Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible MBR infection


  • This topic is locked This topic is locked
30 replies to this topic

#1 psychology07

psychology07

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 04 May 2012 - 09:12 PM

I have been having problems with both of the computers in my home for a month now. Mostly slow internet but occasionally they stop working altogether until I have to restore to factory default. I just replaced the router in case the firmware was infected. I have had some hijack viruses show up in malwarebytes and recently a boot trojan showup in Superantispyware. I suspect the infection may be in the recovery partitions. Here is the logs from my laptop, Windows 7 SP1. It seems that malware and SAS do not find anything anymore. Also, malwarebytes has a vertical line after the C:\ in the full scan menu. Both computers also start running background processes to the point that I can hear the hard drive constantly. I am including MBR log in case you want it.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by beitinbe at 21:45:56 on 2012-05-04
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3493.2124 [GMT -4:00]
.
AV: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\CCM\CcmExec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\Explorer.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AcroTray.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\AVG\AVG2012\avgui.exe
C:\Program Files\AVG\AVG2012\avgcfgex.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.shu.edu/
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 10.5.0.10 10.110.0.10
TCP: Interfaces\{05B6ECFC-472A-4785-A08A-935858D958F3} : DhcpNameServer = 10.5.0.10 10.110.0.10
TCP: Interfaces\{428FB7FB-F392-48D1-BB30-DFA2FA8D7BB5} : DhcpNameServer = 10.5.0.10 10.110.0.10
TCP: Interfaces\{7448DFCE-EC27-4227-BB59-89DA328863E0} : DhcpNameServer = 10.5.0.10 10.110.0.10
TCP: Interfaces\{7448DFCE-EC27-4227-BB59-89DA328863E0}\036324430393834383533333 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{7448DFCE-EC27-4227-BB59-89DA328863E0}\0443030335F614675632 : DhcpNameServer = 10.5.0.10 10.110.0.10
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\beitinbe\appdata\roaming\mozilla\firefox\profiles\w90oxpgb.default\
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\program files\adobe\acrobat 10.0\acrobat\browser\WCFirefoxExtn
FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - c:\program files\adobe\adobe contribute cs5\plugins\firefoxplugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-3-23 25968]
R0 nvpciflt;nvpciflt;c:\windows\system32\drivers\nvpciflt.sys [2011-3-23 20328]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
R1 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-3-23 13680]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 ASRSVC;ASR Service;c:\program files\thinkpad\tablet shortcut\asr\ASRSVC.exe [2011-6-24 79136]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2011-3-23 93032]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2010-11-16 13880]
R2 risdxc;risdxc;c:\windows\system32\drivers\risdxc86.sys [2011-3-23 75264]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2011-3-23 64440]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2011-3-23 133120]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\drivers\e1c6232.sys [2011-3-23 238760]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-4-21 269824]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-3-23 41088]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-3-23 7434240]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 wacomvthid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2011-6-8 14320]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-3-23 2321520]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2011-6-24 367656]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-6-24 33832]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-2-23 62464]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-6-24 292200]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-3-9 214696]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-1 22344]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-3-23 6755840]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-2-23 15872]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SWI32;SWI32;c:\program files\lenovo\system update\tvsuhd32.sys [2009-10-21 28224]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-2-23 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2011-2-23 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2011-2-23 27264]
S3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2011-2-23 112640]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 wacomhidfilter;Wacom HID Filter;c:\windows\system32\drivers\wacomhidfilter.sys [2011-6-8 14376]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-9 1343400]
S4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-2 253088]
S4 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2011-3-25 190592]
S4 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2011-6-24 40808]
S4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2011-3-23 45496]
S4 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2011-6-24 59240]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-1 654408]
S4 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-3-23 83304]
S4 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2011-6-24 148840]
S4 SAService;Conexant SmartAudio service;c:\windows\system32\SASrv.exe [2011-3-25 446592]
S4 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files\sophos\sophos virus removal tool\svrtservice.exe --> c:\program files\sophos\sophos virus removal tool\SVRTservice.exe [?]
S4 TabletServiceISD;TabletServiceISD;c:\program files\tablet\isd\ISD_Tablet.exe [2011-6-8 4732280]
S4 TabletSVC;TABLET Service;c:\program files\thinkpad\tablet shortcut\TSMService.exe [2011-6-24 83440]
S4 TouchServiceISD;Wacom ISD Touch Service;c:\program files\tablet\isd\ISD_TouchService.exe [2011-6-8 377720]
.
=============== Created Last 30 ================
.
2012-05-04 19:13:37 -------- d-----w- C:\MGtools
2012-05-04 10:42:32 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-04 07:24:25 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-04 07:20:30 -------- d-----w- c:\users\beitinbe\appdata\local\temp
2012-05-04 07:12:12 98816 ----a-w- c:\windows\sed.exe
2012-05-04 07:12:12 518144 ----a-w- c:\windows\SWREG.exe
2012-05-04 07:12:12 256000 ----a-w- c:\windows\PEV.exe
2012-05-04 07:12:12 208896 ----a-w- c:\windows\MBR.exe
2012-05-04 03:41:41 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-05-04 02:06:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-04 01:55:25 -------- d-----w- c:\windows\pss
2012-05-03 20:47:31 73728 ----a-r- c:\users\beitinbe\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-05-03 20:47:30 73728 ----a-r- c:\users\beitinbe\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-05-03 20:47:30 73728 ----a-r- c:\users\beitinbe\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
2012-05-03 20:47:25 -------- d-----w- c:\program files\Sophos
2012-05-03 19:00:10 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e1f4694f-d058-44a6-b4e3-8e795272d062}\mpengine.dll
2012-05-03 03:24:42 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-03 02:14:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-03 02:14:24 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-03 02:10:19 -------- d-----w- c:\users\beitinbe\appdata\roaming\AVG2012
2012-05-03 02:10:05 -------- d--h--w- c:\programdata\Common Files
2012-05-03 02:08:56 -------- d-----w- C:\$AVG
2012-05-03 02:08:55 -------- d-----w- c:\windows\system32\drivers\AVG
2012-05-03 02:08:55 -------- d-----w- c:\programdata\AVG2012
2012-05-03 02:08:08 -------- d-----w- c:\program files\AVG
2012-05-03 01:59:29 -------- d-----w- c:\programdata\MFAData
2012-05-02 20:36:50 -------- d-----w- c:\users\beitinbe\appdata\local\Diagnostics
2012-05-01 22:03:27 -------- d-----w- c:\users\beitinbe\appdata\local\Innovative Solutions
2012-05-01 22:03:23 -------- d-----w- c:\program files\common files\Innovative Solutions
2012-05-01 22:03:21 -------- d-----w- c:\programdata\Innovative Solutions
2012-05-01 22:03:20 47984 ----a-w- c:\windows\system32\AdvUninstCPL.cpl
2012-05-01 22:03:10 -------- d-----w- c:\program files\Innovative Solutions
2012-05-01 21:57:30 -------- d-----w- c:\users\beitinbe\appdata\roaming\Malwarebytes
2012-05-01 21:57:20 -------- d-----w- c:\programdata\Malwarebytes
2012-05-01 21:57:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-01 21:57:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-01 21:51:11 -------- d-----w- c:\windows\ms
2012-05-01 21:25:04 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-01 21:25:04 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-01 21:25:03 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-05-01 21:25:03 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-01 21:20:38 708608 ----a-w- c:\program files\common files\system\wab32.dll
2012-05-01 21:20:30 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-05-01 21:20:01 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-01 21:19:59 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-01 21:08:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-01 21:08:01 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-05-01 21:08:00 75776 ----a-w- c:\windows\system32\psisrndr.ax
2012-05-01 21:08:00 465408 ----a-w- c:\windows\system32\psisdecd.dll
2012-05-01 21:07:56 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-05-01 21:07:51 2048 ----a-w- c:\windows\system32\tzres.dll
2012-05-01 21:07:35 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-05-01 21:07:32 571904 ----a-w- c:\windows\system32\oleaut32.dll
2012-05-01 21:07:32 233472 ----a-w- c:\windows\system32\oleacc.dll
2012-05-01 21:07:23 67072 ----a-w- c:\windows\system32\packager.dll
2012-05-01 21:07:20 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-05-01 21:07:17 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-05-01 21:07:11 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-05-01 21:07:11 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-05-01 20:59:50 -------- d-----w- c:\users\beitinbe\appdata\local\VirtualStore
2012-05-01 20:52:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-01 20:52:40 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-05-01 20:52:40 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-01 20:52:40 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-01 20:52:39 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-01 20:52:39 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-01 20:52:38 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-19 08:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
==================== Find3M ====================
.
2012-05-03 03:24:31 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-19 09:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 09:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 21:46:39.15 ===============

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Enterprise Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 4298A16
Logical Drives Mask: 0x00040004

Kernel Drivers (total 185):
0x83652000 \SystemRoot\system32\ntkrnlpa.exe
0x8361B000 \SystemRoot\system32\halmacpi.dll
0x80BC1000 \SystemRoot\system32\kdcom.dll
0x8C82B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8C8B0000 \SystemRoot\system32\PSHED.dll
0x8C8C1000 \SystemRoot\system32\BOOTVID.dll
0x8C8C9000 \SystemRoot\system32\CLFS.SYS
0x8C90B000 \SystemRoot\system32\CI.dll
0x8CA3A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8CAAB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8CAB9000 \SystemRoot\system32\drivers\ACPI.sys
0x8CB01000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8CB0A000 \SystemRoot\system32\drivers\msisadrv.sys
0x8CB12000 \SystemRoot\system32\drivers\pci.sys
0x8CB3C000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8CB47000 \SystemRoot\System32\drivers\partmgr.sys
0x8CB58000 \SystemRoot\system32\drivers\compbatt.sys
0x8CB60000 \SystemRoot\system32\drivers\BATTC.SYS
0x8CB6B000 \SystemRoot\system32\drivers\volmgr.sys
0x8CB7B000 \SystemRoot\System32\drivers\volmgrx.sys
0x8CBC6000 \SystemRoot\System32\drivers\mountmgr.sys
0x8CC21000 \SystemRoot\system32\drivers\iaStor.sys
0x8CDD4000 \SystemRoot\system32\drivers\atapi.sys
0x8CDDD000 \SystemRoot\system32\drivers\ataport.SYS
0x8CC00000 \SystemRoot\system32\drivers\amdxata.sys
0x8CA00000 \SystemRoot\system32\drivers\fltmgr.sys
0x8CC09000 \SystemRoot\system32\drivers\fileinfo.sys
0x8CBDC000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8CE3F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8CF6E000 \SystemRoot\System32\Drivers\msrpc.sys
0x8CF99000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8D035000 \SystemRoot\System32\Drivers\cng.sys
0x8D092000 \SystemRoot\System32\drivers\pcw.sys
0x8D0A0000 \SystemRoot\System32\DRIVERS\DozeHDD.sys
0x8D0A5000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8D0AE000 \SystemRoot\system32\drivers\ndis.sys
0x8D165000 \SystemRoot\system32\drivers\NETIO.SYS
0x8D1A3000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8D21A000 \SystemRoot\System32\drivers\tcpip.sys
0x8D364000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8D395000 \SystemRoot\system32\drivers\vmstorfl.sys
0x8D39E000 \SystemRoot\system32\drivers\volsnap.sys
0x8D3DD000 \SystemRoot\System32\DRIVERS\ApsHM86.sys
0x8D3E6000 \SystemRoot\System32\Drivers\spldr.sys
0x8D1C8000 \SystemRoot\System32\DRIVERS\Apsx86.sys
0x8D200000 \SystemRoot\system32\drivers\sbp2port.sys
0x8D000000 \SystemRoot\System32\drivers\rdyboost.sys
0x8D3EE000 \SystemRoot\system32\DRIVERS\nvpciflt.sys
0x8D1E8000 \SystemRoot\System32\Drivers\mup.sys
0x8D3F2000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8CFAC000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8CFDE000 \SystemRoot\system32\drivers\disk.sys
0x8CE00000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x9121F000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x8C9B6000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x9122D000 \SystemRoot\System32\Drivers\Null.SYS
0x91200000 \SystemRoot\System32\Drivers\Beep.SYS
0x91207000 \SystemRoot\System32\drivers\vga.sys
0x8C9DD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CE32000 \SystemRoot\System32\drivers\watchdog.sys
0x91213000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D1F8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D02D000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8CFEF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CBE6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C800000 \SystemRoot\system32\DRIVERS\avgfwd6x.sys
0x8C80E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CBF4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x91E18000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x91E60000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91E92000 \SystemRoot\system32\drivers\afd.sys
0x91EEC000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x91EF3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91F12000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x91F23000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91F31000 \SystemRoot\system32\drivers\serial.sys
0x91F4B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91F5E000 \SystemRoot\System32\drivers\Tppwr32v.sys
0x91F65000 \SystemRoot\system32\drivers\termdd.sys
0x91F76000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91FB7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91FC1000 \SystemRoot\system32\drivers\mssmbios.sys
0x91FCB000 \SystemRoot\system32\DRIVERS\smiif32.sys
0x91FCD000 \SystemRoot\System32\drivers\discache.sys
0x9261B000 \SystemRoot\system32\drivers\csc.sys
0x9267F000 \SystemRoot\System32\Drivers\dfsc.sys
0x92697000 \SystemRoot\system32\drivers\blbdrive.sys
0x926A5000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x926AC000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x926E4000 \SystemRoot\system32\DRIVERS\avgidshx.sys
0x926E8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x92709000 \SystemRoot\system32\drivers\intelppm.sys
0x93222000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x93CB3000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x93D6A000 \SystemRoot\System32\drivers\dxgmms1.sys
0x93DA3000 \SystemRoot\system32\drivers\HECI.sys
0x93DAE000 \SystemRoot\system32\drivers\serenum.sys
0x93DB8000 \SystemRoot\system32\DRIVERS\e1c6232.sys
0x93200000 \SystemRoot\system32\drivers\usbehci.sys
0x9271B000 \SystemRoot\system32\drivers\USBPORT.SYS
0x92766000 \SystemRoot\system32\drivers\HDAudBus.sys
0x94218000 \SystemRoot\system32\DRIVERS\NETwNs32.sys
0x94965000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x9496F000 \SystemRoot\system32\drivers\risdxc86.sys
0x94987000 \SystemRoot\system32\drivers\i8042prt.sys
0x9499F000 \SystemRoot\system32\drivers\tkbtnpn.sys
0x949A1000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x949B4000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x92E01000 \SystemRoot\system32\drivers\SynTP.sys
0x92F48000 \SystemRoot\system32\drivers\USBD.SYS
0x92F4A000 \SystemRoot\system32\drivers\mouclass.sys
0x92F57000 \SystemRoot\system32\drivers\tpm.sys
0x92F63000 \SystemRoot\system32\drivers\CmBatt.sys
0x92F67000 \SystemRoot\system32\drivers\ibmpmdrv.sys
0x92F6E000 \SystemRoot\system32\drivers\wmiacpi.sys
0x92F77000 \SystemRoot\system32\drivers\CompositeBus.sys
0x92F84000 \SystemRoot\system32\drivers\wacomvhid.sys
0x92F87000 \SystemRoot\system32\drivers\WacomVTHid.sys
0x92F8A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x92F9C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92FB4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x92FBF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x92FE1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x949BB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x949D2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x949E9000 \SystemRoot\system32\drivers\rdpbus.sys
0x949F3000 \SystemRoot\system32\drivers\kbdclass.sys
0x92FF9000 \SystemRoot\system32\DRIVERS\psadd.sys
0x94200000 \SystemRoot\system32\drivers\swenum.sys
0x92785000 \SystemRoot\system32\drivers\ks.sys
0x94202000 \SystemRoot\system32\DRIVERS\umbus.sys
0x927B9000 \SystemRoot\system32\drivers\usbhub.sys
0x9320F000 \SystemRoot\system32\drivers\kbdhid.sys
0x93DF4000 \SystemRoot\system32\drivers\mouhid.sys
0x94210000 \SystemRoot\system32\drivers\wacommousefilter.sys
0x92600000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x94A16000 \SystemRoot\system32\drivers\CHDRT32.sys
0x94B57000 \SystemRoot\system32\drivers\portcls.sys
0x94B86000 \SystemRoot\system32\drivers\drmk.sys
0x94B9F000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x94BE5000 \SystemRoot\system32\drivers\usbccgp.sys
0x91FD9000 \SystemRoot\system32\DRIVERS\5U877.sys
0x94A00000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x9EC08000 \SystemRoot\system32\drivers\hidusb.sys
0x9EC13000 \SystemRoot\system32\drivers\MTConfig.sys
0x9EC1B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9EC28000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9EDDB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x97940000 \SystemRoot\System32\win32k.sys
0x9EDEC000 \SystemRoot\System32\drivers\Dxapi.sys
0x91234000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97BA0000 \SystemRoot\System32\TSDDD.dll
0x97BD0000 \SystemRoot\System32\cdd.dll
0x9123F000 \SystemRoot\system32\drivers\luafv.sys
0x9125A000 \SystemRoot\system32\drivers\WudfPf.sys
0x91274000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x91284000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x912CA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x912DA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9EDF6000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x912ED000 \SystemRoot\system32\DRIVERS\bowser.sys
0x91306000 \SystemRoot\System32\drivers\mpsdrv.sys
0x91318000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9133B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x91376000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9EC00000 \SystemRoot\system32\DRIVERS\avgidsshimx.sys
0x9CE1D000 \SystemRoot\system32\drivers\peauth.sys
0x9CEB4000 \SystemRoot\system32\drivers\regi.sys
0x9CEB6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9CEC0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9CEE1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9CEEE000 \SystemRoot\system32\DRIVERS\avgidsfilterx.sys
0x9CEF3000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9CF43000 \SystemRoot\system32\DRIVERS\avgidsdriverx.sys
0x9CF64000 \SystemRoot\System32\DRIVERS\srv.sys
0x9CFB6000 \SystemRoot\System32\drivers\rdpdr.sys
0x9CE00000 \??\C:\Users\beitinbe\AppData\Local\Temp\kfrcapow.sys
0x9CE19000 \??\C:\Windows\system32\CCM\prepdrv.sys
0x9CFDB000 \SystemRoot\system32\drivers\tdtcp.sys
0x9CFE6000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x91391000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x9E688000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77AB0000 \Windows\System32\ntdll.dll
0x47760000 \Windows\System32\smss.exe
0x77CF0000 \Windows\System32\apisetschema.dll

Processes (total 59):
0 System Idle Process
4 System
384 C:\Windows\System32\smss.exe
480 C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
528 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
804 csrss.exe
856 C:\Windows\System32\wininit.exe
864 csrss.exe
912 C:\Windows\System32\services.exe
928 C:\Windows\System32\lsass.exe
936 C:\Windows\System32\lsm.exe
1052 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\ibmpmsvc.exe
1184 C:\Windows\System32\winlogon.exe
1212 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\svchost.exe
1356 C:\Windows\System32\svchost.exe
1564 C:\Windows\System32\svchost.exe
1704 C:\Windows\System32\wisptis.exe
1760 C:\Windows\System32\svchost.exe
2036 C:\Windows\System32\svchost.exe
452 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
752 C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
988 C:\Program Files\AVG\AVG2012\avgfws.exe
1376 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
1456 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
1600 C:\Program Files\Bonjour\mDNSResponder.exe
124 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
2116 C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
2156 C:\Windows\System32\svchost.exe
2260 C:\Windows\System32\wbem\WmiApSrv.exe
2296 C:\Windows\System32\CCM\CcmExec.exe
2592 C:\Program Files\AVG\AVG2012\avgnsx.exe
2612 C:\Program Files\AVG\AVG2012\avgemcx.exe
2964 C:\Program Files\AVG\AVG2012\avgidsagent.exe
3556 WmiPrvSE.exe
3904 C:\PROGRA~1\Lenovo\VIRTSCRL\virtscrl.exe
3980 C:\Windows\System32\wisptis.exe
3988 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
3996 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
2196 C:\Windows\System32\taskhost.exe
2668 C:\Windows\System32\dwm.exe
2716 C:\Windows\explorer.exe
2840 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
1944 C:\Windows\System32\SearchIndexer.exe
4196 WmiPrvSE.exe
5196 C:\Windows\System32\taskmgr.exe
5564 C:\Windows\System32\mmc.exe
5756 C:\Windows\System32\svchost.exe
4540 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
5120 C:\Windows\System32\audiodg.exe
2004 C:\Program Files\Internet Explorer\iexplore.exe
3836 C:\Program Files\Internet Explorer\iexplore.exe
5656 C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
3720 dllhost.exe
5144 dllhost.exe
3356 C:\Users\beitinbe\Desktop\MBRCheck.exe
5816 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ee900000 (NTFS)

PhysicalDrive0 Model Number: HITACHIHTS723232A7A364, Rev: EC2ZB70R

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: BEC47C9B04F608B48D52ED2CCB7CABF5C86A9E14


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:44 PM

Posted 04 May 2012 - 10:17 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Microsoft Forefront Endpoint Protection 2010
AV: AVG Internet Security 2012


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 psychology07

psychology07
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 04 May 2012 - 10:55 PM

Thank you for your fast response. I have Microsoft forefront AV for work and I am not supposed to take it off so I keep it disabled and use AVG. If you think that keeping it disabled still risks conflicts, I will remove it. Computer is running fine right now other than a slow internet and refusing to download some .exe files. The problem is it could begin acting up at any moment, usually begins with security center failing, then malwarebytes protection is disabled, one of the programs starts running and hogging resources in the background, and on.

Here are logs

Results of screen317's Security Check version 0.99.32
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 32
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````



ComboFix 12-05-04.03 - beitinbe 05/04/2012 23:32:33.1.4 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3493.2246 [GMT -4:00]
Running from: c:\users\beitbe\Desktop\Combofix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\beitbe\AppData\Local\temp\{A8C7E972-7658-43FE-860F-CE87C6E44E47}\fpb.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-05 03:35 . 2012-05-05 03:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-04 19:13 . 2012-05-04 21:11 -------- d-----w- C:\MGtools
2012-05-04 10:42 . 2012-05-04 10:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-04 03:41 . 2012-05-04 03:43 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-05-04 02:06 . 2012-05-04 02:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-03 20:47 . 2012-05-04 09:42 -------- d-----w- c:\program files\Sophos
2012-05-03 19:00 . 2012-04-13 04:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E1F4694F-D058-44A6-B4E3-8E795272D062}\mpengine.dll
2012-05-03 03:24 . 2012-05-03 03:24 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-03 02:14 . 2012-05-03 02:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-03 02:14 . 2012-05-03 02:14 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-03 02:10 . 2012-05-03 02:10 -------- d--h--w- c:\programdata\Common Files
2012-05-03 02:08 . 2012-05-03 02:08 -------- d-----w- C:\$AVG
2012-05-03 02:08 . 2012-05-04 17:31 -------- d-----w- c:\windows\system32\drivers\AVG
2012-05-03 02:08 . 2012-05-03 02:14 -------- d-----w- c:\programdata\AVG2012
2012-05-03 02:08 . 2012-05-03 02:08 -------- d-----w- c:\program files\AVG
2012-05-03 01:59 . 2012-05-04 09:53 -------- d-----w- c:\programdata\MFAData
2012-05-01 22:03 . 2012-05-01 22:03 -------- d-----w- c:\program files\Common Files\Innovative Solutions
2012-05-01 22:03 . 2012-05-03 03:12 -------- d-----w- c:\programdata\Innovative Solutions
2012-05-01 22:03 . 2009-11-05 21:36 47984 ----a-w- c:\windows\system32\AdvUninstCPL.cpl
2012-05-01 22:03 . 2012-05-01 22:03 -------- d-----w- c:\program files\Innovative Solutions
2012-05-01 21:57 . 2012-05-01 21:57 -------- d-----w- c:\programdata\Malwarebytes
2012-05-01 21:57 . 2012-05-01 21:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-01 21:57 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-01 21:51 . 2012-05-01 21:51 -------- d-----w- c:\windows\ms
2012-05-01 21:25 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-01 21:25 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-01 21:25 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-05-01 21:25 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-01 21:20 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-05-01 21:20 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-05-01 21:20 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-01 21:19 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-01 21:08 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-01 21:08 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-05-01 21:08 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2012-05-01 21:08 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2012-05-01 21:07 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-05-01 21:07 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2012-05-01 21:07 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-05-01 21:07 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2012-05-01 21:07 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
2012-05-01 21:07 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-05-01 21:07 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-05-01 21:07 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-05-01 21:07 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-05-01 21:07 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-05-01 20:59 . 2012-05-04 06:36 -------- d-----w- c:\users\beitbe
2012-05-01 20:52 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-01 20:52 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-05-01 20:52 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-01 20:52 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-01 20:52 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-01 20:52 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-01 20:52 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-01 20:49 . 2012-05-01 20:50 -------- d-----w- c:\users\Administrator
2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 20:52 . 2012-05-04 19:13 656864 ----a-w- C:\MGlogs.zip
2012-05-03 03:24 . 2011-02-23 15:10 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-13 04:36 . 2011-03-08 13:52 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-19 09:17 . 2012-03-19 09:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 09:25 . 2012-02-22 09:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-04-21 01:19 . 2012-05-03 02:07 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3443049147-1905892195-2501515390-12481\Scripts\Logon\0\0]
"Script"=MapSDrive.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-04-04 05:53 815512 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-04-04 05:53 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-11-08 22:52 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 08:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Uninstaller PRO Installation Monitor]
2012-04-13 15:25 3503584 ----a-w- c:\program files\Innovative Solutions\Advanced Uninstaller PRO\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2012-04-05 09:12 2587008 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 19:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-03-11 15:55 176664 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-03-11 15:55 143384 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPKNRRES]
2011-04-04 22:22 41320 ----a-w- c:\program files\Lenovo\Communications Utility\TpKnrres.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker]
2009-07-23 07:11 124248 ----a-w- c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2009-07-23 07:11 185688 ----a-w- c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 18:20 997408 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-03-11 15:55 178200 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWMTRV]
2011-05-10 07:59 1258856 ----a-w- c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RotateImage]
2008-10-30 19:23 31744 ----a-w- c:\program files\Integrated Camera Driver\RCIMGDIR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartAudio]
2011-03-15 00:04 316032 ----a-w- c:\program files\CONEXANT\SAII\SAIICpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 19:49 237800 ----a-w- c:\program files\Common Files\Java\Java Update\jaureg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2011-05-06 00:31 2262312 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
2009-12-11 16:19 337256 ----a-w- c:\windows\System32\TpShocks.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSMResident]
2011-05-09 15:18 484856 ----a-w- c:\program files\ThinkPad\Tablet Shortcut\TSMResident.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-18 367656]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 33832]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-05-10 292200]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-12-10 214696]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SWI32;SWI32;c:\program files\Lenovo\System Update\tvsuhd32.sys [2009-10-22 28224]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 wacomhidfilter;Wacom HID Filter;c:\windows\system32\drivers\wacomhidfilter.sys [2010-12-02 14376]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-09 1343400]
R4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 253088]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
R4 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R4 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2010-12-17 190592]
R4 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-04-04 40808]
R4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
R4 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-04-04 59240]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
R4 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-05-10 83304]
R4 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-05-10 148840]
R4 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [2011-03-15 446592]
R4 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [x]
R4 TabletServiceISD;TabletServiceISD;c:\program files\Tablet\ISD\ISD_Tablet.exe [2011-03-24 4732280]
R4 TabletSVC;TABLET Service;c:\program files\ThinkPad\Tablet Shortcut\TSMService.exe [2011-05-09 83440]
R4 TouchServiceISD;Wacom ISD Touch Service;c:\program files\Tablet\ISD\ISD_TouchService.exe [2011-03-24 377720]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-05-10 25968]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-04 20328]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2011-05-23 47968]
S1 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ASRSVC;ASR Service;c:\program files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2010-10-28 79136]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [2012-03-23 2321520]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2010-11-16 13880]
S2 risdxc;risdxc;c:\windows\system32\drivers\risdxc86.sys [2011-03-23 75264]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2010-12-03 133120]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [2010-12-21 238760]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-03-11 269824]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2010-10-19 41088]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-01-06 7434240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 wacomvthid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2010-12-02 14320]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 02:14]
.
2012-05-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]
.
2012-05-05 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.shu.edu/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 10.5.0.10 10.110.0.10
FF - ProfilePath - c:\users\beitbe\AppData\Roaming\Mozilla\Firefox\Profiles\w90oxpgb.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\program files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
MSConfigStartUp-ForteConfig - c:\program files\Conexant\ForteConfig\fmapp.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\ibmpmsvc.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\sppsvc.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Completion time: 2012-05-04 23:41:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-05 03:41

.
Pre-Run: 260,375,244,800 bytes free
Post-Run: 260,321,464,320 bytes free
.
- - End Of File - - 208ECF30459F4E3BD2F4594BCE9DC388

#4 psychology07

psychology07
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 04 May 2012 - 11:04 PM

Also control panel is not opening. It freezes when I attempt it.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:44 PM

Posted 04 May 2012 - 11:04 PM

Greetings psychology07

AVG is not as good as it once was so if I had the choice AVG would be the one to remove (and yes one or the other needs to be removed)


I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 psychology07

psychology07
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 04 May 2012 - 11:26 PM

It would not let me download the definitions for aswMBR. Error code is below.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-05 00:22:17
-----------------------------
00:22:17.865 OS Version: Windows 6.1.7601 Service Pack 1
00:22:17.865 Number of processors: 4 586 0x2A07
00:22:17.865 ComputerName: 146--R9F5FNY UserName: beitinbe
00:22:18.567 Initialize success
00:22:20.743 AVAST engine download error: 0
00:23:53.016 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
00:23:53.016 Disk 0 Vendor: HITACHI_ EC2Z Size: 305245MB BusType: 3
00:23:53.031 Disk 0 MBR read successfully
00:23:53.031 Disk 0 MBR scan
00:23:53.031 Disk 0 unknown MBR code
00:23:53.047 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16104 MB offset 2048
00:23:53.062 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 289139 MB offset 32983040
00:23:53.062 Disk 0 scanning sectors +625139712
00:23:53.125 Disk 0 scanning C:\Windows\system32\drivers
00:23:55.886 Service scanning
00:24:12.937 Modules scanning
00:24:19.083 Disk 0 trace - called modules:
00:24:19.099 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
00:24:19.614 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8895a1e8]
00:24:19.614 3 CLASSPNP.SYS[8d00459e] -> nt!IofCallDriver -> [0x86a52870]
00:24:19.614 5 ACPI.sys[8caaa3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86a0d028]
00:24:19.614 Scan finished successfully
00:24:29.208 Disk 0 MBR has been saved successfully to "C:\Users\beitinbe\Desktop\MBR.dat"
00:24:29.208 The log file has been saved successfully to "C:\Users\beitinbe\Desktop\aswMBR.txt"


00:16:09.0383 2232 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
00:16:09.0757 2232 ============================================================
00:16:09.0757 2232 Current date / time: 2012/05/05 00:16:09.0757
00:16:09.0757 2232 SystemInfo:
00:16:09.0757 2232
00:16:09.0757 2232 OS Version: 6.1.7601 ServicePack: 1.0
00:16:09.0757 2232 Product type: Workstation
00:16:09.0757 2232 ComputerName: 146--R9F5FNY
00:16:09.0757 2232 UserName: beitinbe
00:16:09.0757 2232 Windows directory: C:\Windows
00:16:09.0757 2232 System windows directory: C:\Windows
00:16:09.0757 2232 Processor architecture: Intel x86
00:16:09.0757 2232 Number of processors: 4
00:16:09.0757 2232 Page size: 0x1000
00:16:09.0757 2232 Boot type: Normal boot
00:16:09.0757 2232 ============================================================
00:16:10.0303 2232 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:16:10.0303 2232 ============================================================
00:16:10.0303 2232 \Device\Harddisk0\DR0:
00:16:10.0303 2232 MBR partitions:
00:16:10.0303 2232 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F74800, BlocksNum 0x234B9800
00:16:10.0303 2232 ============================================================
00:16:10.0335 2232 C: <-> \Device\Harddisk0\DR0\Partition0
00:16:10.0335 2232 ============================================================
00:16:10.0335 2232 Initialize success
00:16:10.0335 2232 ============================================================
00:16:15.0358 1196 ============================================================
00:16:15.0358 1196 Scan started
00:16:15.0358 1196 Mode: Manual; SigCheck; TDLFS;
00:16:15.0358 1196 ============================================================
00:16:16.0762 1196 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
00:16:16.0809 1196 1394ohci - ok
00:16:16.0855 1196 5U877 (d9397d66ce955a845d6baf2e29fa2fc3) C:\Windows\system32\DRIVERS\5U877.sys
00:16:16.0887 1196 5U877 - ok
00:16:16.0949 1196 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
00:16:16.0965 1196 ACPI - ok
00:16:16.0965 1196 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
00:16:17.0011 1196 AcpiPmi - ok
00:16:17.0230 1196 AdobeActiveFileMonitor9.0 (c004f38974f4d321b4c20a240e1175c0) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
00:16:17.0339 1196 AdobeActiveFileMonitor9.0 - ok
00:16:17.0464 1196 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:16:17.0464 1196 AdobeFlashPlayerUpdateSvc - ok
00:16:17.0526 1196 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
00:16:17.0542 1196 adp94xx - ok
00:16:17.0557 1196 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
00:16:17.0573 1196 adpahci - ok
00:16:17.0589 1196 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
00:16:17.0589 1196 adpu320 - ok
00:16:17.0620 1196 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
00:16:17.0651 1196 AeLookupSvc - ok
00:16:17.0682 1196 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
00:16:17.0713 1196 AFD - ok
00:16:17.0745 1196 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
00:16:17.0745 1196 agp440 - ok
00:16:17.0776 1196 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
00:16:17.0776 1196 aic78xx - ok
00:16:17.0854 1196 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
00:16:17.0869 1196 ALG - ok
00:16:17.0901 1196 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
00:16:17.0901 1196 aliide - ok
00:16:17.0916 1196 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
00:16:17.0932 1196 amdagp - ok
00:16:17.0947 1196 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
00:16:17.0947 1196 amdide - ok
00:16:17.0947 1196 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
00:16:17.0994 1196 AmdK8 - ok
00:16:18.0010 1196 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
00:16:18.0025 1196 AmdPPM - ok
00:16:18.0041 1196 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
00:16:18.0057 1196 amdsata - ok
00:16:18.0088 1196 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
00:16:18.0088 1196 amdsbs - ok
00:16:18.0103 1196 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
00:16:18.0103 1196 amdxata - ok
00:16:18.0119 1196 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
00:16:18.0197 1196 AppID - ok
00:16:18.0228 1196 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
00:16:18.0259 1196 AppIDSvc - ok
00:16:18.0275 1196 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
00:16:18.0291 1196 Appinfo - ok
00:16:18.0415 1196 Apple Mobile Device - ok
00:16:18.0462 1196 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
00:16:18.0493 1196 AppMgmt - ok
00:16:18.0525 1196 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
00:16:18.0525 1196 arc - ok
00:16:18.0540 1196 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
00:16:18.0540 1196 arcsas - ok
00:16:18.0727 1196 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:16:18.0743 1196 aspnet_state - ok
00:16:18.0805 1196 ASRSVC (eae432a64924ce4e5afb128b92e4c78a) C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
00:16:18.0805 1196 ASRSVC - ok
00:16:18.0837 1196 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
00:16:18.0899 1196 AsyncMac - ok
00:16:18.0946 1196 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
00:16:18.0946 1196 atapi - ok
00:16:19.0008 1196 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
00:16:19.0024 1196 AudioEndpointBuilder - ok
00:16:19.0039 1196 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
00:16:19.0055 1196 Audiosrv - ok
00:16:19.0102 1196 Avgfwfd (c46ba2c177df0b84f9c0bfc1e4574dc7) C:\Windows\system32\DRIVERS\avgfwd6x.sys
00:16:19.0102 1196 Avgfwfd - ok
00:16:19.0367 1196 avgfws (3f246752bc1309f71a737c6a90dd5295) C:\Program Files\AVG\AVG2012\avgfws.exe
00:16:19.0429 1196 avgfws - ok
00:16:19.0851 1196 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe
00:16:19.0913 1196 AVGIDSAgent - ok
00:16:20.0287 1196 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
00:16:20.0303 1196 AVGIDSDriver - ok
00:16:20.0334 1196 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
00:16:20.0350 1196 AVGIDSFilter - ok
00:16:20.0350 1196 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
00:16:20.0350 1196 AVGIDSHX - ok
00:16:20.0381 1196 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
00:16:20.0397 1196 AVGIDSShim - ok
00:16:20.0459 1196 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
00:16:20.0459 1196 Avgldx86 - ok
00:16:20.0490 1196 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
00:16:20.0490 1196 Avgmfx86 - ok
00:16:20.0537 1196 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
00:16:20.0537 1196 Avgrkx86 - ok
00:16:20.0584 1196 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
00:16:20.0599 1196 Avgtdix - ok
00:16:20.0771 1196 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
00:16:20.0771 1196 avgwd - ok
00:16:20.0818 1196 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
00:16:20.0865 1196 AxInstSV - ok
00:16:20.0927 1196 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
00:16:20.0943 1196 b06bdrv - ok
00:16:20.0974 1196 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
00:16:20.0989 1196 b57nd60x - ok
00:16:21.0067 1196 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
00:16:21.0083 1196 BDESVC - ok
00:16:21.0114 1196 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
00:16:21.0145 1196 Beep - ok
00:16:21.0177 1196 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
00:16:21.0208 1196 BFE - ok
00:16:21.0270 1196 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
00:16:21.0301 1196 BITS - ok
00:16:21.0317 1196 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\drivers\blbdrive.sys
00:16:21.0333 1196 blbdrive - ok
00:16:21.0442 1196 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
00:16:21.0442 1196 Bonjour Service - ok
00:16:21.0473 1196 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
00:16:21.0489 1196 bowser - ok
00:16:21.0489 1196 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
00:16:21.0535 1196 BrFiltLo - ok
00:16:21.0535 1196 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
00:16:21.0551 1196 BrFiltUp - ok
00:16:21.0582 1196 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
00:16:21.0613 1196 BridgeMP - ok
00:16:21.0645 1196 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
00:16:21.0660 1196 Browser - ok
00:16:21.0691 1196 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
00:16:21.0723 1196 Brserid - ok
00:16:21.0723 1196 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
00:16:21.0738 1196 BrSerWdm - ok
00:16:21.0754 1196 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:16:21.0769 1196 BrUsbMdm - ok
00:16:21.0785 1196 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
00:16:21.0832 1196 BrUsbSer - ok
00:16:21.0863 1196 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
00:16:21.0879 1196 BthEnum - ok
00:16:21.0894 1196 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
00:16:21.0910 1196 BTHMODEM - ok
00:16:21.0910 1196 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
00:16:21.0925 1196 BthPan - ok
00:16:21.0972 1196 BTHPORT (195c41cc67e9e1cedd960ccb74925920) C:\Windows\system32\Drivers\BTHport.sys
00:16:21.0988 1196 BTHPORT - ok
00:16:22.0019 1196 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
00:16:22.0035 1196 bthserv - ok
00:16:22.0050 1196 BTHUSB (43b3206dd654e783aa7e4ead340a43b8) C:\Windows\system32\Drivers\BTHUSB.sys
00:16:22.0081 1196 BTHUSB - ok
00:16:22.0175 1196 BTWAMPFL (c1006bc7114b24e147dbbc2f6e83f01f) C:\Windows\system32\DRIVERS\btwampfl.sys
00:16:22.0175 1196 BTWAMPFL - ok
00:16:22.0206 1196 btwaudio (b9967a1c4f04bfcb9f4f037b20047a17) C:\Windows\system32\drivers\btwaudio.sys
00:16:22.0206 1196 btwaudio - ok
00:16:22.0237 1196 btwavdt (b325aa3278aad2af0ac6ad9dcaac744b) C:\Windows\system32\drivers\btwavdt.sys
00:16:22.0237 1196 btwavdt - ok
00:16:22.0300 1196 btwdins - ok
00:16:22.0331 1196 btwl2cap (6d7a78ce470876788edb68c646f19d54) C:\Windows\system32\DRIVERS\btwl2cap.sys
00:16:22.0347 1196 btwl2cap - ok
00:16:22.0362 1196 btwrchid (bfec5b8ebc5ed16cf56496a007917791) C:\Windows\system32\drivers\btwrchid.sys
00:16:22.0362 1196 btwrchid - ok
00:16:22.0487 1196 catchme - ok
00:16:22.0674 1196 CcmExec (a454a9baa25b8c8e76735dd86bd4b017) C:\Windows\system32\CCM\CcmExec.exe
00:16:22.0690 1196 CcmExec - ok
00:16:22.0737 1196 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
00:16:22.0752 1196 cdfs - ok
00:16:22.0783 1196 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
00:16:22.0783 1196 cdrom - ok
00:16:22.0830 1196 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
00:16:22.0846 1196 CertPropSvc - ok
00:16:22.0861 1196 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
00:16:22.0877 1196 circlass - ok
00:16:22.0908 1196 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
00:16:22.0924 1196 CLFS - ok
00:16:23.0064 1196 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:16:23.0080 1196 clr_optimization_v2.0.50727_32 - ok
00:16:23.0220 1196 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:16:23.0298 1196 clr_optimization_v4.0.30319_32 - ok
00:16:23.0314 1196 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
00:16:23.0329 1196 CmBatt - ok
00:16:23.0329 1196 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
00:16:23.0345 1196 cmdide - ok
00:16:23.0392 1196 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
00:16:23.0407 1196 CNG - ok
00:16:23.0501 1196 CnxtHdAudService (108d22ae4b97307668ae5f951aed72d1) C:\Windows\system32\drivers\CHDRT32.sys
00:16:23.0517 1196 CnxtHdAudService - ok
00:16:23.0891 1196 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
00:16:23.0907 1196 Compbatt - ok
00:16:23.0938 1196 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
00:16:23.0953 1196 CompositeBus - ok
00:16:23.0969 1196 COMSysApp - ok
00:16:23.0969 1196 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
00:16:23.0985 1196 crcdisk - ok
00:16:24.0016 1196 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
00:16:24.0047 1196 CryptSvc - ok
00:16:24.0094 1196 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
00:16:24.0109 1196 CSC - ok
00:16:24.0187 1196 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
00:16:24.0203 1196 CscService - ok
00:16:24.0234 1196 CxAudMsg (a4e503ce89cd1287892cb6ab58bbe75c) C:\Windows\system32\CxAudMsg32.exe
00:16:24.0234 1196 CxAudMsg - ok
00:16:24.0297 1196 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
00:16:24.0328 1196 DcomLaunch - ok
00:16:24.0375 1196 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
00:16:24.0390 1196 defragsvc - ok
00:16:24.0515 1196 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
00:16:24.0531 1196 DfsC - ok
00:16:24.0609 1196 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
00:16:24.0624 1196 Dhcp - ok
00:16:24.0655 1196 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
00:16:24.0687 1196 discache - ok
00:16:24.0687 1196 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
00:16:24.0702 1196 Disk - ok
00:16:24.0718 1196 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
00:16:24.0749 1196 dmvsc - ok
00:16:24.0780 1196 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
00:16:24.0811 1196 Dnscache - ok
00:16:24.0827 1196 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
00:16:24.0858 1196 dot3svc - ok
00:16:24.0905 1196 DozeHDD (6d279bb0de1d8e34f454e1b353f4d738) C:\Windows\system32\DRIVERS\DozeHDD.sys
00:16:24.0921 1196 DozeHDD - ok
00:16:25.0030 1196 DozeSvc (a4ecdd165b0f7ee9e44a569881f4ca6d) C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
00:16:25.0030 1196 DozeSvc - ok
00:16:25.0077 1196 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
00:16:25.0092 1196 DPS - ok
00:16:25.0123 1196 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
00:16:25.0139 1196 drmkaud - ok
00:16:25.0201 1196 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
00:16:25.0201 1196 DXGKrnl - ok
00:16:25.0248 1196 e1cexpress (890a46fb3d58667be559cee1a0252049) C:\Windows\system32\DRIVERS\e1c6232.sys
00:16:25.0264 1196 e1cexpress - ok
00:16:25.0311 1196 e1kexpress (a13f07a0422e4a04e7ff6f6f3b05e729) C:\Windows\system32\DRIVERS\e1k6232.sys
00:16:25.0311 1196 e1kexpress - ok
00:16:25.0342 1196 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
00:16:25.0373 1196 EapHost - ok
00:16:25.0560 1196 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
00:16:25.0591 1196 ebdrv - ok
00:16:25.0857 1196 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
00:16:25.0872 1196 EFS - ok
00:16:25.0981 1196 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
00:16:26.0013 1196 ehRecvr - ok
00:16:26.0044 1196 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
00:16:26.0106 1196 ehSched - ok
00:16:26.0262 1196 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
00:16:26.0278 1196 elxstor - ok
00:16:26.0278 1196 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
00:16:26.0293 1196 ErrDev - ok
00:16:26.0340 1196 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
00:16:26.0371 1196 EventSystem - ok
00:16:26.0387 1196 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
00:16:26.0403 1196 exfat - ok
00:16:26.0574 1196 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
00:16:26.0590 1196 fastfat - ok
00:16:26.0667 1196 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
00:16:26.0697 1196 Fax - ok
00:16:26.0707 1196 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
00:16:26.0727 1196 fdc - ok
00:16:26.0737 1196 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
00:16:26.0767 1196 fdPHost - ok
00:16:26.0777 1196 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
00:16:26.0807 1196 FDResPub - ok
00:16:26.0827 1196 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
00:16:26.0837 1196 FileInfo - ok
00:16:26.0837 1196 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
00:16:26.0857 1196 Filetrace - ok
00:16:26.0937 1196 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:16:26.0957 1196 FLEXnet Licensing Service - ok
00:16:26.0967 1196 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
00:16:26.0987 1196 flpydisk - ok
00:16:27.0007 1196 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
00:16:27.0017 1196 FltMgr - ok
00:16:27.0087 1196 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
00:16:27.0117 1196 FontCache - ok
00:16:27.0205 1196 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:16:27.0220 1196 FontCache3.0.0.0 - ok
00:16:27.0236 1196 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
00:16:27.0236 1196 FsDepends - ok
00:16:27.0267 1196 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
00:16:27.0283 1196 Fs_Rec - ok
00:16:27.0329 1196 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
00:16:27.0329 1196 fvevol - ok
00:16:27.0345 1196 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
00:16:27.0361 1196 gagp30kx - ok
00:16:27.0423 1196 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
00:16:27.0439 1196 gpsvc - ok
00:16:27.0501 1196 HBtnKey (f837f24dcca39dcd2d03fa9f00586c6c) C:\Windows\system32\drivers\tkbtnpn.sys
00:16:27.0501 1196 HBtnKey - ok
00:16:27.0517 1196 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
00:16:27.0532 1196 hcw85cir - ok
00:16:27.0579 1196 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
00:16:27.0610 1196 HdAudAddService - ok
00:16:27.0626 1196 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
00:16:27.0641 1196 HDAudBus - ok
00:16:27.0657 1196 HECI (d86ac00883b9c98b570e7643aaf8e554) C:\Windows\system32\drivers\HECI.sys
00:16:27.0688 1196 HECI - ok
00:16:27.0688 1196 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
00:16:27.0704 1196 HidBatt - ok
00:16:27.0704 1196 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
00:16:27.0735 1196 HidBth - ok
00:16:27.0735 1196 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
00:16:27.0751 1196 HidIr - ok
00:16:27.0782 1196 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
00:16:27.0797 1196 hidserv - ok
00:16:27.0860 1196 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
00:16:27.0875 1196 HidUsb - ok
00:16:27.0907 1196 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
00:16:27.0922 1196 hkmsvc - ok
00:16:27.0953 1196 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
00:16:27.0985 1196 HomeGroupListener - ok
00:16:28.0016 1196 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
00:16:28.0031 1196 HomeGroupProvider - ok
00:16:28.0063 1196 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
00:16:28.0063 1196 HpSAMD - ok
00:16:28.0109 1196 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
00:16:28.0125 1196 HTTP - ok
00:16:28.0125 1196 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
00:16:28.0141 1196 hwpolicy - ok
00:16:28.0156 1196 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
00:16:28.0156 1196 i8042prt - ok
00:16:28.0219 1196 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\Windows\system32\drivers\iaStor.sys
00:16:28.0219 1196 iaStor - ok
00:16:28.0265 1196 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
00:16:28.0281 1196 iaStorV - ok
00:16:28.0312 1196 IBMPMDRV (fa3d0a6da7bb7968efe5c5bc267f0e55) C:\Windows\system32\drivers\ibmpmdrv.sys
00:16:28.0328 1196 IBMPMDRV - ok
00:16:28.0328 1196 IBMPMSVC (495f184a29b80b51735bcee91d84fe8f) C:\Windows\system32\ibmpmsvc.exe
00:16:28.0328 1196 IBMPMSVC - ok
00:16:28.0468 1196 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:16:28.0499 1196 idsvc - ok
00:16:29.0014 1196 igfx (5bcac9ee17f90d03e5ff4f9bb7d2f4b8) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:16:29.0217 1196 igfx - ok
00:16:29.0591 1196 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
00:16:29.0607 1196 iirsp - ok
00:16:29.0669 1196 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
00:16:29.0701 1196 IKEEXT - ok
00:16:29.0747 1196 IntcDAud (5576ad2f0039d2bccca3567fc0bf981c) C:\Windows\system32\DRIVERS\IntcDAud.sys
00:16:29.0794 1196 IntcDAud - ok
00:16:29.0841 1196 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
00:16:29.0841 1196 intelide - ok
00:16:29.0872 1196 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\drivers\intelppm.sys
00:16:29.0888 1196 intelppm - ok
00:16:29.0919 1196 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
00:16:29.0935 1196 IPBusEnum - ok
00:16:29.0950 1196 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:16:29.0997 1196 IpFilterDriver - ok
00:16:30.0028 1196 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
00:16:30.0044 1196 iphlpsvc - ok
00:16:30.0044 1196 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
00:16:30.0059 1196 IPMIDRV - ok
00:16:30.0059 1196 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
00:16:30.0091 1196 IPNAT - ok
00:16:30.0106 1196 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
00:16:30.0137 1196 IRENUM - ok
00:16:30.0169 1196 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
00:16:30.0169 1196 isapnp - ok
00:16:30.0200 1196 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
00:16:30.0200 1196 iScsiPrt - ok
00:16:30.0262 1196 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
00:16:30.0262 1196 kbdclass - ok
00:16:30.0293 1196 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
00:16:30.0309 1196 kbdhid - ok
00:16:30.0325 1196 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:16:30.0340 1196 KeyIso - ok
00:16:30.0356 1196 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
00:16:30.0356 1196 KSecDD - ok
00:16:30.0371 1196 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
00:16:30.0387 1196 KSecPkg - ok
00:16:30.0434 1196 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
00:16:30.0465 1196 KtmRm - ok
00:16:30.0527 1196 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
00:16:30.0559 1196 LanmanServer - ok
00:16:30.0590 1196 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
00:16:30.0605 1196 LanmanWorkstation - ok
00:16:30.0699 1196 LENOVO.CAMMUTE (1ef45f1bd62b8f4c19458326a3e91930) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
00:16:30.0699 1196 LENOVO.CAMMUTE - ok
00:16:30.0746 1196 LENOVO.MICMUTE (fce735941da27929dbfc1918f286ffd8) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
00:16:30.0761 1196 LENOVO.MICMUTE - ok
00:16:30.0793 1196 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\Windows\system32\DRIVERS\smiif32.sys
00:16:30.0793 1196 lenovo.smi - ok
00:16:30.0839 1196 LENOVO.TPKNRSVC (448be3e001004a55e8a959c57e17f6d8) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
00:16:30.0855 1196 LENOVO.TPKNRSVC - ok
00:16:30.0902 1196 Lenovo.VIRTSCRLSVC (6f2cc57eb5836d2ac9bd37f3554d55f8) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
00:16:30.0902 1196 Lenovo.VIRTSCRLSVC - ok
00:16:30.0949 1196 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
00:16:30.0964 1196 lltdio - ok
00:16:31.0011 1196 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
00:16:31.0027 1196 lltdsvc - ok
00:16:31.0042 1196 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
00:16:31.0058 1196 lmhosts - ok
00:16:31.0089 1196 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
00:16:31.0105 1196 LSI_FC - ok
00:16:31.0105 1196 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
00:16:31.0120 1196 LSI_SAS - ok
00:16:31.0120 1196 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
00:16:31.0136 1196 LSI_SAS2 - ok
00:16:31.0136 1196 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
00:16:31.0136 1196 LSI_SCSI - ok
00:16:31.0151 1196 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
00:16:31.0167 1196 luafv - ok
00:16:31.0198 1196 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
00:16:31.0198 1196 MBAMProtector - ok
00:16:31.0276 1196 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
00:16:31.0292 1196 MBAMService - ok
00:16:31.0323 1196 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
00:16:31.0339 1196 Mcx2Svc - ok
00:16:31.0339 1196 mdmxsdk - ok
00:16:31.0370 1196 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
00:16:31.0370 1196 megasas - ok
00:16:31.0401 1196 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
00:16:31.0417 1196 MegaSR - ok
00:16:31.0432 1196 MEI (d86ac00883b9c98b570e7643aaf8e554) C:\Windows\system32\drivers\HECI.sys
00:16:31.0432 1196 MEI - ok
00:16:31.0557 1196 Microsoft SharePoint Workspace Audit Service - ok
00:16:31.0588 1196 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
00:16:31.0619 1196 MMCSS - ok
00:16:31.0635 1196 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
00:16:31.0651 1196 Modem - ok
00:16:31.0666 1196 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
00:16:31.0682 1196 monitor - ok
00:16:31.0713 1196 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
00:16:31.0713 1196 mouclass - ok
00:16:31.0729 1196 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\drivers\mouhid.sys
00:16:31.0744 1196 mouhid - ok
00:16:31.0760 1196 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
00:16:31.0760 1196 mountmgr - ok
00:16:31.0807 1196 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
00:16:31.0822 1196 MpFilter - ok
00:16:31.0838 1196 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
00:16:31.0853 1196 mpio - ok
00:16:31.0869 1196 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
00:16:31.0885 1196 MpNWMon - ok
00:16:31.0885 1196 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
00:16:31.0900 1196 mpsdrv - ok
00:16:31.0963 1196 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
00:16:31.0994 1196 MpsSvc - ok
00:16:32.0041 1196 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
00:16:32.0056 1196 MRxDAV - ok
00:16:32.0056 1196 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:16:32.0087 1196 mrxsmb - ok
00:16:32.0119 1196 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:16:32.0134 1196 mrxsmb10 - ok
00:16:32.0165 1196 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:16:32.0165 1196 mrxsmb20 - ok
00:16:32.0165 1196 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
00:16:32.0181 1196 msahci - ok
00:16:32.0197 1196 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
00:16:32.0197 1196 msdsm - ok
00:16:32.0243 1196 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
00:16:32.0259 1196 MSDTC - ok
00:16:32.0275 1196 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
00:16:32.0290 1196 Msfs - ok
00:16:32.0306 1196 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
00:16:32.0321 1196 mshidkmdf - ok
00:16:32.0321 1196 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
00:16:32.0321 1196 msisadrv - ok
00:16:32.0353 1196 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
00:16:32.0384 1196 MSiSCSI - ok
00:16:32.0384 1196 msiserver - ok
00:16:32.0399 1196 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
00:16:32.0431 1196 MSKSSRV - ok
00:16:32.0509 1196 MsMpSvc (90dc23d940551db35367fb1e40575b25) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
00:16:32.0509 1196 MsMpSvc - ok
00:16:32.0540 1196 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
00:16:32.0571 1196 MSPCLOCK - ok
00:16:32.0571 1196 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
00:16:32.0602 1196 MSPQM - ok
00:16:32.0602 1196 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
00:16:32.0618 1196 MsRPC - ok
00:16:32.0633 1196 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
00:16:32.0633 1196 mssmbios - ok
00:16:32.0633 1196 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
00:16:32.0649 1196 MSTEE - ok
00:16:32.0665 1196 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
00:16:32.0680 1196 MTConfig - ok
00:16:32.0696 1196 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
00:16:32.0696 1196 Mup - ok
00:16:32.0743 1196 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
00:16:32.0774 1196 napagent - ok
00:16:32.0821 1196 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
00:16:32.0836 1196 NativeWifiP - ok
00:16:32.0883 1196 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
00:16:32.0899 1196 NDIS - ok
00:16:32.0914 1196 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
00:16:32.0930 1196 NdisCap - ok
00:16:32.0945 1196 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
00:16:32.0961 1196 NdisTapi - ok
00:16:32.0977 1196 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
00:16:32.0992 1196 Ndisuio - ok
00:16:33.0039 1196 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
00:16:33.0055 1196 NdisWan - ok
00:16:33.0055 1196 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
00:16:33.0070 1196 NDProxy - ok
00:16:33.0070 1196 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
00:16:33.0101 1196 NetBIOS - ok
00:16:33.0117 1196 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
00:16:33.0133 1196 NetBT - ok
00:16:33.0148 1196 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:16:33.0164 1196 Netlogon - ok
00:16:33.0211 1196 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
00:16:33.0242 1196 Netman - ok
00:16:33.0413 1196 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:16:33.0429 1196 NetMsmqActivator - ok
00:16:33.0429 1196 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:16:33.0429 1196 NetPipeActivator - ok
00:16:33.0491 1196 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
00:16:33.0523 1196 netprofm - ok
00:16:33.0523 1196 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:16:33.0538 1196 NetTcpActivator - ok
00:16:33.0538 1196 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:16:33.0538 1196 NetTcpPortSharing - ok
00:16:33.0913 1196 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
00:16:34.0006 1196 NETw5s32 - ok
00:16:34.0724 1196 NETwNs32 (814596469bbe40ef99ccfd582a375b83) C:\Windows\system32\DRIVERS\NETwNs32.sys
00:16:34.0833 1196 NETwNs32 - ok
00:16:35.0223 1196 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
00:16:35.0223 1196 nfrd960 - ok
00:16:35.0254 1196 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:16:35.0254 1196 NisDrv - ok
00:16:35.0348 1196 NisSrv (c73de53197ac0c4db60b80588f0d54df) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
00:16:35.0348 1196 NisSrv - ok
00:16:35.0395 1196 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
00:16:35.0410 1196 NlaSvc - ok
00:16:35.0441 1196 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
00:16:35.0457 1196 Npfs - ok
00:16:35.0473 1196 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
00:16:35.0488 1196 nsi - ok
00:16:35.0488 1196 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
00:16:35.0519 1196 nsiproxy - ok
00:16:35.0566 1196 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
00:16:35.0597 1196 Ntfs - ok
00:16:36.0034 1196 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
00:16:36.0065 1196 Null - ok
00:16:36.0081 1196 NVHDA - ok
00:16:36.0643 1196 nvlddmkm (f86c503cb3b63cdf0b987c3fc54c1353) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:16:36.0877 1196 nvlddmkm - ok
00:16:37.0251 1196 nvpciflt (71c77ad0c6edf31034ecf5aa820fa26b) C:\Windows\system32\DRIVERS\nvpciflt.sys
00:16:37.0251 1196 nvpciflt - ok
00:16:37.0267 1196 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
00:16:37.0267 1196 nvraid - ok
00:16:37.0282 1196 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
00:16:37.0282 1196 nvstor - ok
00:16:37.0376 1196 NVSvc (27cbd79ac89aec66800102a418cb8274) C:\Windows\system32\nvvsvc.exe
00:16:37.0391 1196 NVSvc - ok
00:16:37.0407 1196 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
00:16:37.0407 1196 nv_agp - ok
00:16:37.0438 1196 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
00:16:37.0454 1196 ohci1394 - ok
00:16:37.0516 1196 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:16:37.0532 1196 ose - ok
00:16:37.0797 1196 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:16:37.0937 1196 osppsvc - ok
00:16:38.0234 1196 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
00:16:38.0265 1196 p2pimsvc - ok
00:16:38.0296 1196 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
00:16:38.0312 1196 p2psvc - ok
00:16:38.0437 1196 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
00:16:38.0452 1196 Parport - ok
00:16:38.0452 1196 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
00:16:38.0452 1196 partmgr - ok
00:16:38.0452 1196 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
00:16:38.0468 1196 Parvdm - ok
00:16:38.0499 1196 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
00:16:38.0515 1196 PcaSvc - ok
00:16:38.0546 1196 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
00:16:38.0546 1196 pci - ok
00:16:38.0546 1196 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
00:16:38.0561 1196 pciide - ok
00:16:38.0561 1196 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
00:16:38.0577 1196 pcmcia - ok
00:16:38.0577 1196 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
00:16:38.0593 1196 pcw - ok
00:16:38.0608 1196 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
00:16:38.0624 1196 PEAUTH - ok
00:16:38.0702 1196 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
00:16:38.0733 1196 PeerDistSvc - ok
00:16:38.0858 1196 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
00:16:38.0889 1196 pla - ok
00:16:39.0170 1196 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
00:16:39.0201 1196 PlugPlay - ok
00:16:39.0232 1196 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
00:16:39.0248 1196 PNRPAutoReg - ok
00:16:39.0263 1196 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
00:16:39.0279 1196 PNRPsvc - ok
00:16:39.0326 1196 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
00:16:39.0357 1196 PolicyAgent - ok
00:16:39.0388 1196 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
00:16:39.0419 1196 Power - ok
00:16:39.0529 1196 Power Manager DBC Service (2db6404b68aa554f4805bcb645ed8e11) C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
00:16:39.0529 1196 Power Manager DBC Service - ok
00:16:39.0669 1196 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
00:16:39.0685 1196 PptpMiniport - ok
00:16:39.0809 1196 prepdrvr (2a4514a9233d35a355f569ff8b8f6240) C:\Windows\system32\CCM\prepdrv.sys
00:16:39.0825 1196 prepdrvr - ok
00:16:39.0841 1196 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
00:16:39.0856 1196 Processor - ok
00:16:39.0887 1196 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
00:16:39.0903 1196 ProfSvc - ok
00:16:39.0934 1196 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:16:39.0934 1196 ProtectedStorage - ok
00:16:39.0965 1196 psadd (06f82545e04ebf113b1c2c1c9f766d81) C:\Windows\system32\DRIVERS\psadd.sys
00:16:39.0981 1196 psadd - ok
00:16:40.0028 1196 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
00:16:40.0043 1196 Psched - ok
00:16:40.0106 1196 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
00:16:40.0121 1196 PSI_SVC_2 - ok
00:16:40.0153 1196 PwmEWSvc (ef283bc7e0091713c15414aaf64074eb) C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
00:16:40.0153 1196 PwmEWSvc - ok
00:16:40.0184 1196 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
00:16:40.0184 1196 PxHelp20 - ok
00:16:40.0277 1196 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
00:16:40.0309 1196 ql2300 - ok
00:16:40.0667 1196 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
00:16:40.0683 1196 ql40xx - ok
00:16:40.0714 1196 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
00:16:40.0714 1196 QWAVE - ok
00:16:40.0730 1196 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
00:16:40.0730 1196 QWAVEdrv - ok
00:16:40.0730 1196 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
00:16:40.0745 1196 RasAcd - ok
00:16:40.0792 1196 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:16:40.0808 1196 RasAgileVpn - ok
00:16:40.0823 1196 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
00:16:40.0839 1196 RasAuto - ok
00:16:40.0855 1196 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:16:40.0886 1196 Rasl2tp - ok
00:16:40.0917 1196 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
00:16:40.0948 1196 RasMan - ok
00:16:40.0979 1196 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
00:16:40.0995 1196 RasPppoe - ok
00:16:41.0011 1196 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
00:16:41.0026 1196 RasSstp - ok
00:16:41.0042 1196 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
00:16:41.0073 1196 rdbss - ok
00:16:41.0073 1196 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
00:16:41.0089 1196 rdpbus - ok
00:16:41.0089 1196 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:16:41.0104 1196 RDPCDD - ok
00:16:41.0120 1196 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
00:16:41.0135 1196 RDPDR - ok
00:16:41.0167 1196 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
00:16:41.0182 1196 RDPENCDD - ok
00:16:41.0182 1196 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
00:16:41.0213 1196 RDPREFMP - ok
00:16:41.0229 1196 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
00:16:41.0260 1196 RdpVideoMiniport - ok
00:16:41.0307 1196 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
00:16:41.0323 1196 RDPWD - ok
00:16:41.0369 1196 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
00:16:41.0385 1196 rdyboost - ok
00:16:41.0416 1196 regi (24d3b49dab660a8b8afa40240e735e24) C:\Windows\system32\drivers\regi.sys
00:16:41.0416 1196 regi - ok
00:16:41.0447 1196 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
00:16:41.0479 1196 RemoteAccess - ok
00:16:41.0510 1196 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
00:16:41.0525 1196 RemoteRegistry - ok
00:16:41.0557 1196 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
00:16:41.0572 1196 RFCOMM - ok
00:16:41.0619 1196 risdxc (9ebc0f4b55ec20e91fe40ac83825836c) C:\Windows\system32\drivers\risdxc86.sys
00:16:41.0635 1196 risdxc - ok
00:16:41.0666 1196 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
00:16:41.0681 1196 RpcEptMapper - ok
00:16:41.0713 1196 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
00:16:41.0728 1196 RpcLocator - ok
00:16:41.0759 1196 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
00:16:41.0775 1196 RpcSs - ok
00:16:41.0822 1196 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
00:16:41.0837 1196 rspndr - ok
00:16:41.0869 1196 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
00:16:41.0884 1196 s3cap - ok
00:16:41.0915 1196 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:16:41.0915 1196 SamSs - ok
00:16:41.0978 1196 SAService (cc5a2ca76b2e32bb2448ca57c80fe4be) C:\Windows\system32\SAsrv.exe
00:16:41.0993 1196 SAService - ok
00:16:42.0025 1196 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
00:16:42.0025 1196 sbp2port - ok
00:16:42.0056 1196 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
00:16:42.0071 1196 SCardSvr - ok
00:16:42.0071 1196 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
00:16:42.0087 1196 scfilter - ok
00:16:42.0134 1196 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
00:16:42.0165 1196 Schedule - ok
00:16:42.0181 1196 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
00:16:42.0196 1196 SCPolicySvc - ok
00:16:42.0243 1196 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
00:16:42.0259 1196 sdbus - ok
00:16:42.0290 1196 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
00:16:42.0321 1196 SDRSVC - ok
00:16:42.0337 1196 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:16:42.0352 1196 secdrv - ok
00:16:42.0368 1196 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
00:16:42.0399 1196 seclogon - ok
00:16:42.0415 1196 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
00:16:42.0446 1196 SENS - ok
00:16:42.0477 1196 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
00:16:42.0493 1196 SensrSvc - ok
00:16:42.0508 1196 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
00:16:42.0508 1196 Serenum - ok
00:16:42.0539 1196 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
00:16:42.0555 1196 Serial - ok
00:16:42.0555 1196 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
00:16:42.0571 1196 sermouse - ok
00:16:42.0602 1196 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
00:16:42.0633 1196 SessionEnv - ok
00:16:42.0633 1196 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
00:16:42.0664 1196 sffdisk - ok
00:16:42.0664 1196 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
00:16:42.0680 1196 sffp_mmc - ok
00:16:42.0680 1196 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
00:16:42.0680 1196 sffp_sd - ok
00:16:42.0695 1196 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
00:16:42.0695 1196 sfloppy - ok
00:16:42.0742 1196 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
00:16:42.0773 1196 SharedAccess - ok
00:16:42.0820 1196 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
00:16:42.0836 1196 ShellHWDetection - ok
00:16:42.0867 1196 Shockprf (486a1bd22dd66d0a8542ebb0cd792bdb) C:\Windows\system32\DRIVERS\Apsx86.sys
00:16:42.0883 1196 Shockprf - ok
00:16:42.0914 1196 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
00:16:42.0914 1196 sisagp - ok
00:16:42.0929 1196 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
00:16:42.0929 1196 SiSRaid2 - ok
00:16:42.0945 1196 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
00:16:42.0945 1196 SiSRaid4 - ok
00:16:42.0961 1196 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
00:16:42.0976 1196 Smb - ok
00:16:43.0070 1196 smstsmgr - ok
00:16:43.0085 1196 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
00:16:43.0101 1196 SNMPTRAP - ok
00:16:43.0132 1196 SophosVirusRemovalTool - ok
00:16:43.0163 1196 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
00:16:43.0163 1196 spldr - ok
00:16:43.0210 1196 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
00:16:43.0226 1196 Spooler - ok
00:16:43.0413 1196 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
00:16:43.0475 1196 sppsvc - ok
00:16:43.0772 1196 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
00:16:43.0787 1196 sppuinotify - ok
00:16:43.0928 1196 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
00:16:43.0975 1196 srv - ok
00:16:43.0990 1196 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
00:16:44.0006 1196 srv2 - ok
00:16:44.0037 1196 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
00:16:44.0068 1196 SrvHsfHDA - ok
00:16:44.0131 1196 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
00:16:44.0146 1196 SrvHsfV92 - ok
00:16:44.0193 1196 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
00:16:44.0209 1196 SrvHsfWinac - ok
00:16:44.0224 1196 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
00:16:44.0224 1196 srvnet - ok
00:16:44.0271 1196 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
00:16:44.0287 1196 SSDPSRV - ok
00:16:44.0287 1196 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
00:16:44.0318 1196 SstpSvc - ok
00:16:44.0333 1196 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
00:16:44.0333 1196 stexstor - ok
00:16:44.0396 1196 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
00:16:44.0411 1196 StiSvc - ok
00:16:44.0427 1196 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
00:16:44.0427 1196 storflt - ok
00:16:44.0458 1196 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
00:16:44.0474 1196 StorSvc - ok
00:16:44.0489 1196 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
00:16:44.0489 1196 storvsc - ok
00:16:44.0521 1196 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
00:16:44.0521 1196 swenum - ok
00:16:44.0614 1196 SWI32 (408902ccbc48113154e428b41931aa5b) C:\Program Files\Lenovo\System Update\tvsuhd32.sys
00:16:44.0630 1196 SWI32 - ok
00:16:44.0661 1196 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
00:16:44.0692 1196 swprv - ok
00:16:44.0723 1196 Synth3dVsc (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\Synth3dVsc.sys
00:16:44.0723 1196 Synth3dVsc - ok
00:16:44.0833 1196 SynTP (4db524dcd5cece0349d9f8c3738da0b2) C:\Windows\system32\drivers\SynTP.sys
00:16:44.0848 1196 SynTP - ok
00:16:45.0207 1196 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
00:16:45.0223 1196 SysMain - ok
00:16:45.0238 1196 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
00:16:45.0238 1196 TabletInputService - ok
00:16:45.0566 1196 TabletServiceISD (c17791458f2316646e3e246b2877a09a) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
00:16:45.0628 1196 TabletServiceISD - ok
00:16:45.0722 1196 TabletSVC (5042d5f44275b8eedf0deb95693e84ed) C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
00:16:45.0722 1196 TabletSVC - ok
00:16:46.0003 1196 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
00:16:46.0034 1196 TapiSrv - ok
00:16:46.0049 1196 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
00:16:46.0065 1196 TBS - ok
00:16:46.0237 1196 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
00:16:46.0268 1196 Tcpip - ok
00:16:46.0767 1196 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
00:16:46.0783 1196 TCPIP6 - ok
00:16:47.0157 1196 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
00:16:47.0173 1196 tcpipreg - ok
00:16:47.0188 1196 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
00:16:47.0188 1196 TDPIPE - ok
00:16:47.0219 1196 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
00:16:47.0219 1196 TDTCP - ok
00:16:47.0235 1196 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
00:16:47.0251 1196 tdx - ok
00:16:47.0251 1196 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
00:16:47.0251 1196 TermDD - ok
00:16:47.0266 1196 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys
00:16:47.0297 1196 terminpt - ok
00:16:47.0360 1196 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
00:16:47.0375 1196 TermService - ok
00:16:47.0391 1196 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
00:16:47.0407 1196 Themes - ok
00:16:47.0438 1196 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
00:16:47.0453 1196 THREADORDER - ok
00:16:47.0563 1196 TouchServiceISD (d29118438e0f268dca3278d0982774c8) C:\Program Files\Tablet\ISD\ISD_TouchService.exe
00:16:47.0563 1196 TouchServiceISD - ok
00:16:47.0594 1196 TPDIGIMN (20a439d6475d6fe1909159c0143d0466) C:\Windows\system32\DRIVERS\ApsHM86.sys
00:16:47.0594 1196 TPDIGIMN - ok
00:16:47.0625 1196 TPHDEXLGSVC (3775e4aa5f72264dbab7a578dd913ecf) C:\Windows\system32\TPHDEXLG.exe
00:16:47.0625 1196 TPHDEXLGSVC - ok
00:16:47.0719 1196 TPHKSVC (9e6e4a9789f76593cc5a6a5af8fc5929) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
00:16:47.0719 1196 TPHKSVC - ok
00:16:47.0781 1196 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
00:16:47.0812 1196 TPM - ok
00:16:47.0968 1196 TPPWRIF (c16ec6a5390904d3971179553852025b) C:\Windows\system32\drivers\Tppwr32v.sys
00:16:47.0968 1196 TPPWRIF - ok
00:16:48.0015 1196 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
00:16:48.0031 1196 TrkWks - ok
00:16:48.0093 1196 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
00:16:48.0109 1196 TrustedInstaller - ok
00:16:48.0124 1196 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:16:48.0140 1196 tssecsrv - ok
00:16:48.0155 1196 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
00:16:48.0171 1196 TsUsbFlt - ok
00:16:48.0187 1196 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
00:16:48.0202 1196 TsUsbGD - ok
00:16:48.0218 1196 tsusbhub (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys
00:16:48.0218 1196 tsusbhub - ok
00:16:48.0249 1196 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
00:16:48.0280 1196 tunnel - ok
00:16:48.0421 1196 TVT Backup Service (c9859779f9c29aadfbf454b7605452e6) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
00:16:48.0452 1196 TVT Backup Service - ok
00:16:48.0826 1196 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
00:16:48.0826 1196 uagp35 - ok
00:16:48.0857 1196 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
00:16:48.0873 1196 udfs - ok
00:16:48.0904 1196 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
00:16:48.0920 1196 UI0Detect - ok
00:16:48.0951 1196 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
00:16:48.0967 1196 uliagpkx - ok
00:16:48.0967 1196 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
00:16:48.0982 1196 umbus - ok
00:16:48.0982 1196 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
00:16:48.0998 1196 UmPass - ok
00:16:49.0013 1196 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
00:16:49.0029 1196 UmRdpService - ok
00:16:49.0060 1196 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
00:16:49.0076 1196 upnphost - ok
00:16:49.0107 1196 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\System32\Drivers\usbaapl.sys
00:16:49.0123 1196 USBAAPL - ok
00:16:49.0154 1196 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
00:16:49.0169 1196 usbccgp - ok
00:16:49.0185 1196 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
00:16:49.0185 1196 usbcir - ok
00:16:49.0201 1196 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
00:16:49.0216 1196 usbehci - ok
00:16:49.0263 1196 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
00:16:49.0279 1196 usbhub - ok
00:16:49.0279 1196 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
00:16:49.0294 1196 usbohci - ok
00:16:49.0294 1196 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
00:16:49.0310 1196 usbprint - ok
00:16:49.0310 1196 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:16:49.0325 1196 USBSTOR - ok
00:16:49.0325 1196 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
00:16:49.0341 1196 usbuhci - ok
00:16:49.0388 1196 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
00:16:49.0403 1196 usbvideo - ok
00:16:49.0435 1196 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
00:16:49.0450 1196 UxSms - ok
00:16:49.0466 1196 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
00:16:49.0481 1196 VaultSvc - ok
00:16:49.0497 1196 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
00:16:49.0497 1196 vdrvroot - ok
00:16:49.0544 1196 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
00:16:49.0575 1196 vds - ok
00:16:49.0591 1196 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
00:16:49.0606 1196 vga - ok
00:16:49.0622 1196 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
00:16:49.0637 1196 VgaSave - ok
00:16:49.0637 1196 VGPU - ok
00:16:49.0669 1196 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
00:16:49.0669 1196 vhdmp - ok
00:16:49.0684 1196 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
00:16:49.0684 1196 viaagp - ok
00:16:49.0700 1196 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
00:16:49.0715 1196 ViaC7 - ok
00:16:49.0715 1196 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
00:16:49.0715 1196 viaide - ok
00:16:49.0747 1196 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
00:16:49.0747 1196 vmbus - ok
00:16:49.0762 1196 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
00:16:49.0778 1196 VMBusHID - ok
00:16:49.0778 1196 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
00:16:49.0793 1196 volmgr - ok
00:16:49.0809 1196 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
00:16:49.0825 1196 volmgrx - ok
00:16:49.0840 1196 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
00:16:49.0840 1196 volsnap - ok
00:16:49.0856 1196 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
00:16:49.0871 1196 vsmraid - ok
00:16:49.0949 1196 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
00:16:49.0996 1196 VSS - ok
00:16:50.0012 1196 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
00:16:50.0027 1196 vwifibus - ok
00:16:50.0043 1196 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
00:16:50.0059 1196 vwififlt - ok
00:16:50.0059 1196 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
00:16:50.0074 1196 vwifimp - ok
00:16:50.0090 1196 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
00:16:50.0105 1196 W32Time - ok
00:16:50.0137 1196 wacomhidfilter (369784e6265417c87c345c4a8481ec2c) C:\Windows\system32\drivers\wacomhidfilter.sys
00:16:50.0152 1196 wacomhidfilter - ok
00:16:50.0152 1196 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\drivers\wacommousefilter.sys
00:16:50.0168 1196 wacommousefilter - ok
00:16:50.0183 1196 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
00:16:50.0183 1196 WacomPen - ok
00:16:50.0199 1196 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\drivers\wacomvhid.sys
00:16:50.0199 1196 wacomvhid - ok
00:16:50.0199 1196 wacomvthid (c497c0a80bad225244b1ca6c86fa3463) C:\Windows\system32\drivers\WacomVTHid.sys
00:16:50.0215 1196 wacomvthid - ok
00:16:50.0215 1196 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
00:16:50.0246 1196 WANARP - ok
00:16:50.0246 1196 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
00:16:50.0261 1196 Wanarpv6 - ok
00:16:50.0371 1196 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
00:16:50.0402 1196 WatAdminSvc - ok
00:16:50.0745 1196 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
00:16:50.0776 1196 wbengine - ok
00:16:50.0807 1196 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
00:16:50.0823 1196 WbioSrvc - ok
00:16:50.0839 1196 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
00:16:50.0854 1196 wcncsvc - ok
00:16:50.0870 1196 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
00:16:50.0885 1196 WcsPlugInService - ok
00:16:50.0995 1196 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
00:16:51.0010 1196 Wd - ok
00:16:51.0026 1196 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
00:16:51.0041 1196 Wdf01000 - ok
00:16:51.0057 1196 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
00:16:51.0088 1196 WdiServiceHost - ok
00:16:51.0088 1196 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
00:16:51.0088 1196 WdiSystemHost - ok
00:16:51.0135 1196 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
00:16:51.0151 1196 WebClient - ok
00:16:51.0166 1196 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
00:16:51.0182 1196 Wecsvc - ok
00:16:51.0197 1196 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
00:16:51.0213 1196 wercplsupport - ok
00:16:51.0244 1196 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
00:16:51.0260 1196 WerSvc - ok
00:16:51.0275 1196 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
00:16:51.0307 1196 WfpLwf - ok
00:16:51.0322 1196 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
00:16:51.0322 1196 WIMMount - ok
00:16:51.0431 1196 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
00:16:51.0447 1196 WinDefend - ok
00:16:51.0463 1196 WinHttpAutoProxySvc - ok
00:16:51.0572 1196 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
00:16:51.0587 1196 Winmgmt - ok
00:16:51.0665 1196 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
00:16:51.0712 1196 WinRM - ok
00:16:51.0868 1196 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
00:16:51.0884 1196 WinUsb - ok
00:16:51.0962 1196 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
00:16:51.0977 1196 Wlansvc - ok
00:16:51.0993 1196 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
00:16:51.0993 1196 WmiAcpi - ok
00:16:52.0087 1196 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
00:16:52.0102 1196 wmiApSrv - ok
00:16:52.0211 1196 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
00:16:52.0243 1196 WMPNetworkSvc - ok
00:16:52.0523 1196 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
00:16:52.0539 1196 WPCSvc - ok
00:16:52.0555 1196 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
00:16:52.0555 1196 WPDBusEnum - ok
00:16:52.0664 1196 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
00:16:52.0695 1196 ws2ifsl - ok
00:16:52.0726 1196 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
00:16:52.0742 1196 wscsvc - ok
00:16:52.0742 1196 WSearch - ok
00:16:52.0851 1196 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
00:16:52.0898 1196 wuauserv - ok
00:16:53.0257 1196 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
00:16:53.0272 1196 WudfPf - ok
00:16:53.0303 1196 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:16:53.0319 1196 WUDFRd - ok
00:16:53.0350 1196 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
00:16:53.0366 1196 wudfsvc - ok
00:16:53.0381 1196 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
00:16:53.0397 1196 WwanSvc - ok
00:16:53.0475 1196 MBR (0x1B8) (710cf1decf941427cc7784134f9ce7be) \Device\Harddisk0\DR0
00:16:53.0615 1196 \Device\Harddisk0\DR0 - ok
00:16:53.0647 1196 Boot (0x1200) (d3e771ac429f9a074c985921aa6569d3) \Device\Harddisk0\DR0\Partition0
00:16:53.0647 1196 \Device\Harddisk0\DR0\Partition0 - ok
00:16:53.0647 1196 ============================================================
00:16:53.0647 1196 Scan finished
00:16:53.0647 1196 ============================================================
00:16:53.0662 2096 Detected object count: 0
00:16:53.0662 2096 Actual detected object count: 0

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:44 PM

Posted 04 May 2012 - 11:57 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 psychology07

psychology07
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 05 May 2012 - 12:31 AM

Here is the combofix log. It asked me to update combofix during which I did and it did not reboot at the end like it usually does. It also did not seem to turn off the network access like it usually does. One other thing I thought of, the bluetooth software is always installed, no matter how many times, I uninstall it and delete it.

ComboFix 12-05-05.04 - beitbe 05/05/2012 1:16.2.4 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3493.2457 [GMT -4:00]
Running from: c:\users\beitinbe\Desktop\Combofix.exe
Command switches used :: c:\users\beitbe\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Forefront Endpoint Protection 2010 *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-05 05:19 . 2012-05-05 05:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-04 19:13 . 2012-05-04 21:11 -------- d-----w- C:\MGtools
2012-05-04 10:42 . 2012-05-04 10:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-04 03:41 . 2012-05-04 03:43 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-05-04 02:06 . 2012-05-04 02:06 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-03 20:47 . 2012-05-04 09:42 -------- d-----w- c:\program files\Sophos
2012-05-03 19:00 . 2012-04-13 04:36 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E1F4694F-D058-44A6-B4E3-8E795272D062}\mpengine.dll
2012-05-03 03:24 . 2012-05-03 03:24 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-03 02:14 . 2012-05-03 02:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-03 02:14 . 2012-05-03 02:14 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-03 02:10 . 2012-05-03 02:10 -------- d--h--w- c:\programdata\Common Files
2012-05-03 02:08 . 2012-05-03 02:08 -------- d-----w- C:\$AVG
2012-05-03 02:08 . 2012-05-05 04:44 -------- d-----w- c:\windows\system32\drivers\AVG
2012-05-03 02:08 . 2012-05-03 02:14 -------- d-----w- c:\programdata\AVG2012
2012-05-03 02:08 . 2012-05-03 02:08 -------- d-----w- c:\program files\AVG
2012-05-03 01:59 . 2012-05-05 04:44 -------- d-----w- c:\programdata\MFAData
2012-05-01 22:03 . 2012-05-01 22:03 -------- d-----w- c:\program files\Common Files\Innovative Solutions
2012-05-01 22:03 . 2012-05-03 03:12 -------- d-----w- c:\programdata\Innovative Solutions
2012-05-01 22:03 . 2009-11-05 21:36 47984 ----a-w- c:\windows\system32\AdvUninstCPL.cpl
2012-05-01 22:03 . 2012-05-01 22:03 -------- d-----w- c:\program files\Innovative Solutions
2012-05-01 21:57 . 2012-05-01 21:57 -------- d-----w- c:\programdata\Malwarebytes
2012-05-01 21:57 . 2012-05-01 21:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-01 21:57 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-01 21:51 . 2012-05-01 21:51 -------- d-----w- c:\windows\ms
2012-05-01 21:25 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-01 21:25 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-01 21:25 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-05-01 21:25 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-01 21:20 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-05-01 21:20 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-05-01 21:20 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-01 21:19 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-01 21:08 . 2011-09-29 16:03 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-01 21:08 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-05-01 21:08 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2012-05-01 21:08 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2012-05-01 21:07 . 2011-05-24 10:44 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-05-01 21:07 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2012-05-01 21:07 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-05-01 21:07 . 2011-08-27 04:26 571904 ----a-w- c:\windows\system32\oleaut32.dll
2012-05-01 21:07 . 2011-08-27 04:26 233472 ----a-w- c:\windows\system32\oleacc.dll
2012-05-01 21:07 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
2012-05-01 21:07 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-05-01 21:07 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-05-01 21:07 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-05-01 21:07 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-05-01 20:59 . 2012-05-04 06:36 -------- d-----w- c:\users\beitbe
2012-05-01 20:52 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-01 20:52 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-05-01 20:52 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-01 20:52 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-01 20:52 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-01 20:52 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-01 20:52 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-01 20:49 . 2012-05-01 20:50 -------- d-----w- c:\users\Administrator
2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 20:52 . 2012-05-04 19:13 656864 ----a-w- C:\MGlogs.zip
2012-05-03 03:24 . 2011-02-23 15:10 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-13 04:36 . 2011-03-08 13:52 6734704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-19 09:17 . 2012-03-19 09:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 09:25 . 2012-02-22 09:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-04-21 01:19 . 2012-05-03 02:07 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3443049147-1905892195-2501515390-12481\Scripts\Logon\0\0]
"Script"=MapSDrive.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-04-04 05:53 815512 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-04-04 05:53 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-11-08 22:52 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 08:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Uninstaller PRO Installation Monitor]
2012-04-13 15:25 3503584 ----a-w- c:\program files\Innovative Solutions\Advanced Uninstaller PRO\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2012-04-05 09:12 2587008 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 19:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-03-11 15:55 176664 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-03-11 15:55 143384 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPKNRRES]
2011-04-04 22:22 41320 ----a-w- c:\program files\Lenovo\Communications Utility\TpKnrres.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPMailChecker]
2009-07-23 07:11 124248 ----a-w- c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2009-07-23 07:11 185688 ----a-w- c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 18:20 997408 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-03-11 15:55 178200 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWMTRV]
2011-05-10 07:59 1258856 ----a-w- c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RotateImage]
2008-10-30 19:23 31744 ----a-w- c:\program files\Integrated Camera Driver\RCIMGDIR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartAudio]
2011-03-15 00:04 316032 ----a-w- c:\program files\CONEXANT\SAII\SAIICpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 19:49 237800 ----a-w- c:\program files\Common Files\Java\Java Update\jaureg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2011-05-06 00:31 2262312 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
2009-12-11 16:19 337256 ----a-w- c:\windows\System32\TpShocks.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSMResident]
2011-05-09 15:18 484856 ----a-w- c:\program files\ThinkPad\Tablet Shortcut\TSMResident.exe
.
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [2012-03-23 2321520]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-18 367656]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 33832]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-05-10 292200]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-12-10 214696]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SWI32;SWI32;c:\program files\Lenovo\System Update\tvsuhd32.sys [2009-10-22 28224]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 wacomhidfilter;Wacom HID Filter;c:\windows\system32\drivers\wacomhidfilter.sys [2010-12-02 14376]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-09 1343400]
R4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 253088]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
R4 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2010-12-17 190592]
R4 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-04-04 40808]
R4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-11-24 45496]
R4 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-04-04 59240]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
R4 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-05-10 83304]
R4 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-05-10 148840]
R4 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [2011-03-15 446592]
R4 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [x]
R4 TabletServiceISD;TabletServiceISD;c:\program files\Tablet\ISD\ISD_Tablet.exe [2011-03-24 4732280]
R4 TabletSVC;TABLET Service;c:\program files\ThinkPad\Tablet Shortcut\TSMService.exe [2011-05-09 83440]
R4 TouchServiceISD;Wacom ISD Touch Service;c:\program files\Tablet\ISD\ISD_TouchService.exe [2011-03-24 377720]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-05-10 25968]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-04 20328]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2011-05-23 47968]
S1 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
S1 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ASRSVC;ASR Service;c:\program files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [2010-10-28 79136]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2010-11-16 13880]
S2 risdxc;risdxc;c:\windows\system32\drivers\risdxc86.sys [2011-03-23 75264]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-12-02 64440]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2010-12-03 133120]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [2010-12-21 238760]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-03-11 269824]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2010-10-19 41088]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-01-06 7434240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 wacomvthid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2010-12-02 14320]
S4 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 99654277
*Deregistered* - 99654277
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 02:14]
.
2012-05-05 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]
.
2012-05-05 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.shu.edu/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\beitinbe\AppData\Roaming\Mozilla\Firefox\Profiles\w90oxpgb.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adobe Acrobat - Create PDF: web2pdfextension@web2pdf.adobedotcom - c:\program files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - Ext: Adobe Contribute Toolbar: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-05 01:20:44
ComboFix-quarantined-files.txt 2012-05-05 05:20
ComboFix2.txt 2012-05-05 03:41
ComboFix3.txt 2012-05-04 07:25
.
Pre-Run: 260,296,044,544 bytes free
Post-Run: 259,984,232,448 bytes free
.
- - End Of File - - F50E99D30190A888082EA58B93EE757F

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:44 PM

Posted 05 May 2012 - 12:46 AM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 psychology07

psychology07
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 05 May 2012 - 01:16 AM

Thanks for the tip on the CC cleaner. I have used it in the past but I forgot about it. It cleaned out quite a bit. Here are the logs. Also, since you asked how the computer is doing, I decided to check control panel and sure enough everything froze. I was lucky enough to catch the error message which I am pasting. Out of curiousity, does anything "need" to be in the common files folder? I seem to have a ton of programs in there

Description:
A problem caused this program to stop interacting with Windows.

Problem signature:
Problem Event Name: AppHangB1
Application Name: explorer.exe
Application Version: 6.1.7601.17567
Application Timestamp: 4d6727a7
Hang Signature: f2eb
Hang Type: 16897
OS Version: 6.1.7601.2.1.0.256.4
Locale ID: 1033
Additional Hang Signature 1: f2eb62388f9b8efc7a9695f0ae3c4817
Additional Hang Signature 2: dfda
Additional Hang Signature 3: dfda41551f8e53979d2a7867cb063f94
Additional Hang Signature 4: de90
Additional Hang Signature 5: de90129a56893b8161c6acf4427a4c83
Additional Hang Signature 6: 6b1f
Additional Hang Signature 7: 6b1fe821d47e12d4df2bcb3fa63ceeb0

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:06:13 AM, on 5/5/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\StikyNot.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\mmc.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG2012\avgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shu.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = shu.edu
O17 - HKLM\Software\..\Telephony: DomainName = shu.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = shu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = shu.edu
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\System32\nvinit.dll
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (file missing)
O23 - Service: ASR Service (ASRSVC) - Lenovo Group Limited - C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

--
End of file - 7803 bytes

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.05.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
beitinbe :: 146--R9F5FNY [administrator]

Protection: Disabled

5/5/2012 1:59:22 AM
mbam-log-2012-05-05 (01-59-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 238880
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:44 PM

Posted 05 May 2012 - 01:27 AM

try it in safe mode and see if it still freezes


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 psychology07

psychology07
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 05 May 2012 - 01:32 AM

A few strange things. My email on my phone has been saying error. First one account, then another. With the second, it said I could not login because my settings were reset by a peer. I went on my computer and I was redirected so I didn't try to sign in.

#13 psychology07

psychology07
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 05 May 2012 - 01:37 AM

Happens in safe mode as well.

Since my paranoia grows, when I reply on this page, it takes me to: www.bleepingcomputer.com/forums/topic452459.html/page__gopid__2688913

The part after the last backslash ok?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:44 PM

Posted 05 May 2012 - 01:41 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 psychology07

psychology07
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 05 May 2012 - 02:07 AM

OTL logfile created on: 5/5/2012 2:48:39 AM - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\beitbe\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.41 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 65.75% Memory free
6.82 Gb Paging File | 5.58 Gb Available in Paging File | 81.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282.36 Gb Total Space | 242.73 Gb Free Space | 85.96% Space Free | Partition Type: NTFS

Computer Name: 146--FNY | User Name: beitbe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\beitbe\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SophosVirusRemovalTool) -- C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe File not found
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avgfws) -- C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Program Files\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (LENOVO.TPKNRSVC) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (TabletServiceISD) -- C:\Program Files\Tablet\ISD\ISD_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServiceISD) -- C:\Program Files\Tablet\ISD\ISD_TouchService.exe (Wacom Technology, Corp.)
SRV - (SAService) -- C:\Windows\System32\SASrv.exe (Conexant Systems, Inc.)
SRV - (CxAudMsg) -- C:\Windows\System32\CxAudMsg32.exe (Conexant Systems Inc.)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor9.0) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (CcmExec) -- C:\Windows\System32\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\Windows\System32\CCM\TSManager.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (NVHDA) -- system32\drivers\nvhda32v.sys File not found
DRV - (mdmxsdk) -- system32\DRIVERS\mdmxsdk.sys File not found
DRV - (catchme) -- C:\Users\beitinbe\AppData\Local\Temp\catchme.sys File not found
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (DozeHDD) -- C:\Windows\System32\drivers\DOZEHDD.SYS (Lenovo.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (risdxc) -- C:\Windows\System32\drivers\risdxc86.sys (REDC)
DRV - (IntcDAud) Intel® -- C:\Windows\System32\drivers\IntcDAud.sys (Intel® Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvpciflt) -- C:\Windows\System32\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV - (NETwNs32) ___ Intel® -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation)
DRV - (e1cexpress) Intel® -- C:\Windows\System32\drivers\e1c6232.sys (Intel Corporation)
DRV - (5U877) -- C:\Windows\System32\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV - (wacomhidfilter) -- C:\Windows\System32\drivers\wacomhidfilter.sys (Wacom Technology)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvthid) -- C:\Windows\System32\drivers\WacomVTHid.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (MEI) Intel® -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (HECI) Intel® -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (NETw5s32) Intel® -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (e1kexpress) Intel® -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)
DRV - (SWI32) -- C:\Program Files\Lenovo\System Update\tvsuhd32.sys (Lenovo Group Limited)
DRV - (Shockprf) -- C:\Windows\System32\drivers\ApsX86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\drivers\ApsHM86.sys (Lenovo.)
DRV - (prepdrvr) -- C:\Windows\System32\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3443049147-1905892195-2501515390-12481\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\beitinbe\Desktop
IE - HKU\S-1-5-21-3443049147-1905892195-2501515390-12481\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.shu.edu/
IE - HKU\S-1-5-21-3443049147-1905892195-2501515390-12481\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3443049147-1905892195-2501515390-12481\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 3B AB 63 E8 CA CA 01 [binary data]
IE - HKU\S-1-5-21-3443049147-1905892195-2501515390-12481\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3443049147-1905892195-2501515390-12481\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3443049147-1905892195-2501515390-12481\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.1
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.4: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/05/03 00:55:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/03/23 20:35:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/02 22:09:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/03 03:54:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/03 03:54:42 | 000,000,000 | ---D | M]

[2010/03/23 22:22:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\beitbe\AppData\Roaming\mozilla\Extensions
[2012/05/02 23:11:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\beitbe\AppData\Roaming\mozilla\Firefox\Profiles\w90oxpgb.default\extensions
[2010/03/24 10:55:09 | 000,001,820 | ---- | M] () -- C:\Users\beitbe\AppData\Roaming\Mozilla\Firefox\Profiles\w90oxpgb.default\searchplugins\bing.xml
[2012/05/02 23:24:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/02 23:24:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/03/27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npContribute.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/04 23:39:14 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKU\S-1-5-21-3443049147-1905892195-2501515390-12481\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3443049147-1905892195-2501515390-12481..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3443049147-1905892195-2501515390-12481\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3443049147-1905892195-2501515390-12481\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3443049147-1905892195-2501515390-12481\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = shu.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05B6ECFC-472A-4785-A08A-935858D958F3}: DhcpNameServer = 10.5.0.10 10.110.0.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{428FB7FB-F392-48D1-BB30-DFA2FA8D7BB5}: DhcpNameServer = 10.5.0.10 10.110.0.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7448DFCE-EC27-4227-BB59-89DA328863E0}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\Windows\System32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/05 02:44:15 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\beitbe\Desktop\OTL.exe
[2012/05/05 02:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/05/05 02:04:56 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/05/05 01:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/05 01:20:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/05 01:20:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/05 00:21:28 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\beitbe\Desktop\123.exe
[2012/05/05 00:14:22 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\beitbe\Desktop\tdsskiller.exe
[2012/05/04 23:27:45 | 004,484,074 | R--- | C] (Swearware) -- C:\Users\beitbe\Desktop\Combofix.exe
[2012/05/04 22:14:57 | 000,000,000 | ---D | C] -- C:\Users\beitbe\Desktop\logs
[2012/05/04 15:13:37 | 000,000,000 | ---D | C] -- C:\MGtools
[2012/05/04 06:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/05/04 03:20:30 | 000,000,000 | ---D | C] -- C:\Users\beitinbe\AppData\Local\temp
[2012/05/04 03:12:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/04 03:12:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/04 03:12:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/04 03:11:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/04 01:21:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/03 23:41:41 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys
[2012/05/03 22:06:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/03 21:55:25 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/05/03 16:47:31 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/05/03 16:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/05/03 16:07:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/05/03 15:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/02 23:33:38 | 000,000,000 | ---D | C] -- C:\Users\beitbe\Documents\Outlook Files
[2012/05/02 23:24:42 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/05/02 23:24:41 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/05/02 23:24:41 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/05/02 23:24:41 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/05/02 22:14:24 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/02 22:14:24 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/02 22:10:19 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Roaming\AVG2012
[2012/05/02 22:10:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/05/02 22:08:56 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/05/02 22:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/05/02 22:08:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/05/02 22:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/05/02 21:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/05/02 16:36:50 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Local\Diagnostics
[2012/05/01 18:03:29 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\AdvUninstal
[2012/05/01 18:03:27 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Local\Innovative Solutions
[2012/05/01 18:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
[2012/05/01 18:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Innovative Solutions
[2012/05/01 18:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2012/05/01 18:03:10 | 000,000,000 | ---D | C] -- C:\Program Files\Innovative Solutions
[2012/05/01 17:57:30 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Roaming\Malwarebytes
[2012/05/01 17:57:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/01 17:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/01 17:57:18 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/01 17:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/01 17:51:11 | 000,000,000 | ---D | C] -- C:\Windows\ms
[2012/05/01 17:24:40 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/05/01 17:24:40 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/05/01 17:24:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/05/01 17:24:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/05/01 17:24:39 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/05/01 17:24:39 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/05/01 17:24:39 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/05/01 17:24:39 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/05/01 17:24:39 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/05/01 17:24:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/05/01 17:24:39 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/05/01 17:24:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/05/01 17:24:38 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/05/01 17:24:38 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/05/01 17:24:38 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/05/01 17:24:38 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/05/01 17:24:38 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/05/01 17:24:38 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/05/01 17:24:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/05/01 17:24:38 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/05/01 17:24:38 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/05/01 17:24:38 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/05/01 17:24:38 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/05/01 17:24:38 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/05/01 17:24:38 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/05/01 17:24:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/05/01 17:24:37 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/05/01 17:24:37 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/05/01 17:24:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/05/01 17:24:37 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/05/01 17:24:37 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/05/01 17:24:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/05/01 17:24:37 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/05/01 17:24:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/05/01 17:24:36 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/05/01 17:24:36 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/05/01 17:24:36 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/05/01 17:20:01 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/01 17:19:59 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/01 17:08:00 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/05/01 17:08:00 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/05/01 17:07:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/05/01 17:07:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/05/01 17:07:20 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/05/01 17:07:17 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/05/01 17:07:11 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/05/01 17:07:11 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/05/01 17:06:54 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/05/01 17:06:54 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/05/01 17:06:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/05/01 17:06:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/05/01 17:06:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/05/01 17:06:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/05/01 17:06:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/05/01 17:06:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/05/01 17:06:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/05/01 17:06:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/05/01 17:06:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/05/01 17:06:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/05/01 17:06:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/05/01 17:06:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/05/01 17:06:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/05/01 17:06:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/05/01 17:06:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/05/01 17:06:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/05/01 17:06:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/05/01 17:06:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/05/01 17:06:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/05/01 17:06:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/05/01 17:06:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/05/01 17:06:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/05/01 17:06:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/05/01 17:06:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/05/01 17:06:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/05/01 17:06:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/05/01 17:06:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/05/01 17:06:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/05/01 17:06:47 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/05/01 17:06:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/05/01 17:06:44 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll
[2012/05/01 17:06:44 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll
[2012/05/01 17:06:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll
[2012/05/01 17:06:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll
[2012/05/01 17:06:43 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2012/05/01 17:06:40 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/01 17:06:39 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/01 16:59:50 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Local\VirtualStore
[2012/05/01 16:59:34 | 000,000,000 | -HSD | C] -- C:\Users\beitbe\AppData\Local\Temporary Internet Files
[2012/05/01 16:59:34 | 000,000,000 | -HSD | C] -- C:\Users\beitbe\Templates
[2012/05/01 16:59:34 | 000,000,000 | -HSD | C] -- C:\Users\beitbe\Start Menu
[2012/05/01 16:59:34 | 000,000,000 | -HSD | C] -- C:\Users\beitbe\SendTo
[2012/05/01 16:59:34 | 000,000,000 | -HSD | C] -- C:\Users\beitbe\Recent
[2012/05/01 16:59:34 | 000,000,000 | -HSD | C] -- C:\Users\beitbe\PrintHood
[2012/05/01 16:59:34 | 000,000,000 | -HSD | C] -- C:\Users\beitbe\NetHood
[2012/05/01 16:59:34 | 000,000,000 | -HSD | C] -- C:\Users\beitbe\Documents\My Videos
[2012/05/01 16:59:34 | 000,000,000 | -HSD | C] -- C:\Users\beitbe\Documents\My Pictures
[2012/05/01 16:59:34 | 000,000,000 | -HSD | C] -- C:\Users\beitbe\Documents\My Music
[2012/05/01 16:59:34 | 000,000,000 | -HSD | C] -- C:\Users\beitbe\My Documents
[2012/05/01 16:59:34 | 000,000,000 | -HSD | C] -- C:\Users\beitbe\Local Settings
[2012/05/01 16:59:34 | 000,000,000 | -HSD | C] -- C:\Users\beitbe\AppData\Local\History
[2012/05/01 16:59:34 | 000,000,000 | -HSD | C] -- C:\Users\beitbe\Cookies
[2012/05/01 16:59:34 | 000,000,000 | -HSD | C] -- C:\Users\beitbe\Application Data
[2012/05/01 16:59:34 | 000,000,000 | -HSD | C] -- C:\Users\beitbe\AppData\Local\Application Data
[2012/05/01 16:59:05 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Local\ElevatedDiagnostics
[2012/05/01 16:59:05 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Local\Broadcom
[2012/05/01 16:59:05 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Local\Apple Computer
[2012/05/01 16:59:05 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Local\Apple
[2012/05/01 16:59:05 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Local\Adobe
[2012/05/01 16:59:04 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Local\Xythos
[2012/05/01 16:59:04 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Local\Symantec
[2012/05/01 16:59:04 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Local\Mozilla
[2012/05/01 16:59:04 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Local\Microsoft Help
[2012/05/01 16:59:04 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Local\Microsoft
[2012/05/01 16:59:04 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Roaming\Media Center Programs
[2012/05/01 16:59:04 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Roaming\Macromedia
[2012/05/01 16:59:04 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Roaming\Lenovo
[2012/05/01 16:59:04 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Roaming\InstallShield
[2012/05/01 16:59:04 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Roaming\Identities
[2012/05/01 16:59:04 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Roaming\Corel
[2012/05/01 16:59:04 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Roaming\com.adobe.ExMan
[2012/05/01 16:59:04 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/01 16:59:04 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Roaming\Apple Computer
[2012/05/01 16:59:04 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Roaming\Adobe
[2012/05/01 16:59:03 | 000,000,000 | --SD | C] -- C:\Users\beitbe\Documents\My Web Sites
[2012/05/01 16:59:03 | 000,000,000 | --SD | C] -- C:\Users\beitbe\AppData\Roaming\Microsoft
[2012/05/01 16:59:03 | 000,000,000 | R--D | C] -- C:\Users\beitbe\Videos
[2012/05/01 16:59:03 | 000,000,000 | R--D | C] -- C:\Users\beitbe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/05/01 16:59:03 | 000,000,000 | R--D | C] -- C:\Users\beitbe\Searches
[2012/05/01 16:59:03 | 000,000,000 | R--D | C] -- C:\Users\beitbe\Saved Games
[2012/05/01 16:59:03 | 000,000,000 | R--D | C] -- C:\Users\beitbe\Pictures
[2012/05/01 16:59:03 | 000,000,000 | R--D | C] -- C:\Users\beitbe\Music
[2012/05/01 16:59:03 | 000,000,000 | R--D | C] -- C:\Users\beitbe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/05/01 16:59:03 | 000,000,000 | R--D | C] -- C:\Users\beitbe\Links
[2012/05/01 16:59:03 | 000,000,000 | R--D | C] -- C:\Users\beitbe\Favorites
[2012/05/01 16:59:03 | 000,000,000 | R--D | C] -- C:\Users\beitbe\Downloads
[2012/05/01 16:59:03 | 000,000,000 | R--D | C] -- C:\Users\beitbe\Documents
[2012/05/01 16:59:03 | 000,000,000 | R--D | C] -- C:\Users\beitbe\Desktop
[2012/05/01 16:59:03 | 000,000,000 | R--D | C] -- C:\Users\beitbe\Contacts
[2012/05/01 16:59:03 | 000,000,000 | R--D | C] -- C:\Users\beitbe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/05/01 16:59:03 | 000,000,000 | R--D | C] -- C:\Users\beitbe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/05/01 16:59:03 | 000,000,000 | -H-D | C] -- C:\Users\beitbe\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/05/01 16:59:03 | 000,000,000 | -H-D | C] -- C:\Users\beitbe\AppData
[2012/05/01 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Roaming\WTablet
[2012/05/01 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Roaming\Update
[2012/05/01 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Roaming\Ulead Systems
[2012/05/01 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\beitbe\Documents\Ulead Burn.Now
[2012/05/01 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Roaming\Real
[2012/05/01 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Roaming\PwrMgr
[2012/05/01 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Roaming\PCDr
[2012/05/01 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Roaming\No Company Name
[2012/05/01 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\beitbe\AppData\Roaming\Mozilla
[2012/05/01 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\beitbe\Library
[2012/05/01 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\beitbe\Documents\InterVideo
[2012/05/01 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\beitbe\Documents\Fragments
[2012/05/01 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\beitbe\Documents\Corel DVD MovieFactory
[2012/05/01 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\beitbe\Corel
[2012/05/01 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\beitbe\Documents\Bluetooth Exchange Folder
[2012/05/01 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\beitbe\Documents\Adobe Scripts
[2012/05/01 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\beitbe\Documents\Adobe
[2012/05/01 16:52:41 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/05/01 16:52:40 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/05/01 16:52:40 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/05/01 16:52:40 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/05/01 16:52:39 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/05/01 16:48:27 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/05/01 16:45:35 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2012/05/01 16:45:09 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/04/19 04:50:26 | 000,024,896 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[1 C:\Users\beitinbe\Desktop\*.tmp files -> C:\Users\beitinbe\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/05 02:49:41 | 000,016,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/05 02:49:41 | 000,016,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/05 02:44:41 | 000,679,634 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/05 02:44:41 | 000,127,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/05 02:44:15 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\beitbe\Desktop\OTL.exe
[2012/05/05 02:44:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/05/05 02:43:02 | 000,000,463 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2012/05/05 02:42:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/05 02:42:16 | 2747,191,296 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/05 02:29:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/05/05 02:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/05 02:19:35 | 000,018,050 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/05/05 02:04:56 | 000,002,979 | ---- | M] () -- C:\Users\beitbe\Desktop\HiJackThis.lnk
[2012/05/05 01:52:13 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/05 01:14:31 | 004,484,074 | R--- | M] (Swearware) -- C:\Users\beitbe\Desktop\Combofix.exe
[2012/05/05 00:44:42 | 097,164,224 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/05 00:24:29 | 000,000,512 | ---- | M] () -- C:\Users\beitbe\Desktop\MBR.dat
[2012/05/05 00:21:36 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\beitbe\Desktop\123.exe
[2012/05/05 00:12:18 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\beitbe\Desktop\tdsskiller.exe
[2012/05/04 23:39:14 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/04 16:52:40 | 000,656,864 | ---- | M] () -- C:\MGlogs.zip
[2012/05/04 15:13:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/05/04 15:13:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/05/04 13:28:33 | 000,021,736 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/05/04 05:32:35 | 000,173,762 | ---- | M] () -- C:\Users\beitbe\Documents\JFI-MS# 3492 RE-REVIEW.pdf
[2012/05/04 05:25:27 | 000,030,101 | ---- | M] () -- C:\Users\beitbe\Documents\JFI MS# 3492 Re-Review.joboptions
[2012/05/04 00:03:39 | 000,080,384 | ---- | M] () -- C:\Users\beitbe\Desktop\MBRCheck.exe
[2012/05/03 23:43:40 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys
[2012/05/03 23:31:46 | 551,041,399 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/03 23:00:13 | 000,302,592 | ---- | M] () -- C:\Users\beitbe\Desktop\xm5ielnt.exe
[2012/05/03 16:33:15 | 000,000,000 | ---- | M] () -- C:\Users\beitbe\defogger_reenable
[2012/05/03 16:33:04 | 000,050,477 | ---- | M] () -- C:\Users\beitbe\Desktop\Defogger.exe
[2012/05/03 15:24:21 | 000,241,324 | ---- | M] () -- C:\Users\beitbe\Documents\12 Grad Comm CEHS.pdf
[2012/05/03 01:51:13 | 009,664,282 | ---- | M] () -- C:\Users\beitbe\Documents\JFi-MS# 3492R copy.pdf
[2012/05/02 23:24:31 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/05/02 23:24:31 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/05/02 23:24:31 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/05/02 23:24:31 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/05/02 23:24:31 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/05/02 22:21:14 | 000,624,914 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/05/02 22:14:24 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/02 22:14:24 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/01 17:52:07 | 000,004,764 | ---- | M] () -- C:\Windows\System32\CcmFramework.ini
[2012/05/01 17:52:07 | 000,000,621 | ---- | M] () -- C:\Windows\System32\CcmFramework.h
[2012/05/01 17:43:11 | 000,001,411 | ---- | M] () -- C:\Users\beitbe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/01 17:41:28 | 000,451,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/01 17:24:40 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/05/01 17:24:40 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/05/01 17:24:40 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/05/01 17:24:39 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/05/01 17:24:39 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/05/01 17:24:39 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/05/01 17:24:39 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/05/01 17:24:39 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/05/01 17:24:39 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/05/01 17:24:39 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/05/01 17:24:39 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/05/01 17:24:39 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/05/01 17:24:38 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/05/01 17:24:38 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/05/01 17:24:38 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/05/01 17:24:38 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/05/01 17:24:38 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/05/01 17:24:38 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/05/01 17:24:38 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/05/01 17:24:38 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/05/01 17:24:38 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/05/01 17:24:38 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/05/01 17:24:38 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/05/01 17:24:38 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/05/01 17:24:38 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/05/01 17:24:38 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/05/01 17:24:37 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/05/01 17:24:37 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/05/01 17:24:37 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/05/01 17:24:37 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/05/01 17:24:37 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/05/01 17:24:37 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/05/01 17:24:37 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/05/01 17:24:37 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/05/01 17:24:37 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/05/01 17:24:36 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/05/01 17:24:36 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/05/01 17:24:36 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/05/01 17:02:48 | 000,001,105 | ---- | M] () -- C:\Users\beitbe\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/05/01 16:59:49 | 000,000,898 | RHS- | M] () -- C:\Users\beitbe\ntuser.pol
[2012/05/01 16:48:24 | 000,101,594 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[1 C:\Users\beitinbe\Desktop\*.tmp files -> C:\Users\beitbe\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/05 02:19:35 | 000,018,050 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/05/05 02:04:56 | 000,002,979 | ---- | C] () -- C:\Users\beitbe\Desktop\HiJackThis.lnk
[2012/05/05 01:52:13 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/05 00:44:42 | 097,164,224 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/05/04 15:13:39 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/05/04 15:13:39 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/05/04 15:13:38 | 000,656,864 | ---- | C] () -- C:\MGlogs.zip
[2012/05/04 05:26:38 | 000,173,762 | ---- | C] () -- C:\Users\beitbe\Documents\JFI-MS# 3492.pdf
[2012/05/04 05:25:26 | 000,030,101 | ---- | C] () -- C:\Users\beitbe\Documents\JFI MS# 3492.joboptions
[2012/05/04 03:12:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/04 03:12:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/04 03:12:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/04 03:12:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/04 03:12:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/04 00:03:39 | 000,080,384 | ---- | C] () -- C:\Users\beitbe\Desktop\MBRCheck.exe
[2012/05/03 23:25:26 | 000,000,512 | ---- | C] () -- C:\Users\beitbe\Desktop\MBR.dat
[2012/05/03 23:00:13 | 000,302,592 | ---- | C] () -- C:\Users\beitbe\Desktop\xm5ielnt.exe
[2012/05/03 16:33:15 | 000,000,000 | ---- | C] () -- C:\Users\beitbe\defogger_reenable
[2012/05/03 16:33:04 | 000,050,477 | ---- | C] () -- C:\Users\beitbe\Desktop\Defogger.exe
[2012/05/03 16:07:34 | 551,041,399 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/05/03 15:24:21 | 000,241,324 | ---- | C] () -- C:\Users\beitbe\Documents\12 Grad Comm CEHS.pdf
[2012/05/02 22:21:14 | 000,624,914 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/05/02 22:14:24 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/02 22:07:09 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/01 18:03:27 | 000,002,269 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 10.lnk
[2012/05/01 18:03:20 | 000,047,984 | ---- | C] () -- C:\Windows\System32\AdvUninstCPL.cpl
[2012/05/01 17:52:07 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2012/05/01 17:52:07 | 000,000,621 | ---- | C] () -- C:\Windows\System32\CcmFramework.h
[2012/05/01 17:24:38 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/05/01 17:02:48 | 000,001,105 | ---- | C] () -- C:\Users\beitbe\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/05/01 17:00:11 | 000,001,411 | ---- | C] () -- C:\Users\beitbe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/01 17:00:04 | 000,021,736 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/05/01 16:59:49 | 000,000,898 | RHS- | C] () -- C:\Users\beitbe\ntuser.pol
[2012/05/01 16:59:07 | 000,000,290 | ---- | C] () -- C:\Users\beitbe\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/05/01 16:59:07 | 000,000,272 | ---- | C] () -- C:\Users\beitbe\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/05/01 16:59:05 | 000,001,417 | ---- | C] () -- C:\Users\beitbe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/05/01 16:45:10 | 2747,191,296 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/23 15:09:36 | 001,820,066 | ---- | C] () -- C:\Users\beitinbe\Documents\JFI-MS# 3492 Response, 2 org revs.pdf
[2012/04/23 15:09:25 | 009,664,282 | ---- | C] () -- C:\Users\beitinbe\Documents\JFi-MS# 3492R copy.pdf
[2011/06/24 12:46:06 | 000,030,893 | ---- | C] () -- C:\Windows\System32\drivers\Mixer.ini
[2011/06/08 10:28:03 | 003,406,888 | ---- | C] () -- C:\Windows\System32\wstbcoin.dll
[2011/06/08 10:28:03 | 001,826,856 | ---- | C] () -- C:\Windows\System32\tkbtnpn1.dll
[2011/03/25 12:49:27 | 000,001,372 | ---- | C] () -- C:\Windows\System32\VoipUpdate.ini
[2011/03/25 12:49:25 | 000,001,816 | ---- | C] () -- C:\Windows\System32\drivers\Altmixer.ini
[2011/03/24 10:59:08 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/03/23 12:00:53 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011/03/23 12:00:51 | 000,213,332 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011/03/23 12:00:51 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/03/23 12:00:50 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011/03/23 12:00:49 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011/03/23 12:00:49 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/02/23 13:23:46 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/02/23 13:23:30 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/02/02 22:29:52 | 000,641,696 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin

========== LOP Check ==========

[2011/03/24 11:04:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/23 22:28:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\com.adobe.ExMan
[2010/03/23 20:34:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Lenovo
[2010/03/31 20:52:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\No Company Name
[2011/06/24 13:44:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PCDr
[2011/03/23 17:09:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PwrMgr
[2011/02/23 13:07:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Update
[2010/03/24 10:42:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Xythos
[2012/05/02 22:10:19 | 000,000,000 | ---D | M] -- C:\Users\beitinbe\AppData\Roaming\AVG2012
[2011/03/24 11:04:16 | 000,000,000 | ---D | M] -- C:\Users\beitbe\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/23 22:28:42 | 000,000,000 | ---D | M] -- C:\Users\beitbe\AppData\Roaming\com.adobe.ExMan
[2010/03/23 20:34:32 | 000,000,000 | ---D | M] -- C:\Users\beitbe\AppData\Roaming\Lenovo
[2010/03/31 20:52:05 | 000,000,000 | ---D | M] -- C:\Users\beitbe\AppData\Roaming\No Company Name
[2011/06/24 13:44:08 | 000,000,000 | ---D | M] -- C:\Users\beitbe\AppData\Roaming\PCDr
[2011/03/23 17:09:51 | 000,000,000 | ---D | M] -- C:\Users\beitbe\AppData\Roaming\PwrMgr
[2011/03/23 19:22:19 | 000,000,000 | ---D | M] -- C:\Users\beitbe\AppData\Roaming\Ulead Systems
[2011/02/23 13:07:10 | 000,000,000 | ---D | M] -- C:\Users\beitbe\AppData\Roaming\Update
[2011/03/24 11:04:16 | 000,000,000 | ---D | M] -- C:\Users\beitbe.146--FNY\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/23 22:28:42 | 000,000,000 | ---D | M] -- C:\Users\beitbe.146--NY\AppData\Roaming\com.adobe.ExMan
[2010/03/23 20:34:32 | 000,000,000 | ---D | M] -- C:\Users\beitbe.146--FNY\AppData\Roaming\Lenovo
[2010/03/31 20:52:05 | 000,000,000 | ---D | M] -- C:\Users\beitbe.146--FNY\AppData\Roaming\No Company Name
[2011/06/24 13:44:08 | 000,000,000 | ---D | M] -- C:\Users\beitbe.146--FNY\AppData\Roaming\PCDr
[2011/03/23 17:09:51 | 000,000,000 | ---D | M] -- C:\Users\beitbe.146--FNY\AppData\Roaming\PwrMgr
[2011/03/23 19:22:19 | 000,000,000 | ---D | M] -- C:\Users\beitbe.146--FNY\AppData\Roaming\Ulead Systems
[2011/02/23 13:07:10 | 000,000,000 | ---D | M] -- C:\Users\beitbe.146--FNY\AppData\Roaming\Update
[2010/03/24 10:42:32 | 000,000,000 | ---D | M] -- C:\Users\beitbe.146--FNY\AppData\Roaming\Xythos
[2011/03/24 11:04:16 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/23 22:28:42 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\com.adobe.ExMan
[2010/03/23 20:34:32 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Lenovo
[2010/03/31 20:52:05 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\No Company Name
[2011/06/24 13:44:08 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\PCDr
[2011/03/23 17:09:51 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\PwrMgr
[2011/03/23 19:22:19 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Ulead Systems
[2011/02/23 13:07:10 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Update
[2010/03/24 10:42:32 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Xythos
[2011/03/24 11:04:16 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/23 22:28:42 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\com.adobe.ExMan
[2010/03/23 20:34:32 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Lenovo
[2010/03/31 20:52:05 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\No Company Name
[2011/06/24 13:44:08 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\PCDr
[2011/03/23 17:09:51 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\PwrMgr
[2011/03/23 19:22:19 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Ulead Systems
[2011/02/23 13:07:10 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Update
[2010/03/24 10:42:32 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Xythos
[2012/05/05 02:29:00 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/06/08 10:18:02 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/05 02:44:00 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users