delete personal settings checkbox in Advanced settings, it will reset the home page(s), search providers and Accelerators to their default values. It will also delete temporary Internet files, history, cookies, web form information (passwords) and InPrivate Filtering data.[/color]

STEP 5
Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Please include in your next post:
Combofix log
Security Check log
Let me know if you had any problems with the above.
Tell me of any further issues.

Edited by mark1956, 17 April 2012 - 03:00 AM.


#12 gettingitdone

gettingitdone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 17 April 2012 - 05:02 AM

Hi Mark, thanks again. I'm afraid things didn't seem to go quite to plan.

1. IE9 was still not working, so I followed the combofix instructions first.
2. All went well, but part way through combofix windows 7 recognised a USB stick that was in the computer since before starting combofix, and decided to load up the typical window that opens when a USB device is inserted...I don't know if this has created the following problem or not.
3. I didn't touch anything and let combofix run.
4. I returned to the computer to find a black screen with a non system disk type error showing...the only option it gave me was to replace the disk and press any key. nothing resolved the error, so I forced a shut down and removed the USB stick.
5. I attempted several reboots, with the start up getting to the point where I could log in...but then I'd just get a blank screen. If I crtl-alt-del it'd bring up the normal menu where I could choose options such as start task manager. Task manage could be opened, but on a blank background.
6. Eventually a reboot made it all the way, including the combofix log preparation window. The log is below.
7. If I now attempt to run any programs I get the error "Illegal operation attempted on a registry key that has been marked for deletion".

I've decided to stop and await further instructions.


ComboFix 12-04-16.01 - Jay 17/04/2012 19:09:27.2.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.2549.1682 [GMT 10:00]
Running from: c:\users\Jay\Desktop\ComboFix.exe
Command switches used :: c:\users\Jay\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-17 09:15 . 2012-04-17 09:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-16 22:46 . 2012-04-16 22:46 100864 ----a-w- C:\uwdoikod.sys
2012-04-16 09:10 . 2012-04-16 09:09 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-04-16 09:10 . 2012-04-16 09:10 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-16 09:10 . 2012-04-16 09:10 -------- d-----w- c:\program files\Symantec
2012-04-16 09:10 . 2012-04-16 09:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-04-16 09:10 . 2012-04-16 09:10 -------- d-----w- c:\programdata\Symantec
2012-04-16 09:09 . 2012-04-16 09:09 -------- d-----w- c:\windows\system32\drivers\NIS
2012-04-16 09:09 . 2012-04-16 09:09 -------- d-----w- c:\program files\Norton Internet Security
2012-04-16 09:09 . 2012-04-16 09:10 -------- d-----w- c:\programdata\Norton
2012-04-16 09:08 . 2012-04-16 09:08 -------- d-----w- c:\program files\NortonInstaller
2012-04-16 08:48 . 2012-04-16 08:48 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B964F90-8D87-4DF7-A2D2-F3DC236ED068}\offreg.dll
2012-04-16 08:48 . 2012-04-17 09:35 -------- d-----w- c:\users\Jay\AppData\Local\temp
2012-04-15 08:04 . 2012-04-15 08:04 -------- d-----w- c:\users\Jay\Tracing
2012-04-15 07:58 . 2012-04-15 07:58 -------- d-----w- c:\windows\en
2012-04-15 07:47 . 2009-09-04 07:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-04-15 07:47 . 2009-09-04 07:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-04-15 07:47 . 2009-09-04 07:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-04-15 07:45 . 2012-04-15 07:45 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\b72dca371cd1adb03\DSETUP.dll
2012-04-15 07:45 . 2012-04-15 07:45 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\b72dca371cd1adb03\DXSETUP.exe
2012-04-15 07:45 . 2012-04-15 07:45 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\b72dca371cd1adb03\dsetup32.dll
2012-04-15 07:45 . 2012-04-15 07:45 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\aff8ffc21cd1adb02\DSETUP.dll
2012-04-15 07:45 . 2012-04-15 07:45 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\aff8ffc21cd1adb02\DXSETUP.exe
2012-04-15 07:45 . 2012-04-15 07:45 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\aff8ffc21cd1adb02\dsetup32.dll
2012-04-15 07:44 . 2012-04-15 08:05 -------- d-----w- c:\users\Jay\AppData\Local\Windows Live
2012-04-14 23:15 . 2012-04-14 23:17 -------- d-----w- c:\users\Jay\AppData\Local\Google
2012-04-14 23:14 . 2012-04-14 23:15 -------- d-----w- c:\users\Jay\AppData\Local\Deployment
2012-04-14 23:14 . 2012-04-14 23:14 -------- d-----w- c:\users\Jay\AppData\Local\Apps
2012-04-14 10:37 . 2012-04-14 10:37 -------- d-----w- c:\users\Jay\AppData\Roaming\Malwarebytes
2012-04-14 10:37 . 2012-04-14 10:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-14 10:37 . 2012-04-14 10:37 -------- d-----w- c:\programdata\Malwarebytes
2012-04-14 10:37 . 2012-04-04 05:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-14 09:36 . 2012-04-14 09:36 -------- d-----w- c:\users\Jay\AppData\Local\WinZip
2012-04-13 22:05 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B964F90-8D87-4DF7-A2D2-F3DC236ED068}\mpengine.dll
2012-04-13 11:29 . 2012-04-13 11:29 -------- d-----w- c:\program files\Common Files\Java
2012-04-12 20:33 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 20:33 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 20:33 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 20:33 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 20:32 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 20:32 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 07:47 . 2011-03-28 08:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-13 11:29 . 2010-12-29 22:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-13 08:30 . 2011-06-17 22:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-08 08:50 . 2012-03-08 08:50 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-08 08:37 . 2012-03-08 08:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-25 06:06 . 2012-02-25 06:06 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-22 23:18 . 2010-12-22 02:47 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-14 05:08 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 05:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 05:08 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38 . 2012-03-14 05:11 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54 . 2012-03-14 05:11 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:32 . 2012-03-14 05:08 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-14 05:08 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-14 05:08 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-20 8555040]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-05-06 886120]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-03-10 62312]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-26 3089720]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-10 300400]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"TRUUpdater"="c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2010-08-05 570736]
"WatcherHelper"="c:\program files\Telstra\Telstra Connection Manager\WaHelper.exe" [2010-06-23 103792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-2-18 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-30 45352]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2010-09-26 9728]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-06-27 22640]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-05-06 75112]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-08 186912]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 swiwdmbus;Sierra Wireless USB Composite Bus;c:\windows\system32\DRIVERS\swiwdmbus.sys [2010-06-21 78720]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys [2010-06-21 228352]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys [2010-06-21 156544]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-30 99768]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-22 1343400]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [2011-01-12 106752]
R3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\DRIVERS\zgwhsdiag.sys [2010-07-22 106752]
R3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\DRIVERS\zgwhsnmea.sys [2010-07-22 106752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007000.01E\SYMEFA.SYS [2012-04-16 310320]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007000.01E\BHDrvx86.sys [2012-04-16 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007000.01E\ccHPx86.sys [2012-04-16 482432]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 65584]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSVix86.sys [2012-04-16 293424]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-13 172032]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-03-10 50536]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-04-04 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-03-10 74088]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [2012-04-16 117640]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files\Sierra Wireless Inc\Common\SwiCardDetect.exe [2010-08-30 218480]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-04-20 130920]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-03-29 64952]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-30 13752]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-06-18 125568]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-13 5281792]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-13 149504]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-09 394856]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-05-17 1013280]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\NIS\1007000.01E\SYMNDISV.SYS [2012-04-16 48688]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-318894730-2856346820-521077763-1000Core.job
- c:\users\Jay\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-14 23:15]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-318894730-2856346820-521077763-1000UA.job
- c:\users\Jay\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-14 23:15]
.
2012-03-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2012-04-17 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page = https://postoffice.tpg.com.au/advanced/postoffice/login.php?reason=logout
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 203.12.160.35 203.12.160.36
TCP: Interfaces\{677EF588-5615-4345-9A89-F92B2BD1377C}: NameServer = 10.4.85.138 10.4.176.234
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.0.30\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-318894730-2856346820-521077763-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-318894730-2856346820-521077763-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5372)
c:\program files\ThinkPad\Bluetooth Software\btmmhook.dll
c:\program files\PC-Doctor\PcdToolbar584923.dll
c:\program files\Lenovo\Access Connections\ACDeskBand.dll
c:\program files\Lenovo\Access Connections\AcLocSettings.dll
c:\program files\Lenovo\Access Connections\AcCryptHlpr.dll
c:\program files\Lenovo\Access Connections\ACHelper.dll
c:\program files\Lenovo\Access Connections\AcSvcStub.dll
c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\atieclxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\windows\system32\taskhost.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\conhost.exe
c:\windows\System32\TpShocks.exe
c:\windows\System32\rundll32.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-04-17 19:39:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-17 09:39
ComboFix2.txt 2012-04-16 08:54
.
Pre-Run: 324,679,516,160 bytes free
Post-Run: 324,576,866,304 bytes free
.
- - End Of File - - 0EFDF2C3582AA596FC391ECD80D67400

#13 gettingitdone

gettingitdone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 17 April 2012 - 05:17 AM

Update: reboot solved the illegal operation error problem.

Edit: IE9 still won't boot, and Chrome still opens but doesn't open any pages.

I'll wait for further instructions...cheers!

Edited by gettingitdone, 17 April 2012 - 05:23 AM.


#14 mark1956

mark1956

  • Security Colleague
  • 271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Spain
  • Local time:09:12 PM

Posted 17 April 2012 - 06:38 AM

Ok, glad you solved the illegal operation which is fairly common and usually solved by a reboot as you have discovered.

Follow this to reset IE manually, if it fixes the problem then continue with the rest of the instructions in post 11. If it doesn't, post back and tell me what happened and wait for further instructions.

  • Exit all programs, including Internet Explorer (if it is running).
  • Click on the Start button Posted Image and type the following command in the Search box, and then press Enter:

    inetcpl.cpl
  • The Internet Options dialog box appears.
  • Click the Advanced tab.
  • Under Reset Internet Explorer settings, click Reset. Then click Reset again.
  • Click to select the Delete personal settings check box if you would also like to remove browsing history, search providers, Accelerators, home pages, Tracking Protection, and ActiveX Filtering data.
  • When Internet Explorer finishes resetting the settings, click Close in the Reset Internet Explorer Settings dialog box.
  • Start Internet Explorer again.


#15 gettingitdone

gettingitdone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 17 April 2012 - 07:27 AM

Hi Mark, many thanks. I followed the IE reset instructions, but still no joy, the problems persist :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users