Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Looks like another ZeroAccess...


  • This topic is locked This topic is locked
16 replies to this topic

#1 Caradyran

Caradyran

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 17 April 2012 - 01:38 AM

Good evening (or, morning)! I was instructed in the other thread to make a post here. Here are the observations I've made in my other thread.

Spoiler


I cannot enable my firewall, so step 5 is skipped. I use Daemon Tools for mounting of games from Asia, but I did use defogger.

Here is the DDS.txt.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Dong at 2:34:17 on 2012-04-17
Microsoft Windows 7 Professional 6.1.7601.1.936.86.1033.18.3992.2234 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
D:\SUPER ANTIMALWARE GO\SASCORE64.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Intel\AMT\LMS.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
D:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
D:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Users\Dong\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Dong\AppData\Local\Akamai\netsession_win.exe
D:\SUPER ANTIMALWARE GO\SUPERAntiSpyware.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\RotateImage\RCIMGDIR.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
D:\Program Files (x86)\stickies\stickies.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
G:\Program Files\Firefox\firefox.exe
G:\Program Files\Firefox\plugin-container.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\sppsvc.exe
c:\program files (x86)\lenovo\system update\suservice.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
D:\Program Files (x86)\Skype\Phone\Skype.exe
D:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [SoundMAX] C:\Windows\system32\rundll32.exe C:\Users\Dong\AppData\Local\Temp\SoundMAX.dll,Sets
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [Akamai NetSession Interface] "C:\Users\Dong\AppData\Local\Akamai\netsession_win.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [SUPERAntiSpyware] D:\SUPER ANTIMALWARE GO\SUPERAntiSpyware.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [RotateImage] C:\Program Files (x86)\RotateImage\RCIMGDIR.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "G:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\Dong\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Stickies.lnk - D:\Program Files (x86)\stickies\stickies.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
TCP: DhcpNameServer = 128.151.50.29 128.151.225.122 128.151.50.101
TCP: Interfaces\{9316808F-8D9B-4316-94D4-EAF55BA4CF0A} : DhcpNameServer = 128.151.50.29 128.151.225.122 128.151.50.101
TCP: Interfaces\{9316808F-8D9B-4316-94D4-EAF55BA4CF0A}\34C455241555142545542535 : DhcpNameServer = 8.8.8.8 208.67.222.222 10.71.0.1
TCP: Interfaces\{9316808F-8D9B-4316-94D4-EAF55BA4CF0A}\5525F52534F594E6475627E616C6355636572756 : DhcpNameServer = 128.151.50.29 128.151.225.122 128.151.50.101
TCP: Interfaces\{9316808F-8D9B-4316-94D4-EAF55BA4CF0A}\55272616E69636D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{9316808F-8D9B-4316-94D4-EAF55BA4CF0A}\734786D223 : DhcpNameServer = 192.168.2.3
TCP: Interfaces\{9316808F-8D9B-4316-94D4-EAF55BA4CF0A}\734786D233 : DhcpNameServer = 192.168.2.20
TCP: Interfaces\{9316808F-8D9B-4316-94D4-EAF55BA4CF0A}\84D4350254E646561667F65727 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9316808F-8D9B-4316-94D4-EAF55BA4CF0A}\8656C6C6F6B696474797E6564777F627B6 : DhcpNameServer = 192.168.2.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [RotateImage] C:\Program Files (x86)\RotateImage\RCIMGDIR.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [QuickTime Task] "G:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dong\AppData\Roaming\Mozilla\Firefox\Profiles\loswtqwm.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Dong\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Dong\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
FF - plugin: D:\Program Files (x86)\Opera\program\plugins\np_gp.dll
FF - plugin: D:\Program Files (x86)\Opera\program\plugins\npqtplugin.dll
FF - plugin: D:\Program Files (x86)\Opera\program\plugins\npqtplugin2.dll
FF - plugin: D:\Program Files (x86)\Opera\program\plugins\npqtplugin3.dll
FF - plugin: D:\Program Files (x86)\Opera\program\plugins\npqtplugin4.dll
FF - plugin: D:\Program Files (x86)\Opera\program\plugins\npqtplugin5.dll
FF - plugin: D:\Program Files (x86)\Opera\program\plugins\npqtplugin6.dll
FF - plugin: D:\Program Files (x86)\Opera\program\plugins\npqtplugin7.dll
FF - plugin: D:\Program Files (x86)\Opera\program\plugins\NPSibelius.dll
FF - plugin: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
FF - plugin: F:\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: G:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: G:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: G:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: G:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: G:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: G:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: G:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
FF - plugin: G:\Program Files\Firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 iaNvStor;Intel® Turbo Memory Controller;C:\Windows\system32\DRIVERS\iaNvStor.sys --> C:\Windows\system32\DRIVERS\iaNvStor.sys [?]
R0 pxscan;pxscan;C:\Windows\system32\drivers\pxscan.sys --> C:\Windows\system32\drivers\pxscan.sys [?]
R0 pxsec;pxsec;C:\Windows\system32\drivers\pxsec.sys --> C:\Windows\system32\drivers\pxsec.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\dddskx64.sys --> C:\Windows\system32\drivers\dddskx64.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;D:\SUPER ANTIMALWARE GO\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;D:\SUPER ANTIMALWARE GO\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;D:\SUPER ANTIMALWARE GO\SASCore64.exe [2011-8-11 140672]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [2009-11-11 4658744]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-4-30 41320]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-4-30 65896]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-1-22 133992]
R2 Secunia PSI Agent;Secunia PSI Agent;D:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-1-22 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-1-22 142696]
R2 TVicPort64;TVicPort64;C:\Windows\system32\drivers\TVicPort64.sys --> C:\Windows\system32\drivers\TVicPort64.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2010-1-8 2058776]
R2 YLMFVDISK;YLMF Virtual Diskette V1;C:\Windows\system32\drivers\VirtDisk64.sys --> C:\Windows\system32\drivers\VirtDisk64.sys [?]
R3 5U875UVC;Integrated Camera;C:\Windows\system32\DRIVERS\RCUVCMNP.sys --> C:\Windows\system32\DRIVERS\RCUVCMNP.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 TotRec8;Total Recorder WDM audio filter driver;\??\C:\Windows\system32\drivers\TotRec8.sys --> C:\Windows\system32\drivers\TotRec8.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-1-22 101736]
S2 SkypeUpdate;Skype Updater;D:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 ActionReplayDS;ActionReplayDS;C:\Windows\system32\Drivers\ActionReplayDS_x64.sys --> C:\Windows\system32\Drivers\ActionReplayDS_x64.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 253088]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-11-27 477032]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 pbfilter;pbfilter;D:\Program Files\PeerBlock\pbfilter.sys [2009-10-20 19544]
S3 PCDSRVC{127174DC-C366ED8B-06000000}_0;PCDSRVC{127174DC-C366ED8B-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2009-11-20 23536]
S3 PCDSRVC{184E4FA0-DE8C26D4-06000000}_0;PCDSRVC{184E4FA0-DE8C26D4-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\progra~1\pc-doc~1\pcdsrvc_x64.pkms [2009-11-20 23536]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-1-17 79208]
S3 RivaTuner64;RivaTuner64;D:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 PenCommService;Livescribe Pulse Smartpen Service;C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2010-2-18 265728]
.
=============== Created Last 30 ================
.
2012-04-17 05:15:26 -------- d-----w- C:\Users\Dong\AppData\Roaming\SUPERAntiSpyware.com
2012-04-17 05:14:55 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-04-17 04:43:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-16 20:38:13 53248 ----a-w- C:\Windows\system\TVicPort.dll
2012-04-16 20:38:13 16080 ----a-w- C:\Windows\System32\drivers\TVicPort64.sys
2012-04-16 18:10:56 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50491910-3D21-4CE6-936F-C077A2A885A9}\mpengine.dll
2012-04-15 19:46:04 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-12 16:14:07 -------- d-----w- C:\Users\Dong\AppData\Roaming\Magic Set Editor
2012-04-09 07:41:59 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2012-04-09 07:34:56 40248 ----a-w- C:\Windows\System32\drivers\psadd.sys
2012-04-01 07:52:40 -------- d-----w- C:\Users\Dong\AppData\Local\M2TWLauncher
2012-03-31 07:17:49 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 07:17:49 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 07:17:48 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 07:14:34 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-31 07:13:24 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-31 07:13:15 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-31 07:13:15 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-31 07:13:14 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-31 07:13:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-31 07:13:07 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-31 07:12:44 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-31 07:12:44 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-31 07:12:43 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-31 07:12:43 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-25 01:03:24 -------- d-----w- C:\Program Files (x86)\THQ
2012-03-24 19:40:06 -------- d-----w- C:\Program Files\Microsoft Xbox 360 Accessories
2012-03-24 03:16:24 -------- d-----w- C:\Users\Dong\AppData\Local\backburner
2012-03-24 02:18:16 -------- d-----w- C:\Program Files (x86)\Microsoft FxCop 1.35
2012-03-24 02:06:30 -------- d-----w- C:\Users\Dong\AppData\Roaming\JAM Software
2012-03-19 20:09:54 -------- d-----w- C:\Program Files\iTunes
2012-03-19 20:09:54 -------- d-----w- C:\Program Files\iPod
.
==================== Find3M ====================
.
2012-04-15 19:46:23 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-16 06:35:26 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
2012-03-15 02:38:23 22024 ----a-w- C:\Windows\System32\drivers\pxscan.sys
2012-03-15 02:38:23 18440 ----a-w- C:\Windows\System32\drivers\pxsec.sys
2012-03-05 04:16:57 564792 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-02-15 15:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 15:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 2:36:08.71 ===============

The attach file says unless specifically requested, don't attach. So I'll hold onto it until instructed. Thank you so much for your time!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 PM

Posted 17 April 2012 - 11:50 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Caradyran

Caradyran
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 18 April 2012 - 12:50 AM

Hi Gringo! Thank you so much for helping me out. Here is the Security Check log.

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Secunia PSI (2.0.0.3003)
Java™ 6 Update 27
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (Firefox,.. Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
SASCORE64.EXE
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````


And this is the ComboFix log. Unfortunately, my system was set to simplified Chinese, so the program apparently ran as simplified Chinese.

ComboFix 12-04-17.01 - Dong 8/2012 Wed 1:23.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.936.86.1033.18.3992.2155 [GMT -4:00]
执行位置: f:\desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功创造新还原点
.
Error: Cfiles.dat
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\114la.ico
c:\programdata\Roaming
c:\users\Dong\AppData\Local\assembly\tmp
c:\users\Dong\AppData\Local\Temp\SoundMAX.dll
c:\users\Dong\AppData\Local\Temp\SoundMAX.dll,Sets
c:\users\Dong\AppData\Roaming\115
c:\users\Dong\AppData\Roaming\115\Box\115Box.exe
c:\users\Dong\AppData\Roaming\115\Box\Drivers\VirtDisk.sys
c:\users\Dong\AppData\Roaming\115\Box\Drivers\VirtDisk64.sys
c:\users\Dong\AppData\Roaming\115\Box\sqlite3.dll
c:\users\Dong\AppData\Roaming\115\Box\Sync115Ext64.dll
c:\windows\apppatch\AppLoc.exe
c:\windows\PFRO.log
c:\windows\XSxS
.
.
((((((((((((((((((((((((( 2012-03-18 至 2012-04-18 的新的档案 )))))))))))))))))))))))))))))))
.
.
2012-04-17 19:31 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D9D300F-3BFD-4A49-A56F-1AE023322BBE}\mpengine.dll
2012-04-17 05:15 . 2012-04-17 05:15 -------- d-----w- c:\users\Dong\AppData\Roaming\SUPERAntiSpyware.com
2012-04-17 05:14 . 2012-04-17 05:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-17 04:43 . 2012-04-17 04:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-16 20:38 . 2006-10-13 07:21 16080 ----a-w- c:\windows\system32\drivers\TVicPort64.sys
2012-04-16 20:38 . 2005-03-30 16:11 53248 ----a-w- c:\windows\system\TVicPort.dll
2012-04-15 19:46 . 2012-04-15 19:46 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-12 21:38 . 2012-04-12 21:38 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-12 16:14 . 2012-04-12 22:53 -------- d-----w- c:\users\Dong\AppData\Roaming\Magic Set Editor
2012-04-10 02:52 . 2012-04-10 02:52 -------- d-----w- c:\programdata\ATI
2012-04-09 07:41 . 2011-11-28 16:53 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-09 07:34 . 2011-12-27 01:10 40248 ----a-w- c:\windows\system32\drivers\psadd.sys
2012-04-01 07:52 . 2012-04-01 07:52 -------- d-----w- c:\users\Dong\AppData\Local\M2TWLauncher
2012-03-31 07:17 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 07:17 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 07:17 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 07:14 . 2012-04-15 19:46 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-31 07:13 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-31 07:13 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-31 07:13 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-31 07:13 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-31 07:13 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-31 07:13 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-31 07:12 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-31 07:12 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-31 07:12 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-31 07:12 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-25 01:03 . 2012-03-25 01:30 -------- d-----w- c:\program files (x86)\THQ
2012-03-24 19:40 . 2012-03-24 19:40 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2012-03-24 03:16 . 2012-03-24 03:16 -------- d-----w- c:\users\Dong\AppData\Local\backburner
2012-03-24 02:28 . 2012-03-24 02:28 -------- d-----w- c:\program files\Microsoft SDKs
2012-03-24 02:18 . 2012-03-24 02:18 -------- d-----w- c:\program files (x86)\Microsoft FxCop 1.35
2012-03-24 02:06 . 2012-03-24 02:06 -------- d-----w- c:\users\Dong\AppData\Roaming\JAM Software
2012-03-19 20:09 . 2012-03-19 20:10 -------- d-----w- c:\program files\iTunes
2012-03-19 20:09 . 2012-03-19 20:09 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 19:46 . 2011-06-11 20:40 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2010-12-18 18:58 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 06:35 . 2009-11-15 03:10 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-03-15 02:38 . 2009-11-11 15:47 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2012-03-15 02:38 . 2009-11-11 15:47 18440 ----a-w- c:\windows\system32\drivers\pxsec.sys
2012-03-14 03:27 . 2011-08-17 19:56 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-05 04:16 . 2009-11-14 03:19 564792 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-02-16 08:45 . 2012-02-16 08:45 94208 ----a-r- c:\users\Dong\AppData\Roaming\Microsoft\Installer\{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BD}\python_icon.exe
2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-11 19:41 . 2012-02-11 19:41 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB99A804-824B-4990-A4FF-F45E56C7211F}\gapaengine.dll
2012-01-31 12:44 . 2009-11-11 15:59 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Dong\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SUPERAntiSpyware"="d:\super antimalware go\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-03-24 1544040]
"RotateImage"="c:\program files (x86)\RotateImage\RCIMGDIR.exe" [2008-10-30 55808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-12-01 296056]
"QuickTime Task"="g:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-28 98304]
.
c:\users\Dong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stickies.lnk - d:\program files (x86)\stickies\stickies.exe [2010-9-14 1101824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-6-18 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 SkypeUpdate;Skype Updater;d:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS_x64.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 AMPPALP;Intel? Centrino? Wireless Bluetooth? 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-03-24 477032]
R3 dump_wmimmc;dump_wmimmc;f:\9dragons\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Dong\AppData\Local\Temp\GPU-Z.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 mvvideodemo;MaxiVista Virtual Video Demo;c:\windows\system32\DRIVERS\mvvideodemo.sys [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 pbfilter;pbfilter;d:\program files\PeerBlock\pbfilter.sys [2009-09-28 19544]
R3 PCDSRVC{127174DC-858066CC-06000000}_0;PCDSRVC{127174DC-858066CC-06000000}_0 - PCDR Kernel Mode Service Helper Driver;d:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
R3 PCDSRVC{127174DC-C366ED8B-06000000}_0;PCDSRVC{127174DC-C366ED8B-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2009-11-20 23536]
R3 PCDSRVC{184E4FA0-DE8C26D4-06000000}_0;PCDSRVC{184E4FA0-DE8C26D4-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms [2009-11-20 23536]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-03-24 79208]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 RivaTuner64;RivaTuner64;d:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-11-17 19952]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 PenCommService;Livescribe Pulse Smartpen Service;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2010-02-18 265728]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [x]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [x]
S0 pxsec;pxsec;c:\windows\System32\drivers\pxsec.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\dddskx64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 SASDIFSV;SASDIFSV;d:\super antimalware go\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;d:\super antimalware go\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;d:\super antimalware go\SASCORE64.EXE [2011-08-11 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMPPALR3;Intel? Centrino? Wireless Bluetooth? 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-11-11 4658744]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-14 41320]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-14 65896]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 Secunia PSI Agent;Secunia PSI Agent;d:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 TVicPort64;TVicPort64; [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-08-04 2058776]
S2 YLMFVDISK;YLMF Virtual Diskette V1;c:\windows\system32\drivers\VirtDisk64.sys [x]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\RCUVCMNP.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AMPPAL;Intel? Centrino? Wireless Bluetooth? 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
计划任务 文件夹 里的内容
.
2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:46]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1555674467-3880198319-2521006163-1000Core.job
- c:\users\Dong\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-15 21:24]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1555674467-3880198319-2521006163-1000UA.job
- c:\users\Dong\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-15 21:24]
.
2012-04-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:39]
.
2012-04-17 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-11-22 09:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"IaNvSrv"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-08-04 358424]
"TpShocks"="TpShocks.exe" [2009-12-11 380776]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-14 54632]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-14 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-14 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-14 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 128.151.50.29 128.151.225.122 128.151.50.101
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\Dong\AppData\Roaming\Mozilla\Firefox\Profiles\loswtqwm.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{486C8576-C2C5-42AD-87C6-5E9681633935} - c:\users\Dong\AppData\Roaming\115\Box\Sync115Ext64.dll
ShellIconOverlayIdentifiers-{683617F1-0DD4-4B24-B87F-73CE23B8440C} - c:\users\Dong\AppData\Roaming\115\Box\Sync115Ext64.dll
ShellIconOverlayIdentifiers-{6B3CB227-0A30-418E-A673-FF1F142D9327} - c:\users\Dong\AppData\Roaming\115\Box\Sync115Ext64.dll
ShellIconOverlayIdentifiers-{B2AF7140-40A1-449E-82B9-2C0876C97AF4} - c:\users\Dong\AppData\Roaming\115\Box\Sync115Ext64.dll
ShellIconOverlayIdentifiers-{F3E9E0C3-F30E-4EB1-9926-A5DA9DC2F68D} - c:\users\Dong\AppData\Roaming\115\Box\Sync115Ext64.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Caesar 3 - d:\sierra\Caesar3\Uninst.isu
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{127174DC-858066CC-06000000}_0]
"ImagePath"="\??\d:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{184E4FA0-DE8C26D4-06000000}_0]
"ImagePath"="\??\c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,cd,b2,44,14,e7,9b,4f,80,57,cb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,cd,b2,44,14,e7,9b,4f,80,57,cb,\
.
[HKEY_USERS\S-1-5-21-1555674467-3880198319-2521006163-1000\Software\SecuROM\License information*]
"datasecu"=hex:a1,58,76,49,3e,ba,7c,9c,e3,23,61,4d,54,e2,75,89,3c,02,a0,0e,ec,
d8,a1,84,65,10,e2,a2,73,c5,d8,73,ca,13,c6,a0,a5,b8,d2,7e,8a,16,56,61,5c,08,\
"rkeysecu"=hex:3e,f3,07,e1,06,ad,e5,64,62,26,0e,6d,fe,6f,1f,b0
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ N齎譥1*0*Z汻燫:_-N噀lx豽Hr]
"DisplayName"="三国志10威力加强中文硬盘版 "
"UninstallString"="d:\\Romance of the Three Kingdoms\\uninst.exe"
"DisplayIcon"="d:\\Romance of the Three Kingdoms\\CONFIGPK.EXE"
"DisplayVersion"=""
"URLInfoAbout"=""
"Publisher"="三国志10威力加强中文硬盘版"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ 其他运行进程 ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\AMT\LMS.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
d:\program files (x86)\IObit\Game Booster 3\gbtray.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\SysWOW64\rundll32.exe
c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files (x86)\lenovo\system update\suservice.exe
.
**************************************************************************
.
完成时间: 2012-04-18 01:45:13 - 电脑已重新启动
ComboFix-quarantined-files.txt 2012-04-18 05:45
.
Pre-Run: 26,084,044,800 bytes free
Post-Run: 26,287,648,768 bytes free
.
- - End Of File - - 559FAF7C5058CE3A0CF513EB26A38E36

Insofar as the situation goes, Windows Firewall look like it's back online. Same with Defender. So maybe it's good so far? :)

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 PM

Posted 18 April 2012 - 05:39 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Caradyran

Caradyran
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 18 April 2012 - 02:16 PM

Thank you for being patient with me, Gringo!

13:31:46.0142 6332 TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20
13:31:46.0380 6332 ============================================================
13:31:46.0380 6332 Current date / time: 2012/04/18 13:31:46.0380
13:31:46.0380 6332 SystemInfo:
13:31:46.0380 6332
13:31:46.0380 6332 OS Version: 6.1.7601 ServicePack: 1.0
13:31:46.0380 6332 Product type: Workstation
13:31:46.0380 6332 ComputerName: GAWAIN
13:31:46.0381 6332 UserName: Dong
13:31:46.0381 6332 Windows directory: C:\Windows
13:31:46.0381 6332 System windows directory: C:\Windows
13:31:46.0381 6332 Running under WOW64
13:31:46.0381 6332 Processor architecture: Intel x64
13:31:46.0381 6332 Number of processors: 2
13:31:46.0381 6332 Page size: 0x1000
13:31:46.0381 6332 Boot type: Normal boot
13:31:46.0381 6332 ============================================================
13:31:46.0718 6332 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
13:31:46.0723 6332 \Device\Harddisk1\DR1:
13:31:46.0723 6332 MBR partitions:
13:31:46.0723 6332 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
13:31:46.0723 6332 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xA1D14B4
13:31:46.0723 6332 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xA4BFCF4, BlocksNum 0xF07A433
13:31:46.0723 6332 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x1953A167, BlocksNum 0x65F83B7
13:31:46.0723 6332 \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x1FB3255D, BlocksNum 0x4573A64
13:31:46.0723 6332 \Device\Harddisk1\DR1\Partition5: MBR, Type 0x7, StartLBA 0x240A6000, BlocksNum 0x1388000
13:31:46.0724 6332 S: <-> \Device\Harddisk1\DR1\Partition0
13:31:46.0752 6332 Q: <-> \Device\Harddisk1\DR1\Partition5
13:31:46.0753 6332 C: <-> \Device\Harddisk1\DR1\Partition1
13:31:46.0785 6332 D: <-> \Device\Harddisk1\DR1\Partition2
13:31:46.0832 6332 F: <-> \Device\Harddisk1\DR1\Partition3
13:31:46.0846 6332 G: <-> \Device\Harddisk1\DR1\Partition4
13:31:46.0846 6332 Initialize success
13:31:46.0846 6332 ============================================================
13:32:20.0747 7848 ============================================================
13:32:20.0748 7848 Scan started
13:32:20.0748 7848 Mode: Manual;
13:32:20.0748 7848 ============================================================
13:32:24.0038 7848 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) D:\SUPER ANTIMALWARE GO\SASCORE64.EXE
13:32:24.0040 7848 !SASCORE - ok
13:32:24.0084 7848 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:32:24.0091 7848 1394ohci - ok
13:32:24.0122 7848 5U875UVC (fa84047290e5091790a2670e9fd365ee) C:\Windows\system32\DRIVERS\RCUVCMNP.sys
13:32:24.0128 7848 5U875UVC - ok
13:32:24.0161 7848 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:32:24.0172 7848 ACPI - ok
13:32:24.0236 7848 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:32:24.0237 7848 AcpiPmi - ok
13:32:24.0284 7848 ActionReplayDS (5c4219c10b5887dff85e1d2779aed55b) C:\Windows\system32\Drivers\ActionReplayDS_x64.sys
13:32:24.0285 7848 ActionReplayDS - ok
13:32:24.0311 7848 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
13:32:24.0314 7848 adfs - ok
13:32:24.0376 7848 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:32:24.0377 7848 AdobeFlashPlayerUpdateSvc - ok
13:32:24.0450 7848 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:32:24.0469 7848 adp94xx - ok
13:32:24.0520 7848 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:32:24.0525 7848 adpahci - ok
13:32:24.0569 7848 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:32:24.0572 7848 adpu320 - ok
13:32:24.0596 7848 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:32:24.0598 7848 AeLookupSvc - ok
13:32:24.0640 7848 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:32:24.0655 7848 AFD - ok
13:32:24.0701 7848 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:32:24.0703 7848 agp440 - ok
13:32:24.0872 7848 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
13:32:24.0872 7848 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
13:32:24.0878 7848 Akamai ( HiddenFile.Multi.Generic ) - warning
13:32:24.0878 7848 Akamai - detected HiddenFile.Multi.Generic (1)
13:32:24.0917 7848 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:32:24.0918 7848 ALG - ok
13:32:24.0969 7848 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:32:24.0971 7848 aliide - ok
13:32:24.0998 7848 AMD External Events Utility (0f9c6a1cb7213f32c7ea142f5b58d45e) C:\Windows\system32\atiesrxx.exe
13:32:25.0004 7848 AMD External Events Utility - ok
13:32:25.0043 7848 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:32:25.0044 7848 amdide - ok
13:32:25.0097 7848 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:32:25.0099 7848 AmdK8 - ok
13:32:25.0360 7848 amdkmdag (be2fd7291550d3c6ef3a0e73dec7071a) C:\Windows\system32\DRIVERS\atikmdag.sys
13:32:25.0592 7848 amdkmdag - ok
13:32:25.0628 7848 amdkmdap (69b3d653847933ac9ae59f071694dc58) C:\Windows\system32\DRIVERS\atikmpag.sys
13:32:25.0637 7848 amdkmdap - ok
13:32:25.0712 7848 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:32:25.0714 7848 AmdPPM - ok
13:32:25.0766 7848 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:32:25.0768 7848 amdsata - ok
13:32:25.0806 7848 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:32:25.0810 7848 amdsbs - ok
13:32:25.0834 7848 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:32:25.0836 7848 amdxata - ok
13:32:25.0867 7848 AMPPAL (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\AMPPAL.sys
13:32:25.0877 7848 AMPPAL - ok
13:32:25.0909 7848 AMPPALP (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\amppal.sys
13:32:25.0911 7848 AMPPALP - ok
13:32:25.0963 7848 AMPPALR3 (864c632b999be1237a3dc46736e71f27) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
13:32:25.0982 7848 AMPPALR3 - ok
13:32:26.0033 7848 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:32:26.0035 7848 AppID - ok
13:32:26.0066 7848 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:32:26.0067 7848 AppIDSvc - ok
13:32:26.0102 7848 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:32:26.0103 7848 Appinfo - ok
13:32:26.0125 7848 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:32:26.0126 7848 Apple Mobile Device - ok
13:32:26.0162 7848 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:32:26.0165 7848 AppMgmt - ok
13:32:26.0221 7848 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:32:26.0222 7848 arc - ok
13:32:26.0255 7848 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:32:26.0257 7848 arcsas - ok
13:32:26.0303 7848 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:32:26.0305 7848 aspnet_state - ok
13:32:26.0344 7848 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:32:26.0346 7848 AsyncMac - ok
13:32:26.0370 7848 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:32:26.0372 7848 atapi - ok
13:32:26.0635 7848 atikmdag (be2fd7291550d3c6ef3a0e73dec7071a) C:\Windows\system32\DRIVERS\atikmdag.sys
13:32:26.0672 7848 atikmdag - ok
13:32:26.0766 7848 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:32:26.0783 7848 AudioEndpointBuilder - ok
13:32:26.0800 7848 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:32:26.0803 7848 AudioSrv - ok
13:32:26.0843 7848 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:32:26.0846 7848 AxInstSV - ok
13:32:26.0896 7848 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:32:26.0903 7848 b06bdrv - ok
13:32:26.0941 7848 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:32:26.0945 7848 b57nd60a - ok
13:32:26.0973 7848 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:32:26.0975 7848 BDESVC - ok
13:32:27.0002 7848 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:32:27.0003 7848 Beep - ok
13:32:27.0061 7848 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:32:27.0089 7848 BFE - ok
13:32:27.0139 7848 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
13:32:27.0161 7848 BITS - ok
13:32:27.0186 7848 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:32:27.0188 7848 blbdrive - ok
13:32:27.0221 7848 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:32:27.0233 7848 Bonjour Service - ok
13:32:27.0259 7848 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:32:27.0262 7848 bowser - ok
13:32:27.0295 7848 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:32:27.0296 7848 BrFiltLo - ok
13:32:27.0324 7848 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:32:27.0325 7848 BrFiltUp - ok
13:32:27.0365 7848 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:32:27.0365 7848 BridgeMP - ok
13:32:27.0402 7848 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:32:27.0404 7848 Browser - ok
13:32:27.0440 7848 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:32:27.0444 7848 Brserid - ok
13:32:27.0480 7848 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:32:27.0482 7848 BrSerWdm - ok
13:32:27.0510 7848 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:32:27.0512 7848 BrUsbMdm - ok
13:32:27.0546 7848 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:32:27.0547 7848 BrUsbSer - ok
13:32:27.0583 7848 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:32:27.0585 7848 BTHMODEM - ok
13:32:27.0613 7848 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:32:27.0615 7848 bthserv - ok
13:32:27.0632 7848 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
13:32:27.0636 7848 BTHSSecurityMgr - ok
13:32:27.0644 7848 catchme - ok
13:32:27.0678 7848 CAXHWAZL (9c4e50bea239e2d45099ec919f779db0) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
13:32:27.0687 7848 CAXHWAZL - ok
13:32:27.0724 7848 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:32:27.0727 7848 cdfs - ok
13:32:27.0756 7848 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:32:27.0761 7848 cdrom - ok
13:32:27.0799 7848 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:32:27.0801 7848 CertPropSvc - ok
13:32:27.0831 7848 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:32:27.0833 7848 circlass - ok
13:32:27.0864 7848 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:32:27.0874 7848 CLFS - ok
13:32:27.0925 7848 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:32:27.0927 7848 clr_optimization_v2.0.50727_32 - ok
13:32:27.0968 7848 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:32:27.0970 7848 clr_optimization_v2.0.50727_64 - ok
13:32:28.0017 7848 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:32:28.0020 7848 clr_optimization_v4.0.30319_32 - ok
13:32:28.0081 7848 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:32:28.0084 7848 clr_optimization_v4.0.30319_64 - ok
13:32:28.0111 7848 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:32:28.0113 7848 CmBatt - ok
13:32:28.0179 7848 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:32:28.0181 7848 cmdide - ok
13:32:28.0218 7848 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:32:28.0232 7848 CNG - ok
13:32:28.0276 7848 CnxtHdAudService (d3c4f72e8f8dc523b02a0c313ceeea99) C:\Windows\system32\drivers\CHDRT64.sys
13:32:28.0295 7848 CnxtHdAudService - ok
13:32:28.0319 7848 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:32:28.0321 7848 Compbatt - ok
13:32:28.0349 7848 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:32:28.0350 7848 CompositeBus - ok
13:32:28.0370 7848 COMSysApp - ok
13:32:28.0397 7848 connctfy - ok
13:32:28.0423 7848 connctfyMP - ok
13:32:28.0494 7848 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
13:32:28.0495 7848 cpudrv64 - ok
13:32:28.0540 7848 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:32:28.0541 7848 crcdisk - ok
13:32:28.0588 7848 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:32:28.0591 7848 CryptSvc - ok
13:32:28.0646 7848 CrystalSysInfo - ok
13:32:28.0686 7848 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:32:28.0701 7848 CSC - ok
13:32:28.0752 7848 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:32:28.0761 7848 CscService - ok
13:32:28.0902 7848 CSIScanner (5d7cd10dae190d7a3ce1db341bae9aff) C:\Program Files\Prevx\prevx.exe
13:32:29.0038 7848 CSIScanner - ok
13:32:29.0112 7848 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:32:29.0132 7848 DcomLaunch - ok
13:32:29.0173 7848 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:32:29.0177 7848 defragsvc - ok
13:32:29.0203 7848 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:32:29.0207 7848 DfsC - ok
13:32:29.0232 7848 DgiVecp (2d589a2c024b2fb238535db9f7b3597d) C:\Windows\system32\Drivers\DgiVecp.sys
13:32:29.0234 7848 DgiVecp - ok
13:32:29.0288 7848 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:32:29.0297 7848 Dhcp - ok
13:32:29.0322 7848 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:32:29.0324 7848 discache - ok
13:32:29.0420 7848 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:32:29.0423 7848 Disk - ok
13:32:29.0520 7848 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:32:29.0525 7848 Dnscache - ok
13:32:29.0564 7848 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:32:29.0566 7848 dot3svc - ok
13:32:29.0600 7848 DozeSvc (e6987f7818154791a6937bcc6655599b) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
13:32:29.0607 7848 DozeSvc - ok
13:32:29.0638 7848 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:32:29.0641 7848 DPS - ok
13:32:29.0667 7848 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:32:29.0668 7848 drmkaud - ok
13:32:29.0687 7848 dump_wmimmc - ok
13:32:29.0741 7848 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:32:29.0770 7848 DXGKrnl - ok
13:32:29.0795 7848 DzHDD64 (ce4cffd9f64b86bceb1c343fc9924d72) C:\Windows\system32\DRIVERS\DzHDD64.sys
13:32:29.0796 7848 DzHDD64 - ok
13:32:29.0829 7848 e1yexpress (11d0eca73ab25135f65656b93adbcb3d) C:\Windows\system32\DRIVERS\e1y62x64.sys
13:32:29.0838 7848 e1yexpress - ok
13:32:29.0862 7848 EagleX64 - ok
13:32:29.0887 7848 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:32:29.0891 7848 EapHost - ok
13:32:30.0016 7848 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:32:30.0084 7848 ebdrv - ok
13:32:30.0106 7848 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:32:30.0109 7848 EFS - ok
13:32:30.0153 7848 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:32:30.0168 7848 ehRecvr - ok
13:32:30.0179 7848 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:32:30.0182 7848 ehSched - ok
13:32:30.0206 7848 ElRawDisk (4778eeecb75c6fb419745beed3530b9d) C:\Windows\system32\drivers\dddskx64.sys
13:32:30.0208 7848 ElRawDisk - ok
13:32:30.0279 7848 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:32:30.0296 7848 elxstor - ok
13:32:30.0330 7848 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:32:30.0331 7848 ErrDev - ok
13:32:30.0376 7848 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:32:30.0381 7848 EventSystem - ok
13:32:30.0436 7848 EvtEng (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:32:30.0483 7848 EvtEng - ok
13:32:30.0531 7848 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:32:30.0534 7848 exfat - ok
13:32:30.0577 7848 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:32:30.0580 7848 fastfat - ok
13:32:30.0635 7848 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:32:30.0652 7848 Fax - ok
13:32:30.0690 7848 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:32:30.0692 7848 fdc - ok
13:32:30.0722 7848 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:32:30.0723 7848 fdPHost - ok
13:32:30.0750 7848 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:32:30.0752 7848 FDResPub - ok
13:32:30.0778 7848 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:32:30.0780 7848 FileInfo - ok
13:32:30.0816 7848 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:32:30.0818 7848 Filetrace - ok
13:32:30.0847 7848 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:32:30.0848 7848 flpydisk - ok
13:32:30.0880 7848 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:32:30.0889 7848 FltMgr - ok
13:32:30.0943 7848 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:32:30.0976 7848 FontCache - ok
13:32:30.0990 7848 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:32:30.0992 7848 FontCache3.0.0.0 - ok
13:32:31.0022 7848 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:32:31.0024 7848 FsDepends - ok
13:32:31.0048 7848 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:32:31.0049 7848 Fs_Rec - ok
13:32:31.0079 7848 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:32:31.0086 7848 fvevol - ok
13:32:31.0147 7848 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:32:31.0149 7848 gagp30kx - ok
13:32:31.0173 7848 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:32:31.0175 7848 GEARAspiWDM - ok
13:32:31.0219 7848 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:32:31.0244 7848 gpsvc - ok
13:32:31.0260 7848 GPU-Z - ok
13:32:31.0301 7848 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:32:31.0302 7848 hcw85cir - ok
13:32:31.0345 7848 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:32:31.0351 7848 HdAudAddService - ok
13:32:31.0378 7848 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:32:31.0381 7848 HDAudBus - ok
13:32:31.0406 7848 HECIx64 (15c9789470b8855ac2f54fdf96802d13) C:\Windows\system32\DRIVERS\HECIx64.sys
13:32:31.0409 7848 HECIx64 - ok
13:32:31.0438 7848 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:32:31.0439 7848 HidBatt - ok
13:32:31.0468 7848 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:32:31.0470 7848 HidBth - ok
13:32:31.0499 7848 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:32:31.0501 7848 HidIr - ok
13:32:31.0524 7848 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:32:31.0526 7848 hidserv - ok
13:32:31.0554 7848 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:32:31.0554 7848 HidUsb - ok
13:32:31.0584 7848 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:32:31.0587 7848 hkmsvc - ok
13:32:31.0623 7848 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:32:31.0627 7848 HomeGroupListener - ok
13:32:31.0661 7848 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:32:31.0665 7848 HomeGroupProvider - ok
13:32:31.0698 7848 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:32:31.0700 7848 HpSAMD - ok
13:32:31.0756 7848 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
13:32:31.0763 7848 HsfXAudioService - ok
13:32:31.0831 7848 HSF_DPV (5a518b63d408b2dbc1778788456e1a66) C:\Windows\system32\DRIVERS\CAX_DPV.sys
13:32:31.0875 7848 HSF_DPV - ok
13:32:31.0921 7848 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:32:31.0944 7848 HTTP - ok
13:32:31.0967 7848 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:32:31.0969 7848 hwpolicy - ok
13:32:31.0995 7848 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:32:31.0999 7848 i8042prt - ok
13:32:32.0067 7848 IAANTMON (0e899d0db39617aa0b2f992e7e95b5eb) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
13:32:32.0073 7848 IAANTMON - ok
13:32:32.0106 7848 iaNvStor (051e73f94f932b5975b6765e3b2f7dc6) C:\Windows\system32\DRIVERS\iaNvStor.sys
13:32:32.0117 7848 iaNvStor - ok
13:32:32.0152 7848 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
13:32:32.0154 7848 iaStor - ok
13:32:32.0206 7848 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:32:32.0212 7848 iaStorV - ok
13:32:32.0237 7848 IBMPMDRV (2151176db657aeff9b873d23380c3f5b) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
13:32:32.0239 7848 IBMPMDRV - ok
13:32:32.0272 7848 IBMPMSVC (c76a67aed080538d420550c903696788) C:\Windows\system32\ibmpmsvc.exe
13:32:32.0274 7848 IBMPMSVC - ok
13:32:32.0336 7848 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:32:32.0353 7848 idsvc - ok
13:32:32.0623 7848 igfx (4eaa4261e1ad4b860657cada790b9b38) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:32:32.0847 7848 igfx - ok
13:32:32.0898 7848 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:32:32.0899 7848 iirsp - ok
13:32:32.0950 7848 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:32:32.0969 7848 IKEEXT - ok
13:32:33.0020 7848 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:32:33.0021 7848 intelide - ok
13:32:33.0372 7848 intelkmd (4eaa4261e1ad4b860657cada790b9b38) C:\Windows\system32\DRIVERS\igdpmd64.sys
13:32:33.0684 7848 intelkmd - ok
13:32:33.0718 7848 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:32:33.0721 7848 intelppm - ok
13:32:33.0784 7848 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:32:33.0786 7848 IPBusEnum - ok
13:32:33.0846 7848 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:32:33.0848 7848 IpFilterDriver - ok
13:32:33.0895 7848 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:32:33.0903 7848 iphlpsvc - ok
13:32:33.0930 7848 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:32:33.0932 7848 IPMIDRV - ok
13:32:33.0960 7848 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:32:33.0962 7848 IPNAT - ok
13:32:34.0016 7848 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
13:32:34.0048 7848 iPod Service - ok
13:32:34.0076 7848 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:32:34.0078 7848 IRENUM - ok
13:32:34.0106 7848 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:32:34.0107 7848 isapnp - ok
13:32:34.0137 7848 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:32:34.0142 7848 iScsiPrt - ok
13:32:34.0167 7848 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:32:34.0169 7848 kbdclass - ok
13:32:34.0205 7848 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:32:34.0206 7848 kbdhid - ok
13:32:34.0227 7848 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:32:34.0229 7848 KeyIso - ok
13:32:34.0255 7848 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:32:34.0258 7848 KSecDD - ok
13:32:34.0287 7848 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:32:34.0292 7848 KSecPkg - ok
13:32:34.0318 7848 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:32:34.0320 7848 ksthunk - ok
13:32:34.0369 7848 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:32:34.0376 7848 KtmRm - ok
13:32:34.0433 7848 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:32:34.0438 7848 LanmanServer - ok
13:32:34.0462 7848 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:32:34.0467 7848 LanmanWorkstation - ok
13:32:34.0496 7848 LENOVO.CAMMUTE (8b5eb24fce3926128138b769d50cee1b) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
13:32:34.0497 7848 LENOVO.CAMMUTE - ok
13:32:34.0512 7848 LENOVO.MICMUTE (340288b3b2edc8afd5ff127df85142a7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
13:32:34.0516 7848 LENOVO.MICMUTE - ok
13:32:34.0539 7848 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys
13:32:34.0541 7848 lenovo.smi - ok
13:32:34.0549 7848 LENOVO.TPKNRSVC (f1a055e1381528e947cdb959117b67d0) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
13:32:34.0551 7848 LENOVO.TPKNRSVC - ok
13:32:34.0559 7848 Lenovo.VIRTSCRLSVC (f7de50781dc4d162c1005eb30d98f931) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
13:32:34.0563 7848 Lenovo.VIRTSCRLSVC - ok
13:32:34.0588 7848 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:32:34.0591 7848 lltdio - ok
13:32:34.0634 7848 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:32:34.0639 7848 lltdsvc - ok
13:32:34.0662 7848 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:32:34.0664 7848 lmhosts - ok
13:32:34.0674 7848 LMS (bdcecf4caf708110a2aea0e63a2ad45b) C:\Program Files (x86)\Intel\AMT\LMS.exe
13:32:34.0679 7848 LMS - ok
13:32:34.0725 7848 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:32:34.0727 7848 LSI_FC - ok
13:32:34.0756 7848 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:32:34.0758 7848 LSI_SAS - ok
13:32:34.0789 7848 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:32:34.0791 7848 LSI_SAS2 - ok
13:32:34.0831 7848 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:32:34.0833 7848 LSI_SCSI - ok
13:32:34.0859 7848 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:32:34.0863 7848 luafv - ok
13:32:34.0912 7848 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:32:34.0914 7848 Mcx2Svc - ok
13:32:34.0941 7848 mdmxsdk (fc631425ed761ea1f24738aa15ff5a7d) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:32:34.0942 7848 mdmxsdk - ok
13:32:34.0985 7848 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:32:34.0987 7848 megasas - ok
13:32:35.0019 7848 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:32:35.0023 7848 MegaSR - ok
13:32:35.0056 7848 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:32:35.0058 7848 Microsoft Office Groove Audit Service - ok
13:32:35.0080 7848 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:32:35.0083 7848 MMCSS - ok
13:32:35.0107 7848 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:32:35.0109 7848 Modem - ok
13:32:35.0134 7848 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:32:35.0135 7848 monitor - ok
13:32:35.0160 7848 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:32:35.0162 7848 mouclass - ok
13:32:35.0263 7848 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:32:35.0264 7848 mouhid - ok
13:32:35.0290 7848 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:32:35.0293 7848 mountmgr - ok
13:32:35.0324 7848 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
13:32:35.0330 7848 MpFilter - ok
13:32:35.0412 7848 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:32:35.0415 7848 mpio - ok
13:32:35.0453 7848 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
13:32:35.0454 7848 MpNWMon - ok
13:32:35.0480 7848 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:32:35.0482 7848 mpsdrv - ok
13:32:35.0532 7848 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:32:35.0560 7848 MpsSvc - ok
13:32:35.0612 7848 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:32:35.0615 7848 MRxDAV - ok
13:32:35.0644 7848 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:32:35.0649 7848 mrxsmb - ok
13:32:35.0680 7848 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:32:35.0689 7848 mrxsmb10 - ok
13:32:35.0716 7848 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:32:35.0720 7848 mrxsmb20 - ok
13:32:35.0744 7848 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:32:35.0746 7848 msahci - ok
13:32:35.0851 7848 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:32:35.0854 7848 msdsm - ok
13:32:35.0892 7848 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:32:35.0895 7848 MSDTC - ok
13:32:35.0923 7848 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:32:35.0924 7848 Msfs - ok
13:32:35.0960 7848 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:32:35.0961 7848 mshidkmdf - ok
13:32:35.0985 7848 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:32:35.0987 7848 msisadrv - ok
13:32:36.0038 7848 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:32:36.0041 7848 MSiSCSI - ok
13:32:36.0062 7848 msiserver - ok
13:32:36.0094 7848 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:32:36.0095 7848 MSKSSRV - ok
13:32:36.0102 7848 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
13:32:36.0103 7848 MsMpSvc - ok
13:32:36.0128 7848 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:32:36.0129 7848 MSPCLOCK - ok
13:32:36.0155 7848 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:32:36.0156 7848 MSPQM - ok
13:32:36.0190 7848 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:32:36.0201 7848 MsRPC - ok
13:32:36.0227 7848 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:32:36.0228 7848 mssmbios - ok
13:32:36.0261 7848 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:32:36.0262 7848 MSTEE - ok
13:32:36.0290 7848 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:32:36.0292 7848 MTConfig - ok
13:32:36.0317 7848 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:32:36.0319 7848 Mup - ok
13:32:36.0343 7848 mvvideodemo - ok
13:32:36.0383 7848 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:32:36.0390 7848 napagent - ok
13:32:36.0429 7848 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:32:36.0439 7848 NativeWifiP - ok
13:32:36.0491 7848 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
13:32:36.0520 7848 NDIS - ok
13:32:36.0557 7848 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:32:36.0558 7848 NdisCap - ok
13:32:36.0585 7848 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:32:36.0586 7848 NdisTapi - ok
13:32:36.0611 7848 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:32:36.0613 7848 Ndisuio - ok
13:32:36.0641 7848 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:32:36.0647 7848 NdisWan - ok
13:32:36.0676 7848 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:32:36.0679 7848 NDProxy - ok
13:32:36.0704 7848 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:32:36.0706 7848 NetBIOS - ok
13:32:36.0737 7848 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:32:36.0745 7848 NetBT - ok
13:32:36.0767 7848 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:32:36.0768 7848 Netlogon - ok
13:32:36.0803 7848 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:32:36.0809 7848 Netman - ok
13:32:36.0869 7848 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:32:36.0871 7848 NetMsmqActivator - ok
13:32:36.0876 7848 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:32:36.0877 7848 NetPipeActivator - ok
13:32:36.0912 7848 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:32:36.0934 7848 netprofm - ok
13:32:36.0945 7848 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:32:36.0946 7848 NetTcpActivator - ok
13:32:36.0955 7848 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:32:36.0956 7848 NetTcpPortSharing - ok
13:32:37.0162 7848 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
13:32:37.0332 7848 NETw5s64 - ok
13:32:37.0490 7848 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
13:32:37.0603 7848 netw5v64 - ok
13:32:37.0888 7848 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
13:32:38.0142 7848 NETwNs64 - ok
13:32:38.0219 7848 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:32:38.0222 7848 nfrd960 - ok
13:32:38.0247 7848 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:32:38.0251 7848 NisDrv - ok
13:32:38.0272 7848 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
13:32:38.0276 7848 NisSrv - ok
13:32:38.0319 7848 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:32:38.0326 7848 NlaSvc - ok
13:32:38.0350 7848 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:32:38.0352 7848 Npfs - ok
13:32:38.0376 7848 npggsvc - ok
13:32:38.0399 7848 NPPTNT2 - ok
13:32:38.0430 7848 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:32:38.0432 7848 nsi - ok
13:32:38.0456 7848 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:32:38.0457 7848 nsiproxy - ok
13:32:38.0532 7848 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:32:38.0581 7848 Ntfs - ok
13:32:38.0605 7848 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:32:38.0606 7848 Null - ok
13:32:38.0654 7848 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:32:38.0657 7848 nvraid - ok
13:32:38.0702 7848 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:32:38.0705 7848 nvstor - ok
13:32:38.0753 7848 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:32:38.0756 7848 nv_agp - ok
13:32:38.0809 7848 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:32:38.0815 7848 odserv - ok
13:32:38.0852 7848 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:32:38.0855 7848 ohci1394 - ok
13:32:38.0902 7848 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:32:38.0905 7848 ose - ok
13:32:38.0946 7848 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:32:38.0952 7848 p2pimsvc - ok
13:32:38.0985 7848 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:32:38.0993 7848 p2psvc - ok
13:32:39.0035 7848 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:32:39.0038 7848 Parport - ok
13:32:39.0063 7848 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:32:39.0066 7848 partmgr - ok
13:32:39.0149 7848 pbfilter (55223eefabfdb84a926515febab50d9a) D:\Program Files\PeerBlock\pbfilter.sys
13:32:39.0150 7848 pbfilter - ok
13:32:39.0176 7848 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:32:39.0183 7848 PcaSvc - ok
13:32:39.0187 7848 PCDSRVC{127174DC-858066CC-06000000}_0 - ok
13:32:39.0261 7848 PCDSRVC{127174DC-C366ED8B-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor\pcdsrvc_x64.pkms
13:32:39.0264 7848 PCDSRVC{127174DC-C366ED8B-06000000}_0 - ok
13:32:39.0292 7848 PCDSRVC{184E4FA0-DE8C26D4-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms
13:32:39.0295 7848 PCDSRVC{184E4FA0-DE8C26D4-06000000}_0 - ok
13:32:39.0327 7848 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:32:39.0331 7848 pci - ok
13:32:39.0363 7848 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:32:39.0364 7848 pciide - ok
13:32:39.0394 7848 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:32:39.0401 7848 pcmcia - ok
13:32:39.0429 7848 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:32:39.0432 7848 pcw - ok
13:32:39.0477 7848 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:32:39.0497 7848 PEAUTH - ok
13:32:39.0566 7848 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:32:39.0598 7848 PeerDistSvc - ok
13:32:39.0638 7848 PenCommService (d3666b752dab4eaa997650aceb840daa) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
13:32:39.0643 7848 PenCommService - ok
13:32:39.0675 7848 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:32:39.0677 7848 PerfHost - ok
13:32:39.0745 7848 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:32:39.0777 7848 pla - ok
13:32:39.0821 7848 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:32:39.0832 7848 PlugPlay - ok
13:32:39.0857 7848 Pml Driver HPZ12 (f485770eec8959684cc4c4786b63c06c) C:\Windows\system32\HPZipm12.dll
13:32:39.0860 7848 Pml Driver HPZ12 - ok
13:32:39.0882 7848 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:32:39.0884 7848 PNRPAutoReg - ok
13:32:39.0924 7848 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:32:39.0927 7848 PNRPsvc - ok
13:32:39.0968 7848 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:32:39.0976 7848 PolicyAgent - ok
13:32:40.0004 7848 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:32:40.0010 7848 Power - ok
13:32:40.0047 7848 Power Manager DBC Service (af7186cf9909bef0d86097175175178f) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
13:32:40.0049 7848 Power Manager DBC Service - ok
13:32:40.0080 7848 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:32:40.0084 7848 PptpMiniport - ok
13:32:40.0115 7848 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:32:40.0117 7848 Processor - ok
13:32:40.0145 7848 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:32:40.0152 7848 ProfSvc - ok
13:32:40.0174 7848 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:32:40.0175 7848 ProtectedStorage - ok
13:32:40.0200 7848 psadd (05a4779e4994b21473edbe85aabe8030) C:\Windows\system32\DRIVERS\psadd.sys
13:32:40.0202 7848 psadd - ok
13:32:40.0230 7848 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:32:40.0234 7848 Psched - ok
13:32:40.0273 7848 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
13:32:40.0274 7848 PSI - ok
13:32:40.0299 7848 pxscan (0ad14432dea78e827aa9c14bec630358) C:\Windows\system32\drivers\pxscan.sys
13:32:40.0301 7848 pxscan - ok
13:32:40.0325 7848 pxsec (e1af522718f63ca890dbcb51955ce194) C:\Windows\system32\drivers\pxsec.sys
13:32:40.0327 7848 pxsec - ok
13:32:40.0392 7848 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:32:40.0436 7848 ql2300 - ok
13:32:40.0486 7848 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:32:40.0488 7848 ql40xx - ok
13:32:40.0553 7848 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:32:40.0558 7848 QWAVE - ok
13:32:40.0590 7848 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:32:40.0592 7848 QWAVEdrv - ok
13:32:40.0620 7848 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:32:40.0622 7848 RasAcd - ok
13:32:40.0647 7848 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:32:40.0650 7848 RasAgileVpn - ok
13:32:40.0679 7848 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:32:40.0682 7848 RasAuto - ok
13:32:40.0710 7848 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:32:40.0715 7848 Rasl2tp - ok
13:32:40.0753 7848 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:32:40.0759 7848 RasMan - ok
13:32:40.0788 7848 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:32:40.0792 7848 RasPppoe - ok
13:32:40.0819 7848 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:32:40.0822 7848 RasSstp - ok
13:32:40.0856 7848 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:32:40.0866 7848 rdbss - ok
13:32:40.0890 7848 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:32:40.0892 7848 rdpbus - ok
13:32:40.0915 7848 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:32:40.0917 7848 RDPCDD - ok
13:32:40.0962 7848 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:32:40.0965 7848 RDPDR - ok
13:32:40.0990 7848 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:32:40.0991 7848 RDPENCDD - ok
13:32:41.0017 7848 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:32:41.0018 7848 RDPREFMP - ok
13:32:41.0050 7848 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:32:41.0054 7848 RDPWD - ok
13:32:41.0084 7848 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:32:41.0091 7848 rdyboost - ok
13:32:41.0128 7848 RegSrvc (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:32:41.0153 7848 RegSrvc - ok
13:32:41.0190 7848 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:32:41.0193 7848 RemoteAccess - ok
13:32:41.0224 7848 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:32:41.0228 7848 RemoteRegistry - ok
13:32:41.0254 7848 rimmptsk (f45d6e12eb99a668f52201637c67c8f5) C:\Windows\system32\DRIVERS\rimmpx64.sys
13:32:41.0256 7848 rimmptsk - ok
13:32:41.0282 7848 rimsptsk (eac02ed935a9c1f2ddd8d985c465b854) C:\Windows\system32\DRIVERS\rimspx64.sys
13:32:41.0285 7848 rimsptsk - ok
13:32:41.0310 7848 rismxdp (931a8f843b4120df527c3684daf77fd9) C:\Windows\system32\DRIVERS\rixdpx64.sys
13:32:41.0312 7848 rismxdp - ok
13:32:41.0406 7848 RivaTuner64 (a10b40cf9eb57d24e44717a2d38a00f4) D:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
13:32:41.0406 7848 RivaTuner64 - ok
13:32:41.0429 7848 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:32:41.0433 7848 RpcEptMapper - ok
13:32:41.0473 7848 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:32:41.0474 7848 RpcLocator - ok
13:32:41.0520 7848 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:32:41.0524 7848 RpcSs - ok
13:32:41.0551 7848 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:32:41.0554 7848 rspndr - ok
13:32:41.0605 7848 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
13:32:41.0606 7848 s3cap - ok
13:32:41.0628 7848 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:32:41.0629 7848 SamSs - ok
13:32:41.0711 7848 SASDIFSV (3289766038db2cb14d07dc84392138d5) D:\SUPER ANTIMALWARE GO\SASDIFSV64.SYS
13:32:41.0712 7848 SASDIFSV - ok
13:32:41.0731 7848 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) D:\SUPER ANTIMALWARE GO\SASKUTIL64.SYS
13:32:41.0731 7848 SASKUTIL - ok
13:32:41.0774 7848 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:32:41.0776 7848 sbp2port - ok
13:32:41.0809 7848 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:32:41.0813 7848 SCardSvr - ok
13:32:41.0848 7848 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:32:41.0849 7848 scfilter - ok
13:32:41.0899 7848 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:32:41.0926 7848 Schedule - ok
13:32:41.0953 7848 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:32:41.0954 7848 SCPolicySvc - ok
13:32:41.0984 7848 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
13:32:41.0988 7848 sdbus - ok
13:32:42.0034 7848 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:32:42.0038 7848 SDRSVC - ok
13:32:42.0063 7848 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:32:42.0065 7848 secdrv - ok
13:32:42.0092 7848 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:32:42.0094 7848 seclogon - ok
13:32:42.0205 7848 Secunia PSI Agent (2d0599dd0124764fc939c59985c860de) D:\Program Files (x86)\Secunia\PSI\PSIA.exe
13:32:42.0227 7848 Secunia PSI Agent - ok
13:32:42.0258 7848 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:32:42.0261 7848 SENS - ok
13:32:42.0296 7848 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:32:42.0299 7848 SensrSvc - ok
13:32:42.0323 7848 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:32:42.0325 7848 Serenum - ok
13:32:42.0351 7848 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:32:42.0355 7848 Serial - ok
13:32:42.0403 7848 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:32:42.0404 7848 sermouse - ok
13:32:42.0454 7848 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:32:42.0457 7848 SessionEnv - ok
13:32:42.0516 7848 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:32:42.0517 7848 sffdisk - ok
13:32:42.0577 7848 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:32:42.0578 7848 sffp_mmc - ok
13:32:42.0649 7848 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:32:42.0650 7848 sffp_sd - ok
13:32:42.0718 7848 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:32:42.0719 7848 sfloppy - ok
13:32:42.0783 7848 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:32:42.0788 7848 SharedAccess - ok
13:32:42.0855 7848 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:32:42.0862 7848 ShellHWDetection - ok
13:32:42.0895 7848 Shockprf (c45942985943fc4ab8a7ea7a92f29c00) C:\Windows\system32\DRIVERS\Apsx64.sys
13:32:42.0900 7848 Shockprf - ok
13:32:42.0940 7848 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:32:42.0942 7848 SiSRaid2 - ok
13:32:43.0045 7848 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:32:43.0047 7848 SiSRaid4 - ok
13:32:43.0126 7848 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) D:\Program Files (x86)\Skype\Updater\Updater.exe
13:32:43.0127 7848 SkypeUpdate - ok
13:32:43.0177 7848 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:32:43.0179 7848 Smb - ok
13:32:43.0210 7848 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:32:43.0212 7848 SNMPTRAP - ok
13:32:43.0240 7848 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:32:43.0241 7848 spldr - ok
13:32:43.0280 7848 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:32:43.0296 7848 Spooler - ok
13:32:43.0400 7848 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:32:43.0490 7848 sppsvc - ok
13:32:43.0532 7848 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:32:43.0535 7848 sppuinotify - ok
13:32:43.0540 7848 sptd - ok
13:32:43.0579 7848 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:32:43.0593 7848 srv - ok
13:32:43.0629 7848 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:32:43.0642 7848 srv2 - ok
13:32:43.0687 7848 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
13:32:43.0692 7848 SrvHsfHDA - ok
13:32:43.0756 7848 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:32:43.0790 7848 SrvHsfV92 - ok
13:32:43.0833 7848 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
13:32:43.0849 7848 SrvHsfWinac - ok
13:32:43.0879 7848 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:32:43.0884 7848 srvnet - ok
13:32:43.0915 7848 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:32:43.0919 7848 SSDPSRV - ok
13:32:43.0944 7848 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
13:32:43.0945 7848 SSPORT - ok
13:32:43.0973 7848 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:32:43.0976 7848 SstpSvc - ok
13:32:44.0007 7848 Steam Client Service - ok
13:32:44.0046 7848 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:32:44.0048 7848 stexstor - ok
13:32:44.0088 7848 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:32:44.0118 7848 stisvc - ok
13:32:44.0143 7848 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
13:32:44.0145 7848 storflt - ok
13:32:44.0174 7848 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
13:32:44.0177 7848 StorSvc - ok
13:32:44.0234 7848 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
13:32:44.0235 7848 storvsc - ok
13:32:44.0296 7848 SUService (6b99af4ba580491196a273ce7c6ee628) c:\program files (x86)\lenovo\system update\suservice.exe
13:32:44.0298 7848 SUService - ok
13:32:44.0321 7848 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:32:44.0323 7848 swenum - ok
13:32:44.0358 7848 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:32:44.0373 7848 swprv - ok
13:32:44.0449 7848 SynTP (d8205430cfd64fdb7d691d3bb74fd18f) C:\Windows\system32\DRIVERS\SynTP.sys
13:32:44.0491 7848 SynTP - ok
13:32:44.0594 7848 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:32:44.0630 7848 SysMain - ok
13:32:44.0679 7848 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:32:44.0682 7848 TabletInputService - ok
13:32:44.0716 7848 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:32:44.0721 7848 TapiSrv - ok
13:32:44.0746 7848 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:32:44.0749 7848 TBS - ok
13:32:44.0832 7848 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:32:44.0889 7848 Tcpip - ok
13:32:44.0972 7848 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:32:44.0981 7848 TCPIP6 - ok
13:32:45.0008 7848 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:32:45.0011 7848 tcpipreg - ok
13:32:45.0095 7848 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:32:45.0096 7848 TDPIPE - ok
13:32:45.0144 7848 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:32:45.0146 7848 TDTCP - ok
13:32:45.0173 7848 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:32:45.0177 7848 tdx - ok
13:32:45.0202 7848 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:32:45.0205 7848 TermDD - ok
13:32:45.0248 7848 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:32:45.0264 7848 TermService - ok
13:32:45.0287 7848 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:32:45.0290 7848 Themes - ok
13:32:45.0314 7848 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:32:45.0315 7848 THREADORDER - ok
13:32:45.0344 7848 TotRec8 (11a3ea0b2cc365bff684a3cf8c6ce2d5) C:\Windows\system32\drivers\TotRec8.sys
13:32:45.0348 7848 TotRec8 - ok
13:32:45.0373 7848 TPDIGIMN (6db3fae611554dc373e266ed50111b1c) C:\Windows\system32\DRIVERS\ApsHM64.sys
13:32:45.0374 7848 TPDIGIMN - ok
13:32:45.0401 7848 TPHDEXLGSVC (47d2009fdc682833ee03b6dcba23fdd2) C:\Windows\system32\TPHDEXLG64.exe
13:32:45.0404 7848 TPHDEXLGSVC - ok
13:32:45.0412 7848 TPHKLOAD (83415782d47f8064fcafea308abb2246) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
13:32:45.0417 7848 TPHKLOAD - ok
13:32:45.0425 7848 TPHKSVC (c04bb65441913ab621c58a8bd3169b23) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
13:32:45.0430 7848 TPHKSVC - ok
13:32:45.0455 7848 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
13:32:45.0457 7848 TPM - ok
13:32:45.0482 7848 TPPWRIF (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys
13:32:45.0483 7848 TPPWRIF - ok
13:32:45.0508 7848 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:32:45.0513 7848 TrkWks - ok
13:32:45.0533 7848 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:32:45.0536 7848 TrustedInstaller - ok
13:32:45.0572 7848 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:32:45.0575 7848 tssecsrv - ok
13:32:45.0615 7848 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:32:45.0617 7848 TsUsbFlt - ok
13:32:45.0644 7848 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:32:45.0648 7848 tunnel - ok
13:32:45.0672 7848 TVicPort64 (a65643ed30a30e46317c0b25818bc9b7) C:\Windows\system32\drivers\TVicPort64.sys
13:32:45.0673 7848 TVicPort64 - ok
13:32:45.0704 7848 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:32:45.0707 7848 uagp35 - ok
13:32:45.0755 7848 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:32:45.0760 7848 udfs - ok
13:32:45.0796 7848 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:32:45.0799 7848 UI0Detect - ok
13:32:45.0837 7848 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:32:45.0840 7848 uliagpkx - ok
13:32:45.0868 7848 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:32:45.0870 7848 umbus - ok
13:32:45.0894 7848 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:32:45.0896 7848 UmPass - ok
13:32:45.0926 7848 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
13:32:45.0931 7848 UmRdpService - ok
13:32:45.0987 7848 UNS (d7e5796a9783968f8ea968e83f196645) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
13:32:46.0051 7848 UNS - ok
13:32:46.0091 7848 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:32:46.0098 7848 upnphost - ok
13:32:46.0149 7848 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
13:32:46.0150 7848 USBAAPL64 - ok
13:32:46.0215 7848 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:32:46.0217 7848 usbaudio - ok
13:32:46.0243 7848 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:32:46.0247 7848 usbccgp - ok
13:32:46.0290 7848 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:32:46.0292 7848 usbcir - ok
13:32:46.0317 7848 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:32:46.0319 7848 usbehci - ok
13:32:46.0353 7848 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:32:46.0364 7848 usbhub - ok
13:32:46.0429 7848 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:32:46.0431 7848 usbohci - ok
13:32:46.0506 7848 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:32:46.0507 7848 usbprint - ok
13:32:46.0569 7848 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:32:46.0571 7848 USBSTOR - ok
13:32:46.0596 7848 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:32:46.0597 7848 usbuhci - ok
13:32:46.0647 7848 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
13:32:46.0650 7848 usbvideo - ok
13:32:46.0673 7848 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:32:46.0676 7848 UxSms - ok
13:32:46.0698 7848 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:32:46.0699 7848 VaultSvc - ok
13:32:46.0727 7848 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:32:46.0729 7848 vdrvroot - ok
13:32:46.0784 7848 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:32:46.0801 7848 vds - ok
13:32:46.0832 7848 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:32:46.0834 7848 vga - ok
13:32:46.0858 7848 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:32:46.0860 7848 VgaSave - ok
13:32:46.0898 7848 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:32:46.0901 7848 vhdmp - ok
13:32:46.0945 7848 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:32:46.0946 7848 viaide - ok
13:32:46.0976 7848 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
13:32:46.0982 7848 vmbus - ok
13:32:47.0036 7848 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
13:32:47.0038 7848 VMBusHID - ok
13:32:47.0064 7848 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:32:47.0066 7848 volmgr - ok
13:32:47.0101 7848 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:32:47.0112 7848 volmgrx - ok
13:32:47.0145 7848 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:32:47.0154 7848 volsnap - ok
13:32:47.0184 7848 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:32:47.0187 7848 vsmraid - ok
13:32:47.0245 7848 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:32:47.0290 7848 VSS - ok
13:32:47.0315 7848 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:32:47.0317 7848 vwifibus - ok
13:32:47.0343 7848 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:32:47.0346 7848 vwififlt - ok
13:32:47.0376 7848 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:32:47.0377 7848 vwifimp - ok
13:32:47.0421 7848 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:32:47.0424 7848 W32Time - ok
13:32:47.0463 7848 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:32:47.0464 7848 WacomPen - ok
13:32:47.0491 7848 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:32:47.0494 7848 WANARP - ok
13:32:47.0499 7848 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:32:47.0500 7848 Wanarpv6 - ok
13:32:47.0560 7848 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:32:47.0594 7848 WatAdminSvc - ok
13:32:47.0657 7848 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:32:47.0691 7848 wbengine - ok
13:32:47.0729 7848 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:32:47.0733 7848 WbioSrvc - ok
13:32:47.0774 7848 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:32:47.0781 7848 wcncsvc - ok
13:32:47.0809 7848 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:32:47.0812 7848 WcsPlugInService - ok
13:32:47.0846 7848 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:32:47.0848 7848 Wd - ok
13:32:47.0891 7848 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:32:47.0911 7848 Wdf01000 - ok
13:32:47.0943 7848 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:32:47.0946 7848 WdiServiceHost - ok
13:32:47.0951 7848 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:32:47.0953 7848 WdiSystemHost - ok
13:32:47.0982 7848 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:32:47.0987 7848 WebClient - ok
13:32:48.0027 7848 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:32:48.0032 7848 Wecsvc - ok
13:32:48.0060 7848 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:32:48.0064 7848 wercplsupport - ok
13:32:48.0093 7848 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:32:48.0096 7848 WerSvc - ok
13:32:48.0121 7848 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:32:48.0122 7848 WfpLwf - ok
13:32:48.0159 7848 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:32:48.0160 7848 WIMMount - ok
13:32:48.0207 7848 winachsf (7387ce6730baab8254da0ce3776a4b28) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
13:32:48.0230 7848 winachsf - ok
13:32:48.0243 7848 WinDefend - ok
13:32:48.0250 7848 WinHttpAutoProxySvc - ok
13:32:48.0294 7848 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:32:48.0297 7848 Winmgmt - ok
13:32:48.0368 7848 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:32:48.0413 7848 WinRM - ok
13:32:48.0471 7848 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:32:48.0473 7848 WinUsb - ok
13:32:48.0589 7848 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:32:48.0616 7848 Wlansvc - ok
13:32:48.0642 7848 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:32:48.0644 7848 WmiAcpi - ok
13:32:48.0686 7848 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:32:48.0690 7848 wmiApSrv - ok
13:32:48.0694 7848 WMPNetworkSvc - ok
13:32:48.0726 7848 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:32:48.0728 7848 WPCSvc - ok
13:32:48.0755 7848 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:32:48.0758 7848 WPDBusEnum - ok
13:32:48.0793 7848 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:32:48.0795 7848 ws2ifsl - ok
13:32:48.0829 7848 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:32:48.0832 7848 wscsvc - ok
13:32:48.0855 7848 WSearch - ok
13:32:48.0946 7848 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:32:49.0004 7848 wuauserv - ok
13:32:49.0033 7848 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:32:49.0037 7848 WudfPf - ok
13:32:49.0073 7848 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:32:49.0076 7848 WUDFRd - ok
13:32:49.0100 7848 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:32:49.0105 7848 wudfsvc - ok
13:32:49.0142 7848 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:32:49.0148 7848 WwanSvc - ok
13:32:49.0177 7848 XAudio (9907bc1cc78c37073ac78a4541710b61) C:\Windows\system32\DRIVERS\XAudio64.sys
13:32:49.0179 7848 XAudio - ok
13:32:49.0242 7848 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
13:32:49.0259 7848 xnacc - ok
13:32:49.0304 7848 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
13:32:49.0306 7848 xusb21 - ok
13:32:49.0331 7848 YLMFVDISK (88609a86dca83db04e25836cda02f1e5) C:\Windows\system32\drivers\VirtDisk64.sys
13:32:49.0333 7848 YLMFVDISK - ok
13:32:49.0347 7848 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
13:32:49.0376 7848 \Device\Harddisk1\DR1 - ok
13:32:49.0379 7848 Boot (0x1200) (452fbf2f4a2460976e321a17d1e18147) \Device\Harddisk1\DR1\Partition0
13:32:49.0380 7848 \Device\Harddisk1\DR1\Partition0 - ok
13:32:49.0383 7848 Boot (0x1200) (cc26734eebc100bfa0677890531f720f) \Device\Harddisk1\DR1\Partition1
13:32:49.0384 7848 \Device\Harddisk1\DR1\Partition1 - ok
13:32:49.0386 7848 Boot (0x1200) (3d923d31f4d544191529e2c0b13ad566) \Device\Harddisk1\DR1\Partition2
13:32:49.0387 7848 \Device\Harddisk1\DR1\Partition2 - ok
13:32:49.0390 7848 Boot (0x1200) (a1d63dd792a85b80cc3bafff154123c3) \Device\Harddisk1\DR1\Partition3
13:32:49.0391 7848 \Device\Harddisk1\DR1\Partition3 - ok
13:32:49.0394 7848 Boot (0x1200) (480942ff77aa0e575de8417bdb1453f3) \Device\Harddisk1\DR1\Partition4
13:32:49.0395 7848 \Device\Harddisk1\DR1\Partition4 - ok
13:32:49.0397 7848 Boot (0x1200) (7efc8a0e0e4f9ce492bd8e43bd0e2959) \Device\Harddisk1\DR1\Partition5
13:32:49.0398 7848 \Device\Harddisk1\DR1\Partition5 - ok
13:32:49.0400 7848 ============================================================
13:32:49.0400 7848 Scan finished
13:32:49.0400 7848 ============================================================
13:32:49.0410 7840 Detected object count: 1
13:32:49.0410 7840 Actual detected object count: 1
13:32:54.0298 7840 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
13:32:54.0298 7840 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

And the aswMBR Log gave me this.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-17 00:53:52
-----------------------------
00:53:52.623 OS Version: Windows x64 6.1.7601 Service Pack 1
00:53:52.623 Number of processors: 2 586 0x170A
00:53:52.624 ComputerName: GAWAIN UserName: Dong
00:53:53.899 Initialize success
00:54:45.660 AVAST engine defs: 12041601
00:54:56.222 Disk 0 \Device\Harddisk0\DR0 -> \Device\RobsonImd-0
00:54:56.232 Disk 0 Vendor: Size: 1405MB BusType: 0
00:54:56.234 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
00:54:56.236 Disk 1 Vendor: Size: 1405MB BusType: 0
00:54:56.337 Disk 1 MBR read successfully
00:54:56.340 Disk 1 MBR scan
00:54:56.345 Disk 1 Windows 7 default MBR code
00:54:56.348 Disk 1 MBR hidden
00:54:56.351 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048
00:54:56.375 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 82850 MB offset 3074048
00:54:56.388 Disk 1 Partition - 00 0F Extended LBA 210892 MB offset 172752053
00:54:56.392 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 604659712
00:54:56.413 Disk 1 Partition 4 00 07 HPFS/NTFS NTFS 123124 MB offset 172752116
00:54:56.476 Disk 1 Partition - 00 05 Extended 52208 MB offset 424911143
00:54:56.483 Disk 1 Partition 5 00 07 HPFS/NTFS NTFS 52208 MB offset 424911207
00:54:56.493 Disk 1 Partition - 00 05 Extended 35559 MB offset 783993232
00:54:56.501 Disk 1 Partition 6 00 07 HPFS/NTFS NTFS 35559 MB offset 531834205
00:54:56.522 Disk 1 scanning C:\Windows\system32\drivers
00:55:17.023 Service scanning
00:55:52.418 Modules scanning
00:55:52.427 Disk 1 trace - called modules:
00:55:52.451 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys sptd.sys iaNvStor.sys hal.dll
00:55:52.458 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80077a8060]
00:55:52.464 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa800507fe40]
00:55:52.473 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80054db050]
00:55:53.855 AVAST engine scan C:\Windows
00:55:59.030 AVAST engine scan C:\Windows\system32
01:04:35.159 AVAST engine scan C:\Windows\system32\drivers
01:04:58.826 AVAST engine scan C:\Users\Dong
01:33:19.175 AVAST engine scan C:\ProgramData
01:46:00.752 Scan finished successfully
01:47:53.087 Disk 1 MBR has been saved successfully to "F:\Desktop\MBR.dat"
01:47:53.406 The log file has been saved successfully to "F:\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-18 13:33:27
-----------------------------
13:33:27.774 OS Version: Windows x64 6.1.7601 Service Pack 1
13:33:27.774 Number of processors: 2 586 0x170A
13:33:27.774 ComputerName: GAWAIN UserName: Dong
13:33:28.282 Initialize success
13:34:14.851 AVAST engine defs: 12041801
13:35:29.886 Disk 0 \Device\Harddisk0\DR0 -> \Device\RobsonImd-0
13:35:29.888 Disk 0 Vendor: Size: 1405MB BusType: 0
13:35:29.891 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
13:35:29.893 Disk 1 Vendor: Size: 1405MB BusType: 0
13:35:29.939 Disk 1 MBR read successfully
13:35:29.942 Disk 1 MBR scan
13:35:29.947 Disk 1 Windows 7 default MBR code
13:35:29.950 Disk 1 MBR hidden
13:35:29.953 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048
13:35:29.958 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 82850 MB offset 3074048
13:35:29.964 Disk 1 Partition - 00 0F Extended LBA 210892 MB offset 172752053
13:35:29.968 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 604659712
13:35:29.974 Disk 1 Partition 4 00 07 HPFS/NTFS NTFS 123124 MB offset 172752116
13:35:29.981 Disk 1 Partition - 00 05 Extended 52208 MB offset 424911143
13:35:29.991 Disk 1 Partition 5 00 07 HPFS/NTFS NTFS 52208 MB offset 424911207
13:35:30.005 Disk 1 Partition - 00 05 Extended 35559 MB offset 783993232
13:35:30.011 Disk 1 Partition 6 00 07 HPFS/NTFS NTFS 35559 MB offset 531834205
13:35:30.021 Disk 1 scanning C:\Windows\system32\drivers
13:35:36.698 Service scanning
13:35:53.299 Modules scanning
13:35:53.307 Disk 1 trace - called modules:
13:35:53.366 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys iaNvStor.sys hal.dll
13:35:53.373 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800772b790]
13:35:53.379 3 CLASSPNP.SYS[fffff8800186c43f] -> nt!IofCallDriver -> [0xfffffa8004cec4c0]
13:35:53.388 5 ACPI.sys[fffff88000ed97a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800502b050]
13:35:54.008 AVAST engine scan C:\Windows
13:35:56.057 AVAST engine scan C:\Windows\system32
13:38:41.072 AVAST engine scan C:\Windows\system32\drivers
13:38:50.707 AVAST engine scan C:\Users\Dong
13:55:45.964 AVAST engine scan C:\ProgramData
14:04:31.531 Scan finished successfully
15:01:48.202 Disk 1 MBR has been saved successfully to "F:\Desktop\MBR.dat"
15:01:48.209 The log file has been saved successfully to "F:\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 PM

Posted 18 April 2012 - 03:05 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

DDS::
uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Caradyran

Caradyran
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 18 April 2012 - 09:54 PM

ComboFix 12-04-17.01 - Dong 8/2012 Wed 20:13:25.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.936.86.1033.18.3992.1272 [GMT -4:00]
执行位置: f:\desktop\ComboFix.exe
Command switches used :: f:\desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
Error: Cfiles.dat
.
((((((((((((((((((((((((( 2012-03-19 至 2012-04-19 的新的档案 )))))))))))))))))))))))))))))))
.
.
2012-04-19 00:22 . 2012-04-19 00:22 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-19 00:22 . 2012-04-19 00:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 21:55 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C5E195D2-238B-4AD7-850D-CE9A9C292CB7}\mpengine.dll
2012-04-18 05:50 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACAAE5B2-5F1E-47FE-81D4-F1396D48EFA5}\mpengine.dll
2012-04-17 05:15 . 2012-04-17 05:15 -------- d-----w- c:\users\Dong\AppData\Roaming\SUPERAntiSpyware.com
2012-04-17 05:14 . 2012-04-17 05:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-17 04:43 . 2012-04-17 04:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-16 20:38 . 2006-10-13 07:21 16080 ----a-w- c:\windows\system32\drivers\TVicPort64.sys
2012-04-16 20:38 . 2005-03-30 16:11 53248 ----a-w- c:\windows\system\TVicPort.dll
2012-04-15 19:46 . 2012-04-15 19:46 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-12 21:38 . 2012-04-12 21:38 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-12 16:14 . 2012-04-12 22:53 -------- d-----w- c:\users\Dong\AppData\Roaming\Magic Set Editor
2012-04-10 02:52 . 2012-04-10 02:52 -------- d-----w- c:\programdata\ATI
2012-04-09 07:41 . 2011-11-28 16:53 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-09 07:34 . 2011-12-27 01:10 40248 ----a-w- c:\windows\system32\drivers\psadd.sys
2012-04-01 07:52 . 2012-04-01 07:52 -------- d-----w- c:\users\Dong\AppData\Local\M2TWLauncher
2012-03-31 07:17 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 07:17 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 07:17 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 07:14 . 2012-04-15 19:46 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-31 07:13 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-31 07:13 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-31 07:13 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-31 07:13 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-31 07:13 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-31 07:13 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-31 07:12 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-31 07:12 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-31 07:12 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-31 07:12 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-25 01:03 . 2012-03-25 01:30 -------- d-----w- c:\program files (x86)\THQ
2012-03-24 19:40 . 2012-03-24 19:40 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2012-03-24 03:16 . 2012-03-24 03:16 -------- d-----w- c:\users\Dong\AppData\Local\backburner
2012-03-24 02:28 . 2012-03-24 02:28 -------- d-----w- c:\program files\Microsoft SDKs
2012-03-24 02:18 . 2012-03-24 02:18 -------- d-----w- c:\program files (x86)\Microsoft FxCop 1.35
2012-03-24 02:06 . 2012-03-24 02:06 -------- d-----w- c:\users\Dong\AppData\Roaming\JAM Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 19:46 . 2011-06-11 20:40 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2010-12-18 18:58 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 06:35 . 2009-11-15 03:10 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2012-03-15 02:38 . 2009-11-11 15:47 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2012-03-15 02:38 . 2009-11-11 15:47 18440 ----a-w- c:\windows\system32\drivers\pxsec.sys
2012-03-14 03:27 . 2011-08-17 19:56 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-05 04:16 . 2009-11-14 03:19 564792 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-02-23 14:18 . 2009-11-11 15:59 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 08:45 . 2012-02-16 08:45 94208 ----a-r- c:\users\Dong\AppData\Roaming\Microsoft\Installer\{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BD}\python_icon.exe
2012-02-15 15:01 . 2012-02-15 15:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 15:01 . 2012-02-15 15:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-11 19:41 . 2012-02-11 19:41 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB99A804-824B-4990-A4FF-F45E56C7211F}\gapaengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-18_05.39.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-18 05:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-19 00:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-18 05:38 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-19 00:24 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-18 05:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-19 00:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-04-18 21:44 61404 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-12 18:18 . 2012-04-18 21:44 25182 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1555674467-3880198319-2521006163-1000_UserData.bin
- 2009-11-11 15:40 . 2012-04-17 23:34 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-11 15:40 . 2012-04-19 00:57 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-11 15:40 . 2012-04-19 00:57 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-11 15:40 . 2012-04-17 23:34 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-17 23:34 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-19 00:57 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-04-18 21:44 61404 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-12 18:18 . 2012-04-18 21:44 25182 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1555674467-3880198319-2521006163-1000_UserData.bin
+ 2009-11-11 15:40 . 2012-04-19 00:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-11 15:40 . 2012-04-17 23:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-11 15:40 . 2012-04-19 00:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-11 15:40 . 2012-04-17 23:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-19 00:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-17 23:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-19 00:24 . 2012-04-19 00:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-18 05:38 . 2012-04-18 05:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-18 05:38 . 2012-04-18 05:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-19 00:24 . 2012-04-19 00:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-11 17:41 . 2012-04-18 19:01 463494 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-04-17 13:42 666160 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-19 00:28 666160 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-19 00:28 127190 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-04-17 13:42 127190 c:\windows\system64\perfc009.dat
+ 2009-11-11 15:59 . 2012-02-23 14:18 279656 c:\windows\system64\MpSigStub.exe
- 2009-11-11 15:59 . 2012-01-31 12:44 279656 c:\windows\system64\MpSigStub.exe
+ 2009-11-11 17:41 . 2012-04-18 19:01 463494 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-04-19 00:28 666160 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-17 13:42 666160 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-17 13:42 127190 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-19 00:28 127190 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-19 00:23 516980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-18 05:36 516980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-01-16 00:28 . 2012-04-18 05:36 1016128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-16 00:28 . 2012-04-19 00:23 1016128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-05-17 21:16 . 2012-04-19 00:23 11964416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1555674467-3880198319-2521006163-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Dong\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-03-24 1544040]
"RotateImage"="c:\program files (x86)\RotateImage\RCIMGDIR.exe" [2008-10-30 55808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-12-01 296056]
"QuickTime Task"="g:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-28 98304]
.
c:\users\Dong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stickies.lnk - d:\program files (x86)\stickies\stickies.exe [2010-9-14 1101824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-6-18 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 SkypeUpdate;Skype Updater;d:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS_x64.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]
R3 AMPPALP;Intel? Centrino? Wireless Bluetooth? 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-03-24 477032]
R3 dump_wmimmc;dump_wmimmc;f:\9dragons\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GPU-Z;GPU-Z;c:\users\Dong\AppData\Local\Temp\GPU-Z.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 mvvideodemo;MaxiVista Virtual Video Demo;c:\windows\system32\DRIVERS\mvvideodemo.sys [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 pbfilter;pbfilter;d:\program files\PeerBlock\pbfilter.sys [2009-09-28 19544]
R3 PCDSRVC{127174DC-858066CC-06000000}_0;PCDSRVC{127174DC-858066CC-06000000}_0 - PCDR Kernel Mode Service Helper Driver;d:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
R3 PCDSRVC{127174DC-C366ED8B-06000000}_0;PCDSRVC{127174DC-C366ED8B-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2009-11-20 23536]
R3 PCDSRVC{184E4FA0-DE8C26D4-06000000}_0;PCDSRVC{184E4FA0-DE8C26D4-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms [2009-11-20 23536]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-03-24 79208]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 RivaTuner64;RivaTuner64;d:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2011-11-17 19952]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 PenCommService;Livescribe Pulse Smartpen Service;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2010-02-18 265728]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [x]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [x]
S0 pxsec;pxsec;c:\windows\System32\drivers\pxsec.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\dddskx64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 SASDIFSV;SASDIFSV;d:\super antimalware go\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;d:\super antimalware go\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;d:\super antimalware go\SASCORE64.EXE [2011-08-11 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMPPALR3;Intel? Centrino? Wireless Bluetooth? 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-11-11 4658744]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-14 41320]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-14 65896]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 Secunia PSI Agent;Secunia PSI Agent;d:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 TVicPort64;TVicPort64; [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-08-04 2058776]
S2 YLMFVDISK;YLMF Virtual Diskette V1;c:\windows\system32\drivers\VirtDisk64.sys [x]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\RCUVCMNP.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AMPPAL;Intel? Centrino? Wireless Bluetooth? 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
计划任务 文件夹 里的内容
.
2012-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:46]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1555674467-3880198319-2521006163-1000Core.job
- c:\users\Dong\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-15 21:24]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1555674467-3880198319-2521006163-1000UA.job
- c:\users\Dong\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-15 21:24]
.
2012-04-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:39]
.
2012-04-18 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-11-22 09:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!IconOverlay_Conflict]
@="{486C8576-C2C5-42AD-87C6-5E9681633935}"
[HKEY_CLASSES_ROOT\CLSID\{486C8576-C2C5-42AD-87C6-5E9681633935}]
c:\users\Dong\AppData\Roaming\115\Box\Sync115Ext64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!IconOverlay_ForbidSync]
@="{683617F1-0DD4-4B24-B87F-73CE23B8440C}"
[HKEY_CLASSES_ROOT\CLSID\{683617F1-0DD4-4B24-B87F-73CE23B8440C}]
c:\users\Dong\AppData\Roaming\115\Box\Sync115Ext64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!IconOverlay_LargeFile]
@="{6B3CB227-0A30-418E-A673-FF1F142D9327}"
[HKEY_CLASSES_ROOT\CLSID\{6B3CB227-0A30-418E-A673-FF1F142D9327}]
c:\users\Dong\AppData\Roaming\115\Box\Sync115Ext64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!IconOverlay_Synced]
@="{B2AF7140-40A1-449E-82B9-2C0876C97AF4}"
[HKEY_CLASSES_ROOT\CLSID\{B2AF7140-40A1-449E-82B9-2C0876C97AF4}]
c:\users\Dong\AppData\Roaming\115\Box\Sync115Ext64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!IconOverlay_Syncing]
@="{F3E9E0C3-F30E-4EB1-9926-A5DA9DC2F68D}"
[HKEY_CLASSES_ROOT\CLSID\{F3E9E0C3-F30E-4EB1-9926-A5DA9DC2F68D}]
c:\users\Dong\AppData\Roaming\115\Box\Sync115Ext64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"IaNvSrv"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-08-04 358424]
"TpShocks"="TpShocks.exe" [2009-12-11 380776]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-14 54632]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-14 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-14 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-14 417560]
.
------- 而外的扫描 -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 128.151.50.29 128.151.225.122 128.151.50.101
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
FF - ProfilePath - c:\users\Dong\AppData\Roaming\Mozilla\Firefox\Profiles\loswtqwm.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{127174DC-858066CC-06000000}_0]
"ImagePath"="\??\d:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{184E4FA0-DE8C26D4-06000000}_0]
"ImagePath"="\??\c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,cd,b2,44,14,e7,9b,4f,80,57,cb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,cd,b2,44,14,e7,9b,4f,80,57,cb,\
.
[HKEY_USERS\S-1-5-21-1555674467-3880198319-2521006163-1000\Software\SecuROM\License information*]
"datasecu"=hex:a1,58,76,49,3e,ba,7c,9c,e3,23,61,4d,54,e2,75,89,3c,02,a0,0e,ec,
d8,a1,84,65,10,e2,a2,73,c5,d8,73,ca,13,c6,a0,a5,b8,d2,7e,8a,16,56,61,5c,08,\
"rkeysecu"=hex:3e,f3,07,e1,06,ad,e5,64,62,26,0e,6d,fe,6f,1f,b0
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ N齎譥1*0*Z汻燫:_-N噀lx豽Hr]
"DisplayName"="三国志10威力加强中文硬盘版 "
"UninstallString"="d:\\Romance of the Three Kingdoms\\uninst.exe"
"DisplayIcon"="d:\\Romance of the Three Kingdoms\\CONFIGPK.EXE"
"DisplayVersion"=""
"URLInfoAbout"=""
"Publisher"="三国志10威力加强中文硬盘版"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ 其他运行进程 ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\AMT\LMS.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\lenovo\system update\suservice.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
d:\program files (x86)\IObit\Game Booster 3\gbtray.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\SysWOW64\rundll32.exe
c:\progra~2\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
.
**************************************************************************
.
完成时间: 2012-04-18 22:51:50 - 电脑已重新启动
ComboFix-quarantined-files.txt 2012-04-19 02:51
ComboFix2.txt 2012-04-18 05:45
.
Pre-Run: 25,548,201,984 bytes free
Post-Run: 23,766,016,000 bytes free
.
- - End Of File - - 841D3574A5D3FD8D56D3413B6746BFD9

Everything looks good so far - Computer's definitely faster when starting up, and all of the native windows components appear to be in order. :)

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 PM

Posted 18 April 2012 - 09:57 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Caradyran

Caradyran
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 18 April 2012 - 10:00 PM

Here's everything from the log. Thank you again for your time!

Update for Microsoft Office 2007 (KB2508958)
.sol Editor 1.1.0.1
115UDown
3Dカスタム少女
Action Replay Code Manager
Adobe AIR
Adobe Media Player
Adobe Reader 9.5.0
Adobe Shockwave Player 11.5
Adobe Shockwave Player 11.6
ADRIFT Runner 3.90
Age of Wonders Shadow Magic
AIM 7
Akamai NetSession Interface
Akamai NetSession Interface Service
Alien Swarm
AoW...
Apple Application Support
Apple Software Update
Audacity 1.2.6
Auslogics Disk Defrag
Auslogics Duplicate File Finder
Autodesk Material Library Base Resolution Image Library 2012
Autodesk Material Library Medium Resolution Image Library 2012
Baron Samedi's Submods Compilation V5.0
Blender (remove only)
Bugfixer for Baron Samedi's Submods Compilation V5.0
Caesar 3
CamStudio
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
Character Builder
Chinese Simplified Fonts Support For Adobe Reader 9
City of Heroes
ConvertHelper 2.2
CopyTrans Suite Remove Only
Course Vector .minerva
DAEMON Tools Lite
Dawn of War - Dark Crusade
DH Mobility Modder.NET
Driver Detective
Dwiggs 5.0
eSupport UndeletePlus 3.0.2.1214
Facebook Plug-In
FLAC 1.2.1b (remove only)
Floris Mod Pack 2.5
Game Booster 3
Gargoyle
GIMP 2.6.11
Google Chrome
Google Talk Plugin
GraphPad Prism 4
Guild Wars
Heroes of Might and Magic III Complete
IcoFX 1.6.4
ILLUSION リアル彼女
Inform 7
Integrated Camera Driver Installer Package Ver.1.32.500.0
Intel PROSet Wireless
IrfanView (remove only)
Java Auto Updater
Java™ 6 Update 27
JDownloader
League of Legends
Lenovo Patch Utility
Lights of the Warp v1.5.1
Livescribe Desktop
Lua for Windows 5.1.4-40
Magic Set Editor 2.0.0
Malwarebytes Anti-Malware version 1.61.0.1400
MediaCoder 0.7.2.4535
MediaMonkey 3.2
Medieval II: Total War
Medieval II: Total War Kingdoms
Microsoft .NET Framework 1.1
Microsoft AppLocale
Microsoft Choice Guard
Microsoft Document Explorer 2005
Microsoft FxCop 1.35
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Might & Magic ? Heroes ? VI
Mount&Blade
Mount&Blade Warband
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mumble and Murmur
MUSHclient (remove only)
NCsoft Launcher
NVIDIA PhysX
Opera 10.10
Pando Media Booster
PrimoPDF -- brought to you by Nitro PDF Software
PX Profile Update
PyME 0.9.5a
Python 2.5.4
QuickTime
Rags Suite
Real Alternative 2.0.2
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller 1.92
RGSS-RTP Standard
RICOH R5U8xx Media Driver ver.3.64.02
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
RPG Maker VX RTP
RPG Maker XP 1.03
Sakura3
Samsung ML-1740 Series
Secunia PSI (2.0.0.3003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Sibelius Scorch (Firefox, Opera, Netscape only)
Sierra Utilities
Skype? 5.8
Starcraft
StarCraft II
Stickies 7.0b
System Requirements Lab for Intel
System Update
TADS 3 Author's Kit
Taikou5
Terrafirma
Terraria
The Elder Scrolls V: Skyrim
ThinkPad Power Manager
ThinkPad UltraNav Utility
Third Age - Total War 3.0 (Part 1of2)
Third Age - Total War 3.0 (Part 2of2)
Total Recorder 8.2
TreeSize Free V2.7
Ubisoft Game Launcher
UltraEdit 15.20
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Utilidades Sierra
VLC media player 1.0.5
Warcraft III Reign of Chaos & The Frozen Throne
Warhammer? 40,000?: Dawn of War? II Retribution?
Warlords Battlecry III
Windows Frotz
Windows Glulxe
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
μTorrent
三国志10威力加强中文硬盘版
太閤立志傳V
真?三國無双6 with 猛将伝

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 PM

Posted 18 April 2012 - 10:04 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.0
Java 6 Update 27
?Torrent
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Caradyran

Caradyran
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 18 April 2012 - 11:27 PM

Hi Gringo! Thanks for the tip. I've removed uTorrent - haven't torrented at all since I got to college, but I guess I should probably remove it.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.17.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dong :: GAWAIN [administrator]

4/19/2012 12:11:11 AM
mbam-log-2012-04-19 (00-11-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227330
Time elapsed: 6 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

---------------
and

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:26:58 AM, on 4/19/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
C:\Users\Dong\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Users\Dong\AppData\Local\Akamai\netsession_win.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
D:\Program Files (x86)\Skype\Phone\Skype.exe
F:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
G:\Program Files\Firefox\firefox.exe
G:\Program Files\Firefox\plugin-container.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
D:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\RotateImage\RCIMGDIR.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Dong\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - Startup: Stickies.lnk = D:\Program Files (x86)\stickies\stickies.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} (IASRunner Class) - http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - D:\SUPER ANTIMALWARE GO\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Intel? Centrino? Wireless Bluetooth? 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\AMT\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - D:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files (x86)\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10539 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 PM

Posted 18 April 2012 - 11:36 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [RotateImage] C:\Program Files (x86)\RotateImage\RCIMGDIR.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Dong\AppData\Local\Akamai\netsession_win.exe"
      O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
      O4 - Startup: Stickies.lnk = D:\Program Files (x86)\stickies\stickies.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Caradyran

Caradyran
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 19 April 2012 - 08:30 AM

Hi Gringo! I followed your instructions and ran Hijackthis, but the scanner found something.

C:\Users\Dong\AppData\Local\Xenocode\Sandbox\3D Object Converter for Windows 4.40 ´óʦ¡áÂÞÇf ºº»¯°æ\1.0.0.0\2010.02.22T05.13\Virtual\MODIFIED\@APPDIR@\3dconvertercn.exe a variant of Win32/HackTool.Patcher.N application
C:\Users\Dong\AppData\Local\Xenocode\Sandbox\3D Object Converter for Windows 4.40 ´óʦ¡áÂÞÇf ºº»¯°æ\1.0.0.0\2010.02.22T05.13\Virtual\MODIFIED\@DESKTOP@\release\3dconvertercn.exe a variant of Win32/HackTool.Patcher.N application

Aww, and I thought we were clean for a moment. I thought CCleaner cleaned that automatically...

Edited by Caradyran, 19 April 2012 - 08:42 AM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 PM

Posted 19 April 2012 - 08:42 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\Dong\AppData\Local\Xenocode\Sandbox\3D Object Converter for Windows 4.40 ʦf \1.0.0.0\2010.02.22T05.13\Virtual\MODIFIED\@APPDIR@\3dconvertercn.exe"
    del /f /s /q "C:\Users\Dong\AppData\Local\Xenocode\Sandbox\3D Object Converter for Windows 4.40 ʦf \1.0.0.0\2010.02.22T05.13\Virtual\MODIFIED\@DESKTOP@\release\3dconvertercn.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as perfect security. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Caradyran

Caradyran
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 19 April 2012 - 08:54 AM

Thank you so much, Gringo!

I've read the post above and cleaned up as suggested. Everything's fine now. Again, thank you for everything!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users